Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

infection (Résolu)

Jakyco

Par Jakyco
dans Analyses et éradication malwares

 Partager

Messages recommandés

Jakyco Junior Member

Jakyco

Posté(e)
Posté(e) (modifié)

Bonjour,

Je me bats depuis des jours avec vundo et zlob et je croyais en avoir fini, mais il y a encore des bizarreries.

Pourriez vous regarder ce rapport hijackthis et me dire si je me bats contre des fantomes SVP

Merci d avance de votre aide

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:57:54 PM, on 4/5/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\AccSys\accsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Dell Network Assistant\hnm_svc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\Program Files\McAfee\VirusScan\McShield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Creative\Mixer\CTSVolFE.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

C:\Program Files\Logitech\Video\CameraAssistant.exe

C:\WINDOWS\system32\ElkCtrl.exe

C:\WINDOWS\system32\LXSUPMON.EXE

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Windows Live\Family Safety\fssui.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\NetWaiting\netWaiting.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files\Windows Live Toolbar\msn_sl.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig/dell?hl=en&cli...amp;ibd=6070118

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=en&client=dell-row&channel=fr&ibd=6070118

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll

O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe

O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect

O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation

O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Dell Network Assistant.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?2abf3f9e998d4388ba8a5366cbe8346f

O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?2abf3f9e998d4388ba8a5366cbe8346f

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O18 - Protocol: bw+0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: AccSys WiFi Component (accsvc) - AccSys GmbH - C:\Program Files\Common Files\AccSys\accsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 28607 bytes

Modifié par Jakyco

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

Salut et bienvenue :P

 

Quelques liens pour t'aider à commencer :

 

On va voir ensemble ce qui se passe sur ton PC ; comme tous les intervenants ici, nous aidons bénévolement en fonction de nos activités personnelles. On va essayer d'aller au plus vite, mais il faudra peut-être parfois être patient pour attendre une réponse, pas d'affolement :P

Je me bats depuis des jours avec vundo et zlob et je croyais en avoir fini

Quels programmes as tu utilisé ? Si tu n'as pas fais de scan avec MBAM, effectue ce qui suit stp (sinon poste le rapport) >>

 

1°) Un petit scan supplémentaire avec un programme que tu vas pouvoir conserver: si tu le possède déjà, passe l'étape de l'installation et va directement à la mise à jour >>

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

Branche tous les supports amovibles que tu possèdes avant de faire ce scan (clé usb/disque dur externe etc)

  • Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Sélectionne "Exécuter un examen complet"
  • Clique sur "Rechercher"
  • L'analyse démarre, le scan est relativement long, c'est normal.
  • A la fin de l'analyse, un message s'affiche :
    L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

2°) Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  • Si tu ne vois pas ces deux rapports, tu les trouveras dans le dossier C:\rsit

Poste les 3 rapports stp.

Jakyco Junior Member

Jakyco

Posté(e)
  • Auteur
Posté(e)

Et bien je dois dire qu j etais sacrement affole (en plus, , j ecris avec un clavier anglais dont la touche e est cassee) et j ai essaye plusieurs antivirus dont crtains se prenaient pour des virus. Dans la confusion, j ai fait malwarebytes, smitfraud et un autre specialise pour vundo, dans le desordre et plusieurs fois de suite pour crtains.

 

Le resultat de MBAM a l air propre mais j ai peur qu il reste un truc qui se relance sans arret.

Ci dessous les trois rapports demamdes.

 

 

Malwarebytes' Anti-Malware 1.35

Version de la base de données: 1940

Windows 5.1.2600 Service Pack 3

 

4/5/2009 9:45:24 PM

mbam-log-2009-04-05 (21-45-24).txt

 

Type de recherche: Examen complet (C:\|)

Eléments examinés: 169519

Temps écoulé: 1 hour(s), 2 minute(s), 18 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Moi at 2009-04-05 22:20:39

Microsoft Windows XP Professional Service Pack 3

System drive C: has 34 GB (49%) free of 69 GB

Total RAM: 1022 MB (40% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:21:05, on 4/5/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\AccSys\accsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Dell Network Assistant\hnm_svc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

C:\WINDOWS\ehome\ehtray.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\McAfee\VirusScan\McShield.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Creative\Mixer\CTSVolFE.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\Logitech\Video\CameraAssistant.exe

C:\WINDOWS\system32\ElkCtrl.exe

C:\WINDOWS\system32\LXSUPMON.EXE

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Windows Live\Family Safety\fssui.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\NetWaiting\netWaiting.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Documents and Settings\Moi\Desktop\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\Moi.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=en&client=dell-row&channel=fr&ibd=6070118

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll

O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe

O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect

O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation

O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Dell Network Assistant.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?2abf3f9e998d4388ba8a5366cbe8346f

O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?2abf3f9e998d4388ba8a5366cbe8346f

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O18 - Protocol: bw+0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: AccSys WiFi Component (accsvc) - AccSys GmbH - C:\Program Files\Common Files\AccSys\accsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 27967 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

C:\WINDOWS\tasks\McDefragTask.job

C:\WINDOWS\tasks\McQcTask.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]

HP Print Enhancer - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]

HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]

McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mcapbho.dll [2007-11-26 324936]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]

Windows Live OneCare Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2007-12-17 56360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-08 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]

scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA102584-3B97-47e7-B9BC-75D54C110A7D}]

Tunebite_WebRipPlugin Class - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll [2008-12-18 144688]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-25 251504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-02-25 657904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-02-25 522224]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]

CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-11-17 98304]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-08 34816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-08 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-25 251504]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-08 136600]

"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-25 282624]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]

"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2006-08-03 1032192]

"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]

"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-05-01 667718]

"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-05-01 602182]

"CTSVolFE.exe"=C:\Program Files\Creative\Mixer\CTSVolFE.exe [2005-02-23 57344]

"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-05-02 184320]

"Corel Photo Downloader"=C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe [2006-08-14 462336]

"LogitechCameraAssistant"=C:\Program Files\Logitech\Video\CameraAssistant.exe [2005-09-07 434176]

"LogitechVideo[inspector]"=C:\Program Files\Logitech\Video\InstallHelper.exe [2005-09-07 73728]

"LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe [2004-11-01 262144]

"LXSUPMON"=C:\WINDOWS\system32\LXSUPMON.EXE [2002-03-08 900096]

"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]

"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-09-01 221184]

"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

"fssui"=C:\Program Files\Windows Live\Family Safety\fssui.exe [2007-12-17 243240]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ModemOnHold"=C:\Program Files\NetWaiting\netWaiting.exe [2003-09-10 20480]

"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-04-26 32768]

"LogitechSoftwareUpdate"=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-01-18 196608]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-01 68856]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Dell Network Assistant.lnk - C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23 61440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Dell\MediaDirect\PCMService.exe"="C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"

"C:\Program Files\WLAN Quick-Starter\WLAN Quick-Starter.exe"="C:\Program Files\WLAN Quick-Starter\WLAN Quick-Starter.exe:*:Enabled:WLAN Quick-Starter 4.5"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"

"D:\setup\HPZnui01.exe"="D:\setup\HPZnui01.exe:*:Enabled:hpznui01.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe"="C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Program Files\McAfee\VirusScan\mcvsmap.exe"="C:\Program Files\McAfee\VirusScan\mcvsmap.exe:*:Enabled:mcvsmap"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]

shell\AutoRun\command - E:\setup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf30d9b1-88a3-11dc-a2ad-0019b951c30e}]

shell\AutoRun\command - E:\DTE_Privacy_launcher.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c408c642-cc24-11dd-a57a-0019b951c30e}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NoLimit.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8766aca-985c-11dd-a4f3-0019b951c30e}]

shell\AutoRun\command - E:\DTE_Privacy_launcher.exe

 

 

======List of files/folders created in the last 1 months======

 

2009-04-05 22:20:39 ----D---- C:\rsit

2009-04-05 18:02:49 ----SHD---- C:\RECYCLER

2009-04-05 11:53:17 ----A---- C:\WINDOWS\PSEXESVC.EXE

2009-04-05 11:49:12 ----A---- C:\WINDOWS\zip.exe

2009-04-05 11:49:12 ----A---- C:\WINDOWS\VFIND.exe

2009-04-05 11:49:12 ----A---- C:\WINDOWS\SWXCACLS.exe

2009-04-05 11:49:12 ----A---- C:\WINDOWS\SWSC.exe

2009-04-05 11:49:12 ----A---- C:\WINDOWS\SWREG.exe

2009-04-05 11:49:12 ----A---- C:\WINDOWS\sed.exe

2009-04-05 11:49:12 ----A---- C:\WINDOWS\NIRCMD.exe

2009-04-05 11:49:12 ----A---- C:\WINDOWS\grep.exe

2009-04-05 11:49:12 ----A---- C:\WINDOWS\fdsv.exe

2009-04-05 11:49:08 ----D---- C:\WINDOWS\ERDNT

2009-04-05 11:49:08 ----D---- C:\ComboFix

2009-04-05 11:49:07 ----A---- C:\WINDOWS\system32\CF8168.exe

2009-04-05 11:39:12 ----A---- C:\WINDOWS\system32\tmp.txt

2009-04-05 11:39:00 ----A---- C:\rapport.txt

2009-04-05 10:55:29 ----D---- C:\Program Files\Enigma Software Group

2009-04-05 10:23:49 ----A---- C:\WINDOWS\system32\MRT.exe

2009-04-04 21:10:35 ----D---- C:\Program Files\Trend Micro

2009-04-04 20:17:07 ----D---- C:\Qoobox

2009-04-04 12:09:30 ----D---- C:\VundoFix Backups

2009-04-04 12:09:30 ----A---- C:\VundoFix.txt

2009-04-04 00:21:16 ----A---- C:\FindyKill.txt

2009-04-04 00:01:45 ----D---- C:\Program Files\CCleaner

2009-04-03 22:53:51 ----D---- C:\Documents and Settings\Moi\Application Data\Malwarebytes

2009-04-03 22:21:32 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-04-03 22:21:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-03-16 09:31:41 ----D---- C:\Documents and Settings\Moi\Application Data\McAfee

2009-03-15 16:17:16 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$

2009-03-15 16:17:10 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$

2009-03-15 16:17:05 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$

2009-03-15 16:16:05 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$

2009-03-11 12:27:58 ----A---- C:\hpm.exe

2009-03-11 09:11:28 ----D---- C:\Program Files\Spybot - Search & Destroy

2009-03-11 09:11:28 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

 

======List of files/folders modified in the last 1 months======

 

2009-04-05 22:20:43 ----D---- C:\WINDOWS\Temp

2009-04-05 22:20:40 ----D---- C:\WINDOWS\Prefetch

2009-04-05 22:01:14 ----D---- C:\WINDOWS

2009-04-05 22:00:34 ----D---- C:\MDT

2009-04-05 22:00:20 ----D---- C:\WINDOWS\Registration

2009-04-05 21:59:51 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2009-04-05 21:59:38 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt

2009-04-05 21:58:56 ----D---- C:\WINDOWS\system32

2009-04-05 21:46:18 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-04-05 18:03:45 ----D---- C:\WINDOWS\Debug

2009-04-05 16:56:16 ----D---- C:\WINDOWS\system32\CatRoot2

2009-04-05 16:09:21 ----D---- C:\Documents and Settings\Moi\Application Data\skypePM

2009-04-05 11:56:57 ----D---- C:\WINDOWS\system32\drivers

2009-04-05 11:55:29 ----D---- C:\WINDOWS\system32\config

2009-04-05 11:52:22 ----D---- C:\WINDOWS\AppPatch

2009-04-05 11:52:19 ----D---- C:\Program Files\Common Files

2009-04-05 10:55:29 ----RD---- C:\Program Files

2009-04-05 10:31:39 ----HD---- C:\WINDOWS\inf

2009-04-04 00:28:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-04-04 00:24:25 ----D---- C:\Program Files\McAfee

2009-04-04 00:10:48 ----D---- C:\WINDOWS\Minidump

2009-03-30 18:36:53 ----SHD---- C:\WINDOWS\CSC

2009-03-26 20:33:18 ----D---- C:\Documents and Settings\Moi\Application Data\Skype

2009-03-24 10:38:16 ----D---- C:\WINDOWS\network diagnostic

2009-03-20 19:01:29 ----D---- C:\WINDOWS\system32\Restore

2009-03-20 12:50:59 ----SHD---- C:\System Volume Information

2009-03-20 08:41:30 ----HD---- C:\Config.Msi

2009-03-19 19:21:53 ----SHD---- C:\WINDOWS\Installer

2009-03-19 10:48:04 ----D---- C:\WINDOWS\system32\dllcache

2009-03-16 11:53:10 ----A---- C:\WINDOWS\wininit.ini

2009-03-15 16:17:12 ----D---- C:\WINDOWS\WinSxS

2009-03-11 08:57:23 ----HD---- C:\WINDOWS\$hf_mig$

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]

R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]

R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]

R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-01-29 5632]

R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]

R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-01-18 21275]

R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 43816]

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]

R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-05-01 13568]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-23 1578496]

R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-08-25 44544]

R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]

R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600]

R3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys []

R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]

R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]

R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]

R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-10-14 28544]

R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-10-14 51328]

R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-10-14 307968]

R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]

R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-25 1156648]

R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]

R3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2008-11-04 43552]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-27 1429632]

R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]

S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]

S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]

S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []

S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]

S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2005-09-01 14080]

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]

S3 Lvckap;Logitech Kernel Audio Processing Filter Driver; \??\C:\WINDOWS\system32\drivers\Lvckap.sys []

S3 lvmvdrv;Logitech Machine Vision Engine Loader; \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys []

S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-09-01 22528]

S3 LVUVC;Logitech QuickCam Pro 5000(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2005-09-01 1081856]

S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]

S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]

S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]

S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]

S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]

S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]

S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]

S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]

S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]

S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]

S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]

S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]

S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]

S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]

S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 accsvc;AccSys WiFi Component; C:\Program Files\Common Files\AccSys\accsvc.exe [2006-01-11 147456]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-23 409600]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]

R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]

R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]

R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-05-01 114753]

R2 fsssvc;Windows Live OneCare Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2007-12-17 523816]

R2 hnmsvc;Advanced Networking Service; C:\Program Files\Dell Network Assistant\hnm_svc.exe [2007-08-27 111912]

R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-08 152984]

R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2002-03-08 300544]

R2 LVPrcSrv;Logitech Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [2005-09-01 81920]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-12-05 206096]

R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]

R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]

R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]

R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]

R2 McShield;McAfee Real-time Scanner; C:\Program Files\McAfee\VirusScan\McShield.exe [2007-07-24 144704]

R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]

R2 MSK80Service;McAfee SpamKiller Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2007-11-26 23880]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-05-01 217164]

R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-05-01 540745]

R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2006-05-01 262217]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]

R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]

S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-25 137200]

S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]

S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

 

-----------------EOF-----------------

 

 

info.txt logfile of random's system information tool 1.06 2009-04-05 22:21:08

 

======Uninstall list======

 

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E9BE6D1-680B-49B2-A2B0-CBC32D20DF04}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA2CA846-C6DB-4468-B291-18D4BA359656}\setup.exe" -l0x9

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}

Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log

Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}

Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

ATI Catalyst Control Center-->MsiExec.exe /I{A02ED372-22FA-448B-AB6A-1B0FC23B7D08}

ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}

Broadcom Management Programs-->MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf

Corel Paint Shop Pro Photo XI-->MsiExec.exe /I{93A1B09E-BAFA-4628-A5B6-921CB026955A}

Corel Snapfire Plus-->MsiExec.exe /I{7ADE3A47-B425-45E9-8FF6-11BE2B775645}

Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"

DeepBurner v1.9.0.228-->"C:\Program Files\Astonsoft\DeepBurner\Uninstall.exe" "C:\Program Files\Astonsoft\DeepBurner\install.log" -u

Dell Network Assistant-->MsiExec.exe /I{0240BDFB-2995-4A3F-8C96-18D41282B716}

Dell Support 3.2.1-->MsiExec.exe /X{CEE2252C-4035-4B27-8EC6-0B085DD3A413}

Dictionnaire Le Littré 1.0-->"C:\Program Files\Dictionnaire Le Littré\unins000.exe"

Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel

docXConverter 3.1.1-->"C:\Program Files\docXConverter3\unins000.exe"

eMule-->"C:\Program Files\eMule\Uninstall.exe"

ESPNMotion-->C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG

FindyKill-->E:\FindyKill\Uninstal.exe

GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"

GIMP 2.6.4-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"

Google Earth-->MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}

Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall

High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe

HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"

Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP OCR Software 9.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat

HP Photosmart All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{B46AC30C-22D2-4610-B041-1DA7BB29EB57}\setup\hpzscr01.exe -datfile hposcr21.dat

HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat

HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}

HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}

HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}

Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}

Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe

iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}

J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}

Java 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}

Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

Java SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}

Jeune Styliste 2-->MsiExec.exe /I{6F08069F-FB2C-42F4-91B1-4003E07B03F8}

Lexmark Supplies Monitor-->C:\WINDOWS\system32\LXSMUNIN.EXE

Lexmark Z23-Z33-->C:\WINDOWS\system32\spool\drivers\w32x86\3\lxaiUN5C.EXE -dLexmark Z23-Z33

Logitech Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT -l0409

Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL

Logitech QuickCam Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF1B5DF7-8DF5-4D38-BFF0-FDC7B7847C00}\setup.exe" -l0x9

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe

McAfee Uninstaller-->C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.dll::uninstall.htm

mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}

MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}

mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}

MediaDirect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\Setup.exe" -l0x9 -cluninstall

mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}

mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}

Mixer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E9BE6D1-680B-49B2-A2B0-CBC32D20DF04}\setup.exe" -l0x9 /remove

mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}

mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}

Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel

mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}

mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}

mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}

MSN-->C:\Programme\MSN\MsnInstaller\msninst.exe /Action:ARP

mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}

MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}

mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}

mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}

mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}

NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel

OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7}

OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}

Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"

OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}

PixiePack Codec Pack-->MsiExec.exe /I{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}

Popup Blocker (Windows Live Toolbar)-->MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8}

QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4

QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}

SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe

SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe

Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe

SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe

SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe

Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0009 -removeonly

SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"

Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

Skype 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}

Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}

Sound Blaster Audigy ADVANCED MB Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA2CA846-C6DB-4468-B291-18D4BA359656}\setup.exe" -l0x9 /remove

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Tabbed Browsing (Windows Live Toolbar)-->MsiExec.exe /X{47FBF7F9-FBD3-43EF-823B-7684D56C1962}

Tunebite-->MsiExec.exe /I{089152E5-F9B6-4D84-8825-5F5395A17D41}

Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"

Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"

Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe

URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}

Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}

Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}

Windows Live OneCare Family Safety-->MsiExec.exe /X{3403CB31-D7C1-43F4-9D2F-579758C0CF09}

Windows Live Outlook Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}

Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}

Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}

Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}

Windows Live Toolbar Feed Detector (Windows Live Toolbar)-->MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}

Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}

Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}

Windows Live Writer-->MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]-->C:\WINDOWS\$NtUninstallEmeraldQFE2$\spuninst\spuninst.exe

Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"

Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WLAN Quick-Starter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E40268F4-7E9F-4E07-B773-7FF64971F42E}\setup.exe" -l0x7

 

=====HijackThis Backups=====

 

O4 - HKUS\S-1-5-20\..\Run: [rahufetubo] Rundll32.exe "C:\WINDOWS\system32\mozuvagi.dll",s (User 'NETWORK SERVICE') [2009-04-04]

 

======Hosts File======

 

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

 

======Security center information======

 

AV: McAfee VirusScan

FW: McAfee Personal Firewall

 

======System event log======

 

Computer Name: DJV63Q2J

Event Code: 10005

Message: DCOM got error "%1084" attempting to start the service EventSystem with arguments ""

in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Record Number: 51943

Source Name: DCOM

Time Written: 20090311114919.000000+060

Event Type: error

User: NT AUTHORITY\SYSTEM

 

Computer Name: DJV63Q2J

Event Code: 7026

Message: The following boot-start or system-start driver(s) failed to load:

AFD

APPDRV

Fips

intelppm

IPSec

mfehidk

MPFP

MRxSmb

NetBIOS

NetBT

RasAcd

Rdbss

StarOpen

Tcpip

WS2IFSL

 

Record Number: 51942

Source Name: Service Control Manager

Time Written: 20090311114859.000000+060

Event Type: error

User:

 

Computer Name: DJV63Q2J

Event Code: 7001

Message: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:

A device attached to the system is not functioning.

 

 

Record Number: 51941

Source Name: Service Control Manager

Time Written: 20090311114859.000000+060

Event Type: error

User:

 

Computer Name: DJV63Q2J

Event Code: 7001

Message: The Windows Live OneCare Family Safety service depends on the fssfltr service which failed to start because of the following error:

The dependency service or group failed to start.

 

 

Record Number: 51940

Source Name: Service Control Manager

Time Written: 20090311114859.000000+060

Event Type: error

User:

 

Computer Name: DJV63Q2J

Event Code: 7001

Message: The Fax service depends on the Print Spooler service which failed to start because of the following error:

The dependency service or group failed to start.

 

 

Record Number: 51939

Source Name: Service Control Manager

Time Written: 20090311114859.000000+060

Event Type: error

User:

 

=====Application event log=====

 

Computer Name: DJV63Q2J

Event Code: 1002

Message: Hanging application iexplore.exe, version 7.0.6000.16762, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Record Number: 37540

Source Name: Application Hang

Time Written: 20090207181053.000000+060

Event Type: error

User:

 

Computer Name: DJV63Q2J

Event Code: 1517

Message: Windows saved user DJV63Q2J\Moi registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

 

 

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

 

Record Number: 37531

Source Name: Userenv

Time Written: 20090207171100.000000+060

Event Type: warning

User: NT AUTHORITY\SYSTEM

 

Computer Name: DJV63Q2J

Event Code: 12001

Message:

Record Number: 37514

Source Name: usnjsvc

Time Written: 20090207121930.000000+060

Event Type:

User:

 

Computer Name: DJV63Q2J

Event Code: 12001

Message:

Record Number: 37499

Source Name: usnjsvc

Time Written: 20090206094247.000000+060

Event Type:

User:

 

Computer Name: DJV63Q2J

Event Code: 1002

Message: Hanging application iexplore.exe, version 7.0.6000.16762, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Record Number: 37482

Source Name: Application Hang

Time Written: 20090205193448.000000+060

Event Type: error

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Samsung\Samsung PC Studio 3

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel

"PROCESSOR_REVISION"=0f06

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

 

-----------------EOF-----------------

 

 

Mon bureau a encor change d aspect et j ai peur qu il reste une cochonneri queelque part qui regenere l infction.

Merci d avance de me conseiller la bonne methode.

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

re!

Dans la confusion, j ai fait malwarebytes, smitfraud et un autre specialise pour vundo, dans le desordre et plusieurs fois de suite pour crtains.

Ce n'est pas pour être désagréable Jakyco, mais c'est typiquement le genre de choses à ne jamais faire !!

Pourquoi? D'une part parce que si tu as passé un outils plusieurs fois, je ne sais pas ce qu'il a pu éliminer la première fois et ca fausse les analyses. D'autre part il ne faut jamais lancer de multiples programmes de désinfection à l'aveuglette! Certains d'entre eux sont très puissants (je pense à ComboFix notamment) et s'ils sont utilisés au mauvais moment (ou à mauvais escient) ils peuvent planter ton pc et le rendre inopérant! N'en utilise pas d'autre stp :P

 

J'ai besoin que tu fasses un scan en ligne =>

 

Branche tous les supports amovibles que tu possèdes avant de faire ce scan (clé usb/disque dur externe etc)

 

Assure toi que la console Java est bien la plus récente; pour le savoir rends-toi sur cette page et clique sur Vérifier la version de Java -> http://www.java.com/fr/download/installed.jsp -> Il te sera indiqué si tu dois installer la dernière version.

Le scan doit être fait avec Internet Explorer

TUTO scan en ligne Kaspersky: http://www.vista-xp.fr/forum/topic109.html

 

  • Fais un scan en ligne Kaspersky
  • Clique sur Accept
  • Patiente le temps d'installation du Webscanner.
  • Les bases de mises à jour vont s'installer, patiente un moment
  • Clique sur Next.
  • Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

 

A la fin du scan, si des objets infectés sont découverts, clique sur Save report as... Choisis bureau et nomme le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisis "fichiers texte" enregistre alors le rapport.

 

Copie/colle la totalité du fichier texte ouvert, par clic droit dessus, sélectionner tout/copier.

 

Colle ce rapport dans ta réponse sur le forum.

 

*****

 

Que veux tu dire par "Mon bureau a encor change d aspect" ?? est ce que le fond est tout bleu ? si c'est le cas, c'est tout à fait normal! c'est la conséquence de l'utilisation de SmitFraudFix. Il te suffit de réablir ton fond d' écran, pour cela tu peux consulter ce tutoriel si tu ne sait pas comment faire >> http://www.commentcamarche.net/faq/sujet-1...de-fond-d-ecran

 

J'aimerai en plus du rapport de Kaspersky que tu me postes les rapports suivants que j'y jette un oeil >>

 

le rapport ComboFix.txt qui se trouve dans le lecteur C:

le rapport rapport.txt qui se trouve dans le lecteur C:

 

@+

Jakyco Junior Member

Jakyco

Posté(e)
  • Auteur
Posté(e)

Bonsoir

 

Voila le rapport Kasprsky

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Monday, April 6, 2009

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Monday, April 06, 2009 18:44:06

Records in database: 2018604

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

C:\

D:\

E:\

 

Scan statistics:

Files scanned: 96634

Threat name: 1

Infected objects: 1

Suspicious objects: 0

Duration of the scan: 02:24:53

 

 

File name / Threat name / Threats count

E:\mtimd.zip Infected: Trojan-Downloader.Win32.Small.ddp 1

 

The selected area was scanned.

 

Voila le rapport Smitfraud

 

SmitFraudFix v2.406

 

Scan done at 17:55:17.67, Sun 04/05/2009

Run from C:\Documents and Settings\Moi\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

...

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

 

S!Ri's WS2Fix: LSP not Found.

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

 

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

 

Agent.OMZ.Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

 

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» RK

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport

DNS Server Search Order: 192.168.2.1

 

Description: Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport

DNS Server Search Order: 212.27.40.241

DNS Server Search Order: 212.27.40.240

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{843246AD-E85D-4D4C-9AEA-26A68B24D8D2}: DhcpNameServer=192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B5AA2CE4-81BF-4347-A760-540ED76B6826}: DhcpNameServer=212.27.40.241 212.27.40.240

HKLM\SYSTEM\CS1\Services\Tcpip\..\{843246AD-E85D-4D4C-9AEA-26A68B24D8D2}: DhcpNameServer=192.168.2.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{843246AD-E85D-4D4C-9AEA-26A68B24D8D2}: DhcpNameServer=192.168.2.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{B5AA2CE4-81BF-4347-A760-540ED76B6826}: DhcpNameServer=212.27.40.241 212.27.40.240

HKLM\SYSTEM\CS3\Services\Tcpip\..\{843246AD-E85D-4D4C-9AEA-26A68B24D8D2}: DhcpNameServer=192.168.2.1

HKLM\SYSTEM\CS3\Services\Tcpip\..\{B5AA2CE4-81BF-4347-A760-540ED76B6826}: DhcpNameServer=212.27.40.241 212.27.40.240

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

 

Le rapport Combofix n est jamais sorti.

 

Apres toutes cs analyses, j spere que ls nouvelles seront bonnes sauf pour le truc de la cle USB (lecteur E), mais ca, ce n est pas grave.

 

Merci encore

Thanos Devil Member !

Thanos

Posté(e)
Posté(e) (modifié)

salut,

 

Ok pour le rapport Kaspersky et SmitFraudFix :P par contre tu as oublié le rapport ComboFix.txt :P

 

Supprime ce fichier >> E:\mtimd.zip

 

On va scanner deux fichiers en ligne stp (ca prend 5 mn) >>

 

Rend toi à cette adresse => http://www.virustotal.com/

 

Tu as une case nommée "Parcourir": tu cliques dessus et une fenêtre s'ouvre=> copie/colle ceci dans le champs à droite de "Nom du Fichier" en bas de page >> C:\WINDOWS\System32\svchost.exe

 

Clique maintenant sur "ouvrir" en bas de la fenêtre puis sur "Envoyer le fichier". Le scan de ce fichier va débuter. Tu n'as plus qu'à sélectionner puis copier /coller l'analyse dans ton prochain message.

Note: les fichiers uploadés sont mis en attente, car le virusscan est sollicité! patiente (un message t'indique le temps que ca prendra pour faire analyser)

 

Refais la même chose avec C:\hpm.exe

 

Note: il arrive parfois que le fichier ait déjà été analysé. Si c'est le cas, clique sur le bouton Reanalyse file now

 

Tu ne m'a pas répondu pour le Bureau ("Mon bureau a encor change d aspect"): qu'en est il ? as tu réussi à rétablir le fond d'écran ?

 

Poste ces deux rapports avec le rapport ComboFix stp :P

Modifié par Thanos
Jakyco Junior Member

Jakyco

Posté(e)
  • Auteur
Posté(e) (modifié)

Salut

Le bureau est retabli.

Combofix ne m avait pas donne de rapport la premire fois et refuse de fonctionner maintenant. Il lance la petite barre de defilmeemt t s arrete.

 

Pour les deux rapports virustotal, je te mets les dux liens.

http://www.virustotal.com/analisis/1d2b34a...546afce0a70c23d

http://www.virustotal.com/analisis/475c52e...2f4555791791293

 

A +

Modifié par Jakyco
Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

salut :P

 

Combofix ne m avait pas donne de rapport la premire fois et refuse de fonctionner maintenant. Il lance la petite barre de defilmeemt t s arrete.

Jakyco je ne te demande pas de relancer un scan avec ComboFix mais de poster le rapport qui a déjà été généré :P

Si tu ne le trouves pas dans le lecteur C:\ , tu le trouveras dans le dossier C:\ComboFix ou C:\Qoobox

Le rapport se nomme ComboFix.txt.

 

Ok pour les deux fichiers qui ne présentent pas d'infection :P

Je vais te demander de faire un scan supplémentaire stp (c'est rapide) >>

 

Télécharge gmer : http://www.gmer.net/gmer.zip

Déconnecte toi d'internet si possible et ferme tous les programmes.

Décompresse le fichier zip et double-clique sur gmer.exe

 

clique sur l'onglet "rootkit" et clique sur Scan

Lorsque le scan est terminé, clique sur "copy"

 

Ouvre le bloc-note et clique sur le Menu Edition / Coller

Le rapport doit alors apparaître.

Enregistre le fichier sur ton bureau et copie/colle le contenu ici.

Jakyco Junior Member

Jakyco

Posté(e)
  • Auteur
Posté(e)

 

Bonjour,

 

Rapport gmer :

 

GMER 1.0.15.14966 - http://www.gmer.net

Rootkit scan 2009-04-08 20:33:17

Windows 5.1.2600 Service Pack 3

 

 

---- System - GMER 1.0.15 ----

 

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF219944A]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xF21994E1]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF21993F8]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF219940C]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xF21994F5]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF2199521]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF219958F]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF2199579]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF219948A]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF21995BB]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xF21994CD]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF21993D0]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF21993E4]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF219945E]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xF21995F7]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF2199563]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF219954D]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xF219950B]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xF21995E3]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xF21995CF]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xF2199436]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF2199422]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xF2199537]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF21994B9]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xF21995A5]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF21994A0]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF2199474]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

 

---- Kernel code sections - GMER 1.0.15 ----

 

.text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP F2199478 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP F219944E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2006 7 Bytes JMP F219948E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E14 5 Bytes JMP F21994A4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E6 7 Bytes JMP F2199462 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtOpenProcess 805CB408 5 Bytes JMP F21993D4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtOpenThread 805CB694 5 Bytes JMP F21993E8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE52 5 Bytes JMP F2199426 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1142 7 Bytes JMP F2199410 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwCreateProcess 805D11F8 1 Byte [E9]

PAGE ntkrnlpa.exe!ZwCreateProcess 805D11F8 5 Bytes JMP F21993FC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwSetContextThread 805D1702 5 Bytes JMP F219943A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AA 5 Bytes JMP F21994BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwQueryValueKey 806219CA 7 Bytes JMP F2199551 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwSetValueKey 80621D18 7 Bytes JMP F219953B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwUnloadKey 80622042 7 Bytes JMP F21995A9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 806228E0 7 Bytes JMP F2199567 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwRenameKey 806231B4 7 Bytes JMP F219950F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwCreateKey 80623792 5 Bytes JMP F21994E5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwDeleteKey 80623C22 7 Bytes JMP F21994F9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623DF2 7 Bytes JMP F2199525 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FD2 7 Bytes JMP F2199593 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062423C 7 Bytes JMP F219957D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwOpenKey 80624B64 5 Bytes JMP F21994D1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwQueryKey 80624E8A 7 Bytes JMP F21995FB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwRestoreKey 8062514A 5 Bytes JMP F21995D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwReplaceKey 8062583E 5 Bytes JMP F21995E7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80625958 5 Bytes JMP F21995BF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

 

---- User code sections - GMER 1.0.15 ----

 

.text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01010FEF

.text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01010075

.text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01010064

.text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01010053

.text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01010036

.text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01010FA8

.text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 010100B2

.text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01010097

.text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010100D4

.text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010100C3

.text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 01010F20

.text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 01010025

.text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01010FDE

.text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 01010086

.text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 01010014

.text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 01010FCD

.text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 01010F4F

.text C:\WINDOWS\System32\svchost.exe[520] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00FF0047

.text C:\WINDOWS\System32\svchost.exe[520] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00FF0FA2

.text C:\WINDOWS\System32\svchost.exe[520] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00FF002C

.text C:\WINDOWS\System32\svchost.exe[520] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00FF0011

.text C:\WINDOWS\System32\svchost.exe[520] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00FF0FBD

.text C:\WINDOWS\System32\svchost.exe[520] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00FF0000

.text C:\WINDOWS\System32\svchost.exe[520] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00FF0069

.text C:\WINDOWS\System32\svchost.exe[520] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00FF0058

.text C:\WINDOWS\System32\svchost.exe[520] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006C0FAB

.text C:\WINDOWS\System32\svchost.exe[520] msvcrt.dll!system 77C293C7 5 Bytes JMP 006C0036

.text C:\WINDOWS\System32\svchost.exe[520] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006C0000

.text C:\WINDOWS\System32\svchost.exe[520] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006C0FE3

.text C:\WINDOWS\System32\svchost.exe[520] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006C001B

.text C:\WINDOWS\System32\svchost.exe[520] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006C0FD2

.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070000

.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000700A9

.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070098

.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070FCA

.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0007007D

.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070047

.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070F7C

.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070FA3

.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00070F50

.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000700E9

.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00070F35

.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00070062

.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 0007001B

.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 000700C4

.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 0007002C

.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00070FDB

.text C:\WINDOWS\system32\services.exe[892] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00070F6B

.text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00060047

.text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 0006007D

.text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00060036

.text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 0006001B

.text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00060FC0

.text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00060000

.text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00060FE5

.text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [26, 88]

.text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00060062

.text C:\WINDOWS\system32\services.exe[892] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0005004E

.text C:\WINDOWS\system32\services.exe[892] msvcrt.dll!system 77C293C7 5 Bytes JMP 0005003D

.text C:\WINDOWS\system32\services.exe[892] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050FDE

.text C:\WINDOWS\system32\services.exe[892] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050FEF

.text C:\WINDOWS\system32\services.exe[892] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050FCD

.text C:\WINDOWS\system32\services.exe[892] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050018

.text C:\WINDOWS\system32\services.exe[892] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040FEF

.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FD0000

.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FD0F79

.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FD006E

.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FD0F94

.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FD0FA5

.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FD0FC7

.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FD0F5C

.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FD00A4

.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FD0F15

.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FD0F26

.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00FD0F04

.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00FD0FB6

.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00FD0011

.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00FD0089

.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00FD0033

.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00FD0022

.text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00FD0F41

.text C:\WINDOWS\system32\lsass.exe[904] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00FC0022

.text C:\WINDOWS\system32\lsass.exe[904] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00FC0F91

.text C:\WINDOWS\system32\lsass.exe[904] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00FC0011

.text C:\WINDOWS\system32\lsass.exe[904] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00FC0000

.text C:\WINDOWS\system32\lsass.exe[904] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00FC0058

.text C:\WINDOWS\system32\lsass.exe[904] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00FC0FE5

.text C:\WINDOWS\system32\lsass.exe[904] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00FC0FAC

.text C:\WINDOWS\system32\lsass.exe[904] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [1C, 89] {SBB AL, 0x89}

.text C:\WINDOWS\system32\lsass.exe[904] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00FC0033

.text C:\WINDOWS\system32\lsass.exe[904] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FB0042

.text C:\WINDOWS\system32\lsass.exe[904] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FB0031

.text C:\WINDOWS\system32\lsass.exe[904] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FB0016

.text C:\WINDOWS\system32\lsass.exe[904] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FB0FEF

.text C:\WINDOWS\system32\lsass.exe[904] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FB0FC1

.text C:\WINDOWS\system32\lsass.exe[904] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FB0FDE

.text C:\WINDOWS\system32\lsass.exe[904] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FA0FEF

.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02430000

.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02430FB7

.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02430FC8

.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 024300A2

.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02430091

.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0243005B

.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02430F75

.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02430F92

.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02430F46

.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 024300DF

.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 024300FA

.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02430080

.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 0243001B

.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 024300BD

.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 02430FEF

.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 02430040

.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 024300CE

.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 0242002C

.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 0242007D

.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 02420FE5

.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 0242001B

.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 02420062

.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 0242000A

.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 02420FC0

.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [62, 8A]

.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 02420047

.text C:\WINDOWS\system32\svchost.exe[1092] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0241001B

.text C:\WINDOWS\system32\svchost.exe[1092] msvcrt.dll!system 77C293C7 5 Bytes JMP 0241000A

.text C:\WINDOWS\system32\svchost.exe[1092] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02410FAB

.text C:\WINDOWS\system32\svchost.exe[1092] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02410FE3

.text C:\WINDOWS\system32\svchost.exe[1092] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02410F90

.text C:\WINDOWS\system32\svchost.exe[1092] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02410FD2

.text C:\WINDOWS\system32\svchost.exe[1092] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FF0FEF

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EE0FEF

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EE009B

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EE0FA6

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EE0FC3

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EE0080

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EE004A

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EE00D8

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EE00C7

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EE00FD

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EE0F5A

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00EE010E

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00EE0065

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00EE0FDE

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00EE00AC

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00EE0025

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00EE0014

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00EE0F75

.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00ED002C

.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00ED0062

.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00ED0FE5

.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00ED001B

.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00ED0FAF

.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00ED0000

.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00ED0051

.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00ED0FCA

.text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EC005D

.text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EC0FC8

.text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EC001D

.text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EC0FEF

.text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EC002E

.text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EC0000

.text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EB0000

.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02AF0FEF

.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02AF0F94

.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02AF0FA5

.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02AF0073

.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02AF0062

.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02AF0FC0

.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02AF0F5C

.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02AF00A4

.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02AF00DD

.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02AF0F3A

.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 02AF0F1F

.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02AF0047

.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02AF000A

.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 02AF0F83

.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 02AF0036

.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 02AF0025

.text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 02AF0F4B

.text C:\WINDOWS\Explorer.EXE[1232] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 02440FAF

.text C:\WINDOWS\Explorer.EXE[1232] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 02440051

.text C:\WINDOWS\Explorer.EXE[1232] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 02440000

.text C:\WINDOWS\Explorer.EXE[1232] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 02440FD4

.text C:\WINDOWS\Explorer.EXE[1232] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 02440036

.text C:\WINDOWS\Explorer.EXE[1232] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 02440FE5

.text C:\WINDOWS\Explorer.EXE[1232] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 02440F94

.text C:\WINDOWS\Explorer.EXE[1232] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [64, 8A]

.text C:\WINDOWS\Explorer.EXE[1232] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 0244001B

.text C:\WINDOWS\Explorer.EXE[1232] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0243007A

.text C:\WINDOWS\Explorer.EXE[1232] msvcrt.dll!system 77C293C7 5 Bytes JMP 02430055

.text C:\WINDOWS\Explorer.EXE[1232] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02430029

.text C:\WINDOWS\Explorer.EXE[1232] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02430000

.text C:\WINDOWS\Explorer.EXE[1232] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02430044

.text C:\WINDOWS\Explorer.EXE[1232] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02430FEF

.text C:\WINDOWS\Explorer.EXE[1232] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 02450000

.text C:\WINDOWS\Explorer.EXE[1232] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 02450FE5

.text C:\WINDOWS\Explorer.EXE[1232] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 02450025

.text C:\WINDOWS\Explorer.EXE[1232] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 02450036

.text C:\WINDOWS\Explorer.EXE[1232] ws2_32.dll!socket 71AB4211 5 Bytes JMP 01A4000A

.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02EC000A

.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02EC00A2

.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02EC0FA3

.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02EC007D

.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02EC0FC0

.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02EC0051

.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02EC00E1

.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02EC00C4

.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02EC0117

.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02EC00FC

.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 02EC0F63

.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02EC006C

.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02EC001B

.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 02EC00B3

.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 02EC0FE5

.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 02EC002C

.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 02EC0F7E

.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 02BA0036

.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 02BA0065

.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 02BA0FE5

.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 02BA0011

.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 02BA0FA8

.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 02BA0000

.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 02BA0FB9

.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [DA, 8A]

.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 02BA0FCA

.text C:\WINDOWS\System32\svchost.exe[1324] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0251005D

.text C:\WINDOWS\System32\svchost.exe[1324] msvcrt.dll!system 77C293C7 5 Bytes JMP 0251004C

.text C:\WINDOWS\System32\svchost.exe[1324] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02510016

.text C:\WINDOWS\System32\svchost.exe[1324] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02510FEF

.text C:\WINDOWS\System32\svchost.exe[1324] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02510031

.text C:\WINDOWS\System32\svchost.exe[1324] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02510FD2

.text C:\WINDOWS\System32\svchost.exe[1324] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02230000

.text C:\WINDOWS\System32\svchost.exe[1324] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 02CB0000

.text C:\WINDOWS\System32\svchost.exe[1324] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 02CB0FE5

.text C:\WINDOWS\System32\svchost.exe[1324] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 02CB001B

.text C:\WINDOWS\System32\svchost.exe[1324] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 02CB002C

.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00650FEF

.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00650031

.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00650F46

.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00650F57

.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00650F68

.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00650F97

.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!GetStartupInfoW 7C801E54 1 Byte [E9]

.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00650058

.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00650F10

.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00650EE4

.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00650EF5

.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00650EC9

.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00650014

.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00650FD4

.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00650F21

.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00650FB2

.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00650FC3

.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00650069

.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00640047

.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00640091

.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 0064002C

.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 0064001B

.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00640FCA

.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00640000

.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 0064006C

.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00640FE5

.text C:\WINDOWS\system32\svchost.exe[1364] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00630FCA

.text C:\WINDOWS\system32\svchost.exe[1364] msvcrt.dll!system 77C293C7 5 Bytes JMP 00630FDB

.text C:\WINDOWS\system32\svchost.exe[1364] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0063003A

.text C:\WINDOWS\system32\svchost.exe[1364] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0063000C

.text C:\WINDOWS\system32\svchost.exe[1364] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0063004B

.text C:\WINDOWS\system32\svchost.exe[1364] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0063001D

.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C2000A

.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C20F94

.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C20FAF

.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C20093

.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C20076

.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C20040

.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C200BF

.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C200AE

.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C200FC

.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C200EB

.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00C20117

.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00C2005B

.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C2001B

.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00C20F83

.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00C20FD4

.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00C20FEF

.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00C200D0

.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00C10025

.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00C1005B

.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00C10FD4

.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00C1000A

.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00C1004A

.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00C10FEF

.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00C10F9E

.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [E1, 88] {LOOPZ 0xffffffffffffff8a}

.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00C10FB9

.text C:\WINDOWS\system32\svchost.exe[1500] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C00FBC

.text C:\WINDOWS\system32\svchost.exe[1500] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C00047

.text C:\WINDOWS\system32\svchost.exe[1500] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C0001B

.text C:\WINDOWS\system32\svchost.exe[1500] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C00FEF

.text C:\WINDOWS\system32\svchost.exe[1500] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C0002C

.text C:\WINDOWS\system32\svchost.exe[1500] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C00000

.text C:\WINDOWS\system32\svchost.exe[1500] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BF0FEF

.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DB0000

.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DB004C

.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DB0F61

.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DB003B

.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DB0F72

.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DB0F94

.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DB0093

.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DB0078

.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DB00C6

.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DB00B5

.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00DB00EB

.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00DB0F83

.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00DB0FE5

.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00DB0067

.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00DB0FB9

.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00DB0FCA

.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00DB00A4

.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00DA0FAF

.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00DA0040

.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00DA0FD4

.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00DA0FE5

.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00DA0F79

.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00DA000A

.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00DA0025

.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00DA0F9E

.text C:\WINDOWS\system32\svchost.exe[1524] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D90FA8

.text C:\WINDOWS\system32\svchost.exe[1524] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D9003D

.text C:\WINDOWS\system32\svchost.exe[1524] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D90FCD

.text C:\WINDOWS\system32\svchost.exe[1524] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D90FEF

.text C:\WINDOWS\system32\svchost.exe[1524] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D90022

.text C:\WINDOWS\system32\svchost.exe[1524] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D90FDE

.text C:\WINDOWS\system32\svchost.exe[1524] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C60FEF

.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D20FE5

.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D20F72

.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D20071

.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D20060

.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D20039

.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D20FA8

.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D200A7

.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D2008C

.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D200C9

.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D20F3A

.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00D20F15

.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00D20F97

.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D20FCA

.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00D20F61

.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00D20FB9

.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00D20000

.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00D200B8

.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00D00036

.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00D00F9E

.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00D00025

.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00D0000A

.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00D00FAF

.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00D00FEF

.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00D00FC0

.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [F0, 88]

.text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00D00047

.text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CF0049

.text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CF0FC8

.text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CF0FE3

.text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CF0000

.text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CF0038

.text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CF001D

.text C:\WINDOWS\system32\svchost.exe[1752] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CE0000

.text C:\WINDOWS\system32\svchost.exe[1752] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00D1000A

.text C:\WINDOWS\system32\svchost.exe[1752] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00D1001B

.text C:\WINDOWS\system32\svchost.exe[1752] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00D10FE5

.text C:\WINDOWS\system32\svchost.exe[1752] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00D10036

.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B70FEF

.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B70F46

.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B70F57

.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B70F68

.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B70025

.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B70014

.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B70F0E

.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B70F35

.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B7008C

.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B70EF3

.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00B700A7

.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00B70F83

.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B70FDE

.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00B70056

.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00B70FA8

.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00B70FB9

.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00B70071

.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00B60025

.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00B60F72

.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00B60FD4

.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00B60000

.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00B60F83

.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00B60FE5

.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00B60F9E

.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [D6, 88]

.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00B60FB9

.text C:\WINDOWS\system32\svchost.exe[1972] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B50FBE

.text C:\WINDOWS\system32\svchost.exe[1972] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B50FD9

.text C:\WINDOWS\system32\svchost.exe[1972] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B5002E

.text C:\WINDOWS\system32\svchost.exe[1972] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B50000

.text C:\WINDOWS\system32\svchost.exe[1972] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B5003F

.text C:\WINDOWS\system32\svchost.exe[1972] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B5001D

.text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C50000

.text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C500DA

.text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C500BF

.text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C500A4

.text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C50FDB

.text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C50062

.text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C50101

.text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C50FB9

.text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C50F83

.text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C50112

.text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00C50F68

.text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00C5007D

.text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C50011

.text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00C50FCA

.text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00C5003D

.text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00C5002C

.text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00C50F94

.text C:\WINDOWS\system32\svchost.exe[2144] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00C40FB2

.text C:\WINDOWS\system32\svchost.exe[2144] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00C4004A

.text C:\WINDOWS\system32\svchost.exe[2144] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00C40FC3

.text C:\WINDOWS\system32\svchost.exe[2144] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00C40FD4

.text C:\WINDOWS\system32\svchost.exe[2144] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00C40039

.text C:\WINDOWS\system32\svchost.exe[2144] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00C40FE5

.text C:\WINDOWS\system32\svchost.exe[2144] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00C40F8D

.text C:\WINDOWS\system32\svchost.exe[2144] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [E4, 88] {IN AL, 0x88}

.text C:\WINDOWS\system32\svchost.exe[2144] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00C40014

.text C:\WINDOWS\system32\svchost.exe[2144] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C30F92

.text C:\WINDOWS\system32\svchost.exe[2144] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C30FB7

.text C:\WINDOWS\system32\svchost.exe[2144] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C30FD2

.text C:\WINDOWS\system32\svchost.exe[2144] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C30FEF

.text C:\WINDOWS\system32\svchost.exe[2144] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C3001D

.text C:\WINDOWS\system32\svchost.exe[2144] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C3000C

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2180] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2180] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)

.text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00710FEF

.text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00710F90

.text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00710085

.text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00710FA1

.text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00710FB2

.text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00710043

.text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007100B6

.text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00710F6E

.text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007100D8

.text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007100C7

.text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 007100E9

.text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00710054

.text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 0071000A

.text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00710F7F

.text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00710FCD

.text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00710FDE

.text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00710F49

.text C:\WINDOWS\System32\svchost.exe[3672] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00700FE5

.text C:\WINDOWS\System32\svchost.exe[3672] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00700FAF

.text C:\WINDOWS\System32\svchost.exe[3672] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 0070002C

.text C:\WINDOWS\System32\svchost.exe[3672] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00700011

.text C:\WINDOWS\System32\svchost.exe[3672] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 0070006C

.text C:\WINDOWS\System32\svchost.exe[3672] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00700000

.text C:\WINDOWS\System32\svchost.exe[3672] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00700FCA

.text C:\WINDOWS\System32\svchost.exe[3672] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [90, 88]

.text C:\WINDOWS\System32\svchost.exe[3672] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00700051

.text C:\WINDOWS\System32\svchost.exe[3672] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006F005F

.text C:\WINDOWS\System32\svchost.exe[3672] msvcrt.dll!system 77C293C7 5 Bytes JMP 006F004E

.text C:\WINDOWS\System32\svchost.exe[3672] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006F0022

.text C:\WINDOWS\System32\svchost.exe[3672] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006F0000

.text C:\WINDOWS\System32\svchost.exe[3672] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006F003D

.text C:\WINDOWS\System32\svchost.exe[3672] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006F0011

.text C:\WINDOWS\System32\svchost.exe[3672] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006E000A

.text C:\WINDOWS\system32\dllhost.exe[3720] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E30FEF

.text C:\WINDOWS\system32\dllhost.exe[3720] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E30F83

.text C:\WINDOWS\system32\dllhost.exe[3720] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E30F94

.text C:\WINDOWS\system32\dllhost.exe[3720] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E30FA5

.text C:\WINDOWS\system32\dllhost.exe[3720] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E30062

.text C:\WINDOWS\system32\dllhost.exe[3720] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E30036

.text C:\WINDOWS\system32\dllhost.exe[3720] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E30093

.text C:\WINDOWS\system32\dllhost.exe[3720] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E30F57

.text C:\WINDOWS\system32\dllhost.exe[3720] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E300BF

.text C:\WINDOWS\system32\dllhost.exe[3720] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E30F30

.text C:\WINDOWS\system32\dllhost.exe[3720] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00E30F0B

.text C:\WINDOWS\system32\dllhost.exe[3720] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00E30047

.text C:\WINDOWS\system32\dllhost.exe[3720] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00E3000A

.text C:\WINDOWS\system32\dllhost.exe[3720] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00E30F72

.text C:\WINDOWS\system32\dllhost.exe[3720] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00E30025

.text C:\WINDOWS\system32\dllhost.exe[3720] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00E30FCA

.text C:\WINDOWS\system32\dllhost.exe[3720] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00E300AE

.text C:\WINDOWS\system32\dllhost.exe[3720] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E10064

.text C:\WINDOWS\system32\dllhost.exe[3720] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E10053

.text C:\WINDOWS\system32\dllhost.exe[3720] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E1002E

.text C:\WINDOWS\system32\dllhost.exe[3720] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E10000

.text C:\WINDOWS\system32\dllhost.exe[3720] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E10FE3

.text C:\WINDOWS\system32\dllhost.exe[3720] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E1001D

.text C:\WINDOWS\system32\dllhost.exe[3720] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00E2001B

.text C:\WINDOWS\system32\dllhost.exe[3720] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00E20F9B

.text C:\WINDOWS\system32\dllhost.exe[3720] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00E2000A

.text C:\WINDOWS\system32\dllhost.exe[3720] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00E20FD4

.text C:\WINDOWS\system32\dllhost.exe[3720] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00E2004E

.text C:\WINDOWS\system32\dllhost.exe[3720] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00E20FEF

.text C:\WINDOWS\system32\dllhost.exe[3720] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00E2003D

.text C:\WINDOWS\system32\dllhost.exe[3720] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00E2002C

.text C:\WINDOWS\system32\dllhost.exe[3720] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006C0000

.text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00710000

.text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0071006C

.text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00710F77

.text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00710F88

.text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00710051

.text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0071002C

.text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00710098

.text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00710087

.text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007100CE

.text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00710F2B

.text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00710F10

.text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00710FAF

.text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00710011

.text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00710F5C

.text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00710FC0

.text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00710FDB

.text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 007100A9

.text C:\WINDOWS\System32\svchost.exe[3972] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00700FAF

.text C:\WINDOWS\System32\svchost.exe[3972] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00700F79

.text C:\WINDOWS\System32\svchost.exe[3972] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00700000

.text C:\WINDOWS\System32\svchost.exe[3972] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00700FCA

.text C:\WINDOWS\System32\svchost.exe[3972] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00700036

.text C:\WINDOWS\System32\svchost.exe[3972] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00700FEF

.text C:\WINDOWS\System32\svchost.exe[3972] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00700025

.text C:\WINDOWS\System32\svchost.exe[3972] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00700F9E

.text C:\WINDOWS\System32\svchost.exe[3972] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006F003D

.text C:\WINDOWS\System32\svchost.exe[3972] msvcrt.dll!system 77C293C7 5 Bytes JMP 006F0FB2

.text C:\WINDOWS\System32\svchost.exe[3972] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006F0FD4

.text C:\WINDOWS\System32\svchost.exe[3972] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006F000C

.text C:\WINDOWS\System32\svchost.exe[3972] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006F0FC3

.text C:\WINDOWS\System32\svchost.exe[3972] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006F0FEF

.text C:\WINDOWS\System32\svchost.exe[3972] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006E0000

 

---- User IAT/EAT - GMER 1.0.15 ----

 

IAT C:\WINDOWS\Explorer.EXE[1232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01A52DF0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT C:\WINDOWS\Explorer.EXE[1232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01A52C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT C:\WINDOWS\Explorer.EXE[1232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01A52C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT C:\WINDOWS\Explorer.EXE[1232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01A52C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[3332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B52DF0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[3332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B52C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[3332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B52C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[3332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B52C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT C:\DOCUME~1\Moi\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002DF0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT C:\DOCUME~1\Moi\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT C:\DOCUME~1\Moi\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT C:\DOCUME~1\Moi\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT C:\WINDOWS\eHome\ehmsas.exe[5520] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002DF0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT C:\WINDOWS\eHome\ehmsas.exe[5520] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT C:\WINDOWS\eHome\ehmsas.exe[5520] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT C:\WINDOWS\eHome\ehmsas.exe[5520] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002DF0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6116] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002DF0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6116] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6116] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6116] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

 

---- Devices - GMER 1.0.15 ----

 

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

 

Device \FileSystem\Fastfat \Fat EDC71D20

 

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

 

---- Registry - GMER 1.0.15 ----

 

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

 

---- Files - GMER 1.0.15 ----

 

File C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl (size mismatch) 8192/4096 bytes

 

---- EOF - GMER 1.0.15 ----

 

et le rapport combofix : (mais j ai eu l impression qu il ne marchait pas)

 

ComboFix 09-04-01.01 - Administrator 2009-04-05 11:51:12.1 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.674 [GMT 2:00]

Running from: E:\ComboFix.exe

AV: McAfee VirusScan *On-access scanning disabled* (Updated)

FW: McAfee Personal Firewall *enabled*

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

Merci

 

 

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

salut :P

 

Bon les rapports ne montrent plus rien de mauvais.

 

Du nettoyage à faire cependant.

 

On va utiliser un programme pour cela, ca ira plus vite! >>

 

Désinstalle FindyKill

 

Télécharge OTMoveIt3 par OldTimer.

  • Enregistre ce fichier sur le Bureau.
  • Fais un double clic sur OTMoveIt3.exe pour lancer l'exécution de l'outil. (Note: Si tu utilises Vista, fais un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
  • Copie les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant toutes puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
    :first
:files
C:\WINDOWS\PSEXESVC.EXE
C:\WINDOWS\zip.exe
C:\WINDOWS\VFIND.exe
C:\WINDOWS\SWXCACLS.exe
C:\WINDOWS\SWSC.exe
C:\WINDOWS\SWREG.exe
C:\WINDOWS\sed.exe
C:\WINDOWS\NIRCMD.exe
C:\WINDOWS\grep.exe
C:\WINDOWS\fdsv.exe
C:\WINDOWS\system32\CF8168.exe
C:\WINDOWS\system32\tmp.txt
C:\rapport.txt
C:\VundoFix.txt
C:\FindyKill.txt
C:\WINDOWS\ERDNT
C:\ComboFix
C:\Qoobox
C:\VundoFix Backups
C:\rsit

:commands
[emptytemp]


  • Retourne dans la fenêtre de OTMoveIt3, fais un clic droit dans la zone de gauche intitulée "Paste Instructions for Items to be Moved" (sous la barre jaune) puis choisir Coller.
  • Clique sur le bouton rouge Moveit!.
  • Ferme OTMoveIt3
  • Poste dans ta prochaine réponse le rapport de OTMoveIt3 (contenu du fichier C:\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire pour permettre de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes.

 

Supprime aussi Gmer que tu as téléchargé sur le Bureau normalement.

 

On purge la restauration système car il y a peut être des points de restauration infectés (ca évitera de réinstaller l'infection au cas où tu es amené à l'utiliser) => aide visuelle

Clique sur Démarrer.

Clique avec le bouton droit sur l'icône Poste de travail, puis cliquez sur Propriétés.

Clique sur l'onglet «Restauration du système».

Sélectionne «Désactiver la Restauration du système» ou «Désactiver la Restauration du système sur tous les lecteurs»

Clique sur "Appliquer".

Comme le dit le message, ceci supprimera tous les points de restauration existants. Pour faire cela, clique sur Oui.

Clique sur OK.Redémarre ton PC. Fais l'opération inverse, et réactive la restauration:un nouveau point sera automatiquement créé.

 

Quelques mises à jour =>

 

- Adobe Reader est passé à la version 9 >> http://www.adobe.com/fr/products/reader/

 

- Il faut mettre le Console Java de Sun à jour car c'est important pour la sécurité du pc.

 

Télécharge JavaRa.zip de Paul McLain et Fred de Vries.

  • Décompresse le fichier sur ton bureau (clic droit > Extraire tout)
  • Double-clique sur le répertoire JavaRa obtenu
  • Puis double-clique sur le fichier JavaRa.exe (le exe peut ne pas s'afficher)
  • Une boite va s'ouvrir te demandant de sélectionner le langage, fais ton choix puis clique sur Select.
  • Clique sur Search For Updates
  • Sélectionne Update Using jucheck.exe puis clique sur Search
  • Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.
  • Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions
  • Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
  • Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.
    Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log (c:\JavaRa.log)
  • Ferme l'application

Comment fonctionne le pc ?

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...