Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

services.exe et virus

diaph16

Par diaph16
dans Analyses et éradication malwares

 Partager

Messages recommandés

diaph16 Member

diaph16

Posté(e)
Posté(e)

Bonjour tout le monde

 

Mon ordi reboote tout le temps en indiquant une erreur services.exe code d'état 1073741819.

 

J'ai fais un scan avec a-squared et je trouve :

riskware.risktool.win32.processor.20

riskware.risktool.win32.reboot.f

trace.registry.kazaa

 

et avec antivir en mode sans echec :

TR/Rootkit.gen

et

VBS/IETitle.A sur mon MP3

 

Je ne peux pas faire de restauration système ni faire des scan online antivirus. Microsoft update n'est pas possible aussi

 

Merci de votre aide

Lien vers le commentaire
Partager sur d’autres sites

Malekal_morte Godlike Member

Malekal_morte

Posté(e)
Posté(e)

Bonjour,

 

- Télécharge HiJackThis de Merijn sur ton bureau.

- Renomme le fichier HiJackThis.exe en Scanner.exe pour cela, fais un clic droit sur le fichier HiJackThis.exe et choisis renommer dans la liste

- Tape Scanner.exe et Appuye sur la touche Entrée.

- Génère un rapport en suivant ces indications :

- Double-clic sur Scanner.exe

- Exécute le et clique sur Do a scan and save log file.

- Le rapport s'ouvre sur le Bloc-Note

- Colle le rapport ici, pour cela :

- Menu Edition / Selectionner Tout

- Menu Edition / copier

- Ici dans un nouveau message : clic droit / coller

Aide : N'hésite pas à consulter l'aide HiJackThis -

 

 

ET :

 

 

 

- Télécharge DiagHelp.zip sur ton bureau - Tuto : http://www.malekal.com/DiagHelp/DiagHelp.php

- Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout

- Un nouveau dossier chercher va être créé DiagHelp

- Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)

- Une fenêtre va s'ouvrir, choisis l'option 1

- L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande.

 

ATTENTION : pendant l'analyse, après le rapport catchme, il te sera demandé d'appuyer sur une touche afin de poursuivre le scan, suis bien les instructions à l'écran !

 

- A la fin de l'analyse, il peut-être (pas obligatoire) demandé de redemanderl'ordinateur... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve sur C:\resultat.txt

- Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :

-- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout

-- A nouveau menu Edition / copier

-- Dans un nouveau message ici, faire un clic droit / coller

Lien vers le commentaire
Partager sur d’autres sites
diaph16 Member

diaph16

Posté(e)
  • Auteur
Posté(e)

voilà le log hijack, je vais le reste

 

 

Logfile of HijackThis v1.99.1

Scan saved at 18:04:43, on 05/04/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\HPConfig.exe

C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\UStorSrv.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\HPQ\One-Touch\OneTouch.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

C:\Program Files\Spyware Terminator\sp_rsser.exe

C:\Program Files\hijackthis\Scanner.exe.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe

O4 - Global Startup: DSLMON.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spartacus75020.spaces.live.com//Pho...ad/MsnPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/har...on.cab?version=

O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C452B137-B8CE-4E08-BB22-E79488F30C5D}: NameServer = 193.251.169.165 80.88.0.131

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe

O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Lien vers le commentaire
Partager sur d’autres sites
diaph16 Member

diaph16

Posté(e)
  • Auteur
Posté(e)

voilà le log

 

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006

http://www.gmer.net

 

scanning hidden processes ...

 

scanning hidden services ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????8?4?2?9??????? ???B???????????????B? ??????

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Lien vers le commentaire
Partager sur d’autres sites
diaph16 Member

diaph16

Posté(e)
  • Auteur
Posté(e)
Ce n'est pas le bon rapport.

Merci de faire ce qui est demandé avec DiagHelp.

 

Désolé voilà le bon rapport

 

 

C:\WINDOWS\System32/drivers\sp_rsdrv2.sys -->05/04/2007 16:47:10

C:\WINDOWS\System32/drivers\fwdrv.err -->05/04/2007 14:01:15

C:\WINDOWS\System32/drivers\adidsl.cfg -->26/03/2007 22:06:22

C:\WINDOWS\System32/drivers\tmcomm.sys -->19/03/2007 21:17:41

C:\WINDOWS\System32/drivers\sptd8013.sys -->24/02/2007 23:04:38

C:\WINDOWS\System32/drivers\khips.sys -->20/02/2007 13:34:08

C:\WINDOWS\System32/drivers\fwdrv.sys -->20/02/2007 13:34:02

 

C:\WINDOWS\System32\wpa.dbl -->04/04/2007 11:26:30

C:\WINDOWS\System32\Uninstall.ico -->08/03/2007 17:00:29

C:\WINDOWS\System32\Help.ico -->08/03/2007 17:00:28

C:\WINDOWS\System32\CONFIG.NT -->07/03/2007 13:52:54

C:\WINDOWS\System32\MRT.exe -->07/03/2007 12:36:34

C:\WINDOWS\System32\FNTCACHE.DAT -->27/02/2007 05:26:40

C:\WINDOWS\System32\PerfStringBackup.INI -->26/02/2007 20:07:33

C:\WINDOWS\System32\perfh00C.dat -->26/02/2007 20:07:33

C:\WINDOWS\System32\perfh009.dat -->26/02/2007 20:07:33

C:\WINDOWS\System32\perfc00C.dat -->26/02/2007 20:07:33

C:\WINDOWS\System32\perfc009.dat -->26/02/2007 20:07:33

C:\WINDOWS\System32\nscompat.tlb -->26/02/2007 17:54:26

C:\WINDOWS\System32\amcompat.tlb -->26/02/2007 17:54:26

C:\WINDOWS\System32\TZLog.log -->25/02/2007 07:07:41

C:\WINDOWS\System32\spupdwxp.log -->24/02/2007 23:11:16

C:\WINDOWS\System32\QuickTimeVR.qtx -->16/02/2007 10:54:08

C:\WINDOWS\System32\QuickTime.qts -->16/02/2007 10:54:08

C:\WINDOWS\System32\WgaTray.exe -->15/02/2007 18:01:36

C:\WINDOWS\System32\LegitCheckControl.dll -->15/02/2007 18:01:04

C:\WINDOWS\System32\WgaLogon.dll -->15/02/2007 18:00:28

C:\WINDOWS\System32\tzchange.exe -->29/01/2007 09:58:06

C:\WINDOWS\System32\hhctrl.ocx -->23/01/2007 20:31:20

C:\WINDOWS\System32\sirenacm.dll -->19/01/2007 12:53:04

C:\WINDOWS\System32\aswBoot.exe -->15/01/2007 18:32:07

C:\WINDOWS\System32\AVASTSS.scr -->15/01/2007 18:23:20

 

C:\WINDOWS\WindowsUpdate.log -->05/04/2007 16:29:52

C:\WINDOWS\wiadebug.log -->05/04/2007 16:28:00

C:\WINDOWS\wiaservc.log -->05/04/2007 16:27:32

C:\WINDOWS.log -->05/04/2007 16:27:24

C:\WINDOWS\bootstat.dat -->05/04/2007 16:27:21

C:\WINDOWS\SchedLgU.Txt -->05/04/2007 16:26:04

C:\WINDOWS\Sti_Trace.log -->05/04/2007 16:24:07

C:\WINDOWS\ntbtlog.txt -->05/04/2007 16:20:34

C:\WINDOWS\setuperr.log -->05/04/2007 16:16:01

C:\WINDOWS\setupact.log -->05/04/2007 16:16:01

C:\WINDOWS\mozregistry.dat -->05/04/2007 11:18:35

C:\WINDOWS\mozver.dat -->05/04/2007 11:09:58

C:\WINDOWS\tsc.ini -->04/04/2007 16:41:21

C:\WINDOWS\tsc.ptn -->04/04/2007 16:34:36

C:\WINDOWS\vsapi32.dll -->04/04/2007 16:34:34

 

C:\WINDOWS\autoclk.exe |26/03/2007 22:05:55

C:\WINDOWS\bdoscandel.exe |25/05/2006 01:22:06

C:\WINDOWS\ciaunwdm.exe |17/02/2004 17:09:16

C:\WINDOWS\dsrmv.exe |17/05/2005 18:20:16

C:\WINDOWS\IsUn0407.exe |12/11/2004 18:28:33

C:\WINDOWS\IsUn040c.exe |14/08/2004 10:49:29

C:\WINDOWS\IsUninst.exe |08/08/2004 18:05:50

C:\WINDOWS\PATCH.EXE |04/04/2007 16:15:43

C:\WINDOWS\PCLock.exe |30/10/2005 15:09:17

C:\WINDOWS\runtsckl.exe |02/11/2005 18:07:12

C:\WINDOWS\slrundll.exe |20/08/2004 00:10:02

C:\WINDOWS\tsc.exe |04/04/2007 16:34:34

C:\WINDOWS\Twack_16.exe |17/09/2004 13:53:28

C:\WINDOWS\Twack_32.exe |17/09/2004 13:53:28

C:\WINDOWS\twunk_16.exe |24/04/2003 20:00:00

C:\WINDOWS\twunk_32.exe |24/04/2003 20:00:00

C:\WINDOWS\uneng.exe |08/08/2004 17:50:15

C:\WINDOWS\unin040c.exe |09/05/2006 19:49:13

C:\WINDOWS\uninst.exe |25/07/2005 20:23:06

C:\WINDOWS\UNINST32.EXE |12/03/2003 17:05:24

C:\WINDOWS\UNWISE.EXE |25/07/2005 20:29:08

C:\WINDOWS\ADE.DLL |05/12/2006 21:01:09

C:\WINDOWS\AuHCcup1.dll |23/07/1999 10:53:20

C:\WINDOWS\BPMNT.dll |04/04/2007 16:34:33

C:\WINDOWS\hcextoutput.dll |04/04/2007 16:34:34

C:\WINDOWS\icccodes.dll |29/12/2004 21:23:50

C:\WINDOWS\KPCP32.DLL |29/12/2004 21:25:00

C:\WINDOWS\KPFP32.DLL |29/12/2004 21:25:00

C:\WINDOWS\KPSCALE.DLL |29/12/2004 21:25:00

C:\WINDOWS\KPSHARP.DLL |29/12/2004 21:25:00

C:\WINDOWS\KPSYS32.DLL |29/12/2004 21:25:00

C:\WINDOWS\loadhttp.dll |15/10/2002 14:29:40

C:\WINDOWS\patchw32.dll |14/12/2001 13:34:46

C:\WINDOWS\PCDLIB32.DLL |17/09/2004 13:44:58

C:\WINDOWS\pfpick.dll |29/12/2004 21:25:00

C:\WINDOWS\PTPICK32.DLL |29/12/2004 21:23:50

C:\WINDOWS\SlantAdj.dll |05/12/2006 21:01:09

C:\WINDOWS\sprof32.dll |29/12/2004 21:23:50

C:\WINDOWS\SPWHPT.DLL |29/12/2004 21:25:00

C:\WINDOWS\TMUPDATE.DLL |04/04/2007 16:15:47

C:\WINDOWS\twain.dll |24/04/2003 20:00:00

C:\WINDOWS\twain_32.dll |24/04/2003 20:00:00

C:\WINDOWS\UNZIP.DLL |04/04/2007 16:15:45

C:\WINDOWS\vsapi32.dll |04/04/2007 16:34:33

C:\WINDOWS\vsnpstd3.dll |12/02/2007 17:35:57

C:\WINDOWS\system32\AcSignOpt.exe |05/03/2005 13:18:15

C:\WINDOWS\system32\ALIunFIR.exe |08/08/2004 17:41:26

C:\WINDOWS\system32\append.exe |24/04/2003 20:00:00

C:\WINDOWS\system32\asuninst.exe |08/03/2007 17:02:56

C:\WINDOWS\system32\aswBoot.exe |07/03/2007 13:44:53

C:\WINDOWS\system32\Ati2mdxx.exe |16/08/2002 00:18:28

C:\WINDOWS\system32\BCMWLD2K.EXE |08/08/2004 17:44:50

C:\WINDOWS\system32\BCMWLTRY.EXE |08/08/2004 17:45:08

C:\WINDOWS\system32\BCMWLU00.EXE |08/08/2004 17:44:50

C:\WINDOWS\system32\carpserv.exe |02/03/2006 01:19:03

C:\WINDOWS\system32\debug.exe |24/04/2003 20:00:00

C:\WINDOWS\system32\dosx.exe |24/04/2003 20:00:00

C:\WINDOWS\system32\dvdplay.exe |23/08/2001 18:47:34

C:\WINDOWS\system32\edlin.exe |24/04/2003 20:00:00

C:\WINDOWS\system32\exe2bin.exe |24/04/2003 20:00:00

C:\WINDOWS\system32\fastopen.exe |24/04/2003 20:00:00

C:\WINDOWS\system32\HPConfig.exe |08/08/2004 17:47:16

C:\WINDOWS\system32\java.exe |08/08/2004 17:39:18

C:\WINDOWS\system32\javaw.exe |08/08/2004 17:39:18

C:\WINDOWS\system32\mem.exe |24/04/2003 20:00:00

C:\WINDOWS\system32\mscdexnt.exe |24/04/2003 20:00:00

C:\WINDOWS\system32\nlsfunc.exe |24/04/2003 20:00:00

C:\WINDOWS\system32\nw16.exe |24/04/2003 20:00:00

C:\WINDOWS\system32\redir.exe |24/04/2003 20:00:00

C:\WINDOWS\system32\remove.exe |08/08/2004 17:41:26

C:\WINDOWS\system32\setver.exe |24/04/2003 20:00:00

C:\WINDOWS\system32\share.exe |24/04/2003 20:00:00

C:\WINDOWS\system32\slrundll.exe |20/08/2004 00:10:02

C:\WINDOWS\system32\slserv.exe |20/08/2004 00:10:02

C:\WINDOWS\system32\unaddrv.exe |26/03/2007 22:05:52

C:\WINDOWS\system32\usrmlnka.exe |23/08/2001 18:47:48

C:\WINDOWS\system32\usrprbda.exe |23/08/2001 18:47:48

C:\WINDOWS\system32\usrshuta.exe |23/08/2001 18:47:48

C:\WINDOWS\system32\UStorSrv.exe |07/12/2004 20:03:43

C:\WINDOWS\system32\vwipxspx.exe |24/04/2003 20:00:00

C:\WINDOWS\system32\WLTRYSVC.EXE |08/08/2004 17:45:08

C:\WINDOWS\system32\AcSignExt.dll |05/03/2005 13:18:09

C:\WINDOWS\system32\AcSignExtRes.dll |07/03/2005 19:00:01

C:\WINDOWS\system32\AcSignIcon.dll |05/03/2005 13:18:12

C:\WINDOWS\system32\ADADIX16.DLL |26/03/2007 22:05:52

C:\WINDOWS\system32\AdADIx2K.dll |26/03/2007 22:05:52

C:\WINDOWS\system32\AdADIx32.dll |26/03/2007 22:05:52

C:\WINDOWS\system32\amstream.dll |27/10/2006 19:49:32

C:\WINDOWS\system32\ati2cqag.dll |20/08/2004 00:09:19

C:\WINDOWS\system32\ati2dvaa.dll |20/08/2004 00:09:19

C:\WINDOWS\system32\ati2dvag.dll |16/08/2002 01:31:18

C:\WINDOWS\system32\ati2edxx.dll |15/05/2004 18:27:58

C:\WINDOWS\system32\ati3d1ag.dll |16/08/2002 00:44:26

C:\WINDOWS\system32\ati3d2ag.dll |16/08/2002 01:02:28

C:\WINDOWS\system32\ati3duag.dll |16/08/2002 01:12:58

C:\WINDOWS\system32\atiicdxx.dll |16/08/2002 00:18:28

C:\WINDOWS\system32\atiiiexx.dll |16/08/2002 00:18:28

C:\WINDOWS\system32\atioglxx.dll |16/08/2002 02:02:26

C:\WINDOWS\system32\atitvo32.dll |16/08/2002 00:25:08

C:\WINDOWS\system32\ativtmxx.dll |20/08/2004 00:09:19

C:\WINDOWS\system32\ativvaxx.dll |20/08/2004 00:09:19

C:\WINDOWS\system32\atmfd.dll |24/04/2003 20:00:00

C:\WINDOWS\system32\atmlib.dll |24/04/2003 20:00:00

C:\WINDOWS\system32\borlndmm.dll |26/10/2006 19:58:32

C:\WINDOWS\system32\btinstall.dll |01/04/2006 12:33:35

C:\WINDOWS\system32\carpdll.dll |02/03/2006 01:19:03

C:\WINDOWS\system32\CDDBControl.dll |04/04/2005 09:52:16

C:\WINDOWS\system32\CDDBControlRoxio.dll |27/08/2002 20:22:36

C:\WINDOWS\system32\CddbLangDE.dll |10/03/2005 12:06:58

C:\WINDOWS\system32\CddbLangES.dll |10/03/2005 12:06:58

C:\WINDOWS\system32\CddbLangFR.dll |10/03/2005 12:06:58

C:\WINDOWS\system32\CddbLangIT.dll |10/03/2005 12:06:58

C:\WINDOWS\system32\CddbLangJA.dll |10/03/2005 12:06:58

C:\WINDOWS\system32\CddbLangKO.dll |10/03/2005 12:06:58

C:\WINDOWS\system32\CddbLangNL.dll |10/03/2005 12:06:58

C:\WINDOWS\system32\CddbLangPT_BR.dll |10/03/2005 12:06:58

C:\WINDOWS\system32\CddbLangSV.dll |10/03/2005 12:06:58

C:\WINDOWS\system32\CddbLangTH.dll |10/03/2005 12:06:58

C:\WINDOWS\system32\CddbLangZH.dll |10/03/2005 12:06:58

C:\WINDOWS\system32\CddbLangZT.dll |10/03/2005 12:06:58

C:\WINDOWS\system32\CDDBUI.dll |04/04/2005 09:52:16

C:\WINDOWS\system32\CDDBUIRoxio.dll |27/08/2002 20:22:36

C:\WINDOWS\system32\cdral.dll |17/07/2003 00:19:56

C:\WINDOWS\system32\cdrtc.dll |17/07/2003 00:19:56

C:\WINDOWS\system32\clrviddc.dll |11/08/1998 14:18:52

C:\WINDOWS\system32\CmdLineExt03.dll |12/09/2004 16:36:50

C:\WINDOWS\system32\compatui.dll |24/04/2003 20:00:00

C:\WINDOWS\system32\CSH.DLL |15/07/2002 15:58:00

C:\WINDOWS\system32\decdnet.dll |11/08/1998 14:18:44

C:\WINDOWS\system32\dgrpsetu.dll |08/08/2004 18:09:38

C:\WINDOWS\system32\dgsetup.dll |08/08/2004 18:09:38

C:\WINDOWS\system32\eax.dll |26/10/2006 19:58:32

C:\WINDOWS\system32\EBPCHP.DLL |16/02/2007 19:16:48

C:\WINDOWS\system32\EBPMON24.DLL |16/02/2007 19:16:47

C:\WINDOWS\system32\ECBTEG.DLL |16/02/2007 19:16:48

C:\WINDOWS\system32\encdec.dll |24/04/2003 20:00:00

C:\WINDOWS\system32\EqnClass.Dll |08/08/2004 18:09:37

C:\WINDOWS\system32\esccm.dll |05/12/2006 20:36:45

C:\WINDOWS\system32\escimg.dll |05/12/2006 20:36:45

C:\WINDOWS\system32\escwiab.dll |05/12/2006 20:36:45

C:\WINDOWS\system32\ESDTR.dll |05/12/2006 20:36:44

C:\WINDOWS\system32\E_DCINST.DLL |16/02/2007 19:16:51

C:\WINDOWS\system32\E_SAGSET.DLL |16/02/2007 19:16:47

C:\WINDOWS\system32\ff_vfw.dll |03/03/2005 21:24:16

C:\WINDOWS\system32\fmod.dll |26/10/2006 19:58:33

C:\WINDOWS\system32\GEARAspi.dll |03/10/2006 19:47:52

C:\WINDOWS\system32\HPptp02.dll |12/03/2002 16:46:10

C:\WINDOWS\system32\hpzcoi09.dll |28/07/2003 14:12:06

C:\WINDOWS\system32\hpzcon09.dll |28/07/2003 14:12:56

C:\WINDOWS\system32\hpzlnt09.dll |28/07/2003 14:18:48

C:\WINDOWS\system32\HSFCI006.dll |14/04/2003 18:53:54

C:\WINDOWS\system32\hsfcisp2.dll |20/08/2004 00:09:27

C:\WINDOWS\system32\hsfinst.dll |08/08/2004 17:42:16

C:\WINDOWS\system32\hticons.dll |08/08/2004 17:17:10

C:\WINDOWS\system32\hypertrm.dll |17/11/2004 18:57:39

C:\WINDOWS\system32\iccvid.dll |24/04/2003 20:00:00

C:\WINDOWS\system32\INETWH32.dll |04/08/2000 14:25:30

C:\WINDOWS\system32\InstHpci.dll |08/08/2004 17:47:09

C:\WINDOWS\system32\isrdbg32.dll |08/08/2004 17:19:12

C:\WINDOWS\system32\jgaw400.dll |24/04/2003 20:00:00

C:\WINDOWS\system32\JGDW400.DLL |24/04/2003 20:00:00

C:\WINDOWS\system32\jgmd400.dll |24/04/2003 20:00:00

C:\WINDOWS\system32\JGPL400.DLL |24/04/2003 20:00:00

C:\WINDOWS\system32\jgsd400.dll |24/04/2003 20:00:00

C:\WINDOWS\system32\jgsh400.dll |24/04/2003 20:00:00

C:\WINDOWS\system32\lfbmp13n.dll |08/03/2006 20:37:49

C:\WINDOWS\system32\lfcmp13n.dll |08/03/2006 20:37:49

C:\WINDOWS\system32\lfgif13n.dll |08/03/2006 20:38:00

C:\WINDOWS\system32\ltdis13n.dll |08/03/2006 20:37:49

C:\WINDOWS\system32\ltefx13n.dll |08/03/2006 20:37:49

C:\WINDOWS\system32\ltfil13n.dll |08/03/2006 20:37:49

C:\WINDOWS\system32\ltimg13n.dll |08/03/2006 20:37:49

C:\WINDOWS\system32\ltkrn13n.dll |08/03/2006 20:37:49

C:\WINDOWS\system32\McGDMgr.dll |27/02/2006 20:18:28

C:\WINDOWS\system32\mcinsctl.dll |27/02/2006 20:17:38

C:\WINDOWS\system32\mdmxsdk.dll |02/03/2006 01:19:02

C:\WINDOWS\system32\mdwmdmsp.dll |23/08/2001 18:47:06

C:\WINDOWS\system32\MMSwitch.dll |15/11/2002 13:11:26

C:\WINDOWS\system32\msdmo.dll |17/08/2006 20:41:17

C:\WINDOWS\system32\msencode.dll |24/04/2003 20:00:00

C:\WINDOWS\system32\MSVCRT10.DLL |29/12/2004 21:23:51

C:\WINDOWS\system32\mtxparhd.dll |20/08/2004 00:09:35

C:\WINDOWS\system32\nv4_disp.dll |20/08/2004 00:09:36

C:\WINDOWS\system32\OPDSL.DLL |07/12/2004 20:03:44

C:\WINDOWS\system32\paqsp.dll |23/08/2001 18:47:16

C:\WINDOWS\system32\PCDLIB32.DLL |09/12/1998 02:53:58

C:\WINDOWS\system32\pdfcmnnt.dll |26/01/2007 15:52:30

C:\WINDOWS\system32\pixomatic.dll |26/10/2006 19:58:34

C:\WINDOWS\system32\pncrt.dll |11/08/1998 14:18:44

C:\WINDOWS\system32\pndx5016.dll |26/02/2006 22:12:16

C:\WINDOWS\system32\pndx5032.dll |26/02/2006 22:12:16

C:\WINDOWS\system32\psisdecd.dll |27/10/2006 19:50:16

C:\WINDOWS\system32\python21.dll |05/12/2006 21:03:25

C:\WINDOWS\system32\pythoncom21.dll |05/12/2006 21:03:25

C:\WINDOWS\system32\PyWinTypes21.dll |05/12/2006 21:03:25

C:\WINDOWS\system32\qedwipes.dll |27/10/2006 19:49:37

C:\WINDOWS\system32\RA3214_4.dll |11/08/1998 14:18:44

C:\WINDOWS\system32\ra3228_8.dll |11/08/1998 14:18:44

C:\WINDOWS\system32\ra32clv1.dll |11/08/1998 14:18:44

C:\WINDOWS\system32\ra32dnet.dll |11/08/1998 14:18:44

C:\WINDOWS\system32\ra32rv10.dll |11/08/1998 14:18:44

C:\WINDOWS\system32\ra32sipr.dll |11/08/1998 14:18:44

C:\WINDOWS\system32\rarv1032.dll |11/08/1998 14:18:44

C:\WINDOWS\system32\rmoc3260.dll |26/02/2006 22:12:33

C:\WINDOWS\system32\Roboex32.dll |07/11/2000 16:36:14

C:\WINDOWS\system32\s3gnb.dll |20/08/2004 00:09:39

C:\WINDOWS\system32\sbe.dll |24/04/2003 20:00:00

C:\WINDOWS\system32\scriptpw.dll |24/04/2003 20:00:00

C:\WINDOWS\system32\sh33w32.dll |17/09/2004 13:30:53

C:\WINDOWS\system32\slbcsp.dll |24/04/2003 20:00:00

C:\WINDOWS\system32\slbiop.dll |24/04/2003 20:00:00

C:\WINDOWS\system32\slbrccsp.dll |24/04/2003 20:00:00

C:\WINDOWS\system32\slcoinst.dll |20/08/2004 00:09:41

C:\WINDOWS\system32\slextspk.dll |20/08/2004 00:09:41

C:\WINDOWS\system32\slgen.dll |20/08/2004 00:09:41

C:\WINDOWS\system32\spnike.dll |23/08/2001 18:47:18

C:\WINDOWS\system32\sprio600.dll |23/08/2001 18:47:18

C:\WINDOWS\system32\sprio800.dll |23/08/2001 18:47:18

C:\WINDOWS\system32\spxcoins.dll |08/08/2004 18:09:37

C:\WINDOWS\system32\SynCOM.dll |08/08/2004 17:44:00

C:\WINDOWS\system32\SynCtrl.dll |08/08/2004 17:44:00

C:\WINDOWS\system32\SynTPAPI.dll |08/08/2004 17:44:01

C:\WINDOWS\system32\SynTPCo2.dll |04/11/2004 18:42:16

C:\WINDOWS\system32\SynTPCoI.dll |08/08/2004 17:44:01

C:\WINDOWS\system32\SynTPFcs.dll |08/08/2004 17:44:03

C:\WINDOWS\system32\tsd32.dll |24/04/2003 20:00:00

C:\WINDOWS\system32\usrcntra.dll |23/08/2001 18:47:20

C:\WINDOWS\system32\usrcoina.dll |23/08/2001 18:47:20

C:\WINDOWS\system32\usrdpa.dll |23/08/2001 18:47:20

C:\WINDOWS\system32\usrdtea.dll |23/08/2001 18:47:20

C:\WINDOWS\system32\usrfaxa.dll |23/08/2001 18:47:20

C:\WINDOWS\system32\usrlbva.dll |23/08/2001 18:47:20

C:\WINDOWS\system32\usrrtosa.dll |23/08/2001 18:47:20

C:\WINDOWS\system32\usrsdpia.dll |23/08/2001 18:47:20

C:\WINDOWS\system32\usrsvpia.dll |23/08/2001 18:47:20

C:\WINDOWS\system32\usrv42a.dll |23/08/2001 18:47:20

C:\WINDOWS\system32\usrv80a.dll |23/08/2001 18:47:20

C:\WINDOWS\system32\usrvoica.dll |23/08/2001 18:47:20

C:\WINDOWS\system32\usrvpa.dll |23/08/2001 18:47:20

C:\WINDOWS\system32\VSFilter.dll |12/08/2004 23:11:14

C:\WINDOWS\system32\wbsys.dll |07/04/2006 21:47:02

C:\WINDOWS\system32\win87em.dll |24/04/2003 20:00:00

C:\WINDOWS\system32\xmlparse.dll |12/09/2004 14:11:30

C:\WINDOWS\system32\xmltok.dll |12/09/2004 14:11:30

 

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est C8CA-DA6E

 

Répertoire de C:\WINDOWS\system32

 

20/08/2004 00:09 6 144 csrss.exe

1 fichier(s) 6 144 octets

0 Rép(s) 11 721 031 680 octets libres

 

Contenu de Downloaded Program Files

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est C8CA-DA6E

 

Répertoire de C:\WINDOWS\Downloaded Program Files

 

04/04/2007 16:15 <REP> .

04/04/2007 16:15 <REP> ..

07/12/2004 16:07 32 bdcore.dll

01/03/2005 14:08 118 784 bdupd.dll

25/06/2003 19:00 541 ca.pub

17/01/2006 17:11 580 663 daas_s.dll

08/08/2004 17:20 65 desktop.ini

28/10/2003 08:51 7 424 DjVuLite.inf

25/07/2002 17:13 24 576 dwusplay.dll

25/07/2002 17:13 196 608 dwusplay.exe

10/04/2000 17:12 1 765 fhg.inf

03/02/2006 11:20 188 416 fsauc.dll

16/06/2006 15:31 181 856 fscax.dll

15/06/2006 10:19 483 fscax.inf

17/01/2007 12:21 1 564 hardwaredetection.inf

25/02/2004 00:36 283 256 IDrop.ocx

25/02/2004 00:39 113 784 IDropENU.dll

07/03/2005 19:01 114 256 IDropFRA.dll

01/03/2005 14:08 53 248 ipsupd.dll

19/09/2003 14:22 299 008 isusweb.dll

08/08/2006 11:45 576 kavwebscan.inf

09/03/2005 15:42 6 742 lang.ini

11/12/2006 16:44 367 LegitCheckControl.inf

07/12/2004 16:07 32 libfn.dll

18/02/2005 16:22 126 live.ini

18/06/2003 18:01 691 McGDMgr.inf

19/05/2004 12:01 678 mcinsctl.inf

20/06/2006 15:44 379 704 MsnPUpld.dll

19/06/2006 14:40 393 MsnPUpld.inf

01/06/2006 02:57 1 331 oscan8.inf

01/06/2006 02:54 471 040 oscan8.ocx

31/05/2006 04:15 10 oscan81.ocx_x

20/06/2006 15:44 117 560 PURen-us.dll

31/05/2002 09:20 117 328 purfr-fr.dll

15/10/2004 07:59 110 592 PURfr-xx.dll

09/03/2005 15:43 6 828 scanoptions.tsi

08/12/2003 13:58 3 759 swflash.inf

15/01/2007 22:50 463 768 wlscBase.dll

15/01/2007 22:50 320 wlscBase.inf

02/11/2005 18:01 1 777 xscan.inf

02/11/2005 18:07 435 712 xscan53.ocx

39 fichier(s) 4 285 663 octets

 

Total des fichiers listés :

39 fichier(s) 4 285 663 octets

2 Rép(s) 11 721 027 584 octets libres

 

Recherche de rootkit! (Merci S!Ri)

 

Recherche d'infections connues

 

 

 

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006

http://www.gmer.net

 

scanning hidden processes ...

 

scanning hidden services ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????8?4?2?9??????? ???B???????????????B? ??????

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

Liste des programmes installes

 

Ad-Aware SE Personal

Adobe Flash Player 9 ActiveX

Adobe Photoshop CS

Adobe Reader 8 - Français

ALi FIR Driver

Analyseur et SDK MSXML 4.0 SP2

Apple Software Update

Archiveur WinRAR

ATI Control Panel

ATI Display Driver

AutoCAD 2006 - Français

Autodesk DWF Viewer

avast! Antivirus

Bink and Smacker

boutons One-Touch

Broadcom 802.11

CCleaner (remove only)

CleanBoot

Conexant 56K ACLink Modem

Conexant AC-Link Audio

Disc2Phone

Disque de souvenirs HP

DP8381x 10/100 PCI Network Adapter Driver

Easy CD & DVD Creator 6

Electronic Arts Game Updater

EPSON Copy Utility

EPSON Photo Print

EPSON Printer Software

EPSON Scan

EPSON Smart Panel

ffdshow

Google Earth

HijackThis 1.99.1

hp deskjet 5600

HP Photo and Imaging 2.0 - Deskjet Series

hp print screen utility

Huawei SmartAX MT810

InterVideo WinDVD

iTunes

iTunes

Java 2 Runtime Environment, SE v1.4.2

Kaspersky Online Scanner

L&H TTS3000 Français

Language pack for Ad-Aware SE

Lecteur Windows Media 11

Macromedia Flash Player 8

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 French Language Pack

Microsoft .NET Framework 1.1 Hotfix (KB886903)

Microsoft Office Access MUI (French) 2007

Microsoft Office Excel MUI (French) 2007

Microsoft Office InfoPath MUI (French) 2007

Microsoft Office Outlook MUI (French) 2007

Microsoft Office PowerPoint MUI (French) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (Arabic) 2007

Microsoft Office Proof (Dutch) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (French) 2007

Microsoft Office Publisher MUI (French) 2007

Microsoft Office Shared MUI (French) 2007

Microsoft Office Word MUI (French) 2007

Microsoft Software Update for Web Folders (French) 12

Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)

Mise à jour de sécurité pour Windows XP (KB904706)

Mozilla Firefox (2.0.0.3)

MRU-Blaster v1.5 (Database 3/28/2004)

MSN

MSXML 4.0 SP2 (KB927978)

Notebook Utilities

P2400P Guide de référence

PDFCreator

QuickTime

RealPlayer

Shockwave

Skype 3.0

Skype Plugin Manager

Sony Ericsson PC Suite 1.20.173

Spybot - Search & Destroy 1.4

Spyware Terminator

Sunbelt Kerio Personal Firewall

Synaptics Pointing Device Driver

Ulead Photo Explorer 8.0 SE Basic

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 7

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Media Format 11 runtime

XviD MPEG-4 Video Codec

Yahoo! Anti-Spy

Yahoo! Toolbar

Yahoo! Toolbar avec bloqueur de fenêtres pop-up

 

 

 

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est C8CA-DA6E

 

Répertoire de C:\Program Files

 

05/04/2007 16:45 <REP> .

05/04/2007 16:45 <REP> ..

19/02/2007 18:28 <REP> Adobe

24/09/2006 10:40 <REP> Alwil Software

26/05/2006 17:23 <REP> AnswerWorks 4.0

11/03/2007 23:49 <REP> Apple Software Update

05/04/2007 16:23 <REP> a-squared Anti-Malware

08/08/2004 17:45 <REP> ATI Technologies

26/05/2006 17:24 <REP> AutoCAD 2006

26/05/2006 17:08 <REP> Autodesk

25/01/2007 09:23 <REP> CCleaner

07/03/2007 16:39 <REP> CodeStuff

05/02/2007 10:27 <REP> Common files

08/08/2004 17:41 <REP> Company

08/08/2004 17:17 <REP> ComPlus Applications

08/08/2004 17:42 <REP> CONEXANT

21/10/2006 16:06 <REP> CyberLink

28/02/2007 14:02 <REP> Disc2Phone

16/02/2007 19:17 <REP> EPSON

06/04/2006 14:23 <REP> ffdshow

25/02/2007 17:59 <REP> Fichiers communs

03/04/2007 17:21 <REP> Google

19/02/2007 15:12 <REP> Hewlett-Packard

05/04/2007 18:04 <REP> hijackthis

19/02/2007 15:09 <REP> HP

08/08/2004 17:48 <REP> HPQ

26/03/2007 22:05 <REP> Huawei Technologies

01/03/2006 20:38 9 393 352 Install_MSN_Messenger.EXE

09/05/2006 19:49 <REP> InstallShield

20/03/2007 20:00 <REP> Internet Explorer

08/08/2004 17:46 <REP> InterVideo

02/04/2007 22:08 <REP> iPod

02/04/2007 22:08 <REP> iTunes

08/08/2004 17:39 <REP> Java

08/03/2007 20:47 <REP> Lavasoft

01/02/2007 13:26 <REP> LizardTech

01/03/2007 16:04 <REP> Messenger

08/08/2004 17:22 <REP> microsoft frontpage

26/02/2007 12:00 <REP> Microsoft Office

26/02/2007 11:59 <REP> Microsoft Visual Studio

26/02/2007 12:01 <REP> Microsoft Works

26/02/2007 11:57 <REP> Microsoft.NET

24/02/2007 21:35 <REP> Movie Maker

05/04/2007 16:06 <REP> Mozilla Firefox

09/03/2007 09:34 <REP> MRU-Blaster

26/02/2007 12:00 <REP> MSBuild

11/03/2006 19:43 <REP> MSN

08/08/2004 17:17 <REP> MSN Gaming Zone

25/02/2007 09:50 <REP> MSN Messenger

28/11/2006 18:14 <REP> MSXML 4.0

24/02/2007 21:30 <REP> NetMeeting

30/03/2006 09:51 <REP> Network Associates

21/11/2006 18:29 <REP> Nokia

08/08/2004 17:43 <REP> NSC

25/02/2007 15:41 <REP> Outlook Express

26/01/2007 15:53 <REP> PDFCreator

11/03/2007 23:52 <REP> QuickTime

18/06/2006 18:05 <REP> RADVideo

11/03/2006 20:00 <REP> Real

10/09/2004 14:03 <REP> Roxio

08/08/2004 17:20 <REP> Services en ligne

20/01/2007 13:34 <REP> Skype

09/12/2006 21:10 <REP> Smart Panel

21/10/2006 14:14 <REP> Sony Ericsson

10/03/2007 19:56 <REP> Spybot - Search & Destroy

05/04/2007 16:47 <REP> Spyware Terminator

01/03/2007 20:48 <REP> Sunbelt Software

08/08/2004 17:43 <REP> Synaptics

05/09/2006 20:46 <REP> Ulead Systems

19/02/2007 16:57 <REP> VideoLAN

05/09/2006 20:48 <REP> WIDCOMM

14/02/2007 18:51 <REP> Windows Live Safety Center

26/02/2007 17:49 <REP> Windows Media Connect 2

26/02/2007 17:54 <REP> Windows Media Player

24/02/2007 21:30 <REP> Windows NT

14/01/2007 23:35 <REP> WinRAR

12/06/2005 12:50 <REP> WON

08/08/2004 17:22 <REP> xerox

06/04/2006 14:24 <REP> XviD

05/02/2007 10:27 <REP> Yahoo!

1 fichier(s) 9 393 352 octets

79 Rép(s) 11 720 601 600 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est C8CA-DA6E

 

Répertoire de C:\Program Files\fichiers communs

 

25/02/2007 17:59 <REP> .

25/02/2007 17:59 <REP> ..

10/09/2004 13:57 <REP> Adaptec Shared

19/02/2007 18:28 <REP> Adobe

07/12/2006 19:15 <REP> Adobe Systems Shared

26/05/2006 17:23 <REP> Autodesk Shared

09/05/2006 20:01 <REP> Borland Shared

26/02/2007 11:59 <REP> Designer

17/09/2004 21:18 <REP> FotoWire

22/12/2004 22:10 <REP> InstallShield

08/08/2004 17:39 <REP> Java

17/05/2005 18:02 <REP> MGI Shared

26/02/2007 12:13 <REP> Microsoft Shared

08/08/2004 17:19 <REP> MSSoap

30/03/2006 09:51 <REP> Network Associates

19/11/2004 15:34 <REP> Nikon

08/08/2004 18:09 <REP> ODBC

05/12/2006 21:03 <REP> Python

26/02/2006 22:12 <REP> Real

10/09/2004 14:05 <REP> Roxio Shared

08/08/2004 17:19 <REP> Services

20/01/2007 13:34 <REP> Skype

08/08/2004 18:09 <REP> SpeechEngines

07/04/2006 21:47 <REP> Stardock

28/05/2006 14:05 <REP> Symantec Shared

26/02/2007 12:11 <REP> System

21/10/2006 14:15 <REP> Teleca Shared

21/10/2006 16:07 <REP> Ulead Systems

0 fichier(s) 0 octets

28 Rép(s) 11 720 601 600 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est C8CA-DA6E

 

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

 

26/02/2007 12:11 <REP> .

26/02/2007 12:11 <REP> ..

11/08/2004 15:43 <REP> 1033

26/02/2007 12:13 <REP> 1036

26/10/2006 19:49 970 528 MSONSEXT.DLL

26/10/2006 20:12 40 256 MSOSV.DLL

03/06/1999 13:09 122 937 MSOWS409.DLL

07/03/2001 08:00 127 033 MSOWS40c.DLL

22/01/2001 02:25 86 016 PKMWS.DLL

5 fichier(s) 1 346 770 octets

4 Rép(s) 11 720 601 600 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est C8CA-DA6E

 

Répertoire de C:\Program Files\common files

 

05/02/2007 10:27 <REP> .

05/02/2007 10:27 <REP> ..

05/02/2007 10:27 <REP> Scanner

0 fichier(s) 0 octets

3 Rép(s) 11 720 601 600 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est C8CA-DA6E

 

Répertoire de C:\

 

11/11/2001 00:00 68 096 diff.exe

27/08/2006 14:10 103 424 grep.exe

2 fichier(s) 171 520 octets

0 Rép(s) 11 720 597 504 octets libres

c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.1.1.5\iTunesSetupAdmin.exe

c:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe

c:\Documents and Settings\MERAHI Youcef\.housecall6.6\getMac.exe

c:\Documents and Settings\MERAHI Youcef\.housecall6.6\patch.exe

c:\Documents and Settings\MERAHI Youcef\.housecall6.6\tsc.exe

c:\Documents and Settings\MERAHI Youcef\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe

c:\Documents and Settings\MERAHI Youcef\Bureau\DiagHelp\catchme.exe

c:\Documents and Settings\MERAHI Youcef\Bureau\DiagHelp\diff.exe

c:\Documents and Settings\MERAHI Youcef\Bureau\DiagHelp\dumphive.exe

c:\Documents and Settings\MERAHI Youcef\Bureau\DiagHelp\FilesInfoCmd.exe

c:\Documents and Settings\MERAHI Youcef\Bureau\DiagHelp\Fport.exe

c:\Documents and Settings\MERAHI Youcef\Bureau\DiagHelp\grep.exe

c:\Documents and Settings\MERAHI Youcef\Bureau\DiagHelp\LFiles.exe

c:\Documents and Settings\MERAHI Youcef\Bureau\DiagHelp\LISTDLLS.exe

c:\Documents and Settings\MERAHI Youcef\Bureau\DiagHelp\pslist.exe

c:\Documents and Settings\MERAHI Youcef\Bureau\DiagHelp\streams.exe

c:\Documents and Settings\MERAHI Youcef\Bureau\DiagHelp\swreg.exe

c:\Documents and Settings\MERAHI Youcef\Bureau\logi\a2AntiMalwareSetup.exe

c:\Documents and Settings\MERAHI Youcef\Bureau\logi\antivir_workstation_win7u_en_h.exe

c:\Documents and Settings\MERAHI Youcef\Bureau\logi\antivir-personal-edition-7_antivir_personal_edition_classic_7_7.00.03.02_anglais_10821.exe

c:\Documents and Settings\MERAHI Youcef\Bureau\logi\avgas-setup-7.5.0.50.exe

c:\Documents and Settings\MERAHI Youcef\Bureau\logi\iTunesSetup.exe

c:\Documents and Settings\MERAHI Youcef\Bureau\logi\keygen.exe

c:\Documents and Settings\MERAHI Youcef\Bureau\logi\kis6.0.2.614fr.exe

c:\Documents and Settings\MERAHI Youcef\Bureau\logi\mozilla-firefox_mozilla_firefox_2.0.0.2_francais_11003.exe

c:\Documents and Settings\MERAHI Youcef\Bureau\logi\pci_filerecovery.exe

c:\Documents and Settings\MERAHI Youcef\Bureau\logi\setupfre.exe

c:\Documents and Settings\MERAHI Youcef\Bureau\logi\spybotsd14.exe

c:\Documents and Settings\MERAHI Youcef\Bureau\logi\spyware-terminator_spyware_terminator_1.8.1.965_francais_28354.exe

c:\Documents and Settings\MERAHI Youcef\Bureau\logi\sunbelt-personal-firewall.exe

c:\Documents and Settings\MERAHI Youcef\Bureau\logi\wmp11-windowsxp-x86-FR-FR.exe

c:\Documents and Settings\MERAHI Youcef\Bureau\logi\Craagle\Craagle\Craagle.exe

c:\Documents and Settings\MERAHI Youcef\Bureau\logi\RegSeeker\RegSeeker.exe

c:\Documents and Settings\MERAHI Youcef\Bureau\patrimoine\euromed\AUTORUN.EXE

c:\Documents and Settings\MERAHI Youcef\Bureau\usb\Nouveau dossier\fr\TCF\TCF_SO_Demo_Partie1.exe

c:\Documents and Settings\MERAHI Youcef\Bureau\usb\Nouveau dossier\fr\TCF\TCF_SO_Demo_Partie2.exe

c:\Documents and Settings\MERAHI Youcef\Mes documents\HijackThis.exe

c:\Documents and Settings\MERAHI Youcef\Mes documents\ferhat\Install_Messenger.exe

c:\Documents and Settings\MERAHI Youcef\Mes documents\ferhat\wrar362fr.exe

c:\Documents and Settings\MERAHI Youcef\Mes documents\ferhat\Mes_Jeux_Phone\Phone ^^\Geopod\Geopod\keygen.exe

c:\Documents and Settings\MERAHI Youcef\Mes documents\ferhat\Mes_Jeux_Phone\Phone ^^\MGS-Silverball_v1.60\Silverball_v1.60\keygen.exe

c:\Documents and Settings\MERAHI Youcef\Mes documents\ferhat\Mes_Jeux_Phone\Phone ^^\MGSkarting_cracked\karting\keygen.exe

c:\Documents and Settings\MERAHI Youcef\Mes documents\ferhat\Mes_Jeux_Phone\Phone ^^\MVRPool\MVRPool\keygen.exe

c:\Documents and Settings\MERAHI Youcef\Mes documents\ferhat\Mes_Jeux_Phone\Phone ^^\Tennis Maniac\keygen.exe

c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll

c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll

c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

c:\Documents and Settings\MERAHI Youcef\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll

c:\Documents and Settings\MERAHI Youcef\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll

c:\Documents and Settings\MERAHI Youcef\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll

 

Liste des drivers...

 

< Service Pack 2 4 5 2007 19:11:30.500

< Pilote charg' \WINDOWS\system32\ntoskrnl.exe

< Pilote charg' \WINDOWS\system32\hal.dll

< Pilote charg' \WINDOWS\system32\KDCOM.DLL

< Pilote charg' \WINDOWS\system32\BOOTVID.dll

< Pilote charg' sptd.sys

< Pilote charg' \WINDOWS\System32\Drivers\WMILIB.SYS

< Pilote charg' \WINDOWS\System32\Drivers\SPTD8013.SYS

< Pilote charg' ACPI.sys

< Pilote charg' pci.sys

< Pilote charg' isapnp.sys

< Pilote charg' ohci1394.sys

< Pilote charg' \WINDOWS\System32\DRIVERS\1394BUS.SYS

< Pilote charg' compbatt.sys

< Pilote charg' \WINDOWS\System32\DRIVERS\BATTC.SYS

< Pilote charg' aliide.sys

< Pilote charg' \WINDOWS\System32\DRIVERS\PCIIDEX.SYS

< Pilote charg' pcmcia.sys

< Pilote charg' MountMgr.sys

< Pilote charg' ftdisk.sys

< Pilote charg' dmload.sys

< Pilote charg' dmio.sys

< Pilote charg' ACPIEC.sys

< Pilote charg' \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS

< Pilote charg' PartMgr.sys

< Pilote charg' VolSnap.sys

< Pilote charg' atapi.sys

< Pilote charg' disk.sys

< Pilote charg' \WINDOWS\System32\DRIVERS\CLASSPNP.SYS

< Pilote charg' fltmgr.sys

< Pilote charg' sr.sys

< Pilote charg' KSecDD.sys

< Pilote charg' Ntfs.sys

< Pilote charg' NDIS.sys

< Pilote charg' sfhlp01.sys

< Pilote charg' prosync1.sys

< Pilote charg' \WINDOWS\System32\drivers\SCSIPORT.SYS

< Pilote charg' prohlp02.sys

< Pilote charg' Mup.sys

< Pilote charg' BTHidMgr.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\intelppm.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\ati2mtag.sys

< Pilote charg' \SystemRoot\system32\drivers\calihal.sys

< Pilote charg' \SystemRoot\system32\drivers\caliaud.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\i8042prt.sys

< Pilote charg' \SystemRoot\System32\Drivers\DKbFltr.SYS

< Pilote charg' \SystemRoot\System32\DRIVERS\kbdclass.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\SynTP.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\mouclass.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\fdc.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\parport.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\aliirda.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\irenum.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\hpci.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\HSFHWALI.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\HSF_DP.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\HSF_CNXT.sys

< Pilote charg' \SystemRoot\System32\Drivers\Modem.SYS

< Pilote charg' \SystemRoot\System32\DRIVERS\usbuhci.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\usbehci.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\nic1394.sys

< Pilote charg' \SystemRoot\System32\Drivers\AFS2K.SYS

< Pilote charg' \SystemRoot\system32\drivers\pfc.sys

< Pilote charg' \SystemRoot\System32\Drivers\Cdr4_xp.SYS

< Pilote charg' \SystemRoot\System32\DRIVERS\cdrom.sys

< Pilote charg' \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys

< Pilote charg' \SystemRoot\System32\Drivers\Cdralw2k.SYS

< Pilote charg' \SystemRoot\System32\Drivers\pwd_2k.SYS

< Pilote charg' \SystemRoot\System32\DRIVERS\DP83815.SYS

< Pilote charg' \SystemRoot\System32\DRIVERS\CmBatt.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\audstub.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\rasirda.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\rasl2tp.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\ndistapi.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\ndiswan.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\raspppoe.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\raspptp.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\msgpc.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\psched.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\ptilink.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\raspti.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\rdpdr.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\termdd.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\swenum.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\update.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\mssmbios.sys

< Pilote charg' \SystemRoot\System32\Drivers\mmc_2K.SYS

< Pilote charg' \SystemRoot\System32\Drivers\NDProxy.SYS

< Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\NDProxy.SYS

< Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\NDProxy.SYS

< Pilote charg' \SystemRoot\System32\DRIVERS\flpydisk.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\usbhub.sys

< Pilote charg' \SystemRoot\system32\drivers\MODEMCSA.sys

< Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\lbrtfdc.SYS

< Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\Sfloppy.SYS

< Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\i2omgmt.SYS

< Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\Changer.SYS

< Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\Cdaudio.SYS

< Pilote charg' \SystemRoot\System32\Drivers\Fs_Rec.SYS

< Pilote charg' \SystemRoot\System32\Drivers\Null.SYS

< Pilote charg' \SystemRoot\System32\Drivers\Beep.SYS

< Pilote charg' \SystemRoot\System32\drivers\vga.sys

< Pilote charg' \SystemRoot\System32\Drivers\mnmdd.SYS

< Pilote charg' \SystemRoot\System32\DRIVERS\RDPCDD.sys

< Pilote charg' \SystemRoot\System32\Drivers\cdudf_xp.SYS

< Pilote charg' \SystemRoot\system32\drivers\fwdrv.sys

< Pilote charg' \SystemRoot\System32\Drivers\Msfs.SYS

< Pilote charg' \SystemRoot\System32\Drivers\Npfs.SYS

< Pilote charg' \SystemRoot\System32\Drivers\UdfReadr_xp.SYS

< Pilote charg' \SystemRoot\System32\DRIVERS\rasacd.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\ipsec.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\tcpip.sys

< Pilote charg' \SystemRoot\System32\Drivers\aswTdi.SYS

< Pilote charg' \SystemRoot\System32\DRIVERS\netbt.sys

< Pilote charg' \SystemRoot\System32\drivers\afd.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\netbios.sys

< Le pilote n'a pas 't' charg' \SystemRoot\System32\DRIVERS\processr.sys

< Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\PCIDump.SYS

< Pilote charg' \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\ipnat.sys

< Le pilote n'a pas 't' charg' \SystemRoot\System32\DRIVERS\redbook.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\rdbss.sys

< Pilote charg' \SystemRoot\System32\drivers\prodrv06.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\mrxsmb.sys

< Pilote charg' \SystemRoot\System32\Drivers\adildr.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\wanarp.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\arp1394.sys

< Pilote charg' \SystemRoot\system32\drivers\khips.sys

< Le pilote n'a pas 't' charg' \SystemRoot\System32\DRIVERS\imapi.sys

< Pilote charg' \SystemRoot\System32\Drivers\Fips.SYS

< Pilote charg' \SystemRoot\System32\Drivers\Aavmker4.SYS

< Pilote charg' \SystemRoot\System32\DRIVERS\adiusbae.sys

< Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\adildr.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\irda.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\ndisuio.sys

< Le pilote n'a pas 't' charg' \SystemRoot\System32\DRIVERS\rdbss.sys

< Le pilote n'a pas 't' charg' \SystemRoot\System32\DRIVERS\mrxsmb.sys

< Pilote charg' \SystemRoot\System32\DRIVERS\mrxdav.sys

< Pilote charg' \SystemRoot\System32\Drivers\ParVdm.SYS

< Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\Serial.SYS

< Pilote charg' \SystemRoot\System32\Drivers\aswMon2.SYS

< Pilote charg' \SystemRoot\system32\drivers\wdmaud.sys

< Pilote charg' \SystemRoot\system32\drivers\sysaudio.sys

< Pilote charg' \SystemRoot\system32\drivers\splitter.sys

< Pilote charg' \SystemRoot\system32\drivers\aec.sys

< Pilote charg' \SystemRoot\system32\drivers\swmidi.sys

< Pilote charg' \SystemRoot\system32\drivers\DMusic.sys

< Pilote charg' \SystemRoot\system32\drivers\kmixer.sys

< Pilote charg' \SystemRoot\system32\drivers\drmkaud.sys

Lien vers le commentaire
Partager sur d’autres sites
Malekal_morte Godlike Member

Malekal_morte

Posté(e)
Posté(e)

Ouvre internet explorer --> Outils --> Options internet --> onglet "sécurité" --> Valide "niveau par défaut".

Toujours sur Internet explorer --> Outils --> Options internet --> onglet "avancé" --> valide "Paramètres par défaut".

 

Pour effectuer les scans, désactive ton antivirus, logiciels de protections et logiciels pouvant bloquer les popups (barres Google, barres Yahoo etc..).

 

Scan en ligne avec Kaspersky :

- Fais un Scan en ligne sur Kaspersky en utilisant Internet Explorer et pas firefox, ça ne marchera pas!.

- Si tu es perdu, tu peux suivre cette aide pour les scans en ligne

- Scan le poste de travail

- Copie/colle le rapport du scan ici

 

Note : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", vas dans Ajout/Suppression de programmes et désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

 

Si le scan avec Kaspersky ne fonctionne pas, tu peux faire un scan en ligne avec Panda :

- Fais un scan avec panda en désactivant ton antivirus pendant le scan!

(Si tu es perdu, tu peux suivre cette aide pour les scans en ligne)

- Copie/colle le rapport panda ici

Lien vers le commentaire
Partager sur d’autres sites
Malekal_morte Godlike Member

Malekal_morte

Posté(e)
Posté(e)

Télécharge gmer à partir de l'une de ces adresses :

http://www.gmer.net

 

Déconnecte toi d'internet si possible et ferme tous les programmes.

Décompresse le fichier zip et double-clic sur gmer.exe

IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

Clic sur l'onglet "rootkit"

A droite, coche "Files" et "Services"

Clic sur Scan

Lorsque le scan est terminé, clic sur "copy"

 

Ouvre le bloc-note et clic sur le Menu Edition / Coller

Le rapport doit alors apparaître.

Enregistre le fichier sur ton bureau et copie/colle le contenu ici.

Lien vers le commentaire
Partager sur d’autres sites
diaph16 Member

diaph16

Posté(e)
  • Auteur
Posté(e)

J'ai eu un message d'erreur me disant gmer doit fermer et je crois que gmer a trouvé un rootkit, voilà le rapport

 

GMER 1.0.12.12086 - http://www.gmer.net

Rootkit scan 2007-04-05 20:11:57

Windows 5.1.2600 Service Pack 2

 

 

---- System - GMER 1.0.12 ----

 

SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwClose

SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateFile

SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateKey

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcess

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcessEx

SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateSection

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateThread

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteFile

SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteKey

SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey

SSDT sptd.sys ZwEnumerateKey

SSDT sptd.sys ZwEnumerateValueKey

SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwLoadDriver

SSDT \SystemRoot\system32\drivers\khips.sys ZwMapViewOfSection

SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwOpenFile

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenKey

SSDT sptd.sys ZwQueryKey

SSDT sptd.sys ZwQueryValueKey

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwResumeThread

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetInformationFile

SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetValueKey

SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess

SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwWriteFile

 

---- Kernel code sections - GMER 1.0.12 ----

 

? C:\WINDOWS\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.

? C:\WINDOWS\System32\Drivers\SPTD8013.SYS Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.

PAGENDSM NDIS.sys!NdisMIndicateStatus F73DDA5F 6 Bytes JMP F2890C5E \SystemRoot\system32\drivers\fwdrv.sys

 

---- User code sections - GMER 1.0.12 ----

 

.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608

.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC

.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720

.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text C:\WINDOWS\system32\HPConfig.exe[528] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\WINDOWS\system32\HPConfig.exe[528] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\WINDOWS\system32\HPConfig.exe[528] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\WINDOWS\system32\HPConfig.exe[528] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\WINDOWS\system32\HPConfig.exe[528] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\WINDOWS\system32\HPConfig.exe[528] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\WINDOWS\system32\HPConfig.exe[528] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\WINDOWS\system32\HPConfig.exe[528] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\WINDOWS\system32\HPConfig.exe[528] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\WINDOWS\system32\HPConfig.exe[528] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\WINDOWS\system32\HPConfig.exe[528] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\WINDOWS\system32\HPConfig.exe[528] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\WINDOWS\system32\HPConfig.exe[528] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608

.text C:\WINDOWS\system32\HPConfig.exe[528] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC

.text C:\WINDOWS\system32\HPConfig.exe[528] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720

.text C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE[536] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE[536] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE[536] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE[536] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE[536] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE[536] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE[536] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE[536] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE[536] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE[536] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE[536] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE[536] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE[536] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608

.text C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE[536] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC

.text C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE[536] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00030004

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0003011C

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000304F0

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0003057C

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000303D8

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0003034C

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00030464

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00030608

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000307AC

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00030720

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000308C4

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00030838

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] WS2_32.dll!connect 719F406A 5 Bytes JMP 00030950

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00030F54

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00030FE0

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00030D24

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00030DB0

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00030E3C

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00030EC8

.text C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe[556] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe[556] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe[556] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe[556] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe[556] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe[556] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe[556] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe[556] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe[556] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe[556] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe[556] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe[556] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe[556] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608

.text C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe[556] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC

.text C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe[556] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720

.text C:\Program Files\Spyware Terminator\sp_rsser.exe[800] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\Spyware Terminator\sp_rsser.exe[800] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\Spyware Terminator\sp_rsser.exe[800] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\Spyware Terminator\sp_rsser.exe[800] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\Spyware Terminator\sp_rsser.exe[800] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\Spyware Terminator\sp_rsser.exe[800] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Program Files\Spyware Terminator\sp_rsser.exe[800] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Program Files\Spyware Terminator\sp_rsser.exe[800] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Program Files\Spyware Terminator\sp_rsser.exe[800] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Program Files\Spyware Terminator\sp_rsser.exe[800] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Program Files\Spyware Terminator\sp_rsser.exe[800] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Program Files\Spyware Terminator\sp_rsser.exe[800] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Program Files\Spyware Terminator\sp_rsser.exe[800] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608

.text C:\Program Files\Spyware Terminator\sp_rsser.exe[800] user32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC

.text C:\Program Files\Spyware Terminator\sp_rsser.exe[800] user32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720

.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8

.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090

.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694

.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0

.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234

.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00160004

.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0016011C

.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001604F0

.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!CreateThread 7C810637 5 Bytes JMP 0016057C

.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001603D8

.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0016034C

.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!WinExec 7C86136D 5 Bytes JMP 00160464

.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00160608

.text C:\WINDOWS\system32\csrss.exe[812] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001607AC

.text C:\WINDOWS\system32\csrss.exe[812] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00160720

.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[856] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[856] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[856] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[856] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[856] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[856] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[856] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[856] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[856] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[856] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[856] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[856] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[856] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608

.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[856] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC

.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[856] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\svchost.exe[892] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\svchost.exe[892] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720

.text C:\WINDOWS\system32\UStorSrv.exe[968] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\WINDOWS\system32\UStorSrv.exe[968] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\WINDOWS\system32\UStorSrv.exe[968] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\WINDOWS\system32\UStorSrv.exe[968] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\WINDOWS\system32\UStorSrv.exe[968] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\WINDOWS\system32\UStorSrv.exe[968] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\WINDOWS\system32\UStorSrv.exe[968] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\WINDOWS\system32\UStorSrv.exe[968] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\WINDOWS\system32\UStorSrv.exe[968] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\WINDOWS\system32\UStorSrv.exe[968] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\WINDOWS\system32\UStorSrv.exe[968] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\WINDOWS\system32\UStorSrv.exe[968] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\WINDOWS\system32\UStorSrv.exe[968] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608

.text C:\WINDOWS\system32\UStorSrv.exe[968] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC

.text C:\WINDOWS\system32\UStorSrv.exe[968] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720

.text C:\WINDOWS\system32\UStorSrv.exe[968] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text C:\WINDOWS\system32\UStorSrv.exe[968] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text C:\WINDOWS\system32\UStorSrv.exe[968] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text C:\WINDOWS\system32\winlogon.exe[1024] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8

.text C:\WINDOWS\system32\winlogon.exe[1024] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090

.text C:\WINDOWS\system32\winlogon.exe[1024] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694

.text C:\WINDOWS\system32\winlogon.exe[1024] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0

.text C:\WINDOWS\system32\winlogon.exe[1024] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234

.text C:\WINDOWS\system32\winlogon.exe[1024] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004

.text C:\WINDOWS\system32\winlogon.exe[1024] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C

.text C:\WINDOWS\system32\winlogon.exe[1024] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0

.text C:\WINDOWS\system32\winlogon.exe[1024] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C

.text C:\WINDOWS\system32\winlogon.exe[1024] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8

.text C:\WINDOWS\system32\winlogon.exe[1024] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C

.text C:\WINDOWS\system32\winlogon.exe[1024] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464

.text C:\WINDOWS\system32\winlogon.exe[1024] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608

.text C:\WINDOWS\system32\winlogon.exe[1024] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000707AC

.text C:\WINDOWS\system32\winlogon.exe[1024] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00070720

.text C:\WINDOWS\system32\winlogon.exe[1024] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000708C4

.text C:\WINDOWS\system32\winlogon.exe[1024] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00070838

.text C:\WINDOWS\system32\winlogon.exe[1024] WS2_32.dll!connect 719F406A 5 Bytes JMP 00070950

.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\services.exe[1072] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\services.exe[1072] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720

.text C:\WINDOWS\system32\services.exe[1072] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text C:\WINDOWS\system32\services.exe[1072] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text C:\WINDOWS\system32\services.exe[1072] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\lsass.exe[1084] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\lsass.exe[1084] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720

.text C:\WINDOWS\system32\lsass.exe[1084] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text C:\WINDOWS\system32\lsass.exe[1084] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text C:\WINDOWS\system32\lsass.exe[1084] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text C:\WINDOWS\system32\BCMWLTRY.EXE[1132] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\WINDOWS\system32\BCMWLTRY.EXE[1132] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\WINDOWS\system32\BCMWLTRY.EXE[1132] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\WINDOWS\system32\BCMWLTRY.EXE[1132] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\WINDOWS\system32\BCMWLTRY.EXE[1132] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\WINDOWS\system32\BCMWLTRY.EXE[1132] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\WINDOWS\system32\BCMWLTRY.EXE[1132] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\WINDOWS\system32\BCMWLTRY.EXE[1132] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\WINDOWS\system32\BCMWLTRY.EXE[1132] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\WINDOWS\system32\BCMWLTRY.EXE[1132] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\WINDOWS\system32\BCMWLTRY.EXE[1132] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\WINDOWS\system32\BCMWLTRY.EXE[1132] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\WINDOWS\system32\BCMWLTRY.EXE[1132] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608

.text C:\WINDOWS\system32\BCMWLTRY.EXE[1132] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC

.text C:\WINDOWS\system32\BCMWLTRY.EXE[1132] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720

.text C:\WINDOWS\system32\WLTRYSVC.EXE[1180] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\WINDOWS\system32\WLTRYSVC.EXE[1180] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\WINDOWS\system32\WLTRYSVC.EXE[1180] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\WINDOWS\system32\WLTRYSVC.EXE[1180] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\WINDOWS\system32\WLTRYSVC.EXE[1180] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\WINDOWS\system32\WLTRYSVC.EXE[1180] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\WINDOWS\system32\WLTRYSVC.EXE[1180] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\WINDOWS\system32\WLTRYSVC.EXE[1180] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\WINDOWS\system32\WLTRYSVC.EXE[1180] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\WINDOWS\system32\WLTRYSVC.EXE[1180] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\WINDOWS\system32\WLTRYSVC.EXE[1180] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\WINDOWS\system32\WLTRYSVC.EXE[1180] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\WINDOWS\system32\WLTRYSVC.EXE[1180] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608

.text C:\WINDOWS\system32\WLTRYSVC.EXE[1180] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC

.text C:\WINDOWS\system32\WLTRYSVC.EXE[1180] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720

.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\svchost.exe[1236] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\svchost.exe[1236] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720

.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text C:\WINDOWS\system32\MsPMSPSv.exe[1244] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\WINDOWS\system32\MsPMSPSv.exe[1244] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\WINDOWS\system32\MsPMSPSv.exe[1244] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\WINDOWS\system32\MsPMSPSv.exe[1244] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\WINDOWS\system32\MsPMSPSv.exe[1244] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\WINDOWS\system32\MsPMSPSv.exe[1244] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\WINDOWS\system32\MsPMSPSv.exe[1244] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\WINDOWS\system32\MsPMSPSv.exe[1244] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\WINDOWS\system32\MsPMSPSv.exe[1244] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\WINDOWS\system32\MsPMSPSv.exe[1244] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\WINDOWS\system32\MsPMSPSv.exe[1244] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\WINDOWS\system32\MsPMSPSv.exe[1244] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\WINDOWS\system32\MsPMSPSv.exe[1244] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608

.text C:\WINDOWS\system32\MsPMSPSv.exe[1244] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC

.text C:\WINDOWS\system32\MsPMSPSv.exe[1244] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720

.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\svchost.exe[1296] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\svchost.exe[1296] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720

.text C:\WINDOWS\system32\svchost.exe[1296] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text C:\WINDOWS\system32\svchost.exe[1296] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text C:\WINDOWS\system32\svchost.exe[1296] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\svchost.exe[1336] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\svchost.exe[1336] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720

.text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text C:\WINDOWS\system32\svchost.exe[1336] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00080F54

.text C:\WINDOWS\system32\svchost.exe[1336] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00080FE0

.text C:\WINDOWS\system32\svchost.exe[1336] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00080D24

.text C:\WINDOWS\system32\svchost.exe[1336] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00080DB0

.text C:\WINDOWS\system32\svchost.exe[1336] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00080E3C

.text C:\WINDOWS\system32\svchost.exe[1336] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00080EC8

.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\svchost.exe[1384] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\svchost.exe[1384] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720

.text C:\WINDOWS\system32\svchost.exe[1384] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text C:\WINDOWS\system32\svchost.exe[1384] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text C:\WINDOWS\system32\svchost.exe[1384] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720

.text C:\WINDOWS\system32\svchost.exe[1496] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text C:\WINDOWS\system32\svchost.exe[1496] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text C:\WINDOWS\system32\svchost.exe[1496] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text C:\WINDOWS\system32\svchost.exe[1496] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00080F54

.text C:\WINDOWS\system32\svchost.exe[1496] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00080FE0

.text C:\WINDOWS\system32\svchost.exe[1496] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00080D24

.text C:\WINDOWS\system32\svchost.exe[1496] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00080DB0

.text C:\WINDOWS\system32\svchost.exe[1496] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00080E3C

.text C:\WINDOWS\system32\svchost.exe[1496] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00080EC8

.text C:\Program Files\QuickTime\qttask.exe[1680] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\QuickTime\qttask.exe[1680] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\QuickTime\qttask.exe[1680] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\QuickTime\qttask.exe[1680] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\QuickTime\qttask.exe[1680] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\QuickTime\qttask.exe[1680] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Program Files\QuickTime\qttask.exe[1680] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Program Files\QuickTime\qttask.exe[1680] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Program Files\QuickTime\qttask.exe[1680] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Program Files\QuickTime\qttask.exe[1680] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Program Files\QuickTime\qttask.exe[1680] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Program Files\QuickTime\qttask.exe[1680] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Program Files\QuickTime\qttask.exe[1680] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608

.text C:\Program Files\QuickTime\qttask.exe[1680] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC

.text C:\Program Files\QuickTime\qttask.exe[1680] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720

.text C:\Program Files\iTunes\iTunesHelper.exe[1916] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\iTunes\iTunesHelper.exe[1916] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\iTunes\iTunesHelper.exe[1916] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\iTunes\iTunesHelper.exe[1916] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\iTunes\iTunesHelper.exe[1916] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\iTunes\iTunesHelper.exe[1916] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Program Files\iTunes\iTunesHelper.exe[1916] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Program Files\iTunes\iTunesHelper.exe[1916] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Program Files\iTunes\iTunesHelper.exe[1916] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Program Files\iTunes\iTunesHelper.exe[1916] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Program Files\iTunes\iTunesHelper.exe[1916] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Program Files\iTunes\iTunesHelper.exe[1916] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Program Files\iTunes\iTunesHelper.exe[1916] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608

.text C:\Program Files\iTunes\iTunesHelper.exe[1916] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00130F54

.text C:\Program Files\iTunes\iTunesHelper.exe[1916] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00130FE0

.text C:\Program Files\iTunes\iTunesHelper.exe[1916] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00130D24

.text C:\Program Files\iTunes\iTunesHelper.exe[1916] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00130DB0

.text C:\Program Files\iTunes\iTunesHelper.exe[1916] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00130E3C

.text C:\Program Files\iTunes\iTunesHelper.exe[1916] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00130EC8

.text C:\Program Files\iTunes\iTunesHelper.exe[1916] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC

.text C:\Program Files\iTunes\iTunesHelper.exe[1916] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720

.text C:\WINDOWS\explorer.exe[1956] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text C:\WINDOWS\explorer.exe[1956] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text C:\WINDOWS\explorer.exe[1956] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text C:\WINDOWS\explorer.exe[1956] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text C:\WINDOWS\explorer.exe[1956] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text C:\WINDOWS\explorer.exe[1956] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004

.text C:\WINDOWS\explorer.exe[1956] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C

.text C:\WINDOWS\explorer.exe[1956] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0

.text C:\WINDOWS\explorer.exe[1956] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C

.text C:\WINDOWS\explorer.exe[1956] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8

.text C:\WINDOWS\explorer.exe[1956] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C

.text C:\WINDOWS\explorer.exe[1956] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464

.text C:\WINDOWS\explorer.exe[1956] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608

.text C:\WINDOWS\explorer.exe[1956] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC

.text C:\WINDOWS\explorer.exe[1956] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720

.text C:\WINDOWS\explorer.exe[1956] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00080F54

.text C:\WINDOWS\explorer.exe[1956] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00080FE0

.text C:\WINDOWS\explorer.exe[1956] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00080D24

.text C:\WINDOWS\explorer.exe[1956] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00080DB0

.text C:\WINDOWS\explorer.exe[1956] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00080E3C

.text C:\WINDOWS\explorer.exe[1956] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00080EC8

.text C:\WINDOWS\explorer.exe[1956] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text C:\WINDOWS\explorer.exe[1956] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text C:\WINDOWS\explorer.exe[1956] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text C:\WINDOWS\system32\spoolsv.exe[2012] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\spoolsv.exe[2012] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\spoolsv.exe[2012] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\spoolsv.exe[2012] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\spoolsv.exe[2012] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\spoolsv.exe[2012] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\spoolsv.exe[2012] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\spoolsv.exe[2012] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\spoolsv.exe[2012] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\spoolsv.exe[2012] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\spoolsv.exe[2012] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\spoolsv.exe[2012] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\spoolsv.exe[2012] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\spoolsv.exe[2012] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\spoolsv.exe[2012] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720

.text C:\WINDOWS\system32\spoolsv.exe[2012] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text C:\WINDOWS\system32\spoolsv.exe[2012] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text C:\WINDOWS\system32\spoolsv.exe[2012] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608

.text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] user32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC

.text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] user32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720

.text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] wininet.dll!InternetConnectA 771C49A2 5 Bytes JMP 00130F54

.text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] wininet.dll!InternetConnectW 771C5B98 5 Bytes JMP 00130FE0

.text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] wininet.dll!InternetOpenA 771CC859 5 Bytes JMP 00130D24

.text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] wininet.dll!InternetOpenW 771CCE91 5 Bytes JMP 00130DB0

.text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] wininet.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00130E3C

.text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] wininet.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00130EC8

.text C:\WINDOWS\system32\ctfmon.exe[2164] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\ctfmon.exe[2164] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\ctfmon.exe[2164] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\ctfmon.exe[2164] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\ctfmon.exe[2164] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\ctfmon.exe[2164] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\ctfmon.exe[2164] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\ctfmon.exe[2164] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\ctfmon.exe[2164] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\ctfmon.exe[2164] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\ctfmon.exe[2164] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\ctfmon.exe[2164] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\ctfmon.exe[2164] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\ctfmon.exe[2164] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\ctfmon.exe[2164] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720

.text C:\Program Files\iPod\bin\iPodService.exe[2240] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\iPod\bin\iPodService.exe[2240] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\iPod\bin\iPodService.exe[2240] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\iPod\bin\iPodService.exe[2240] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\iPod\bin\iPodService.exe[2240] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\iPod\bin\iPodService.exe[2240] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Program Files\iPod\bin\iPodService.exe[2240] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Program Files\iPod\bin\iPodService.exe[2240] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Program Files\iPod\bin\iPodService.exe[2240] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Program Files\iPod\bin\iPodService.exe[2240] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Program Files\iPod\bin\iPodService.exe[2240] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Program Files\iPod\bin\iPodService.exe[2240] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Program Files\iPod\bin\iPodService.exe[2240] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608

.text C:\Program Files\iPod\bin\iPodService.exe[2240] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC

.text C:\Program Files\iPod\bin\iPodService.exe[2240] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720

.text C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\DSLMON.exe[2332] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\DSLMON.exe[2332] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\DSLMON.exe[2332] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\DSLMON.exe[2332] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\DSLMON.exe[2332] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\DSLMON.exe[2332] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\DSLMON.exe[2332] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\DSLMON.exe[2332] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\DSLMON.exe[2332] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\DSLMON.exe[2332] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\DSLMON.exe[2332] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\DSLMON.exe[2332] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\DSLMON.exe[2332] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608

.text C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\DSLMON.exe[2332] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC

.text C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\DSLMON.exe[2332] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text C:\Documents and Settings\MERAHI Youcef\Bureau\gmer.exe[2524] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Documents and Settings\MERAHI Youcef\Bureau\gmer.exe[2524] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Documents and Settings\MERAHI Youcef\Bureau\gmer.exe[2524] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Documents and Settings\MERAHI Youcef\Bureau\gmer.exe[2524] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Documents and Settings\MERAHI Youcef\Bureau\gmer.exe[2524] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Documents and Settings\MERAHI Youcef\Bureau\gmer.exe[2524] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Documents and Settings\MERAHI Youcef\Bureau\gmer.exe[2524] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Documents and Settings\MERAHI Youcef\Bureau\gmer.exe[2524] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Documents and Settings\MERAHI Youcef\Bureau\gmer.exe[2524] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Documents and Settings\MERAHI Youcef\Bureau\gmer.exe[2524] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Documents and Settings\MERAHI Youcef\Bureau\gmer.exe[2524] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Documents and Settings\MERAHI Youcef\Bureau\gmer.exe[2524] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Documents and Settings\MERAHI Youcef\Bureau\gmer.exe[2524] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608

.text C:\Documents and Settings\MERAHI Youcef\Bureau\gmer.exe[2524] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC

.text C:\Documents and Settings\MERAHI Youcef\Bureau\gmer.exe[2524] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720

.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608

.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC

.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text C:\WINDOWS\system32\alg.exe[3200] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\alg.exe[3200] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\alg.exe[3200] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\alg.exe[3200] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\alg.exe[3200] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\alg.exe[3200] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\alg.exe[3200] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\alg.exe[3200] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\alg.exe[3200] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\alg.exe[3200] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\alg.exe[3200] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\alg.exe[3200] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\alg.exe[3200] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\alg.exe[3200] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\alg.exe[3200] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720

.text C:\WINDOWS\system32\alg.exe[3200] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text C:\WINDOWS\system32\alg.exe[3200] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text C:\WINDOWS\system32\alg.exe[3200] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

 

---- Devices - GMER 1.0.12 ----

 

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 853951D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 853951D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 853951D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 853951D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 853951D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 853951D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 853951D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 853951D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 853951D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 853951D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 853951D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 853951D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 853951D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 853951D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 853951D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 853951D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 853951D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 853951D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 853951D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 853951D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 853951D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 853951D8

Device \Driver\NetBT \Device\NetBT_Tcpip_{2DBAE2A9-9F9B-4406-BE80-29216AC9291B} IRP_MJ_CREATE 84B22B20

Device \Driver\NetBT \Device\NetBT_Tcpip_{2DBAE2A9-9F9B-4406-BE80-29216AC9291B} IRP_MJ_CLOSE 84B22B20

Device \Driver\NetBT \Device\NetBT_Tcpip_{2DBAE2A9-9F9B-4406-BE80-29216AC9291B} IRP_MJ_DEVICE_CONTROL 84B22B20

Device \Driver\NetBT \Device\NetBT_Tcpip_{2DBAE2A9-9F9B-4406-BE80-29216AC9291B} IRP_MJ_INTERNAL_DEVICE_CONTROL 84B22B20

Device \Driver\NetBT \Device\NetBT_Tcpip_{2DBAE2A9-9F9B-4406-BE80-29216AC9291B} IRP_MJ_CLEANUP 84B22B20

Device \Driver\NetBT \Device\NetBT_Tcpip_{2DBAE2A9-9F9B-4406-BE80-29216AC9291B} IRP_MJ_PNP 84B22B20

Device \Driver\NetBT \Device\NetBT_Tcpip_{CC507705-DEBF-4D9C-AAA2-29BE124D6B91} IRP_MJ_CREATE 84B22B20

Device \Driver\NetBT \Device\NetBT_Tcpip_{CC507705-DEBF-4D9C-AAA2-29BE124D6B91} IRP_MJ_CLOSE 84B22B20

Device \Driver\NetBT \Device\NetBT_Tcpip_{CC507705-DEBF-4D9C-AAA2-29BE124D6B91} IRP_MJ_DEVICE_CONTROL 84B22B20

Device \Driver\NetBT \Device\NetBT_Tcpip_{CC507705-DEBF-4D9C-AAA2-29BE124D6B91} IRP_MJ_INTERNAL_DEVICE_CONTROL 84B22B20

Device \Driver\NetBT \Device\NetBT_Tcpip_{CC507705-DEBF-4D9C-AAA2-29BE124D6B91} IRP_MJ_CLEANUP 84B22B20

Device \Driver\NetBT \Device\NetBT_Tcpip_{CC507705-DEBF-4D9C-AAA2-29BE124D6B91} IRP_MJ_PNP 84B22B20

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 85395980

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 85395980

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 85395980

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 85395980

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 85395980

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 85395980

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 85395980

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 85395980

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 85395980

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 85395980

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 85395980

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 85395980

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 85395980

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 85395980

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 85395980

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 85395980

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 85395980

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 85395980

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 85395980

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 85395980

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 85395980

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 85395980

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 85395980

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 85395980

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 85395980

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 85395980

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 85395980

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 85395980

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 85395980

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 85395980

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 85395980

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 85395980

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 85395980

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 85395980

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 85395980

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 85395980

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 85395980

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 85395980

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 85395980

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 85395980

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 85395980

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 85395980

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 85395980

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 85395980

Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_CREATE 84B476F0

Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_CREATE_NAMED_PIPE 84B476F0

Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_CLOSE 84B476F0

Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_READ 84B476F0

Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_WRITE 84B476F0

Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_QUERY_INFORMATION 84B476F0

Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_SET_INFORMATION 84B476F0

Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_QUERY_EA 84B476F0

Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_SET_EA 84B476F0

Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_FLUSH_BUFFERS 84B476F0

Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_QUERY_VOLUME_INFORMATION 84B476F0

Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_SET_VOLUME_INFORMATION 84B476F0

Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_DIRECTORY_CONTROL 84B476F0

Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_FILE_SYSTEM_CONTROL 84B476F0

Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_DEVICE_CONTROL 84B476F0

Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_INTERNAL_DEVICE_CONTROL 84B476F0

Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_SHUTDOWN 84B476F0

Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_LOCK_CONTROL 84B476F0

Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_CLEANUP 84B476F0

Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_CREATE_MAILSLOT 84B476F0

Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_QUERY_SECURITY 84B476F0

Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_SET_SECURITY 84B476F0

Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_POWER 84B476F0

Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_SYSTEM_CONTROL 84B476F0

Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_DEVICE_CHANGE 84B476F0

Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_QUERY_QUOTA 84B476F0

Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_SET_QUOTA 84B476F0

Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_PNP 84B476F0

Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E1D93BB0

Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CLOSE E1D93BB0

Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_DEVICE_CONTROL E1D93BB0

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 85395C38

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 85395C38

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 85395C38

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 85395C38

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 85395C38

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 85395C38

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 85395C38

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 85395C38

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 85395C38

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 85395C38

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 85395C38

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 850C0B40

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 850C0B40

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 850C0B40

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 850C0B40

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 850C0B40

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 850C0B40

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 850C0B40

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 850C0B40

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 850C0B40

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 850C0B40

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 850C0B40

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 85242A78

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 85242A78

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 85242A78

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 85242A78

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 85242A78

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 85242A78

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 85242A78

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 85242A78

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 85242A78

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 85242A78

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 85242A78

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 85242A78

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 85242A78

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 85242A78

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 85242A78

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 85242A78

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 85242A78

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 85242A78

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 85242A78

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 85242A78

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 85242A78

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 85242A78

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 85242A78

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 85242A78

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 85242A78

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 85242A78

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 85242A78

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B976C1] prosync1.sys

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B976C1] prosync1.sys

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B976C1] prosync1.sys

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B976C1] prosync1.sys

Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E1B78EA0

Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CLOSE E1B78EA0

Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_DEVICE_CONTROL E1B78EA0

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 84B22B20

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 84B22B20

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 84B22B20

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 84B22B20

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 84B22B20

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 84B22B20

Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 84B22B20

Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 84B22B20

Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 84B22B20

Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 84B22B20

Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 84B22B20

Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 84B22B20

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 85395410

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 85395410

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 85395410

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 85395410

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 85395410

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 85395410

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 85395410

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 85395410

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 85395410

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 85395410

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 85395410

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 850F6298

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 850F6298

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 850F6298

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 850F6298

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 850F6298

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 850F6298

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 850F6298

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 850F6298

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 850F6298

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 850F6298

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 850F6298

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 850F6298

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 850F6298

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 850F6298

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 850F6298

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 850F6298

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 850F6298

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 850F6298

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 850F6298

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 850F6298

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 850F6298

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 850F6298

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 850F6298

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 850F6298

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 850F6298

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 850F6298

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 850F6298

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 850F6298

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 850F6298

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 850F6298

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 850F6298

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 850F6298

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 850F6298

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 850F6298

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 850F6298

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 850F6298

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 850F6298

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 850F6298

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 850F6298

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 850F6298

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 850F6298

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 850F6298

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 850F6298

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 850F6298

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 850F6298

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 850F6298

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 850F6298

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 850F6298

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 850F6298

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 850F6298

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 850F6298

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 850F6298

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 850F6298

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 850F6298

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 850F6298

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 850F6298

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 84B47DA8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 84B47DA8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 84B47DA8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 84B47DA8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 84B47DA8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 84B47DA8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 84B47DA8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 84B47DA8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 84B47DA8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 84B47DA8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 84B47DA8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 84B47DA8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 84B47DA8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 84B47DA8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 85395C38

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 85395C38

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 85395C38

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 85395C38

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 85395C38

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 85395C38

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 85395C38

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 85395C38

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 85395C38

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 85395C38

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 85395C38

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 84D8E5A0

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 84D8E5A0

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 84D8E5A0

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 84D8E5A0

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 84D8E5A0

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 84D8E5A0

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 84D8E5A0

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 84D8E5A0

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 84D8E5A0

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 84D8E5A0

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 84D8E5A0

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 84D8E5A0

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 84D8E5A0

Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_CREATE 84EC7B58

Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_CREATE_NAMED_PIPE 84EC7B58

Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_CLOSE 84EC7B58

Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_READ 84EC7B58

Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_WRITE 84EC7B58

Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_QUERY_INFORMATION 84EC7B58

Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_SET_INFORMATION 84EC7B58

Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_QUERY_EA 84EC7B58

Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_SET_EA 84EC7B58

Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_FLUSH_BUFFERS 84EC7B58

Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_QUERY_VOLUME_INFORMATION 84EC7B58

Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_SET_VOLUME_INFORMATION 84EC7B58

Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_DIRECTORY_CONTROL 84EC7B58

Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_FILE_SYSTEM_CONTROL 84EC7B58

Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_DEVICE_CONTROL 84EC7B58

Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_INTERNAL_DEVICE_CONTROL 84EC7B58

Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_SHUTDOWN 84EC7B58

Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_LOCK_CONTROL 84EC7B58

Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_CLEANUP 84EC7B58

Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_CREATE_MAILSLOT 84EC7B58

Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_QUERY_SECURITY 84EC7B58

Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_SET_SECURITY 84EC7B58

Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_POWER 84EC7B58

Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_SYSTEM_CONTROL 84EC7B58

Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_DEVICE_CHANGE 84EC7B58

Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_QUERY_QUOTA 84EC7B58

Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_SET_QUOTA 84EC7B58

Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_PNP 84EC7B58

Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 84A8A1E8

Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 84A8A1E8

Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 84A8A1E8

Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 84A8A1E8

Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 84A8A1E8

Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 84A8A1E8

Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 84A8A1E8

Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 84A8A1E8

Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 84A8A1E8

Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 84A8A1E8

Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 84A8A1E8

Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 84A8A1E8

Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 84A8A1E8

Device \FileSystem\Cdfs \Cdfs FastIoCheckIfPossible F15ABBCE

 

---- Modules - GMER 1.0.12 ----

 

Module (noname) (*** hidden *** ) F7BB9000

 

---- EOF - GMER 1.0.12 ----

 

Lien vers le commentaire
Partager sur d’autres sites

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...