SOS Infection (Résolu)

[pear]

Désinstallez Combofix et Winreplace

 

Téléchargez CCleaner

et installez le

à l'installation penser à decocher l'installation de Yahoo toolbar discrètement proposé en plus de CCleaner.

Lancez le en double cliquant sur CCleaner.exe

-=Suppression des fichiers temporaires=-

 

*Dans la section "Options" situé dans la marge gauche,aller dans "Avancé" et décocher "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures".

Dans la section "Nettoyeur"

Cocher toutes les cases dans la marge gauche (Internet Explorer/Windows Explorer/Système)

 

* Cliquer sur Analyse

* Le scan, qui peut prendre un peu de temps si c'est la première fois.

* Une fois le scan terminé, cliquer sur Lancer le Nettoyage

 

 

 

La manoeuvre doit-elle se faire en mode normal ou sans échec?

 

toute la procéure en question doit se faire en console de récupération que vous lancez donc au démarrage.

Modifié le 6 avril 2009 par pear

[catch1]

Ai fait, sans doute,une bêtise.

Je ne sais pas comment désinstaller ComboFix et WinFileReplace. Ces 2 applications sont sur le bureau et sont lancées directement par là.

Avais cc cleaner installé. Ai coché toutes les cases de gauche sauf avancé, mais ai oublié de décocher dans options la case : nettoyer les fichiers temporaire >24heures.

On peut encore le faire.

Ai essayé de lancer la console. Toujours le même problème pour batch : commande inconnue ou fichier inconnu.

Que faire?

[pear]

Désinstallez Combofix:

Démarrer > Exécuter ->combofix.exe /u

Valider par OK

ComboFix démarre et affiche un message disant que ComboFix est bien éliminé: cliquer sur OK.

 

Winreplace , probablement par ajout/ suppression du panneau de configuration ,sinon en supprimant le dossier du bureau

 

Ccleaner, vous recommencez comme je l'ai indiqué.

 

En console , vous arrivez bien là ?

 

Utilisation de la console

 

Lorsque l'invite pour %SystemRoot% (généralement C:\Windows) apparaît, vous pouvez commencer à taper les commandes appropriées pour diagnostiquer et réparer votre installation.

Windows vous demande quel système démarrer.

Généralement , vous tapez 1 pour accéder au prompt C:\Windows>

Vous arrivez là:

C:WINDOWS>

[catch1]

Ai désinstallé ComboFix comme demandé.

Ai supprimé Winreplace par mise à la poubelle à partir du bureau : il n'existait pas dans ajoût/suppression de programmes, ni dans cc cleaner.

Ai appliqué cc cleaner comme demandé.

Quand je lance lance console par F8 au démarrage, puis mode sans échec avec prise en charge réseau, la page suivante demande si je veux windows normal ou la console. Je choisis la console. Elle se lance; je dois choisir ensuite entre 3 options 2 sur D et la n°3 sur C; Je choisis 3.

J'arrive à C:>windows. j'entre Set et J'obtiens 4 lignes : les 3 allow et nocopy, rien d'autre.

Je passe les 3 valeurs allow et noCopy en true.

Ensuite je tape batch c:\fich1.bat et là, il me répond : commande inconnue, bien que BATCH figure dans la liste des commandes obtenue par Help.

J'en suis là.

[pear]

Ok. on y reviendra.

 

Votre sujet est suivi par d'autres conseillers.

 

Vous aller tenter ceci:

 

Créez un sur C:`\ un dossier nommé Gmer

Télécharger gmer

vers C:\gmer

Clic droit sur fichier téléchargé->Extraire ici

Déconnecter internet si possible et fermer tous les programmes.

Double-clic sur gmer.exe

IMPORTANT: Si une alerte de l' antivirus apparaît pour le fichier gmer.sys ou gmer.exe, ne pas s'en préoccuper.

Clic sur l'onglet "rootkit"

Clic sur Scan

A la fin du scan->Clic sur copie

Collez le résultat dans un prochain message

[catch1]

Bonsoir,

J'ai eu quelques soucis avec Gmer.

Il s'est lancé normalement et a trouve 9 hidden process ( en rouge dans le log), puis il s'est arrête. J'ai voulu enregistrer le log en faisant copy et en ouvrant le bloc-notes. Impossible (j'etais en mode normal et Windows envoyait des messages d'erreur).

J'ai redémarré en mode sans échec et relancé Gmer. Au milieu du scan, tout s'est arrêté et le PC a redémarré. Je suis revenu en mode sans échec et j'ai relancé Gmer pour la troisième fois.

J'ai enregistré le log, le voici :

GMER 1.0.15.14966 - http://www.gmer.net

Rootkit scan 2009-04-06 21:47:18

Windows 5.1.2600 Service Pack 2

 

 

---- System - GMER 1.0.15 ----

 

Code 82B5B4D0 pIofCallDriver

 

---- User code sections - GMER 1.0.15 ----

 

.text C:\WINDOWS\system32\winlogon.exe[432] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FF94491

.text C:\WINDOWS\system32\winlogon.exe[432] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FF94520

.text C:\WINDOWS\system32\winlogon.exe[432] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FF9452D

.text C:\WINDOWS\system32\winlogon.exe[432] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FF94516

.text C:\WINDOWS\system32\winlogon.exe[432] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FF9456E

.text C:\WINDOWS\system32\services.exe[476] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FF94491

.text C:\WINDOWS\system32\services.exe[476] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FF94520

.text C:\WINDOWS\system32\services.exe[476] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FF9452D

.text C:\WINDOWS\system32\services.exe[476] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FF94516

.text C:\WINDOWS\system32\services.exe[476] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FF9456E

.text C:\WINDOWS\system32\lsass.exe[500] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FF94491

.text C:\WINDOWS\system32\lsass.exe[500] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FF94520

.text C:\WINDOWS\system32\lsass.exe[500] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FF9452D

.text C:\WINDOWS\system32\lsass.exe[500] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FF94516

.text C:\WINDOWS\system32\lsass.exe[500] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FF9456E

.text C:\WINDOWS\system32\svchost.exe[648] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]

.rsrc C:\WINDOWS\system32\svchost.exe[648] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x6600, 0xE0000040]

.text C:\WINDOWS\system32\svchost.exe[648] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\system32\svchost.exe[648] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\system32\svchost.exe[648] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\system32\svchost.exe[648] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\system32\svchost.exe[648] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]

.rsrc C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x6600, 0xE0000040]

.text C:\WINDOWS\system32\svchost.exe[700] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\system32\svchost.exe[700] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\system32\svchost.exe[700] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\system32\svchost.exe[700] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\system32\svchost.exe[700] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.text C:\WINDOWS\system32\svchost.exe[756] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]

.rsrc C:\WINDOWS\system32\svchost.exe[756] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x6600, 0xE0000040]

.text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FF94491

.text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FF94520

.text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FF9452D

.text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FF94516

.text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FF9456E

.text C:\WINDOWS\system32\svchost.exe[788] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]

.rsrc C:\WINDOWS\system32\svchost.exe[788] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x6600, 0xE0000040]

.text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.text C:\WINDOWS\system32\svchost.exe[820] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]

.rsrc C:\WINDOWS\system32\svchost.exe[820] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x6600, 0xE0000040]

.text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.text C:\WINDOWS\Explorer.EXE[1288] Explorer.EXE 0101E26B 4 Bytes [FF, 15, 98, 10]

.text C:\WINDOWS\Explorer.EXE[1288] C:\WINDOWS\Explorer.EXE section is writeable [0x01001000, 0x44689, 0xE0000060]

.reloc C:\WINDOWS\Explorer.EXE[1288] C:\WINDOWS\Explorer.EXE section is executable [0x010FC000, 0x9800, 0xE2000040]

.text C:\WINDOWS\Explorer.EXE[1288] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\Explorer.EXE[1288] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\Explorer.EXE[1288] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\Explorer.EXE[1288] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\Explorer.EXE[1288] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.text C:\WINDOWS\system32\ctfmon.exe[1632] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\system32\ctfmon.exe[1632] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\system32\ctfmon.exe[1632] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\system32\ctfmon.exe[1632] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\system32\ctfmon.exe[1632] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.text C:\gmer\gmer.exe[1720] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\gmer\gmer.exe[1720] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\gmer\gmer.exe[1720] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\gmer\gmer.exe[1720] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\gmer\gmer.exe[1720] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

 

---- Devices - GMER 1.0.15 ----

 

Device \Driver\NDIS \Device\Ndis [82AF1982] NDIS.sys[.reloc]

 

---- Files - GMER 1.0.15 ----

 

File C:\Documents and Settings\All Users\Application Data\Adobe\Updater5\AdobeESDGlobalApps.xml 285 bytes

File C:\WINDOWS\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ndis.sys (size mismatch) 182656/182912 bytes executable

File C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ndis.sys (size mismatch) 182656/182912 bytes executable

File C:\WINDOWS\system32\drivers\ndis.sys (size mismatch) 213376/182912 bytes executable

File C:\WINDOWS\system32\dllcache\ndis.sys (size mismatch) 213376/182912 bytes executable

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000179.query 184 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000084.query 314 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000096.query 778 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000b4.query 534 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000c7.query 5378 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e4.query 476 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000fb.query 5456 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000106.query 7128 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000119.query 990 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000137.query 7340 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000148.query 218 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000168.query 252 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000007f.query 8966 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000080.query 222 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000082.query 0 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000083.query 11954 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000085.query 2950 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000086.query 2950 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000088.query 284 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000008a.query 17578 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000008b.query 17578 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000008c.query 570 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000008d.query 1926 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000008e.query 1926 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000090.query 214 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000092.query 3626 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000093.query 3626 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000094.query 300 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000095.query 778 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000098.query 198 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000009a.query 2968 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000009b.query 2968 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000009c.query 264 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000009e.query 5536 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000009f.query 5536 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000a0.query 296 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000a2.query 1994 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000a3.query 1994 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000a4.query 298 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000a6.query 2934 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000a7.query 2934 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000a8.query 212 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000aa.query 2866 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ab.query 2866 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ac.query 200 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ae.query 3786 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000af.query 3786 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000b0.query 194 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000b1.query 1062 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000b2.query 1062 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000b5.query 3718 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000b6.query 3718 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000b8.query 182 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ba.query 7326 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000bb.query 7326 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000bc.query 202 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000be.query 4324 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000bf.query 4324 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000c0.query 190 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000c2.query 3660 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000c3.query 3660 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000c4.query 222 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000c6.query 5378 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000c8.query 276 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ca.query 3976 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000cb.query 3976 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000cc.query 254 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ce.query 14864 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000cf.query 14864 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000d0.query 204 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000d2.query 5480 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000d3.query 5480 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000d4.query 200 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000d6.query 3256 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000d7.query 3256 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000d8.query 194 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000da.query 1892 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000db.query 1892 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000dc.query 368 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000dd.query 514 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000de.query 514 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e0.query 236 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e1.query 378 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e2.query 6314 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e3.query 5944 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e5.query 1312 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e6.query 1312 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e8.query 284 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ea.query 8102 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000eb.query 8102 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ec.query 266 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ee.query 8042 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ef.query 8042 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000f0.query 276 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000f2.query 4150 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000f3.query 4150 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000f4.query 536 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000f5.query 2360 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000f6.query 2360 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000f8.query 328 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000fa.query 5456 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000fc.query 318 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000fe.query 3766 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ff.query 3766 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000100.query 340 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000101.query 506 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000102.query 4902 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000103.query 4404 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000104.query 348 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001f1.query 1214 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001f2.query 2054 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001f3.query 848 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001f4.query 496 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001f8.query 246 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001fc.query 244 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000200.query 252 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000204.query 84 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000205.query 476 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000206.query 476 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000208.query 160 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000107.query 7128 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000108.query 266 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000010a.query 1480 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000010b.query 1480 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000010c.query 356 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000110.query 452 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000111.query 942 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000112.query 942 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000114.query 194 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000115.query 2246 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000116.query 2246 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000118.query 518 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000011a.query 990 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000011c.query 278 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000011d.query 2078 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000011e.query 2078 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000120.query 338 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000121.query 1086 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000122.query 1086 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000124.query 246 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000126.query 7702 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000127.query 7702 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000128.query 152 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000012a.query 296 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000012b.query 296 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000012c.query 444 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000012d.query 4082 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000012e.query 4082 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000130.query 238 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000132.query 9370 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000133.query 9370 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000134.query 306 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000136.query 7340 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000138.query 258 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000013a.query 5652 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000013b.query 5652 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000013c.query 232 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000013e.query 7606 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000013f.query 7606 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000140.query 348 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000142.query 9044 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000143.query 9044 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000144.query 294 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000146.query 8426 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000147.query 8426 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000014a.query 6942 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000014b.query 6942 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000014c.query 226 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000014e.query 7550 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000014f.query 7550 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000150.query 274 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000152.query 5448 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000153.query 5448 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000154.query 340 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000156.query 11238 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000157.query 11238 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000158.query 478 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000015c.query 504 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000160.query 462 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000162.query 4968 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000163.query 4968 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000164.query 388 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000165.query 3626 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000166.query 3626 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000016a.query 19148 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000016b.query 19148 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000016c.query 196 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000016e.query 7594 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000016f.query 7594 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000170.query 168 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000172.query 3420 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000173.query 3420 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000174.query 124 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000176.query 10956 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000177.query 10956 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000178.query 134 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000017a.query 2642 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000017b.query 2466 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000017c.query 156 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000017e.query 6006 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000017f.query 6006 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000180.query 234 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000182.query 21404 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000183.query 21404 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000184.query 258 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000186.query 9900 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000187.query 9900 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000188.query 204 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000018a.query 4206 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000018b.query 4206 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000018c.query 282 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000018d.query 546 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000018e.query 1050 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000018f.query 512 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000190.query 252 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000191.query 598 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000192.query 598 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000194.query 210 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000196.query 1960 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000197.query 1960 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000198.query 216 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000019a.query 19024 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000019b.query 19024 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000019c.query 188 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000019e.query 6536 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000019f.query 6536 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001a0.query 202 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001a3.query 9952 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001a4.query 432 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001a8.query 246 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001aa.query 5456 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ab.query 5456 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ac.query 364 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ad.query 3866 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ae.query 3866 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001b0.query 194 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001b2.query 17598 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001b3.query 17598 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001b4.query 262 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001b6.query 7244 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001b7.query 7244 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001b8.query 258 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ba.query 11944 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001a2.query 9952 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001bb.query 11944 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001d4.query 326 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001f0.query 694 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000020a.query 3892 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000227.query 2284 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000239.query 1520 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000256.query 2218 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000269.query 972 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000285.query 974 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000299.query 2044 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001bc.query 264 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001be.query 2004 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001bf.query 2004 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001c0.query 242 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001c2.query 18050 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001c3.query 18050 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001c4.query 194 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001c6.query 7300 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001c7.query 7300 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001c8.query 274 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ca.query 7884 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001cb.query 7884 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001cc.query 292 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ce.query 24326 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001cf.query 24326 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001d0.query 242 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001d2.query 4332 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001d3.query 4332 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000020b.query 3892 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000020c.query 230 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000210.query 102 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000212.query 1420 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000213.query 1420 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000214.query 84 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000215.query 2102 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000216.query 2102 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000218.query 244 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000219.query 2246 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000021a.query 2246 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000021c.query 174 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000021d.query 1670 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000021e.query 1670 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000220.query 172 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000221.query 2330 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000222.query 2330 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000224.query 208 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000226.query 2284 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000228.query 264 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000229.query 354 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000022a.query 4378 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000022b.query 4032 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000022c.query 202 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000022d.query 1884 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000022e.query 1884 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000230.query 206 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000231.query 3184 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000232.query 3184 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000234.query 218 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000236.query 5838 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000237.query 5838 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000238.query 282 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000023a.query 1520 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000023c.query 446 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000023d.query 2444 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000023e.query 2444 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000240.query 146 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000241.query 1592 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000242.query 1592 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000244.query 210 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000246.query 1780 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000247.query 1780 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000248.query 216 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000024a.query 2154 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000024b.query 2154 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000024c.query 200 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000024e.query 3142 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000024f.query 3142 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000250.query 278 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000252.query 3586 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000253.query 3586 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000254.query 244 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000255.query 2218 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000258.query 162 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000025a.query 3562 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000025b.query 3562 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000025c.query 202 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000025e.query 664 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000025f.query 664 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000260.query 216 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000261.query 562 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000262.query 562 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000264.query 202 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000266.query 3514 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000267.query 3514 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000268.query 184 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000026a.query 972 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000026c.query 156 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000026e.query 2260 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000026f.query 2260 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000270.query 184 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000272.query 4014 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000273.query 4014 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000274.query 156 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000276.query 904 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000277.query 904 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000278.query 220 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000027a.query 1018 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000027b.query 1018 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000027c.query 214 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000027e.query 5064 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000027f.query 5064 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000280.query 216 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000282.query 2858 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000283.query 2858 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000284.query 194 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000286.query 974 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000288.query 264 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000289.query 322 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000028a.query 322 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000028c.query 196 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000028d.query 976 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000028e.query 976 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000290.query 134 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000292.query 278 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000293.query 278 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000294.query 146 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000296.query 5174 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000297.query 5174 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000298.query 364 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000029a.query 2044 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000029c.query 350 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000029e.query 1458 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000029f.query 1458 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002a0.query 402 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002a2.query 1996 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002a3.query 1996 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002a4.query 216 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002a6.query 1968 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002a7.query 1968 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002a8.query 258 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002aa.query 1180 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002ab.query 1180 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002ac.query 222 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002ad.query 614 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002ae.query 1628 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002af.query 1022 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002b0.query 230 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002b2.query 3174 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002b3.query 3174 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002b4.query 214 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002b6.query 3162 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002b7.query 3162 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002b8.query 208 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002ba.query 2542 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002bb.query 2542 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001d6.query 8208 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001d7.query 8208 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001d8.query 204 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001da.query 6792 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001db.query 6792 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001dc.query 516 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001e0.query 440 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001e2.query 4792 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001e3.query 4792 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001e4.query 262 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001e6.query 5648 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001e7.query 5648 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001e8.query 564 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ec.query 82 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ed.query 694 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ee.query 694 bytes

 

---- EOF - GMER 1.0.15 ----

 

Compte tenu de ces difficultés, je ne sais pas si ce sera très utile.

Merci et bonsoir.

[catch1]

Bonjour,

En cas de gros problème ou de perte de contact, il existe 2 possibilités :

réinstaller Windows sur lui même sans perdre les ficiers installés sur C ou carrément réinstaller le total en effaçant tout.

Si problème, je songe d'abord à essayer la première solution ; elle ne nécessite ensuite que la réinstallation des programmes dont je possède les CD d'installation.

[pear]

J'ai eu quelques soucis avec Gmer.

Il s'est lancé normalement et a trouve 9 hidden process ( en rouge dans le log

 

C'étaient ces lignes rouges qui m'intéressaient.

Voulez vous recommencer comme ceci ?

Créez un sur C:\ un dossier nommé Gamer

Vous allez Renommer gmer

Attention, par défaut, Firefox ne permet pas le renommage avant sauvegarde, utiliser plutôt IE

Pour le renommer:

clic droit sur http://www.gmer.net/gmer.zip

Choisir "Enregistrer la cible du lien..sous...."

Choisir pour destination le fichier C:\gamer

En bas, à Nom du Fichier:

tapez gamer.exe

Cliquez enfin sur -> Enregistrer sous

Entrez dans C:\gamer

Lancez gmer en double cliquant sur gamer.exe

Déconnectez internet si possible et fermez tous les programmes.

 

Si une alerte de l' antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laissez le s'executer.

Clic sur l'onglet "rootkit"

Clic sur Scan

A la fin du scan->Clic sur copie

Collez le résultat dans un prochain message

 

==========================================================

 

 

réinstaller Windows sur lui même sans perdre les ficiers installés sur C

Non, ce serait perdre votre temps.

Votre système est infecté, vous ne pouvez vous en tirer qu'en nettoyant ou en reformatant.

[catch1]

Voici le log de Gmer(Gamer) : il a retrouve les lignes IAT, mais par les "hidden process". Serait-il possible qu'ils aient été supprimés?

 

GMER 1.0.15.14966 - http://www.gmer.net

Rootkit scan 2009-04-07 13:17:46

Windows 5.1.2600 Service Pack 2

 

 

---- System - GMER 1.0.15 ----

 

Code 8291E4D0 pIofCallDriver

 

---- User code sections - GMER 1.0.15 ----

 

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[136] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[136] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[136] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[136] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[136] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.rsrc C:\WINDOWS\dhcp\svchost.exe[188] C:\WINDOWS\dhcp\svchost.exe section is executable [0x00482000, 0x7000, 0xE0000040]

.rsrc C:\WINDOWS\dhcp\svchost.exe[188] C:\WINDOWS\dhcp\svchost.exe entry point in ".rsrc" section [0x00483328]

.text C:\WINDOWS\dhcp\svchost.exe[188] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\dhcp\svchost.exe[188] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\dhcp\svchost.exe[188] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\dhcp\svchost.exe[188] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\dhcp\svchost.exe[188] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.text C:\WINDOWS\system32\HPZipm12.exe[248] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\system32\HPZipm12.exe[248] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\system32\HPZipm12.exe[248] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\system32\HPZipm12.exe[248] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\system32\HPZipm12.exe[248] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.text C:\WINDOWS\system32\sopidkc.exe[332] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\system32\sopidkc.exe[332] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\system32\sopidkc.exe[332] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\system32\sopidkc.exe[332] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\system32\sopidkc.exe[332] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.text C:\WINDOWS\system32\winlogon.exe[528] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\system32\winlogon.exe[528] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\system32\winlogon.exe[528] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\system32\winlogon.exe[528] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\system32\winlogon.exe[528] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

? C:\WINDOWS\System32\svchost.exe[548] number of sections mismatch; time/date stamp mismatch;

.text C:\WINDOWS\System32\svchost.exe[548] C:\WINDOWS\System32\svchost.exe section is writeable [0x00401000, 0x2C00, 0xE0000060]

.rsrc C:\WINDOWS\System32\svchost.exe[548] C:\WINDOWS\System32\svchost.exe section is executable [0x00405000, 0x6600, 0xE0000040]

.text C:\WINDOWS\System32\svchost.exe[548] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\System32\svchost.exe[548] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\System32\svchost.exe[548] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\System32\svchost.exe[548] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\System32\svchost.exe[548] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.text C:\WINDOWS\system32\services.exe[572] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\system32\services.exe[572] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\system32\services.exe[572] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\system32\services.exe[572] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\system32\services.exe[572] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.text C:\WINDOWS\system32\lsass.exe[588] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\system32\lsass.exe[588] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\system32\lsass.exe[588] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\system32\lsass.exe[588] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\system32\lsass.exe[588] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

? C:\WINDOWS\System32\svchost.exe[700] number of sections mismatch; time/date stamp mismatch;

.text C:\WINDOWS\System32\svchost.exe[700] C:\WINDOWS\System32\svchost.exe section is writeable [0x00401000, 0x2C00, 0xE0000060]

.rsrc C:\WINDOWS\System32\svchost.exe[700] C:\WINDOWS\System32\svchost.exe section is executable [0x00405000, 0x6600, 0xE0000040]

.text C:\WINDOWS\System32\svchost.exe[700] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\System32\svchost.exe[700] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\System32\svchost.exe[700] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\System32\svchost.exe[700] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\System32\svchost.exe[700] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.text C:\WINDOWS\system32\Ati2evxx.exe[748] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\system32\Ati2evxx.exe[748] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\system32\Ati2evxx.exe[748] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\system32\Ati2evxx.exe[748] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\system32\Ati2evxx.exe[748] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.text C:\WINDOWS\system32\svchost.exe[760] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]

.rsrc C:\WINDOWS\system32\svchost.exe[760] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x6600, 0xE0000040]

.text C:\WINDOWS\system32\svchost.exe[760] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\system32\svchost.exe[760] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\system32\svchost.exe[760] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\system32\svchost.exe[760] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\system32\svchost.exe[760] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.text C:\WINDOWS\system32\svchost.exe[852] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]

.rsrc C:\WINDOWS\system32\svchost.exe[852] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x6600, 0xE0000040]

.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

? C:\WINDOWS\System32\svchost.exe[896] number of sections mismatch; time/date stamp mismatch;

.text C:\WINDOWS\System32\svchost.exe[896] C:\WINDOWS\System32\svchost.exe section is writeable [0x00401000, 0x2C00, 0xE0000060]

.rsrc C:\WINDOWS\System32\svchost.exe[896] C:\WINDOWS\System32\svchost.exe section is executable [0x00405000, 0x6600, 0xE0000040]

.text C:\WINDOWS\System32\svchost.exe[896] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\System32\svchost.exe[896] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\System32\svchost.exe[896] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\System32\svchost.exe[896] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\System32\svchost.exe[896] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.text C:\WINDOWS\System32\svchost.exe[916] C:\WINDOWS\System32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]

.rsrc C:\WINDOWS\System32\svchost.exe[916] C:\WINDOWS\System32\svchost.exe section is executable [0x01005000, 0x6600, 0xE0000040]

.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.text C:\WINDOWS\system32\svchost.exe[980] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]

.rsrc C:\WINDOWS\system32\svchost.exe[980] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x6600, 0xE0000040]

.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.text C:\WINDOWS\system32\svchost.exe[1072] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]

.rsrc C:\WINDOWS\system32\svchost.exe[1072] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x6600, 0xE0000040]

.text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.text C:\WINDOWS\system32\Ati2evxx.exe[1260] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\system32\Ati2evxx.exe[1260] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\system32\Ati2evxx.exe[1260] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\system32\Ati2evxx.exe[1260] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\system32\Ati2evxx.exe[1260] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.text C:\WINDOWS\Explorer.EXE[1388] Explorer.EXE 0101E26B 4 Bytes [FF, 15, 98, 10]

.text C:\WINDOWS\Explorer.EXE[1388] C:\WINDOWS\Explorer.EXE section is writeable [0x01001000, 0x44689, 0xE0000060]

.reloc C:\WINDOWS\Explorer.EXE[1388] C:\WINDOWS\Explorer.EXE section is executable [0x010FC000, 0x9800, 0xE2000040]

.text C:\WINDOWS\Explorer.EXE[1388] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\Explorer.EXE[1388] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\Explorer.EXE[1388] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\Explorer.EXE[1388] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\Explorer.EXE[1388] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.text C:\WINDOWS\system32\spoolsv.exe[1416] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\system32\spoolsv.exe[1416] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\system32\spoolsv.exe[1416] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\system32\spoolsv.exe[1416] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\system32\spoolsv.exe[1416] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.rsrc C:\WINDOWS\system32\3361\svchost.exe[1696] C:\WINDOWS\system32\3361\svchost.exe section is executable [0x00411000, 0x7000, 0xE0000040]

.rsrc C:\WINDOWS\system32\3361\svchost.exe[1696] C:\WINDOWS\system32\3361\svchost.exe entry point in ".rsrc" section [0x00412249]

.text C:\WINDOWS\system32\3361\svchost.exe[1696] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\system32\3361\svchost.exe[1696] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\system32\3361\svchost.exe[1696] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\system32\3361\svchost.exe[1696] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\system32\3361\svchost.exe[1696] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.text C:\WINDOWS\System32\reader_s.exe[1844] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\System32\reader_s.exe[1844] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\System32\reader_s.exe[1844] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\System32\reader_s.exe[1844] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\System32\reader_s.exe[1844] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.text C:\WINDOWS\system32\afisicx.exe[1884] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\system32\afisicx.exe[1884] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\system32\afisicx.exe[1884] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\system32\afisicx.exe[1884] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\system32\afisicx.exe[1884] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.text C:\WINDOWS\system32\ctfmon.exe[1900] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\system32\ctfmon.exe[1900] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\system32\ctfmon.exe[1900] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\system32\ctfmon.exe[1900] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\system32\ctfmon.exe[1900] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.text C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe[1912] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe[1912] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe[1912] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe[1912] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe[1912] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.text C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\2818290560.exe[1936] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\2818290560.exe[1936] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\2818290560.exe[1936] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\2818290560.exe[1936] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\2818290560.exe[1936] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.text C:\Documents and Settings\HP_Propriétaire\reader_s.exe[1948] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\Documents and Settings\HP_Propriétaire\reader_s.exe[1948] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\Documents and Settings\HP_Propriétaire\reader_s.exe[1948] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\Documents and Settings\HP_Propriétaire\reader_s.exe[1948] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\Documents and Settings\HP_Propriétaire\reader_s.exe[1948] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1972] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1972] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1972] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1972] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1972] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.text C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe[2044] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe[2044] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe[2044] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe[2044] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe[2044] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

? C:\WINDOWS\System32\svchost.exe[2240] number of sections mismatch; time/date stamp mismatch; unknown module: gdiplus.dllunknown module: OLEAUT32.dll

.text C:\WINDOWS\System32\svchost.exe[2240] C:\WINDOWS\System32\svchost.exe section is writeable [0x13141000, 0x2C00, 0xE0000060]

.rsrc C:\WINDOWS\System32\svchost.exe[2240] C:\WINDOWS\System32\svchost.exe section is executable [0x13145000, 0x6600, 0xE0000040]

.text C:\WINDOWS\System32\svchost.exe[2240] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\System32\svchost.exe[2240] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\System32\svchost.exe[2240] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\System32\svchost.exe[2240] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\System32\svchost.exe[2240] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.text C:\WINDOWS\system32\svchost.exe[2260] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]

.rsrc C:\WINDOWS\system32\svchost.exe[2260] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x6600, 0xE0000040]

.text C:\WINDOWS\system32\svchost.exe[2260] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\system32\svchost.exe[2260] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\system32\svchost.exe[2260] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\system32\svchost.exe[2260] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\system32\svchost.exe[2260] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.text C:\WINDOWS\system32\tdctxte.exe[2276] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\system32\tdctxte.exe[2276] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\system32\tdctxte.exe[2276] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\system32\tdctxte.exe[2276] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\system32\tdctxte.exe[2276] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.text C:\WINDOWS\system32\wdfmgr.exe[2312] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\system32\wdfmgr.exe[2312] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\system32\wdfmgr.exe[2312] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\system32\wdfmgr.exe[2312] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\system32\wdfmgr.exe[2312] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

? C:\WINDOWS\System32\svchost.exe[2416] number of sections mismatch; time/date stamp mismatch; unknown module: gdiplus.dllunknown module: OLEAUT32.dll

.text C:\WINDOWS\System32\svchost.exe[2416] C:\WINDOWS\System32\svchost.exe section is writeable [0x13141000, 0x2C00, 0xE0000060]

.rsrc C:\WINDOWS\System32\svchost.exe[2416] C:\WINDOWS\System32\svchost.exe section is executable [0x13145000, 0x6600, 0xE0000040]

.text C:\WINDOWS\System32\svchost.exe[2416] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\System32\svchost.exe[2416] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\System32\svchost.exe[2416] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\System32\svchost.exe[2416] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\System32\svchost.exe[2416] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.text C:\WINDOWS\system32\wscntfy.exe[3012] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\system32\wscntfy.exe[3012] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\system32\wscntfy.exe[3012] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\system32\wscntfy.exe[3012] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\system32\wscntfy.exe[3012] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.text C:\gamer\gamer.exe[3128] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\gamer\gamer.exe[3128] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\gamer\gamer.exe[3128] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\gamer\gamer.exe[3128] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\gamer\gamer.exe[3128] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.text C:\WINDOWS\System32\alg.exe[3212] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\System32\alg.exe[3212] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\System32\alg.exe[3212] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\System32\alg.exe[3212] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\System32\alg.exe[3212] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

.text C:\WINDOWS\System32\svchost.exe[3860] C:\WINDOWS\System32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]

.rsrc C:\WINDOWS\System32\svchost.exe[3860] C:\WINDOWS\System32\svchost.exe section is executable [0x01005000, 0x6600, 0xE0000040]

.text C:\WINDOWS\System32\svchost.exe[3860] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491

.text C:\WINDOWS\System32\svchost.exe[3860] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520

.text C:\WINDOWS\System32\svchost.exe[3860] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D

.text C:\WINDOWS\System32\svchost.exe[3860] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516

.text C:\WINDOWS\System32\svchost.exe[3860] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E

 

---- User IAT/EAT - GMER 1.0.15 ----

 

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] CB8401C7

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 0BE90043

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560001D4

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [0043CB84] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01D3FDE8

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] D4CCE856

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 8B55C300

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 1475FFEC

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] FF1075FF

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 10C48308

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 8B55C35D

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 1475FFEC

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] FF1075FF

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 75FF0C75

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] D9C8E808

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 458B0001

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 2270E800

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] F18B0002

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] E8F07589

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 0001D2CB

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 00FC6583

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 8D0875FF

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 06C70C4E

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [0043CB90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 001C9AE8

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] E8C68B00

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 00022322

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 560004C2

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 006AF18B

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 4E8D016A

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 9006C70C

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] E80043CB

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 000021DB

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] E95ECE8B

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 0001D35E

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] E8F18B56

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] FFFFFFDB

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 082444F6

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 56077401

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 01D425E8

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 0004C25E

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] CB9C01C7

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] BCE90043

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 56FFFFFF

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 06C7F18B

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [0043CB9C] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFAEE8

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 2444F6FF

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 07740108

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] D3F8E856

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 8B590001

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 04C25EC6

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] B8046A00

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [00436DDD] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 0221D5E8

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 89F18B00

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 7D8BF075

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] A3E85708

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 830001D2

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8300FC65

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 06C70C4E

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [0043CB90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 001BFAE8

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] E8C68B00

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 00022282

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 830004C2

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 60830020

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 0A8B0004

IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 04728B56

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] CB8401C7

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 0BE90043

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560001D4

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [0043CB84] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01D3FDE8

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] D4CCE856

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 8B55C300

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 1475FFEC

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] FF1075FF

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 10C48308

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 8B55C35D

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 1475FFEC

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] FF1075FF

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 75FF0C75

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] D9C8E808

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 458B0001

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 2270E800

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] F18B0002

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] E8F07589

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 0001D2CB

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 00FC6583

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 8D0875FF

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 06C70C4E

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [0043CB90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 001C9AE8

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] E8C68B00

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 00022322

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 560004C2

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 006AF18B

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 4E8D016A

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 9006C70C

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] E80043CB

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 000021DB

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] E95ECE8B

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 0001D35E

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] E8F18B56

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] FFFFFFDB

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 082444F6

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 56077401

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 01D425E8

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 0004C25E

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] CB9C01C7

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] BCE90043

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 56FFFFFF

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 06C7F18B

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [0043CB9C] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFAEE8

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 2444F6FF

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 07740108

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] D3F8E856

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 8B590001

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 04C25EC6

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] B8046A00

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [00436DDD] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 0221D5E8

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 89F18B00

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 7D8BF075

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] A3E85708

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 830001D2

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8300FC65

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 06C70C4E

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [0043CB90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 001BFAE8

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] E8C68B00

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 00022282

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 830004C2

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 60830020

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 0A8B0004

IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 04728B56

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] CB8401C7

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 0BE90043

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560001D4

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [0043CB84] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01D3FDE8

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] D4CCE856

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 8B55C300

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 1475FFEC

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] FF1075FF

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 10C48308

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 8B55C35D

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 1475FFEC

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] FF1075FF

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 75FF0C75

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] D9C8E808

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 458B0001

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 2270E800

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] F18B0002

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] E8F07589

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 0001D2CB

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 00FC6583

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 8D0875FF

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 06C70C4E

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [0043CB90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 001C9AE8

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] E8C68B00

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 00022322

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 560004C2

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 006AF18B

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 4E8D016A

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 9006C70C

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] E80043CB

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 000021DB

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] E95ECE8B

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 0001D35E

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] E8F18B56

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] FFFFFFDB

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 082444F6

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 56077401

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 01D425E8

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 0004C25E

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] CB9C01C7

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] BCE90043

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 56FFFFFF

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 06C7F18B

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [0043CB9C] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFAEE8

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 2444F6FF

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 07740108

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] D3F8E856

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 8B590001

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 04C25EC6

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] B8046A00

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [00436DDD] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 0221D5E8

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 89F18B00

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 7D8BF075

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] A3E85708

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 830001D2

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8300FC65

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 06C70C4E

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [0043CB90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 001BFAE8

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] E8C68B00

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 00022282

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 830004C2

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 60830020

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 0A8B0004

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 04728B56

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DAEAF4] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DA6A78] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DA6FC8] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DAD7CC] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DCC8C1] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DCC1B5] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DA7883] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [77DAEBE7] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [77DCC123] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [77DA6BF0] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [77DA761B] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 00000000

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [7C80D47E] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [7C809A81] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C812BE6] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C812E03] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C80E00D] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C801E16] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C80B357] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C812CA9] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C810386] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C809750] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C80B529] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C80B859] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C812851] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C947A40] C:\WINDOWS\system32\ntdll.dll (DLL Couche NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C832E2B] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C80CEC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C838CB9] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C81CAA2] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C80C729] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C810311] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C812C8D] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C8114AB] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C802530] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C81082F] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C809C4C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C81E4BD] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C80EB3F] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C802442] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C809B77] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C80EC1B] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C9110ED] C:\WINDOWS\system32\ntdll.dll (DLL Couche NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C911005] C:\WINDOWS\system32\ntdll.dll (DLL Couche NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C809FA1] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C809C28] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [7C8097AD] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [7C838FB9] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [7C81EE79] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [7C8092AC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [7C80C9C1] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7C80A480] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [7C80B929] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [7C8097C6] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [7C81486A] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [7C81E92A] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [7C862849] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7C80220F] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [7C809AA2] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7C8021CC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [7C838EEB] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7C802367] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] [7C8024A7] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [7C80180E] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [7C810C8F] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [7C920331] C:\WINDOWS\system32\ntdll.dll (DLL Couche NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [7C810F9F] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [7C810976] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [7C81114A] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [7C81E5E9] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [7C80A0C7] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [7C809A39] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [7C809CAD] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [7C81EAE1] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DAEAF4] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DA6A78] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DA6FC8] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DAD7CC] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DCC8C1] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DCC1B5] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DA7883] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [77DAEBE7] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [77DCC123] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [77DA6BF0] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [77DA761B] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 00000000

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [7C80D47E] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [7C809A81] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C812BE6] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C812E03] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C80E00D] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C801E16] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C80B357] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C812CA9] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C810386] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C809750] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C80B529] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C80B859] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C947A40] C:\WINDOWS\system32\ntdll.dll (DLL Couche NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C832E2B] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C80CEC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C838CB9] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C80A480] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C81CAA2] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C80C729] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C810311] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C812C8D] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C8114AB] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C802530] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C81082F] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C809C4C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C81E4BD] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C80EB3F] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C802442] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C809B77] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C80EC1B] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C9110ED] C:\WINDOWS\system32\ntdll.dll (DLL Couche NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C911005] C:\WINDOWS\system32\ntdll.dll (DLL Couche NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C809FA1] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C809C28] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [7C8097AD] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [7C838FB9] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [7C81EE79] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [7C8092AC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [7C80C9C1] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7C80B929] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [7C8097C6] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [7C81486A] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [7C81E92A] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [7C862849] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [7C80220F] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7C809AA2] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [7C8021CC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7C838EEB] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [7C802367] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7C8024A7] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] [7C80180E] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [7C810C8F] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [7C801A24] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [7C810F9F] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [7C810976] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [7C81114A] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [7C81E5E9] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [7C80A0C7] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [7C809A39] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [7C809CAD] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [7C81EAE1] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [7C80A859] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)

 

---- Devices - GMER 1.0.15 ----

 

Device \Driver\NDIS \Device\Ndis [828F8982] NDIS.sys[.reloc]

 

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

 

---- Files - GMER 1.0.15 ----

 

File C:\Documents and Settings\All Users\Application Data\Adobe\Updater5\AdobeESDGlobalApps.xml 285 bytes

File C:\WINDOWS\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ndis.sys (size mismatch) 182656/182912 bytes executable

File C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ndis.sys (size mismatch) 182656/182912 bytes executable

File C:\WINDOWS\system32\drivers\ndis.sys (size mismatch) 213376/182912 bytes executable

File C:\WINDOWS\system32\dllcache\ndis.sys (size mismatch) 213376/182912 bytes executable

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000179.query 184 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000084.query 314 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000096.query 778 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000b4.query 534 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000c7.query 5378 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e4.query 476 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000fb.query 5456 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000106.query 7128 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000119.query 990 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000137.query 7340 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000148.query 218 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000168.query 252 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000007f.query 8966 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000080.query 222 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000082.query 0 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000083.query 11954 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000085.query 2950 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000086.query 2950 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000088.query 284 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000008a.query 17578 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000008b.query 17578 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000008c.query 570 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000008d.query 1926 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000008e.query 1926 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000090.query 214 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000092.query 3626 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000093.query 3626 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000094.query 300 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000095.query 778 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000098.query 198 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000009a.query 2968 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000009b.query 2968 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000009c.query 264 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000009e.query 5536 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000009f.query 5536 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000a0.query 296 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000a2.query 1994 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000a3.query 1994 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000a4.query 298 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000a6.query 2934 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000a7.query 2934 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000a8.query 212 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000aa.query 2866 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ab.query 2866 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ac.query 200 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ae.query 3786 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000af.query 3786 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000b0.query 194 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000b1.query 1062 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000b2.query 1062 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000b5.query 3718 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000b6.query 3718 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000b8.query 182 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ba.query 7326 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000bb.query 7326 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000bc.query 202 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000be.query 4324 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000bf.query 4324 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000c0.query 190 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000c2.query 3660 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000c3.query 3660 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000c4.query 222 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000c6.query 5378 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000c8.query 276 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ca.query 3976 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000cb.query 3976 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000cc.query 254 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ce.query 14864 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000cf.query 14864 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000d0.query 204 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000d2.query 5480 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000d3.query 5480 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000d4.query 200 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000d6.query 3256 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000d7.query 3256 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000d8.query 194 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000da.query 1892 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000db.query 1892 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000dc.query 368 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000dd.query 514 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000de.query 514 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e0.query 236 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e1.query 378 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e2.query 6314 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e3.query 5944 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e5.query 1312 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e6.query 1312 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e8.query 284 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ea.query 8102 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000eb.query 8102 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ec.query 266 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ee.query 8042 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ef.query 8042 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000f0.query 276 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000f2.query 4150 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000f3.query 4150 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000f4.query 536 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000f5.query 2360 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000f6.query 2360 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000f8.query 328 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000fa.query 5456 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000fc.query 318 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000fe.query 3766 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ff.query 3766 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000100.query 340 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000101.query 506 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000102.query 4902 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000103.query 4404 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000104.query 348 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001f1.query 1214 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001f2.query 2054 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001f3.query 848 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001f4.query 496 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001f8.query 246 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001fc.query 244 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000200.query 252 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000204.query 84 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000205.query 476 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000206.query 476 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000208.query 160 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000107.query 7128 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000108.query 266 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000010a.query 1480 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000010b.query 1480 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000010c.query 356 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000110.query 452 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000111.query 942 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000112.query 942 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000114.query 194 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000115.query 2246 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000116.query 2246 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000118.query 518 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000011a.query 990 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000011c.query 278 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000011d.query 2078 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000011e.query 2078 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000120.query 338 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000121.query 1086 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000122.query 1086 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000124.query 246 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000126.query 7702 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000127.query 7702 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000128.query 152 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000012a.query 296 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000012b.query 296 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000012c.query 444 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000012d.query 4082 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000012e.query 4082 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000130.query 238 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000132.query 9370 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000133.query 9370 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000134.query 306 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000136.query 7340 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000138.query 258 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000013a.query 5652 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000013b.query 5652 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000013c.query 232 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000013e.query 7606 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000013f.query 7606 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000140.query 348 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000142.query 9044 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000143.query 9044 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000144.query 294 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000146.query 8426 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000147.query 8426 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000014a.query 6942 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000014b.query 6942 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000014c.query 226 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000014e.query 7550 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000014f.query 7550 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000150.query 274 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000152.query 5448 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000153.query 5448 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000154.query 340 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000156.query 11238 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000157.query 11238 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000158.query 478 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000015c.query 504 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000160.query 462 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000162.query 4968 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000163.query 4968 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000164.query 388 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000165.query 3626 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000166.query 3626 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000016a.query 19148 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000016b.query 19148 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000016c.query 196 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000016e.query 7594 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000016f.query 7594 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000170.query 168 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000172.query 3420 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000173.query 3420 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000174.query 124 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000176.query 10956 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000177.query 10956 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000178.query 134 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000017a.query 2642 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000017b.query 2466 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000017c.query 156 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000017e.query 6006 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000017f.query 6006 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000180.query 234 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000182.query 21404 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000183.query 21404 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000184.query 258 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000186.query 9900 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000187.query 9900 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000188.query 204 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000018a.query 4206 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000018b.query 4206 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000018c.query 282 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000018d.query 546 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000018e.query 1050 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000018f.query 512 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000190.query 252 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000191.query 598 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000192.query 598 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000194.query 210 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000196.query 1960 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000197.query 1960 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000198.query 216 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000019a.query 19024 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000019b.query 19024 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000019c.query 188 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000019e.query 6536 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000019f.query 6536 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001a0.query 202 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001a3.query 9952 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001a4.query 432 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001a8.query 246 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001aa.query 5456 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ab.query 5456 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ac.query 364 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ad.query 3866 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ae.query 3866 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001b0.query 194 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001b2.query 17598 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001b3.query 17598 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001b4.query 262 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001b6.query 7244 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001b7.query 7244 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001b8.query 258 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ba.query 11944 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001a2.query 9952 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001bb.query 11944 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001d4.query 326 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001f0.query 694 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000020a.query 3892 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000227.query 2284 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000239.query 1520 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000256.query 2218 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000269.query 972 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000285.query 974 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000299.query 2044 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001bc.query 264 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001be.query 2004 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001bf.query 2004 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001c0.query 242 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001c2.query 18050 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001c3.query 18050 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001c4.query 194 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001c6.query 7300 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001c7.query 7300 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001c8.query 274 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ca.query 7884 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001cb.query 7884 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001cc.query 292 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ce.query 24326 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001cf.query 24326 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001d0.query 242 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001d2.query 4332 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001d3.query 4332 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000020b.query 3892 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000020c.query 230 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000210.query 102 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000212.query 1420 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000213.query 1420 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000214.query 84 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000215.query 2102 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000216.query 2102 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000218.query 244 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000219.query 2246 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000021a.query 2246 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000021c.query 174 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000021d.query 1670 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000021e.query 1670 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000220.query 172 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000221.query 2330 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000222.query 2330 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000224.query 208 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000226.query 2284 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000228.query 264 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000229.query 354 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000022a.query 4378 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000022b.query 4032 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000022c.query 202 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000022d.query 1884 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000022e.query 1884 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000230.query 206 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000231.query 3184 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000232.query 3184 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000234.query 218 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000236.query 5838 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000237.query 5838 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000238.query 282 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000023a.query 1520 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000023c.query 446 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000023d.query 2444 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000023e.query 2444 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000240.query 146 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000241.query 1592 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000242.query 1592 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000244.query 210 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000246.query 1780 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000247.query 1780 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000248.query 216 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000024a.query 2154 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000024b.query 2154 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000024c.query 200 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000024e.query 3142 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000024f.query 3142 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000250.query 278 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000252.query 3586 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000253.query 3586 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000254.query 244 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000255.query 2218 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000258.query 162 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000025a.query 3562 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000025b.query 3562 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000025c.query 202 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000025e.query 664 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000025f.query 664 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000260.query 216 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000261.query 562 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000262.query 562 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000264.query 202 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000266.query 3514 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000267.query 3514 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000268.query 184 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000026a.query 972 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000026c.query 156 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000026e.query 2260 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000026f.query 2260 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000270.query 184 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000272.query 4014 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000273.query 4014 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000274.query 156 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000276.query 904 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000277.query 904 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000278.query 220 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000027a.query 1018 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000027b.query 1018 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000027c.query 214 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000027e.query 5064 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000027f.query 5064 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000280.query 216 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000282.query 2858 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000283.query 2858 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000284.query 194 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000286.query 974 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000288.query 264 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000289.query 322 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000028a.query 322 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000028c.query 196 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000028d.query 976 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000028e.query 976 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000290.query 134 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000292.query 278 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000293.query 278 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000294.query 146 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000296.query 5174 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000297.query 5174 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000298.query 364 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000029a.query 2044 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000029c.query 350 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000029e.query 1458 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000029f.query 1458 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002a0.query 402 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002a2.query 1996 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002a3.query 1996 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002a4.query 216 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002a6.query 1968 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002a7.query 1968 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002a8.query 258 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002aa.query 1180 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002ab.query 1180 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002ac.query 222 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002ad.query 614 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002ae.query 1628 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002af.query 1022 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002b0.query 230 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002b2.query 3174 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002b3.query 3174 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002b4.query 214 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002b6.query 3162 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002b7.query 3162 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002b8.query 208 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002ba.query 2542 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002bb.query 2542 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001d6.query 8208 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001d7.query 8208 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001d8.query 204 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001da.query 6792 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001db.query 6792 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001dc.query 516 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001e0.query 440 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001e2.query 4792 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001e3.query 4792 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001e4.query 262 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001e6.query 5648 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001e7.query 5648 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001e8.query 564 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ec.query 82 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ed.query 694 bytes

File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ee.query 694 bytes

 

---- EOF - GMER 1.0.15 ----

 

Espérons que les renseignements trouvés soient suffisants.

 

[pear]

Vous suivez cette procédure, adans l'ordre et rien d'autre.

 

Désinstallez de votre machine Combofix, Dr Web, winreplace

 

 

Copiez collez dans le bloc notes.

Enregistrez sous gamer.bat, sur le bureau.

Double clic pour lancer.:

@echo off

gamer.exe -del file "C:\Documents and Settings\HP_Propriétaire\reader_s.exe"

gamer.exe -del file "C:\WINDOWS\system32\sopidkc.exe"

gamer.exe -del file "C:\WINDOWS\system32\afisicx.exe"

gamer.exe -del file "C:\WINDOWS\system32\tdctxte.exe"

gmer.exe -reboot

 

 

Attention, par défaut, Firefox ne permet pas le renommage avant sauvegarde, utiliser plutôt IE

Pour le renommer:Téléchargez Dr.Web CureIt

Clic droit sur

Choisir "Enregistrer la cible du lien..sous....

Choisir le bureau, à gauche

En bas, à Nom du Fichier:

launch.com

Cliquez enfin sur -> Enregistrer

 

Vous devez désactiver la protection en temps réel de votre Antivirus qui peut considérer certains composants de ce logiciel comme néfastes.

* Pour cela, faites un clic droit sur l'icône de l'antivirus en bas à droite à côté de l'horloge puis Disable Guard ou Shield ou Résident...

Si vous utilisez Spybot

Pour désactiver TeaTimer qui ne sert à rien et peut faire échouer une désinfection:!

Afficher d'abord le Mode Avancé dans SpyBot

->Options Avancées :

- >menu Mode, Mode Avancé.

Une colonne de menus apparaît dans la partie gauche :

- >cliquer sur Outils,

- >cliquer sur Résident,

Dans Résident :

- >décocher Résident "TeaTimer" pour le désactiver.

 

Imprimez ces instructions car , vous allez lancer le mode sans échec qui ne permet la connexion internet.

Redémarrez en mode sans échec.

Pour cela: Au redémarrage de l'ordinateur,Tapotez en alternance les touches [F8] et[F5] jusqu'à l'affichage du menu des options avancées de Windows.

* Sélectionnez "Mode sans échec" et validez].

* Choisir votre compte usuel,.

 

* Double cliquez launch.com puis sur Analyse ;

* Cliquez Ok à l'invite de l'analyse rapide.

Ce scan analyse les processus chargés en mémoire ;

Si des processus infectés sont trouvés, cliquez sur Oui pour tout".

une fenêtre s'ouvrira avec options pour "Commander" ou "50% de réduction" ; quitter en cliquant le "X"

* Lorsque le scan rapide est terminé, Cliquez sur le menu Options ->Changer la configuration ;

* Choisissez l'onglet Scanner, et décochez Analyse heuristique Cliquez "Ok"

* De retour à la fenêtre principale : cliquez pour activer Analyse complète;

* Cliquez le bouton avec flèche vertesur la droite,:le scan débutera.

* A l'invite "Désinfecter ?" lorsqu'un fichier est détecté,Cliquez Oui pour tout puis cliquez Désinfecter.

* Lorsque le scan sera complété, cliquez sur cette icône, à côté des fichiers détectés:http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif

* puis sur l'icône "Suivant", au dessous, et choisissez Déplacer en quarantaine l'objet indésirable

* Au menu principal de l'outil, au haut à gauche, cliquez sur le menu Fichier et choisissez Enregistrer le rapport qui se nommera DrWeb.csv

* Sauvegardez le rapport sur le Bureau.

* Fermez Dr.Web Cureit

* Redémarrez impérativement, car certains fichiers peuvent être déplacés/réparés au redémarrage.

* Copiez/Collez le contenu du rapport de Dr.Web dans la prochaine réponse.

 

Télécharger combofix.exe de sUBs

et sauvegardez le sur le bureau

Fermez ou désactivez tous les programmes Antivirus, Antispyware, Pare-feu actifs ,Teatimer de Spybot car ils pourraient perturber le fonctionnement de cet outil

Pour éviter leur réactivation après un redémarrage, décochez les dans les options de démarrage ->Msconfig

Cela est absolument nécessaire au succès de la procédure.

Bien évidemment, vous les rétablirez ensuite.

Connecter tous les disques amovibles (disque dur externe, clé USB…).

*Double cliquer sur combofix.exe pour le lancer.

 

Ne pas fermer la fenêtre qui vient de s'ouvrir , le bureau serait vide et cela pourrait entraîner un plantage du programme!

Pour lancer le scan

 

* Taper sur la touche 1 pour démarrer le scan.

Si pour une raison quelconque, Vista par exemple, combofix ne se lançait pas,

Démarrez en mode sans échec, choisissez le compte Administrateur, lancez Combofix

Lorsque ComboFix tourne, ne touchez plus du tout à votre ordinateur, vous risqueriez de planter le programme.

 

* Le scan pourrait prendre un certain temps:Soyez patient!

A la fin,,un rapport sera généré : postez en le contenu dans un prochain message.

* Si le rapport est trop long, postez le en deux fois.

Il se trouve à c:\combofix.txt

Modifié le 7 avril 2009 par pear