Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

PC INFECTE, mails bizarres de mon FAI, ralentissement

rolmic

Par rolmic
dans Analyses et éradication malwares

 Partager

Messages recommandés

rolmic Member

rolmic

Posté(e)
Posté(e)

Bonjour et merci d'avance !

 

JE RESPOSTE UN NOUVEAU SUJET CAR HIER je me suis répondu à moi-même et après j'ai lu qu'il ne fallait pas le faire car vous pouvez penser que quelqu'un de chez vous m'aide, alors que ce n'est pas encore le cas !

 

 

 

Symptômes : Divers !

 

1) Démarrage du PC très lent

2) Rapport Antivir mentionnant des trucs trouvés

3) Un truc bizarre dans le registre

4) Des mails qui me reviennent de mon FAI stipulant que mon IP envoie trop de spams

5) Rapport MAMB ayant trouvé et mis des trucs en quarantaine.

 

Dans l'ordre, voici :

 

1) Rapport HiJAckThis

2) Rapport Antivir

3) Clé de registre bizarre

4) Mail de mon FAI

5) Rapport de MAMB avant désinfection

6) Rapport de MAMB après désinfection

 

GRAND MERCI DE VOTRE AIDE !

 

1) LOG HIJACKTHIS

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 09:42:49, on 12/10/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\Program Files\Windows Defender\MsMpEng.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Program Files\Avira\AntiVir Desktop\sched.exe

D:\Program Files\Avira\AntiVir Desktop\avguard.exe

D:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe

D:\Program Files\Bonjour\mDNSResponder.exe

D:\WINDOWS\System32\imapi.exe

D:\Program Files\Java\jre6\bin\jqs.exe

D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

D:\Program Files\CDBurnerXP\NMSAccessU.exe

D:\WINDOWS\system32\nvsvc32.exe

D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

D:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe

D:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

D:\Program Files\Windows Defender\MSASCui.exe

D:\Program Files\Avira\AntiVir Desktop\avgnt.exe

D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

D:\Program Files\Saitek\SD6\Software\ProfilerU.exe

D:\Program Files\Saitek\SD6\Software\SaiMfd.exe

D:\WINDOWS\system32\RUNDLL32.EXE

D:\Program Files\iTunes\iTunesHelper.exe

D:\WINDOWS\system32\ctfmon.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Logitech\SetPoint\SetPoint.exe

D:\Documents and Settings\Rolland\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

D:\Program Files\Spamihilator\spamihilator.exe

D:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE

D:\Program Files\2BrightSparks\SyncBack\SyncBack.exe

D:\Program Files\iPod\bin\iPodService.exe

D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

D:\WINDOWS\system32\notepad.exe

D:\Program Files\Opera\opera.exe

D:\Program Files\Outlook Express\msimn.exe

D:\telechargement\Utilitaires Système\antivirus ET Firewall\HiJackThis.exe

D:\WINDOWS\system32\msiexec.exe

D:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - D:\Documents and Settings\Rolland\Application Data\FlashGetBHO\FlashGetBHO3.dll

O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\Program Files\Xi\NetTransport 2\NTIEHelper.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [uSBToolTip] D:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [OpwareSE2] "D:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [ProfilerU] D:\Program Files\Saitek\SD6\Software\ProfilerU.exe

O4 - HKLM\..\Run: [saiMfd] D:\Program Files\Saitek\SD6\Software\SaiMfd.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: Notification de cadeaux MSN.lnk = D:\Documents and Settings\Rolland\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: Spamihilator.lnk = D:\Program Files\Spamihilator\spamihilator.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: SyncBack.lnk = D:\Program Files\2BrightSparks\SyncBack\SyncBack.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Notification de cadeaux MSN.lnk = D:\Documents and Settings\Rolland\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe (User 'Default user')

O4 - .DEFAULT Startup: Spamihilator.lnk = D:\Program Files\Spamihilator\spamihilator.exe (User 'Default user')

O4 - .DEFAULT Startup: SyncBack.lnk = D:\Program Files\2BrightSparks\SyncBack\SyncBack.exe (User 'Default user')

O4 - Startup: Notification de cadeaux MSN.lnk = D:\Documents and Settings\Rolland\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

O4 - Startup: Spamihilator.lnk = D:\Program Files\Spamihilator\spamihilator.exe

O4 - Startup: SyncBack.lnk = D:\Program Files\2BrightSparks\SyncBack\SyncBack.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O8 - Extra context menu item: &Télécharger avec NetTransport - D:\Program Files\Xi\NetTransport 2\NTAddLink.html

O8 - Extra context menu item: Download all by FlashGet3 - D:\Documents and Settings\Rolland\Application Data\FlashGetBHO\GetAllUrl.htm

O8 - Extra context menu item: Download by FlashGet3 - D:\Documents and Settings\Rolland\Application Data\FlashGetBHO\GetUrl.htm

O8 - Extra context menu item: Tout t&élécharger avec NetTransport - D:\Program Files\Xi\NetTransport 2\NTAddList.html

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O15 - Trusted Zone: ArcaBit - ArcaVir antivirus - Home

O15 - Trusted Zone: http://software.kuaiche.com

O16 - DPF: teleir_cert -

O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www8.photoweb...eb_uploader.cab

O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmani...pixUploader.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - HouseCall - Free Online Virus Scan - Trend Micro USA

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab

O16 - DPF: {3A5A2021-0895-11D2-8817-0060089E0724} (GlobalEnglish Learning Technology) - http://www.globaleng...tup/cabs/ge.cab

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.ar.../ArcaOnline.cab

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-18.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab

O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb...eb_uploader.cab

O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmani...activex/fpu.cab

O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall....ivex/hcImpl.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com...geUploader4.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer....bitdefender.cab

O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impot...ADP-2.0.0.1.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab

O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic...acComposant.cab

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.fnacphoto...oad/XUpload.ocx

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\System32\browseui.dll

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - D:\WINDOWS\System32\dmadmin.exe

O23 - Service: Journal des événements (Eventlog) - Unknown owner - D:\WINDOWS\system32\services.exe

O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Service Google Update (gupdate1c9d25c14c07070) (gupdate1c9d25c14c07070) - Unknown owner - D:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - D:\WINDOWS\System32\imapi.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

O23 - Service: NMSAccessU - Unknown owner - D:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - D:\WINDOWS\System32\NMSSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - D:\WINDOWS\system32\services.exe

O23 - Service: SPAMfighter Update Service - Unknown owner - D:\Program Files\SPAMfighter\sfus.exe (file missing)

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - D:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - D:\WINDOWS\System32\vssvc.exe

 

--

End of file - 15103 bytes

 

 

2)Rapport ANTIVIR

 

 

 

Avira AntiVir Personal

Date de création du fichier de rapport : lundi 11 octobre 2010 16:07

 

La recherche porte sur 2914708 souches de virus.

 

Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus

Numéro de série : 0000149996-ADJIE-0000001

Plateforme : Windows XP

Version de Windows : (Service Pack 3) [5.1.2600]

Mode Boot : Démarré normalement

Identifiant : SYSTEM

Nom de l'ordinateur : POSTE-ROLLAND

 

Informations de version :

BUILD.DAT : 9.0.0.77 21698 Bytes 09/06/2010 12:01:00

AVSCAN.EXE : 9.0.3.10 466689 Bytes 19/11/2009 18:56:04

AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02

LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11

LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31

VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 18:56:04

VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 18:56:04

VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 18:50:44

VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 09:22:13

VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 18:26:58

VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 16:27:58

VBASE006.VDF : 7.10.7.218 2294784 Bytes 02/06/2010 05:51:10

VBASE007.VDF : 7.10.9.165 4840960 Bytes 23/07/2010 16:40:55

VBASE008.VDF : 7.10.11.133 3454464 Bytes 13/09/2010 17:43:45

VBASE009.VDF : 7.10.11.134 2048 Bytes 13/09/2010 17:43:45

VBASE010.VDF : 7.10.11.135 2048 Bytes 13/09/2010 17:43:46

VBASE011.VDF : 7.10.11.136 2048 Bytes 13/09/2010 17:43:46

VBASE012.VDF : 7.10.11.137 2048 Bytes 13/09/2010 17:43:46

VBASE013.VDF : 7.10.11.165 172032 Bytes 15/09/2010 17:43:51

VBASE014.VDF : 7.10.11.202 144384 Bytes 18/09/2010 07:45:30

VBASE015.VDF : 7.10.11.231 129024 Bytes 21/09/2010 16:37:03

VBASE016.VDF : 7.10.12.4 126464 Bytes 23/09/2010 16:37:32

VBASE017.VDF : 7.10.12.38 146944 Bytes 27/09/2010 14:45:59

VBASE018.VDF : 7.10.12.64 133120 Bytes 29/09/2010 16:31:20

VBASE019.VDF : 7.10.12.99 134144 Bytes 01/10/2010 17:33:37

VBASE020.VDF : 7.10.12.122 131584 Bytes 05/10/2010 18:03:05

VBASE021.VDF : 7.10.12.148 119296 Bytes 07/10/2010 18:03:52

VBASE022.VDF : 7.10.12.149 2048 Bytes 07/10/2010 18:03:52

VBASE023.VDF : 7.10.12.150 2048 Bytes 07/10/2010 18:03:52

VBASE024.VDF : 7.10.12.151 2048 Bytes 07/10/2010 18:03:53

VBASE025.VDF : 7.10.12.152 2048 Bytes 07/10/2010 18:03:53

VBASE026.VDF : 7.10.12.153 2048 Bytes 07/10/2010 18:03:53

VBASE027.VDF : 7.10.12.154 2048 Bytes 07/10/2010 18:03:53

VBASE028.VDF : 7.10.12.155 2048 Bytes 07/10/2010 18:03:53

VBASE029.VDF : 7.10.12.156 2048 Bytes 07/10/2010 18:03:54

VBASE030.VDF : 7.10.12.157 2048 Bytes 07/10/2010 18:03:54

VBASE031.VDF : 7.10.12.167 75776 Bytes 08/10/2010 08:12:27

Version du moteur : 8.2.4.72

AEVDF.DLL : 8.1.2.1 106868 Bytes 30/07/2010 05:24:29

AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 17/09/2010 19:16:50

AESCN.DLL : 8.1.6.1 127347 Bytes 12/05/2010 16:53:14

AESBX.DLL : 8.1.3.1 254324 Bytes 23/04/2010 15:05:46

AERDL.DLL : 8.1.9.2 635252 Bytes 21/09/2010 16:37:06

AEPACK.DLL : 8.2.3.7 471413 Bytes 17/09/2010 19:16:32

AEOFFICE.DLL : 8.1.1.8 201081 Bytes 25/07/2010 16:41:05

AEHEUR.DLL : 8.1.2.30 2941303 Bytes 01/10/2010 17:33:47

AEHELP.DLL : 8.1.13.4 242038 Bytes 24/09/2010 16:37:20

AEGEN.DLL : 8.1.3.23 401779 Bytes 01/10/2010 17:33:40

AEEMU.DLL : 8.1.2.0 393588 Bytes 23/04/2010 15:05:45

AECORE.DLL : 8.1.17.0 196982 Bytes 24/09/2010 16:37:19

AEBB.DLL : 8.1.1.0 53618 Bytes 23/04/2010 15:05:45

AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30

AVPREF.DLL : 9.0.3.0 44289 Bytes 01/10/2009 18:13:59

AVREP.DLL : 8.0.0.7 159784 Bytes 20/02/2010 07:48:05

AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42

AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37

SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57

NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59

RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 14/07/2009 07:07:03

RCTEXT.DLL : 9.0.73.0 88321 Bytes 19/11/2009 18:56:03

 

Configuration pour la recherche actuelle :

Nom de la tâche...............................: Contrôle intégral du système

Fichier de configuration......................: d:\program files\avira\antivir desktop\sysscan.avp

Documentation.................................: bas

Action principale.............................: interactif

Action secondaire.............................: ignorer

Recherche sur les secteurs d'amorçage maître..: marche

Recherche sur les secteurs d'amorçage.........: marche

Secteurs d'amorçage...........................: D:, R:,

Recherche dans les programmes actifs..........: marche

Recherche en cours sur l'enregistrement.......: marche

Recherche de Rootkits.........................: marche

Contrôle d'intégrité de fichiers système......: arrêt

Fichier mode de recherche.....................: Tous les fichiers

Recherche sur les archives....................: marche

Limiter la profondeur de récursivité..........: 20

Archive Smart Extensions......................: marche

Heuristique de macrovirus.....................: marche

Heuristique fichier...........................: moyen

Catégories de dangers divergentes.............: +SPR,

 

Début de la recherche : lundi 11 octobre 2010 16:07

 

La recherche d'objets cachés commence.

'140837' objets ont été contrôlés, '0' objets cachés ont été trouvés.

 

La recherche sur les processus démarrés commence :

Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés

Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés

Processus de recherche 'mbam.exe' - '1' module(s) sont contrôlés

Processus de recherche 'iPodService.exe' - '1' module(s) sont contrôlés

Processus de recherche 'SyncBack.exe' - '1' module(s) sont contrôlés

Processus de recherche 'KHALMNPR.exe' - '1' module(s) sont contrôlés

Processus de recherche 'spamihilator.exe' - '1' module(s) sont contrôlés

Processus de recherche 'lsnfier.exe' - '1' module(s) sont contrôlés

Processus de recherche 'SetPoint.exe' - '1' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés

Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés

Processus de recherche 'iTunesHelper.exe' - '1' module(s) sont contrôlés

Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés

Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés

Processus de recherche 'SaiMfd.exe' - '1' module(s) sont contrôlés

Processus de recherche 'ProfilerU.exe' - '1' module(s) sont contrôlés

Processus de recherche 'realsched.exe' - '1' module(s) sont contrôlés

Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés

Processus de recherche 'MSASCui.exe' - '1' module(s) sont contrôlés

Processus de recherche 'opwareSE2.exe' - '1' module(s) sont contrôlés

Processus de recherche 'USBTip.exe' - '1' module(s) sont contrôlés

Processus de recherche 'kpf4gui.exe' - '1' module(s) sont contrôlés

Processus de recherche 'wdfmgr.exe' - '1' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés

Processus de recherche 'kpf4gui.exe' - '1' module(s) sont contrôlés

Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés

Processus de recherche 'SeaPort.exe' - '1' module(s) sont contrôlés

Processus de recherche 'nvsvc32.exe' - '1' module(s) sont contrôlés

Processus de recherche 'NMSAccessU.exe' - '1' module(s) sont contrôlés

Processus de recherche 'kpf4ss.exe' - '1' module(s) sont contrôlés

Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés

Processus de recherche 'imapi.exe' - '1' module(s) sont contrôlés

Processus de recherche 'mDNSResponder.exe' - '1' module(s) sont contrôlés

Processus de recherche 'AppleMobileDeviceService.exe' - '1' module(s) sont contrôlés

Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés

Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés

Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés

Processus de recherche 'MsMpEng.exe' - '1' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés

Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés

Processus de recherche 'services.exe' - '1' module(s) sont contrôlés

Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés

Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés

Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés

'48' processus ont été contrôlés avec '48' modules

 

La recherche sur les secteurs d'amorçage maître commence :

Secteur d'amorçage maître HD0

[iNFO] Aucun virus trouvé !

 

La recherche sur les secteurs d'amorçage commence :

Secteur d'amorçage 'D:\'

[iNFO] Aucun virus trouvé !

Secteur d'amorçage 'R:\'

[iNFO] Aucun virus trouvé !

 

La recherche sur les renvois aux fichiers exécutables (registre) commence :

Le registre a été contrôlé ( '69' fichiers).

 

 

La recherche sur les fichiers sélectionnés commence :

 

Recherche débutant dans 'D:\'

D:\pagefile.sys

[AVERTISSEMENT] Impossible d'ouvrir le fichier !

[REMARQUE] Ce fichier est un fichier système Windows.

[REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.

D:\Documents and Settings\Rolland\Mes documents\DIVERS\Garmin GPS\Cartes et autres données\Garmin Mapsource City Navigator Europe v8 With Unlocked Code.zip

[0] Type d'archive: ZIP

--> Garmin Mapsource City Navigator Europe V8 with unlocked code/Disk1.cab

[1] Type d'archive: CAB (Microsoft)

--> Tour

[AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.

D:\Documents and Settings\Rolland\SmitfraudFix\restart.exe

[RESULTAT] Contient le modèle de détection du programme SPR/Tool.Hardoff.A

D:\System Volume Information\_restore{045A144F-313A-4026-AEF2-1BADCC371DBE}\RP709\A0170461.dll

[RESULTAT] Contient le modèle de détection du virus Windows W95/Blumblebee.1738

D:\System Volume Information\_restore{045A144F-313A-4026-AEF2-1BADCC371DBE}\RP709\A0183601.exe

[RESULTAT] Contient le modèle de détection du programme SPR/Tool.Hardoff.A

D:\System Volume Information\_restore{045A144F-313A-4026-AEF2-1BADCC371DBE}\RP709\A0186504.exe

[RESULTAT] Contient le modèle de détection du programme SPR/Tool.Hardoff.A

D:\System Volume Information\_restore{045A144F-313A-4026-AEF2-1BADCC371DBE}\RP709\A0209383.exe

[RESULTAT] Contient le cheval de Troie TR/Killfiles.avs

D:\WINDOWS\backup\TB031112.DAT

[RESULTAT] Contient le modèle de détection du ver WORM/Bugbear.B

Recherche débutant dans 'R:\' <ROLLAND>

R:\$VAULT$.AVG\00000001.FIL

[RESULTAT] Contient le modèle de détection du logiciel espion ou publicitaire ADSPY/AdSpy.Gen

R:\$VAULT$.AVG\00000002.FIL

[RESULTAT] Contient le cheval de Troie TR/Downloader.Gen

 

Début de la désinfection :

D:\Documents and Settings\Rolland\SmitfraudFix\restart.exe

[RESULTAT] Contient le modèle de détection du programme SPR/Tool.Hardoff.A

[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4d270f81.qua' !

D:\System Volume Information\_restore{045A144F-313A-4026-AEF2-1BADCC371DBE}\RP709\A0170461.dll

[RESULTAT] Contient le modèle de détection du virus Windows W95/Blumblebee.1738

[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4ce50f4c.qua' !

D:\System Volume Information\_restore{045A144F-313A-4026-AEF2-1BADCC371DBE}\RP709\A0183601.exe

[RESULTAT] Contient le modèle de détection du programme SPR/Tool.Hardoff.A

[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4f2b3f65.qua' !

D:\System Volume Information\_restore{045A144F-313A-4026-AEF2-1BADCC371DBE}\RP709\A0186504.exe

[RESULTAT] Contient le modèle de détection du programme SPR/Tool.Hardoff.A

[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4d9678e5.qua' !

D:\System Volume Information\_restore{045A144F-313A-4026-AEF2-1BADCC371DBE}\RP709\A0209383.exe

[RESULTAT] Contient le cheval de Troie TR/Killfiles.avs

[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4ce60f4c.qua' !

D:\WINDOWS\backup\TB031112.DAT

[RESULTAT] Contient le modèle de détection du ver WORM/Bugbear.B

[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4ce40f5e.qua' !

R:\$VAULT$.AVG\00000001.FIL

[RESULTAT] Contient le modèle de détection du logiciel espion ou publicitaire ADSPY/AdSpy.Gen

[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4ce40f4c.qua' !

R:\$VAULT$.AVG\00000002.FIL

[RESULTAT] Contient le cheval de Troie TR/Downloader.Gen

[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '5dff784d.qua' !

 

 

Fin de la recherche : mardi 12 octobre 2010 09:32

Temps nécessaire: 6:37:47 Heure(s)

 

La recherche a été effectuée intégralement

 

21618 Les répertoires ont été contrôlés

1451350 Des fichiers ont été contrôlés

8 Des virus ou programmes indésirables ont été trouvés

0 Des fichiers ont été classés comme suspects

0 Des fichiers ont été supprimés

0 Des virus ou programmes indésirables ont été réparés

8 Les fichiers ont été déplacés dans la quarantaine

0 Les fichiers ont été renommés

1 Impossible de contrôler des fichiers

1451341 Fichiers non infectés

15818 Les archives ont été contrôlées

2 Avertissements

9 Consignes

140837 Des objets ont été contrôlés lors du Rootkitscan

0 Des objets cachés ont été trouvés

 

 

3) CLE DE REGISTRE BIZARRE

 

Dans HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager

 

La clé en question est BootExecute et la valeur est :

 

autocheck autochk *

SsiEfr.e

 

 

4) Message de mon FAI concernant des spams venant de mon ip :

 

 

- ----------------------------------------------------------------------------------------------

- Ce message n'a pas pu ?tre trait? par la gestion des retours d'EMailing Solution

- Pour ?crire ? cette personne : mailto:rolland.xx@libertysurf.fr

- ----------------------------------------------------------------------------------------------

Message :

This is the mail system at host evo1smtp26.emstechnology6.net.

 

I'm sorry to have to inform you that your message could not

be delivered to one or more recipients. It's attached below.

 

For further assistance, please send mail to postmaster.

 

If you do so, please include this problem report. You can

delete your own text from the attached returned message.

 

The mail system

 

<rolland.xx@libertysurf.fr>: host mx2.free.fr[yyy.yy.yy.yy] refused to

talk to me: 421 Too many spams from your IP (xx.xx.xx.xx), please visit

Postmaster.free.fr

 

 

 

 

 

ET j'ajoute le rapport MalwareBytes avant nettoyage :

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Version de la base de données: 4794

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

12/10/2010 11:19:56

mbam-log-2010-10-12 (11-19-56).txt

 

Type d'examen: Examen complet (D:\|R:\|)

Elément(s) analysé(s): 555314

Temps écoulé: 18 heure(s), 9 minute(s), 42 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 1

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 2

Fichier(s) infecté(s): 7

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CURRENT_USER\Software\EoRezo (Rogue.Eorezo) -> No action taken.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

D:\Program Files\eoRezo (Rogue.Eorezo) -> No action taken.

D:\Program Files\eoRezo\EoAdv (Rogue.Eorezo) -> No action taken.

 

Fichier(s) infecté(s):

D:\Program Files\eoRezo\cmhost.cyp (Rogue.Eorezo) -> No action taken.

D:\Program Files\eoRezo\EoMultiLanguage.dll (Rogue.Eorezo) -> No action taken.

D:\Program Files\eoRezo\EoRezoImg_12.dll (Rogue.Eorezo) -> No action taken.

D:\Program Files\eoRezo\EoRezoTools_12.dll (Rogue.Eorezo) -> No action taken.

D:\Program Files\eoRezo\EoAdv\eoAdv.url (Rogue.Eorezo) -> No action taken.

D:\Program Files\eoRezo\EoAdv\EoRezoBho.old (Rogue.Eorezo) -> No action taken.

D:\WINDOWS\system32\secushr.dat (Malware.Trace) -> No action taken.

 

 

 

 

ET j'ajoute un second rapport MalwareBytes après avoir supprimé les erreurs trouvées :

 

 

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Version de la base de données: 4794

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

12/10/2010 18:09:22

mbam-log-2010-10-12 (18-09-22).txt

 

Type d'examen: Examen complet (D:\|R:\|)

Elément(s) analysé(s): 555314

Temps écoulé: 18 heure(s), 9 minute(s), 42 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 1

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 2

Fichier(s) infecté(s): 7

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CURRENT_USER\Software\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

D:\Program Files\eoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

D:\Program Files\eoRezo\EoAdv (Rogue.Eorezo) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

D:\Program Files\eoRezo\cmhost.cyp (Rogue.Eorezo) -> Quarantined and deleted successfully.

D:\Program Files\eoRezo\EoMultiLanguage.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.

D:\Program Files\eoRezo\EoRezoImg_12.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.

D:\Program Files\eoRezo\EoRezoTools_12.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.

D:\Program Files\eoRezo\EoAdv\eoAdv.url (Rogue.Eorezo) -> Quarantined and deleted successfully.

D:\Program Files\eoRezo\EoAdv\EoRezoBho.old (Rogue.Eorezo) -> Quarantined and deleted successfully.

D:\WINDOWS\system32\secushr.dat (Malware.Trace) -> Quarantined and deleted successfully.

 

VOILA TOUT MERCI D'AVANCE.

 

RM

 

 

 

Voilà ce que j'ai pu trouver !

 

Merci d'avance.

RM

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

salut ;)

 

Poste moi le rapport suivant stp >>

 

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  • Si tu ne vois pas ces deux rapports, tu les trouveras dans le dossier C:\rsit

PS: ne cherche pas ton autre sujet, je l'ai supprimé ;)

rolmic Member

rolmic

Posté(e)
  • Auteur
Posté(e)

Salut,

 

Voici donc LOG.TXT et INFO.TXT qui suit comme demandé.

 

RM

 

Logfile of random's system information tool 1.08 (written by random/random)

Run by Rolland at 2010-10-14 17:26:33

Microsoft Windows XP Édition familiale Service Pack 3

System drive D: has 10 GB (5%) free of 185 GB

Total RAM: 2047 MB (63% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:26:46, on 14/10/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\Program Files\Windows Defender\MsMpEng.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Program Files\Avira\AntiVir Desktop\sched.exe

D:\Program Files\Avira\AntiVir Desktop\avguard.exe

D:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe

D:\Program Files\Bonjour\mDNSResponder.exe

D:\WINDOWS\System32\imapi.exe

D:\Program Files\Java\jre6\bin\jqs.exe

D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

D:\Program Files\CDBurnerXP\NMSAccessU.exe

D:\WINDOWS\System32\NMSSvc.exe

D:\WINDOWS\system32\nvsvc32.exe

D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\wuauclt.exe

D:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe

D:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

D:\Program Files\Windows Defender\MSASCui.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Avira\AntiVir Desktop\avgnt.exe

D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

D:\Program Files\Saitek\SD6\Software\ProfilerU.exe

D:\Program Files\Saitek\SD6\Software\SaiMfd.exe

D:\WINDOWS\system32\RUNDLL32.EXE

D:\Program Files\iTunes\iTunesHelper.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\Logitech\SetPoint\SetPoint.exe

D:\Documents and Settings\Rolland\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

D:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE

D:\Program Files\Spamihilator\spamihilator.exe

D:\WINDOWS\system32\wuauclt.exe

D:\Program Files\iPod\bin\iPodService.exe

D:\Program Files\2BrightSparks\SyncBack\SyncBack.exe

D:\Program Files\Opera\opera.exe

D:\Program Files\Outlook Express\msimn.exe

D:\WINDOWS\system32\wuauclt.exe

D:\WINDOWS\SoftwareDistribution\Download\9b711bd4d2a11ae40c85ce144ca821fa\update\update.exe

D:\Documents and Settings\Rolland\Local Settings\Application Data\Opera\Opera\temporary_downloads\RSIT.exe

D:\Program Files\HiJackThis\Trend Micro\HiJackThis\Rolland.exe

D:\WINDOWS\system32\spupdsvc.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - D:\Documents and Settings\Rolland\Application Data\FlashGetBHO\FlashGetBHO3.dll

O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\Program Files\Xi\NetTransport 2\NTIEHelper.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [uSBToolTip] D:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [OpwareSE2] "D:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [ProfilerU] D:\Program Files\Saitek\SD6\Software\ProfilerU.exe

O4 - HKLM\..\Run: [saiMfd] D:\Program Files\Saitek\SD6\Software\SaiMfd.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: Notification de cadeaux MSN.lnk = D:\Documents and Settings\Rolland\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: Spamihilator.lnk = D:\Program Files\Spamihilator\spamihilator.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: SyncBack.lnk = D:\Program Files\2BrightSparks\SyncBack\SyncBack.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Notification de cadeaux MSN.lnk = D:\Documents and Settings\Rolland\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe (User 'Default user')

O4 - .DEFAULT Startup: Spamihilator.lnk = D:\Program Files\Spamihilator\spamihilator.exe (User 'Default user')

O4 - .DEFAULT Startup: SyncBack.lnk = D:\Program Files\2BrightSparks\SyncBack\SyncBack.exe (User 'Default user')

O4 - Startup: Notification de cadeaux MSN.lnk = D:\Documents and Settings\Rolland\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

O4 - Startup: Spamihilator.lnk = D:\Program Files\Spamihilator\spamihilator.exe

O4 - Startup: SyncBack.lnk = D:\Program Files\2BrightSparks\SyncBack\SyncBack.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O8 - Extra context menu item: &Télécharger avec NetTransport - D:\Program Files\Xi\NetTransport 2\NTAddLink.html

O8 - Extra context menu item: Download all by FlashGet3 - D:\Documents and Settings\Rolland\Application Data\FlashGetBHO\GetAllUrl.htm

O8 - Extra context menu item: Download by FlashGet3 - D:\Documents and Settings\Rolland\Application Data\FlashGetBHO\GetUrl.htm

O8 - Extra context menu item: Tout t&élécharger avec NetTransport - D:\Program Files\Xi\NetTransport 2\NTAddList.html

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O15 - Trusted Zone: ArcaBit - ArcaVir antivirus - Home

O15 - Trusted Zone: http://software.kuaiche.com

O16 - DPF: teleir_cert -

O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www8.photoweb.fr/telechargement/Photoweb_uploader.cab

O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - HouseCall - Free Online Virus Scan - Trend Micro USA

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {3A5A2021-0895-11D2-8817-0060089E0724} (GlobalEnglish Learning Technology) - http://www.globalenglishkids.com/html/setup/cabs/ge.cab

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab

O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab

O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab

O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.0.1.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFnacmusic/FnacComposant.cab

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.fnacphoto.com/ectelechargement/xupload/XUpload.ocx

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\System32\browseui.dll

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - D:\WINDOWS\System32\dmadmin.exe

O23 - Service: Journal des événements (Eventlog) - Unknown owner - D:\WINDOWS\system32\services.exe

O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Service Google Update (gupdate1c9d25c14c07070) (gupdate1c9d25c14c07070) - Unknown owner - D:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - D:\WINDOWS\System32\imapi.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

O23 - Service: NMSAccessU - Unknown owner - D:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - D:\WINDOWS\System32\NMSSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - D:\WINDOWS\system32\services.exe

O23 - Service: SPAMfighter Update Service - Unknown owner - D:\Program Files\SPAMfighter\sfus.exe (file missing)

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - D:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - D:\WINDOWS\System32\vssvc.exe

 

--

End of file - 15270 bytes

 

======Scheduled tasks folder======

 

D:\WINDOWS\tasks\AppleSoftwareUpdate.job

D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

D:\WINDOWS\tasks\MP Scheduled Scan.job

D:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1715567821-963894560-725345543-1004.job

D:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1715567821-963894560-725345543-1004.job

D:\WINDOWS\tasks\SyncBack Duplication Etat Actuel Documents.job

D:\WINDOWS\tasks\SyncBack Duplication Quotidienne Messagerie électronique.job

D:\WINDOWS\tasks\SyncBack Rolland Clé usb.job

D:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job

D:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job

D:\WINDOWS\tasks\User_Feed_Synchronization-{8FB07CEE-B318-46EA-B840-318D2A18D8E8}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - D:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - D:\Program Files\Java\jre6\bin\ssv.dll [2010-04-12 321312]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}]

FlashGetBHO - D:\Documents and Settings\Rolland\Application Data\FlashGetBHO\FlashGetBHO3.dll [2009-12-22 157232]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C56CB6B0-0D96-11D6-8C65-B2868B609932}]

NTIECatcher Class - D:\Program Files\Xi\NetTransport 2\NTIEHelper.dll [2005-09-08 49152]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - D:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"USBToolTip"=D:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [2007-02-20 199752]

"NvCplDaemon"=D:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]

"OpwareSE2"=D:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]

"Windows Defender"=D:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

"Logitech Hardware Abstraction Layer"=D:\WINDOWS\KHALMNPR.EXE [2007-01-23 101136]

"avgnt"=D:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"TkBellExe"=D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2010-05-09 202256]

"SunJavaUpdateSched"=D:\Program Files\Java\jre6\bin\jusched.exe []

"ProfilerU"=D:\Program Files\Saitek\SD6\Software\ProfilerU.exe [2009-06-03 237568]

"SaiMfd"=D:\Program Files\Saitek\SD6\Software\SaiMfd.exe [2009-06-03 131072]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=D:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]

"QuickTime Task"=D:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888]

"iTunesHelper"=D:\Program Files\iTunes\iTunesHelper.exe [2010-09-24 421160]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

D:\Program Files\DNA\btdna.exe [2009-05-18 342848]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]

D:\WINDOWS\KHALMNPR.EXE [2007-01-23 101136]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^eInstruction Device Manager.lnk]

D:\PROGRA~1\EINSTR~1\DEVICE~1\Launch.exe [2009-02-08 305904]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EPSON SMART PANEL for Scanner.lnk]

D:\PROGRA~1\EPSON\EPSONS~1\espmain.exe /h []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Gestionnaire de APM.lnk]

D:\PROGRA~1\Namo\WebBoard\Bin\APMTool.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

D:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]

D:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LOGITE~1.EXE [2009-09-09 67128]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]

D:\PROGRA~1\MICROS~4\Office\OSA9.EXE [1999-02-17 65588]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TabUserW.lnk]

D:\PROGRA~1\wacom\TabUserW.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WiFi Station.lnk]

D:\PROGRA~1\Hercules\WIFIST~1\WIFIST~1.EXE [2006-06-19 650240]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ZDWLan Utility.lnk]

D:\PROGRA~1\ZYDAST~1\ZYDAS_~1.11G\ZDWlan.exe [2005-11-22 483328]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Rolland^Menu Démarrer^Programmes^Démarrage^Dragon NaturallySpeaking.lnk]

G:\PROGRA~1\Program\natspeak.exe /Quick []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Rolland^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 1.1.4.lnk]

D:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Rolland^Menu Démarrer^Programmes^Démarrage^Outil de notification Live Search.lnk]

D:\DOCUME~1\Rolland\APPLIC~1\MICROS~1\LIVESE~1\NOTIFI~1.EXE []

 

D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe

 

D:\Documents and Settings\Rolland\Menu Démarrer\Programmes\Démarrage

Notification de cadeaux MSN.lnk - D:\Documents and Settings\Rolland\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

Spamihilator.lnk - D:\Program Files\Spamihilator\spamihilator.exe

SyncBack.lnk - D:\Program Files\2BrightSparks\SyncBack\SyncBack.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

D:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - D:\WINDOWS\system32\upnpui.dll [2008-04-14 240128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=D:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableTaskMgr"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoFavoritesMenu"=0

"NoSMMyPictures"=0

"NoStartMenuMyMusic"=0

"NoRecentDocsNetHood"=0

"NoUserNameInStartMenu"=1

"NoInstrumentation"=0

"NoStartMenuPinnedList"=0

"ForceStartMenuLogoff"=0

"NoSharedDocuments"=1

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoFavoritesMenu"=0

"NoSMMyPictures"=0

"NoStartMenuMyMusic"=0

"NoRecentDocsNetHood"=0

"NoInstrumentation"=0

"NoSimpleStartMenu"=0

"HonorAutoRunSetting"=1

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"D:\Program Files\EA SPORTS\FIFA 2004\fifa2004.exe"="D:\Program Files\EA SPORTS\FIFA 2004\fifa2004.exe:*:Enabled:FIFA 2004"

"D:\Program Files\Grisoft\AVG6\avgw.exe"="D:\Program Files\Grisoft\AVG6\avgw.exe:*:Enabled:AVG 6.0 for Windows"

"D:\Program Files\Grisoft\AVG6\avgcc32.exe"="D:\Program Files\Grisoft\AVG6\avgcc32.exe:*:Enabled:AVG Control Center"

"D:\Program Files\eMule\emule.exe"="D:\Program Files\eMule\emule.exe:*:Enabled:eMule"

"D:\Program Files\EA SPORTS\FIFA 2005\fifa2005.exe"="D:\Program Files\EA SPORTS\FIFA 2005\fifa2005.exe:*:Enabled:fifa2005"

"D:\Program Files\FTP Expert\FTPXpert.EXE"="D:\Program Files\FTP Expert\FTPXpert.EXE:*:Enabled:FTP Expert"

"D:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe"="D:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator"

"D:\WINDOWS\System32\dpnsvr.exe"="D:\WINDOWS\System32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"

"D:\Program Files\Tiscali_Triway_WiFi\Wizard\CTD_FirmwareUpgrader.exe"="D:\Program Files\Tiscali_Triway_WiFi\Wizard\CTD_FirmwareUpgrader.exe:*:Enabled:CTD_FirmwareUpgrader"

"D:\Program Files\Namo\WebEditor 5 Trial\bin\WebEditor.exe"="D:\Program Files\Namo\WebEditor 5 Trial\bin\WebEditor.exe:*:Enabled:Namo WebEditor 5"

"D:\Program Files\OneClick\OneClick.exe"="D:\Program Files\OneClick\OneClick.exe:*:Enabled:OneClick"

"D:\WINDOWS\System32\ZoneLabs\vsmon.exe"="D:\WINDOWS\System32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service"

"D:\Program Files\Namo\WebBoard\Server\Apache\Apache.exe"="D:\Program Files\Namo\WebBoard\Server\Apache\Apache.exe:*:Disabled:Apache"

"D:\Program Files\NetMeeting\conf.exe"="D:\Program Files\NetMeeting\conf.exe:192.168.3.1/255.255.255.255,192.168.3.2/255.255.255.255,192.168.3.3/255.255.255.255,192.168.3.4/255.255.255.255:Enabled:Windows® NetMeeting®"

"D:\Program Files\Microsoft Office\Office\WINWORD.EXE"="D:\Program Files\Microsoft Office\Office\WINWORD.EXE:192.168.3.1/255.255.255.255,192.168.3.2/255.255.255.255,192.168.3.3/255.255.255.255,192.168.3.4/255.255.255.255:Enabled:Microsoft Word for Windows"

"D:\Program Files\Real\RealPlayer\REALPLAY.EXE"="D:\Program Files\Real\RealPlayer\REALPLAY.EXE:*:Enabled:RealOne Player"

"D:\Program Files\EA SPORTS\FIFA 06\FIFA06.exe"="D:\Program Files\EA SPORTS\FIFA 06\FIFA06.exe:*:Enabled:FIFA06"

"D:\Program Files\Messenger\msmsgs.exe"="D:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"D:\Program Files\Namo\WebEditor 6\BIN\WebEditor.exe"="D:\Program Files\Namo\WebEditor 6\BIN\WebEditor.exe:*:Enabled:Namo WebEditor 6"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"D:\Program Files\National Guard\Guard Shield\PRISM.exe"="D:\Program Files\National Guard\Guard Shield\PRISM.exe:*:Enabled:Guard Shield"

"D:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="D:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.1"

"D:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="D:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

"D:\Program Files\DNA\btdna.exe"="D:\Program Files\DNA\btdna.exe:*:Enabled:DNA"

"D:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="D:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"D:\Program Files\devolo\informer\devinf.exe"="D:\Program Files\devolo\informer\devinf.exe:*:Enabled:devolo Informer"

"D:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="D:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"

"D:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="D:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"

"D:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="D:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"

"D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"D:\Program Files\Spamihilator\spamihilator.exe"="D:\Program Files\Spamihilator\spamihilator.exe:*:Enabled:Spamihilator"

"D:\Program Files\Spamihilator\cdcc.exe"="D:\Program Files\Spamihilator\cdcc.exe:*:Enabled:Spamihilator DCC Filter Configuration"

"D:\Program Files\Spamihilator\dccproc.exe"="D:\Program Files\Spamihilator\dccproc.exe:*:Enabled:Spamihilator DCC Filter"

"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

"D:\Program Files\Skype\Plugin Manager\skypePM.exe"="D:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"

"D:\Program Files\Opera\opera.exe"="D:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

"D:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe"="D:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3"

"D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"D:\Program Files\Windows Live\Messenger\wlcsdk.exe"="D:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"D:\Program Files\Bonjour\mDNSResponder.exe"="D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Service Bonjour"

"D:\Program Files\iTunes\iTunes.exe"="D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"D:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="D:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

"D:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="D:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"D:\Program Files\Windows Live\Messenger\wlcsdk.exe"="D:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

 

======List of files/folders created in the last 1 months======

 

2010-10-14 17:26:36 ----HDC---- D:\WINDOWS\$NtUninstallKB2378111_WM9$

2010-10-14 17:26:33 ----D---- D:\rsit

2010-10-14 17:26:23 ----HDC---- D:\WINDOWS\$NtUninstallKB982132$

2010-10-14 17:26:08 ----HDC---- D:\WINDOWS\$NtUninstallKB979687$

2010-10-14 17:19:57 ----HDC---- D:\WINDOWS\$NtUninstallKB981957$

2010-10-14 17:19:30 ----HDC---- D:\WINDOWS\$NtUninstallKB2360937$

2010-10-14 17:08:31 ----A---- D:\WINDOWS\system32\SET10A.tmp

2010-10-14 17:08:30 ----A---- D:\WINDOWS\system32\SET108.tmp

2010-10-14 17:08:30 ----A---- D:\WINDOWS\system32\SET107.tmp

2010-10-14 17:08:29 ----A---- D:\WINDOWS\system32\SET102.tmp

2010-10-14 17:08:28 ----A---- D:\WINDOWS\system32\SET10E.tmp

2010-10-14 17:08:28 ----A---- D:\WINDOWS\system32\SET103.tmp

2010-10-14 17:08:26 ----A---- D:\WINDOWS\system32\SET111.tmp

2010-10-14 17:07:58 ----D---- D:\WINDOWS\LastGood

2010-10-14 17:07:47 ----A---- D:\WINDOWS\system32\SET3C.tmp

2010-10-12 09:41:39 ----D---- D:\Program Files\HiJackThis

2010-10-03 11:18:42 ----D---- D:\Program Files\2BrightSparks

2010-09-29 15:24:39 ----HDC---- D:\WINDOWS\$NtUninstallKB2158563$

2010-09-29 10:29:01 ----D---- D:\Program Files\iPod

2010-09-29 10:28:57 ----D---- D:\Program Files\iTunes

2010-09-23 10:46:44 ----D---- D:\Documents and Settings\Rolland\Application Data\vlc

2010-09-19 20:19:19 ----D---- D:\Documents and Settings\Rolland\Application Data\Genie-soft

2010-09-19 20:02:41 ----D---- D:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-09-19 19:54:05 ----D---- D:\Program Files\Bonjour

2010-09-19 17:09:54 ----A---- D:\WINDOWS\Au51Fun.exe

2010-09-15 15:43:27 ----HDC---- D:\WINDOWS\$NtUninstallKB2259922$

2010-09-15 15:43:15 ----HDC---- D:\WINDOWS\$NtUninstallKB975558_WM8$

2010-09-15 15:43:09 ----HDC---- D:\WINDOWS\$NtUninstallKB2347290$

2010-09-15 15:43:01 ----HDC---- D:\WINDOWS\$NtUninstallKB2121546$

2010-09-15 15:42:52 ----HDC---- D:\WINDOWS\$NtUninstallKB982802$

2010-09-15 15:42:40 ----HDC---- D:\WINDOWS\$NtUninstallKB981322$

2010-09-15 13:09:51 ----D---- D:\7f84ebee3f02e28b73f7b9f1afdc600c

2010-09-15 13:09:41 ----HDC---- D:\WINDOWS\$NtUninstallKB2141007$

 

======List of files/folders modified in the last 1 months======

 

2010-10-14 17:26:46 ----D---- D:\WINDOWS\Prefetch

2010-10-14 17:26:46 ----AD---- D:\WINDOWS

2010-10-14 17:26:45 ----RSHD---- D:\WINDOWS\system32\dllcache

2010-10-14 17:26:44 ----D---- D:\WINDOWS\Temp

2010-10-14 17:26:44 ----D---- D:\WINDOWS\system32

2010-10-14 17:26:31 ----HD---- D:\WINDOWS\inf

2010-10-14 17:26:28 ----A---- D:\WINDOWS\imsins.BAK

2010-10-14 17:25:47 ----D---- D:\Program Files\Internet Explorer

2010-10-14 17:25:39 ----D---- D:\WINDOWS\system32\CatRoot2

2010-10-14 17:25:32 ----D---- D:\WINDOWS\ie8updates

2010-10-14 17:25:23 ----HD---- D:\WINDOWS\$hf_mig$

2010-10-14 17:20:21 ----D---- D:\Documents and Settings\Rolland\Application Data\Spamihilator

2010-10-14 17:20:14 ----A---- D:\WINDOWS\system32\MRT.exe

2010-10-14 17:09:09 ----SD---- D:\WINDOWS\Tasks

2010-10-13 22:38:43 ----A---- D:\WINDOWS\SchedLgU.Txt

2010-10-13 22:37:59 ----D---- D:\Documents and Settings\Rolland\Application Data\SolidDocuments

2010-10-13 19:06:19 ----D---- D:\Program Files\Mozilla Firefox 4.0 Beta 4

2010-10-12 21:22:27 ----SHD---- D:\WINDOWS\Installer

2010-10-12 21:22:19 ----D---- D:\Program Files\Opera

2010-10-12 18:35:01 ----D---- D:\WINDOWS\system32\NtmsData

2010-10-12 18:12:08 ----HDC---- D:\WINDOWS\$NtUninstallKB979309$

2010-10-12 18:12:08 ----D---- D:\WINDOWS\system32\drivers

2010-10-12 18:09:22 ----AD---- D:\Program Files

2010-10-12 11:20:16 ----D---- D:\temp

2010-10-12 09:32:44 ----D---- D:\WINDOWS\backup

2010-10-11 18:06:07 ----A---- D:\WINDOWS\BBW_INFO.INI

2010-10-09 19:52:45 ----A---- D:\WINDOWS\CDEX.INI

2010-10-06 16:30:22 ----D---- D:\Program Files\LivretScol_V4_13

2010-10-04 12:20:54 ----D---- D:\Program Files\LaCie

2010-10-03 11:18:49 ----A---- D:\Documents and Settings\Rolland\Application Data\QuickZip45.ini

2010-09-29 19:51:55 ----D---- D:\Program Files\Google

2010-09-29 10:29:00 ----D---- D:\Program Files\Fichiers communs\Apple

2010-09-29 10:23:45 ----D---- D:\Program Files\QuickTime

2010-09-25 16:36:23 ----D---- D:\Program Files\Avidemux 2.5.2

2010-09-22 21:06:59 ----D---- D:\Documents and Settings\Rolland\Application Data\dvdcss

2010-09-19 20:16:32 ----D---- D:\Documents and Settings\Rolland\Application Data\Apple Computer

2010-09-19 20:07:56 ----D---- D:\Program Files\Safari

2010-09-19 19:54:57 ----DC---- D:\WINDOWS\system32\DRVSTORE

2010-09-19 19:54:49 ----D---- D:\WINDOWS\system32\ReinstallBackups

2010-09-19 19:52:51 ----D---- D:\WINDOWS\WinSxS

2010-09-19 17:13:07 ----D---- D:\WINDOWS\system

2010-09-19 17:09:54 ----HD---- D:\Program Files\InstallShield Installation Information

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R0 agp440;Filtre de bus AGP Intel; D:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]

R0 ohci1394;Contrôleurs hôte IEEE 1394 compatible OHCI; D:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696]

R0 PxHelp20;PxHelp20; D:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-11-20 43872]

R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); D:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]

R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); D:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]

R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); D:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 63488]

R1 avgio;avgio; \??\D:\Program Files\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; D:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 fwdrv;Firewall Driver; D:\WINDOWS\system32\drivers\fwdrv.sys [2006-07-18 284184]

R1 intelppm;Pilote de processeur Intel; D:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576]

R1 kbdhid;Pilote HID de clavier; D:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

R1 khips;Kerio HIPS Driver; D:\WINDOWS\system32\drivers\khips.sys [2006-07-18 91672]

R1 PCLEPCI;PCLEPCI; \??\D:\WINDOWS\system32\drivers\pclepci.sys []

R1 ssmdrv;ssmdrv; D:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-07-14 28520]

R1 StarOpen;StarOpen; D:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; D:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-02-05 20747]

R2 Aspi32;Aspi32; D:\WINDOWS\system32\drivers\Aspi32.sys [2002-07-17 16512]

R2 avgntflt;avgntflt; D:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-10 56816]

R2 fssfltr;FssFltr; D:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136]

R2 npf;NetGroup Packet Filter Driver; D:\WINDOWS\system32\drivers\npf.sys [2009-11-16 50704]

R2 NPF_devolo;NetGroup Packet Filter Driver (devolo); D:\WINDOWS\system32\drivers\npf_devolo.sys [2008-05-13 35840]

R3 Arp1394;Protocole client ARP 1394; D:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 ASAPIW2k;ASAPIW2K; D:\WINDOWS\system32\drivers\Asapiw2k.sys [2004-03-10 11264]

R3 cmigameport;cmigameport; D:\WINDOWS\system32\drivers\cmigameport.sys [2002-02-07 3712]

R3 cmpci;TerraTec Aureon 5.1 (WDM); D:\WINDOWS\system32\drivers\cmaudio.sys [2004-10-01 373952]

R3 E100B;Intel® PRO Adapter Driver; D:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-02-25 139776]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; D:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]

R3 HCF_MSFT;HCF_MSFT; D:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [2001-08-23 908000]

R3 L8042Kbd;Logitech SetPoint Keyboard Driver; D:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-01-23 20496]

R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; D:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2007-01-23 62992]

R3 LMouKE;SetPoint Mouse Filter Driver; D:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2007-01-23 78864]

R3 MarvinBus;Pinnacle Marvin Bus; D:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]

R3 mouhid;Pilote HID de souris; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

R3 NIC1394;Pilote réseau 1394; D:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 NMSCFG;NIC Management Service Configuration Driver; \??\D:\WINDOWS\system32\drivers\NMSCFG.SYS []

R3 nv;nv; D:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]

R3 pcouffin;VSO Software pcouffin; D:\WINDOWS\System32\Drivers\pcouffin.sys [2009-12-26 47360]

R3 SaiMini;SaiMini; D:\WINDOWS\system32\DRIVERS\SaiMini.sys [2009-06-10 14080]

R3 SaiNtBus;SaiNtBus; D:\WINDOWS\system32\drivers\SaiBus.sys [2009-06-10 36992]

R3 sermouse;Pilote pour souris sur port série; D:\WINDOWS\System32\DRIVERS\sermouse.sys [2002-08-30 18432]

R3 USBSTOR;Pilote de stockage de masse USB; D:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; D:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S0 sptd;sptd; D:\WINDOWS\System32\Drivers\sptd.sys []

S1 lusbaudio;Logitech USB Microphone; D:\WINDOWS\system32\drivers\lvsound2.sys [2001-09-24 33280]

S2 DCamUSB20;TRUST USB2 AUDIO VIDEO EDITOR; D:\WINDOWS\System32\Drivers\CsMini20.sys [2003-03-19 46216]

S2 Usb20Scan;USB 2.0 Still Image; D:\WINDOWS\System32\Drivers\CresScan.sys [2002-09-27 12692]

S3 61883;Pilote d'unité 61883; D:\WINDOWS\System32\DRIVERS\61883.sys [2008-04-13 48128]

S3 ACCSKMD;Canon Camera Storage Device; D:\WINDOWS\System32\DRIVERS\accskmd.sys [2003-05-13 32640]

S3 Afc;PPdus ASPI Shell; D:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]

S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); D:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-01-10 695852]

S3 ASPI;Advanced SCSI Programming Interface Driver; \??\D:\WINDOWS\System32\DRIVERS\ASPI32.sys []

S3 Avc;Périphérique AVC; D:\WINDOWS\System32\DRIVERS\avc.sys [2008-04-13 38912]

S3 BDSelfPr;BDSelfPr; \??\D:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys []

S3 BRGSp50;BRGSp50 NDIS Protocol Driver; D:\WINDOWS\System32\Drivers\BRGSp50.sys [2005-06-08 20608]

S3 Bridge;Pont MAC; D:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]

S3 BridgeMP;Miniport de pont MAC; D:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]

S3 catchme;catchme; \??\D:\DOCUME~1\Rolland\LOCALS~1\Temp\catchme.sys []

S3 CCDECODE;Closed Caption Decoder; D:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 cmuda3;TerraTec Aureon 5.1 Audio Interface; D:\WINDOWS\system32\drivers\cmudax3.sys [2007-04-12 1399680]

S3 DCamUSBEMPIA;Dazzle DVC90 Video Device; D:\WINDOWS\system32\DRIVERS\emDevice.sys [2004-04-06 100957]

S3 DCamUSBIntel;Minolta DiMAGE remote camera driver; D:\WINDOWS\System32\DRIVERS\mltcap.sys [2003-02-10 150240]

S3 emAudio;Dazzle DVC90 Audio Device; D:\WINDOWS\system32\drivers\emAudio.sys [2004-05-05 19584]

S3 FiltUSBEMPIA;USB Device Lower Filter; D:\WINDOWS\system32\DRIVERS\emFilter.sys [2004-04-06 5245]

S3 ggflt;SEMC USB Flash Driver Filter; D:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-05-15 13352]

S3 ggsemc;SEMC USB Flash Driver; D:\WINDOWS\system32\DRIVERS\ggsemc.sys [2008-05-15 20520]

S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []

S3 hidgame;Activateur de port HID à manette de jeu Microsoft; D:\WINDOWS\System32\DRIVERS\hidgame.sys [2001-08-17 8576]

S3 hidusb;Pilote de classe HID Microsoft; D:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; D:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-01-23 34576]

S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; D:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-01-23 33296]

S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; D:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-01-23 28176]

S3 LVBulk;LVBulk Service; D:\WINDOWS\System32\DRIVERS\LVBulk.sys [2001-09-24 10261]

S3 LVVI500A;LVVI500A Service; D:\WINDOWS\System32\DRIVERS\lvvi500a.sys [2001-09-20 193574]

S3 MSDV;Microsoft DV Camera and VCR; D:\WINDOWS\System32\DRIVERS\msdv.sys [2008-04-13 51200]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; D:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 NETMDUSB;Net MD; D:\WINDOWS\System32\Drivers\NETMDUSB.sys [2002-08-08 38951]

S3 ovt530;Webcam Classic; D:\WINDOWS\System32\Drivers\ov530vid.sys [2005-03-15 161792]

S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\D:\WINDOWS\system32\PCAMPR5.SYS []

S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\D:\WINDOWS\system32\PCANDIS5.SYS []

S3 pfc;PADUS ASPI SHELL; D:\WINDOWS\system32\drivers\pfc.sys [2002-06-13 14604]

S3 Point32;Microsoft IntelliPoint Filter Driver; D:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-08 21760]

S3 Profos;Profos; \??\D:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys []

S3 RT2500USB;Hercules Wireless USB Dongle Driver; D:\WINDOWS\system32\DRIVERS\rt73.sys [2006-01-12 252928]

S3 s116bus;Sony Ericsson Device 116 driver (WDM); D:\WINDOWS\system32\DRIVERS\s116bus.sys [2007-04-03 83336]

S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; D:\WINDOWS\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]

S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; D:\WINDOWS\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]

S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); D:\WINDOWS\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]

S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); D:\WINDOWS\system32\DRIVERS\s116nd5.sys [2007-04-03 23176]

S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; D:\WINDOWS\system32\DRIVERS\s116obex.sys [2007-04-03 98696]

S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); D:\WINDOWS\system32\DRIVERS\s116unic.sys [2007-04-03 99080]

S3 SaiH040B;SaiH040B; D:\WINDOWS\system32\DRIVERS\SaiH040B.sys [2007-05-01 132232]

S3 SaiU040B;SaiU040B; D:\WINDOWS\system32\DRIVERS\SaiU040B.sys [2007-05-01 28416]

S3 ScanUSBEMPIA;USB Still Image Capture Device; D:\WINDOWS\system32\DRIVERS\emScan.sys [2004-04-06 4493]

S3 se45bus;Sony Ericsson Device 069 driver (WDM); D:\WINDOWS\system32\DRIVERS\se45bus.sys [2006-11-30 61536]

S3 se45mdfl;Sony Ericsson Device 069 USB WMC Modem Filter; D:\WINDOWS\system32\DRIVERS\se45mdfl.sys [2006-11-30 9360]

S3 se45mdm;Sony Ericsson Device 069 USB WMC Modem Driver; D:\WINDOWS\system32\DRIVERS\se45mdm.sys [2006-11-30 97088]

S3 se45mgmt;Sony Ericsson Device 069 USB WMC Device Management Drivers (WDM); D:\WINDOWS\system32\DRIVERS\se45mgmt.sys [2006-11-30 88624]

S3 se45nd5;Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (NDIS); D:\WINDOWS\system32\DRIVERS\se45nd5.sys [2006-11-30 18704]

S3 se45obex;Sony Ericsson Device 069 USB WMC OBEX Interface; D:\WINDOWS\system32\DRIVERS\se45obex.sys [2006-11-30 86432]

S3 se45unic;Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (WDM); D:\WINDOWS\system32\DRIVERS\se45unic.sys [2006-11-30 90800]

S3 Ser2pl;SIM-MAX Technology Serial port driver; D:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-12-01 43136]

S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); D:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]

S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; D:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]

S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; D:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]

S3 streamip;BDA IPSink; D:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 Trufos;Trufos; \??\D:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys []

S3 USBAAPL;Apple Mobile USB Driver; D:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-19 41984]

S3 usbaudio;Pilote USB audio (WDM); D:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

S3 usbccgp;Pilote parent générique USB Microsoft; D:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Classe d'imprimantes USB Microsoft; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;Pilote de scanneur USB; D:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 Wdf01000;Wdf01000; D:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

S3 WpdUsb;WpdUsb; D:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-10 18944]

S3 WSTCODEC;World Standard Teletext Codec; D:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 ZD1211U(ZyDAS);ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS); D:\WINDOWS\system32\DRIVERS\zd1211u.sys [2006-03-01 290816]

S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; D:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; D:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-07-14 108289]

R2 AntiVirService;Avira AntiVir Guard; D:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-24 185089]

R2 Apple Mobile Device;Apple Mobile Device; D:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-08-13 144672]

R2 Bonjour Service;Service Bonjour; D:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376]

R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]

R2 KPF4;Sunbelt Kerio Personal Firewall 4; D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2006-07-18 1205784]

R2 NMSAccessU;NMSAccessU; D:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 71096]

R2 NMSSvc;Intel® NMS; D:\WINDOWS\System32\NMSSvc.exe [2002-05-03 1118208]

R2 NVSvc;NVIDIA Display Driver Service; D:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]

R2 SeaPort;SeaPort; D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136]

R2 UMWdf;Windows User Mode Driver Framework; D:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]

R2 WinDefend;Windows Defender; D:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

R3 iPod Service;Service de l’iPod; D:\Program Files\iPod\bin\iPodService.exe [2010-09-24 820008]

S2 gupdate1c9d25c14c07070;Service Google Update (gupdate1c9d25c14c07070); D:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-11 133104]

S2 SPAMfighter Update Service;SPAMfighter Update Service; D:\Program Files\SPAMfighter\sfus.exe []

S2 spupdsvc;Windows Service Pack Installer update service; D:\WINDOWS\system32\spupdsvc.exe [2009-01-07 26144]

S3 aspnet_state;Service d'état ASP.NET; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]

S3 fsssvc;Windows Live Contrôle parental; D:\Program Files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]

S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590; D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-11-14 1840128]

S3 gusvc;Google Updater Service; D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-02 138168]

S3 IDriverT;InstallDriver Table Manager; D:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]

S3 SPTISRV;Sony SPTI Service; D:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe [2002-07-23 65536]

S4 ArcaVirMonitor;ArcaVir Antivirus Monitor Service; D:\Program Files\ArcaBit\ArcaVir\AvMon.exe []

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

 

-----------------EOF-----------------

 

 

INFO.TXT

 

 

info.txt logfile of random's system information tool 1.08 2010-10-14 17:26:54

 

======Uninstall list======

 

-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{6F2398F9-962F-415B-83CA-3FECB081DA12}\setup.exe" -l0x9

-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{57F79FB1-76C5-4A28-A4F7-61C9902D208F}\Setup.exe" -l0x40c

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf

µTorrent-->"D:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL

Activstudio Student Edition v3.6-->MsiExec.exe /I{701FBA22-A157-4F69-91A5-CBED824ADF7A}

Adobe Flash Player 10 Plugin-->D:\WINDOWS\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -maintain plugin

Adobe Flash Player ActiveX-->D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe PhotoDeluxe Home Edition 4.0-->D:\WINDOWS\IsUn040c.exe -f"D:\Program Files\Adobe\PhotoDeluxe Home Edition 4.0\Uninst.isu"

Adobe Shockwave Player-->D:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE D:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log

Adobe SVG Viewer 3.0-->D:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fD:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log

Apple Application Support-->MsiExec.exe /I{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}

Apple Mobile Device Support-->MsiExec.exe /I{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

ArcaBit Prerequisties libraries-->MsiExec.exe /I{8838A692-F591-4729-83A8-41F3DA76F3F1}

Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}

aTube Catcher-->D:\Program Files\DsNET Corp\aTube Catcher 2.0\uninstall.exe

Audacity 1.2.6-->"D:\Program Files\Audacity\unins000.exe"

Aureon 5.1 Fun ControlPanel-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{17A87ED9-129A-4516-A3BF-5E513D23C3BB}\Setup.exe" -l0x9

Aureon 5.1 PCI-->D:\WINDOWS\system32\Cmeaupci.exe /rm /ppci8768

AusLogics Disk Defrag-->"D:\Program Files\AusLogics Disk Defrag\unins000.exe"

Avanquest update-->D:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe -runfromtemp -l0x040c -removeonly

AVIcodec (remove only)-->"D:\Program Files\AVIcodec\uninst.exe"

Avidemux 2.5-->D:\Program Files\Avidemux 2.5.2\uninstall.exe

Avira AntiVir Personal - Free Antivirus-->D:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE

Band-in-a-Box 2004-->"D:\Program Files\biab\unins000.exe"

Bonjour-->MsiExec.exe /X{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}

Browser-->D:\WINDOWS\uninst.exe -f"D:\Program Files\Softease\Browser\DeIsL1.isu" -cD:\PROGRA~1\Softease\Browser\_ISREG32.DLL

BWPlugins-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{A1F4AB00-FEDD-4CB3-9DC9-7F07F79DFE66}\setup.exe" -l0x40c

Canon MP Navigator 2.0-->"D:\Program Files\Canon\MP Navigator 2.0\Maint.exe" /UninstallRemove D:\Program Files\Canon\MP Navigator 2.0\uninst.ini

Canon MP170-->"D:\WINDOWS\system32\CanonMP Uninstaller Information\{91175441-4E5D-4e13-B116-828FD352CDB2}\DelDrv.exe" /U:{91175441-4E5D-4e13-B116-828FD352CDB2} /L0x000c

Canon MV650i Pilote WIA -->D:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D68C0E11-A4F1-47C5-B6FA-9382716F6B31}

Canon Utilities PhotoStitch 3.1-->D:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A3E0FF15-90D5-40CD-8565-B80A433B0D4C}

CDBurnerXP-->"D:\Program Files\CDBurnerXP\unins000.exe"

CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}

CDDRV_Installer-->MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}

Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

Claris Home Page 3.0-->D:\WINDOWS\IsUn040c.exe -f"D:\Program Files\Claris Corp\Claris Home Page 3.0\Uninst.isu"

Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}

CoreAVC Pro 1.8.5.0-->"D:\Program Files\CoreAVC Pro\unins000.exe"

Correctif pour Windows Internet Explorer 7 (KB947864)-->"D:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

Correctif pour Windows XP (KB2158563)-->"D:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"

Correctif pour Windows XP (KB952287)-->"D:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Correctif pour Windows XP (KB970653-v3)-->"D:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"

Correctif pour Windows XP (KB976098-v2)-->"D:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"

Correctif pour Windows XP (KB979306)-->"D:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"

Correctif pour Windows XP (KB981793)-->"D:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"

CutePDF Writer 2.3-->D:\WINDOWS\system32\uninscpw.exe D:\Program Files\

devolo dLAN - Assistant de configuration-->D:\Program Files\devolo\setup.exe /remove:dlanconf

devolo Informer-->D:\Program Files\devolo\setup.exe /remove:dslmon

Didapages 1.1-->D:\Program Files\Didapages\uninst.exe

Disc2Phone-->MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}

Disc2Phone-->MsiExec.exe /X{1C75E8E0-29D5-4298-AE16-B8604FD9DDE4}

DivX-->D:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

Dragon NaturallySpeaking 9-->MsiExec.exe /I{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}

DV Network Software-->D:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{AB85A4DB-357F-41B5-94A6-C9A4CBBD791B} /l1036

DVD Decrypter (Remove Only)-->"D:\Program Files\DVD Decrypter\uninstall.exe"

DVD Shrink 3.2-->"D:\Program Files\DVD Shrink\unins000.exe"

EA SPORTS online 2006-->D:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe

Eole-->MsiExec.exe /I{8B29CBAA-7B4D-11D8-8797-00055D03DA0E}

EPSON TWAIN 5-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\Setup.exe" -l0x40c UNINSTALL

EVEREST Home Edition v2.20-->"D:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"

Fenêtre d'appareil photo Canon pour ZoomBrowser EX-->D:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2D6BDF3A-6BDB-4169-909F-E882F23AB795}

ffdshow [rev 2975] [2009-05-28]-->"D:\Program Files\Video Convert Master\codec\unins000.exe"

FlashGet 3.3-->D:\Program Files\FlashGet Network\FlashGet 3\uninst.exe

FM Screen Capture Codec (Remove Only)-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\fmcodec.inf

Foxit PDF Creator-->D:\Program Files\Foxit Software\PDF Creator\FPC_Uninstall.exe

France Topo 1 Alpes-->"r:\Garmin\France Topo 1 Alpes\unins000.exe"

France Topo 2 Pyrénées-->"r:\Garmin\France Topo 2 Pyrénées\unins000.exe"

France Topo 3 Provence Côte d'Azur Méditerranée-->"r:\Garmin\France Topo 3 Provence Côte d'Azur Méditerranée\unins000.exe"

France Topo 4 Bretagne Normandie-->"r:\Garmin\France Topo 4 Bretagne Normandie\unins000.exe"

France Topo 5 Ile de France-->"r:\Garmin\France Topo 5 Ile de France\unins000.exe"

France Topo 6 Alsace Lorraine - Vosges Jura-->"r:\Garmin\France Topo 6 Alsace Lorraine - Vosges Jura\unins000.exe"

France Topo 7 Massif Central-->"r:\Garmin\France Topo 7 Massif Central\unins000.exe"

Free Mp3 Wma Converter V 1.5.3-->"D:\Program Files\Free Audio Pack\unins000.exe"

FW LiveUpdate-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{11F5D779-7BD9-465A-BBC4-10701386BCB9}\setup.exe" -l0x9 -removeonly

Galerie de photos Windows Live-->MsiExec.exe /X{43563ACB-371B-4C58-8979-B192B390424C}

Garmin City Navigator Europe NT 2008 Update-->MsiExec.exe /X{F89078FA-D069-462D-AB34-75483E0A38F1}

Garmin MapSource-->MsiExec.exe /X{CF07A1C9-098F-47DD-99E0-B6558C33871B}

Garmin POI Loader-->MsiExec.exe /X{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}

Garmin Training Center 3.4.1-->MsiExec.exe /X{33BABF46-8430-47A8-A98C-88B1E9DA5DE6}

Garmin USB Drivers-->MsiExec.exe /X{B1102A25-3AA3-446B-AA0F-A699B07A02FD}

Google Desktop-->D:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall

Google Toolbar for Internet Explorer-->regsvr32 /u /s "d:\program files\google\googletoolbar4.dll"

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Google Earth-->MsiExec.exe /X{4286E640-B5FB-11DF-AC4B-005056C00008}

GSM SIM Utility-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{BCFA8D8D-0573-4148-AF94-04CB5DAC6DCB}\Setup.exe"

Hercules WebCam Station-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{D208F4A7-6B73-4C2A-8B1E-8756FCBA831E}\Setup.exe" -l0x40c

Hercules Webcam-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{A250D351-A07F-4D5D-AB6C-693C69B9BFAF}\Setup.exe" -l0x40c

HijackThis 2.0.2-->"D:\telechargement\Utilitaires Système\antivirus ET Firewall\HijackThis.exe" /uninstall

HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}

Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}

Img2gps v2.81-->"D:\Program Files\Img2gps\unins000.exe"

Indeo® Software-->D:\WINDOWS\IsUninst.exe -f"D:\Program Files\Ligos\Indeo\Uninst.isu" -c"D:\Program Files\Ligos\Indeo\Indeo System Files\indounin.dll"

Installation Windows Live-->D:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{3CCB732A-E472-4CF9-B1EE-F18365341FE0}

Intel® PRO Ethernet Adapter and Software-->Prounstl.exe

Intel® PRO Intelligent Installer-->MsiExec.exe /I{6EC5D2BB-C70D-4A1E-9E0E-384568CA5E97}

Interwrite Content-->D:\Program Files\Interwrite Learning\Interwrite Content\_uninst\uninstaller.exe

Interwrite Workspace-->MsiExec.exe /I{114AE8C5-2EAB-47BA-B6BD-4C6C3EABA67C}

iTunes-->MsiExec.exe /I{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}

J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}

J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}

Java 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016F0}

Java 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}

Junk Mail filter update-->MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}

Junk Mail filter update-->MsiExec.exe /I{8E5233E1-7495-44FB-8DEB-4BE906D59619}

KaraWin-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{9C6BE23B-81BC-4407-A3DB-B4B2E3A30642}\Setup.exe"

KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}

KhalSetup-->MsiExec.exe /I{C89C8D86-4423-4A58-AA40-DD259ACE07C1}

Kit Runtime VB6.0-->D:\WINDOWS\st6unst.exe -n "D:\WINDOWS\system32\ST6UNST.LOG"

K-Lite Codec Pack 2.20 Full-->"D:\Program Files\K-Lite Codec Pack\unins000.exe"

K-Lite Video Conversion Pack 1.6.0-->"D:\Program Files\K-Lite Video Conversion Pack\unins000.exe"

LaCie Backup Software v1.7.2893-->MsiExec.exe /I{5967A03E-3B74-4DF1-B591-2D89CA26BDC9}

Lecteur Windows Media 10-->"D:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Logic Fun 4.8-->D:\WINDOWS\unvise32.exe D:\Program Files\emagic\Logic Fun 4.8\uninstal.log

Logitech Desktop Messenger-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x40c UNINSTALL

Logitech Harmony Remote Software 7-->D:\Program Files\InstallShield Installation Information\{5C6F884D-680C-448B-B4C9-22296EE1B206}\setup.exe -runfromtemp -l0x040c -removeonly

Logitech SetPoint-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x40c -removeonly

Malwarebytes' Anti-Malware-->"D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Micro Application - Compositeur-->D:\WINDOWS\unin040c.exe -f"d:\program files\compositeur\DeIsL3.isu" -cd:\PROGRA~1\COMPOS~1\_ISREG32.DLL

Micrografx Photo Magic-->D:\WINDOWS\MGXCLEAN.EXE MAGIC.APP

Micrografx Windows Draw 5-->D:\WINDOWS\MGXCLEAN.EXE DRAW5.APP FONTS.APP

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}

Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}

Microsoft .NET Framework 3.5-->D:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe

Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}

Microsoft Data Access Components KB870669-->D:\WINDOWS\muninst.exe D:\WINDOWS\INF\KB870669.inf

Microsoft Money 2000 Standard-->D:\Program Files\Microsoft Money\setup\setup.exe

Microsoft Office 2000 Premium-->MsiExec.exe /I{0000040C-78E1-11D2-B60F-006097C998E7}

Microsoft Search Enhancement Pack-->MsiExec.exe /X{06E6E30D-B498-442F-A943-07DE41D7F785}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}

Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Mise à jour de sécurité pour Lecteur Windows Media (KB2378111)-->"D:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"D:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media (KB954155)-->"D:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media (KB968816)-->"D:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->"D:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media (KB975558)-->"D:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media (KB978695)-->"D:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"D:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"D:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"D:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"D:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"D:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"D:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"D:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"D:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"D:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"D:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"D:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"D:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"D:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"D:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"D:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"D:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB969897)-->"D:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2183461)-->"D:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2360131)-->"D:\WINDOWS\ie8updates\KB2360131-IE8\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)-->"D:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB981332)-->"D:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB982381)-->"D:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB2079403)-->"D:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB2121546)-->"D:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB2160329)-->"D:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB2229593)-->"D:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB2259922)-->"D:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB2286198)-->"D:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB2347290)-->"D:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB2360937)-->"D:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923561)-->"D:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB946648)-->"D:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950974)-->"D:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951066)-->"D:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB952004)-->"D:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB952954)-->"D:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB953155)-->"D:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB953839)-->"D:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954211)-->"D:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954459)-->"D:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954600)-->"D:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB955069)-->"D:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956391)-->"D:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956572)-->"D:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956744)-->"D:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956802)-->"D:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956803)-->"D:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956841)-->"D:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956844)-->"D:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB957095)-->"D:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB957097)-->"D:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958644)-->"D:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958687)-->"D:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958690)-->"D:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958869)-->"D:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB959426)-->"D:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960225)-->"D:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960715)-->"D:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960803)-->"D:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960859)-->"D:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB961371)-->"D:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB961373)-->"D:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB961501)-->"D:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB968537)-->"D:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB969059)-->"D:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB969898)-->"D:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB969947)-->"D:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB970238)-->"D:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB970430)-->"D:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB971468)-->"D:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB971486)-->"D:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB971557)-->"D:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB971633)-->"D:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB971657)-->"D:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB972270)-->"D:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB973346)-->"D:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB973354)-->"D:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB973507)-->"D:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB973525)-->"D:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB973869)-->"D:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB973904)-->"D:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB974112)-->"D:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB974318)-->"D:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB974392)-->"D:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB974571)-->"D:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB975025)-->"D:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB975467)-->"D:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB975560)-->"D:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB975561)-->"D:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB975562)-->"D:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB975713)-->"D:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB977165-v2)-->"D:\WINDOWS\$NtUninstallKB977165-v2$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB977816)-->"D:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB977914)-->"D:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB978037)-->"D:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB978251)-->"D:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB978262)-->"D:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB978338)-->"D:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB978542)-->"D:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB978601)-->"D:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB978706)-->"D:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB979309)-->"D:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB979482)-->"D:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB979559)-->"D:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB979683)-->"D:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB979687)-->"D:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB980195)-->"D:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB980218)-->"D:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB980232)-->"D:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB980436)-->"D:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB981322)-->"D:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB981852)-->"D:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB981957)-->"D:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB981997)-->"D:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB982132)-->"D:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB982214)-->"D:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB982665)-->"D:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB982802)-->"D:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe"

Mise à jour pour Windows Internet Explorer 8 (KB976662)-->"D:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"

Mise à jour pour Windows Internet Explorer 8 (KB982632)-->"D:\WINDOWS\ie8updates\KB982632-IE8\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB2141007)-->"D:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB951072-v2)-->"D:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB955759)-->"D:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB955839)-->"D:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB967715)-->"D:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB968389)-->"D:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB971737)-->"D:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB973687)-->"D:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB973815)-->"D:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"

Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe

Motherboard Monitor 5 Languages-->"D:\Program Files\Motherboard Monitor 5\Language\unins000.exe"

Mozilla Firefox 4.0b6 (x86 fr)-->D:\Program Files\Mozilla Firefox 4.0 Beta 4\uninstall\helper.exe

MP3-OGG-WAV-WMA Converter 2.0-->"D:\Program Files\MP3-OGG-WAV-WMA Converter\unins000.exe"

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}

Music Visualizer Library 1.4.00-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}\Setup.exe" -l0x40c

Nero 6 Ultra Edition-->D:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

NeroMIX-->D:\WINDOWS\UNNMIX.exe /UNINSTALL

NeroVision Express-->D:\WINDOWS\UNNeroVision.exe /UNINSTALL

Net Transport 1.94.282-->"D:\Program Files\Xi\NetTransport 2\unins000.exe"

NVIDIA Display Driver-->D:\WINDOWS\System32\nvudisp.exe Uninstall D:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver

NVIDIA Drivers-->D:\WINDOWS\system32\nvudisp.exe UninstallGUI

Office Animation Runtime-->MsiExec.exe /X{AEEB3643-71DE-414d-9E3F-1159177FE211}

OmniPage SE 2.0-->MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}

OMP Croatia 3D-->"C:\Garmin\Openmaps\unins000.exe"

OpenMG Limited Patch 3.1-02-10-22-01-->D:\Program Files\Fichiers communs\Sony Shared\OpenMG\HotFixes\HotFix3.1-02-10-22-01\HotFixSetup\setup.exe /u

OpenMG Limited Patch 3.1-02-10-22-02-->D:\Program Files\Fichiers communs\Sony Shared\OpenMG\HotFixes\HotFix3.1-02-10-22-02\HotFixSetup\setup.exe /u

OpenMG Limited Patch 3.1-02-12-04-01-->D:\Program Files\Fichiers communs\Sony Shared\OpenMG\HotFixes\HotFix3.1-02-12-04-01\HotFixSetup\setup.exe /u

OpenMG Secure Module 3.1-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{117C01B5-9D68-4A15-85E2-A7CDFA82CEB9}\setup.exe" -l0x40c UNINSTALL

OpenOffice.org 3.2-->MsiExec.exe /I{69B040CC-E9B1-4769-950E-87786C9E16AD}

Opera 10.63-->MsiExec.exe /X{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}

Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

PC Inspector File Recovery-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x40c

PDFCreator-->D:\Program Files\PDFCreator\unins000.exe

PhotoFiltre-->"d:\Program Files\PhotoFiltre\Uninst.exe"

Photorécit 3 pour Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}

Pilote vidéo Pinnacle-->MsiExec.exe /X{6DE721A5-5E89-4D74-994C-652BB3C0672E}

Pilote Webcam pour DiMAGE Minolta-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{99E67091-D392-4031-AD2A-E9547F3615F8}\setup.exe" -l0x40c

Pinnacle Studio 12 Ultimate Plugins-->MsiExec.exe /I{D1860E6E-520E-4380-8433-E58E8F88B473}

Pinnacle Studio 12-->MsiExec.exe /I{D041EB9E-890A-4098-8F94-51DA194AC72A}

Pixie registration fix-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{8ACE0437-ABC8-42EE-A165-D5ADD81A1BD3}\setup.exe" -l0x9

PoiEdit-->D:\PROGRA~1\DNOTES~1\POIEDI~1\UNWISE.EXE D:\PROGRA~1\DNOTES~1\POIEDI~1\INSTALL.LOG

PowerDVD-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall

proDAD Vitascene 1.0-->"D:\Program Files\proDAD\Vitascene-1.0\uninstall.exe" uninstall spcp PATHVERSION 1.0 MAINNAME Vitascene

Proteus VX-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{57F79FB1-76C5-4A28-A4F7-61C9902D208F}\Setup.exe" -l0x40c /remove

Quick Zip 4.60.019-->"D:\Program Files\QuickZip4\unins000.exe"

QuickTime-->MsiExec.exe /I{E7004147-2CCA-431C-AA05-2AB166B9785D}

RAD Video Tools-->"D:\Program Files\RADVideo\uninstall.exe"

Real Alternative 1.9.0-->"D:\Program Files\Video Convert Master\codec\real\unins000.exe"

RealPlayer-->D:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0

Realtek AC'97 Audio-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE

RealUpgrade 1.0-->MsiExec.exe /I{F4F4F84E-804F-4E9A-84D7-C34283F0088F}

Remote Control USB Driver-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{8471021C-F529-43DE-84DF-3612E10F58C4}\setup.exe" -l0x9 -removeonly

Safari-->MsiExec.exe /I{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}

Saitek SD6 Programming Software 6.6.6.9-->MsiExec.exe /X{353E9DD1-B168-4710-A429-5C750F3A9D13}

SAMSUNG CDMA Modem Driver Set-->D:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe

SAMSUNG Mobile Modem Driver Set-->D:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe

Samsung Mobile phone USB driver Software-->D:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe

SAMSUNG Mobile USB Modem 1.0 Software-->D:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe

SAMSUNG Mobile USB Modem Software-->D:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe

Samsung PC Studio 3 USB Driver Installer-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x40c -removeonly

Samsung PC Studio 3-->"D:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

Sibelius Scorch (Firefox, Opera, Netscape only)-->MsiExec.exe /I{8A0BD487-D185-4316-92CE-9E415C3AC6DB}

Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}

Skype 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}

SmartSound Quicktracks Plugin-->D:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}

SolidConverterPDF-->MsiExec.exe /I{9BC76CCE-A9EC-4A3A-9B51-D823805E1D1F}

SonicStage 1.5.06-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}\setup.exe" -l0x40c UNINSTALL

Sony Ericsson Media Manager 1.1-->MsiExec.exe /X{5D1D8DB6-0D5C-417F-9A68-FFCE63048939}

Sony Ericsson PC Suite 3.207.00-->D:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\Setup.exe -runfromtemp -l0x040c -removeonly

Sony Ericsson PC Suite-->MsiExec.exe /I{FC906D5C-91F9-4DA4-A765-6DCBB669F317}

Spamihilator 0.9.9.53 (32 bit)-->MsiExec.exe /I{6D14916C-EC29-40FC-8FFB-08A66576BE78}

StoryMagic-->MsiExec.exe /X{899D8B87-7886-49A8-B01E-231D49B86756}

Studio 9.4 Patch-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{16E217EA-C3E0-402D-8D4F-6189DB74497A}\setup.exe" -l0x40c UNINSTALL

Studio 9-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x40c UNINSTALL

Sunbelt Kerio Personal Firewall-->MsiExec.exe /X{E659E0EE-10E6-49B7-8696-60F38D0EB174}

SyncBack-->"D:\Program Files\2BrightSparks\SyncBack\unins000.exe"

Téléchargement PHOTOWAYS 3.0.8-->"D:\Program Files\Téléchargement PHOTOWAYS\uninstall.exe"

Tiscali ADSL - Installation principale-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{CE5D7CE8-27E7-4452-AF33-F38F074BBD08}\setup.exe" -l0x40c -eth -pri

Transcribe! 7.50-->"D:\Program Files\Transcribe!\unins000.exe"

TRUST USB2 AUDIO VIDEO EDITOR APPLICATION-->D:\WINDOWS\uninst.exe -f"D:\Program Files\TRUST\TRUST USB2 AUDIO VIDEO EDITOR APPLICATION\DeIsL2.isu" -cD:\PROGRA~1\TRUST\TRUSTU~1\_ISREG32.DLL

Update Service-->D:\Program Files\Sony Ericsson\Update Service\uninst.exe

Visual C++ CRT 9.0 SP1-->MsiExec.exe /I{EC25B803-4BDB-47F7-B877-FCE7D7966C0F}

VLC media player 1.1.4-->D:\Program Files\VideoLAN\VLC\uninstall.exe

Vodafone 804SS USB driver Software-->D:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe

WiFi Station-->D:\Program Files\InstallShield Installation Information\{DECE22F4-EEDD-4615-BC56-2F4827FAD64B}\Setup.exe -runfromtemp -l0x040c -removeonly

Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)-->rundll32.exe D:\PROGRA~1\DIFX\15B7F172FC21855D\DIFxAppA.dll, DIFxARPUninstallDriverPackage D:\WINDOWS\system32\DRVSTORE\grmnusb_09F3E629557EBE4D2BA1A9469BDAE635AC0807AE\grmnusb.inf

Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}

Windows Internet Explorer 8-->"D:\WINDOWS\ie8\spuninst\spuninst.exe"

Windows Live Call-->MsiExec.exe /I{01523985-2098-43AF-9C97-12B07BE02A9B}

Windows Live Call-->MsiExec.exe /I{B3B487E7-6171-4376-9074-B28082CEB504}

Windows Live Communications Platform-->MsiExec.exe /I{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}

Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}

Windows Live Contrôle parental-->MsiExec.exe /X{EB8BAA0D-11EF-4EDC-A960-2AB7CA8F53F0}

Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}

Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}

Windows Live Sync-->MsiExec.exe /X{67D0313C-4F15-437D-9A2D-C1564088A26A}

Windows Live Toolbar-->MsiExec.exe /X{915809D6-1F93-45F2-9699-5F1DA64DC24B}

Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}

Windows Media Format Runtime-->"D:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

WinPcap 4.1.1-->"D:\Program Files\WinPcap\uninstall.exe"

Wordsearch v1.1-->D:\WINDOWS\st6unst.exe -n "D:\Program Files\Wordsearch\ST6UNST.LOG"

XnView 1.74-->"D:\Program Files\XnView\unins000.exe"

XXClone ver 0.58.0-->D:\WINDOWS\SYSTEM32\xxclone.exe /uninst

ZyDAS IEEE 802.11 b+g Wireless LAN - USB-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{581CE7EA-A30D-0000-1211-088635773309}\Setup.exe" -l0x9

 

======Hosts File======

 

127.0.0.1 localhost

 

======Security center information======

 

AV: Bitdefender Antivirus

AV: AntiVir Desktop

FW: Sunbelt Kerio Personal Firewall

 

======System event log======

 

Computer Name: POSTE-ROLLAND

Event Code: 7035

Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur.

 

Record Number: 5316842

Source Name: Service Control Manager

Time Written: 20100912100802.000000+120

Event Type: Informations

User: AUTORITE NT\SYSTEM

 

Computer Name: POSTE-ROLLAND

Event Code: 7036

Message: Le service Services Terminal Server est entré dans l'état : en cours d'exécution.

 

Record Number: 5316841

Source Name: Service Control Manager

Time Written: 20100912100802.000000+120

Event Type: Informations

User:

 

Computer Name: POSTE-ROLLAND

Event Code: 7026

Message: Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger :

sptd

 

Record Number: 5316840

Source Name: Service Control Manager

Time Written: 20100912100751.000000+120

Event Type: erreur

User:

 

Computer Name: POSTE-ROLLAND

Event Code: 17

Message: AVGNTFLT successfully loaded

 

Record Number: 5316839

Source Name: avgntflt

Time Written: 20100912100743.000000+120

Event Type: Informations

User:

 

Computer Name: POSTE-ROLLAND

Event Code: 7000

Message: Le service USB 2.0 Still Image n'a pas pu démarrer en raison de l'erreur :

Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.

 

 

Record Number: 5316838

Source Name: Service Control Manager

Time Written: 20100912100735.000000+120

Event Type: erreur

User:

 

=====Application event log=====

 

Computer Name: POSTE-ROLLAND

Event Code: 0

Message: Service started

 

Record Number: 15222

Source Name: SeaPort

Time Written: 20100321155151.000000+060

Event Type: Informations

User:

 

Computer Name: POSTE-ROLLAND

Event Code: 0

Message: Service started.

 

Record Number: 15221

Source Name: NMSSvc

Time Written: 20100321155151.000000+060

Event Type: Informations

User:

 

Computer Name: POSTE-ROLLAND

Event Code: 0

Message:

Record Number: 15220

Source Name: gupdate1c9d25c14c07070

Time Written: 20100321155150.000000+060

Event Type: Informations

User:

 

Computer Name: POSTE-ROLLAND

Event Code: 1

Message:

Record Number: 15219

Source Name: Bonjour Service

Time Written: 20100321155150.000000+060

Event Type: Informations

User:

 

Computer Name: POSTE-ROLLAND

Event Code: 1000

Message: Application défaillante winword.exe, version 9.0.0.2823, module défaillant winword.exe, version 9.0.0.2823, adresse de défaillance 0x005984b4.

 

Record Number: 15218

Source Name: Application Error

Time Written: 20100321083542.000000+060

Event Type: erreur

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;D:\Program Files\Fichiers communs\Ulead Systems\MPEG;D:\Program Files\Fichiers communs\Teleca Shared;D:\Program Files\Pinnacle\Shared Files\;D:\Program Files\Samsung\Samsung PC Studio 3\;D:\Program Files\QuickTime\QTSystem\

"windir"=%SystemRoot%

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel

"PROCESSOR_REVISION"=0207

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"FP_NO_HOST_CHECK"=NO

"asl.log"=Destination=file

"CLASSPATH"=.;D:\Program Files\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=D:\Program Files\Java\jre6\lib\ext\QTJava.zip

 

-----------------EOF-----------------

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

salut ;)

 

Encore un petit scan supplémentaire stp =>

 

Télécharge GMER Rootkit Scanner

 

Fais un clic droit sur l'icône d'Antivir dans la barre des tâches et décoche Activer Antivir Guard

 

  • Clique sur le bouton "Download EXE"
  • Sauvegarde-le sur ton Bureau.
  • Colle et sauvegarde ces instructions dans un fichier texte ou imprime-les, car tu devras fermer le navigateur.
  • Ferme les fenêtres de navigateur ouvertes et tout autre programme ouvert car le scan peut faire planter le pc.
  • Lance le fichier téléchargé (le nom comporte 8 chiffres/lettres aléatoires) par double clic ;
  • Si l'outil te lance un warning d'activité de rootkit et te demande de faire un scan ; clique "NO"
    gmerNoDialog.png
  • Clique maintenant sur le bouton btnScan.png et patiente (cela peut prendre 10 minutes ou +)
  • Lorsque l'analyse sera terminée, clique sur le bouton btnSave.png (au bas à droite)
  • Nomme le fichier"Ark.txt" et sauvegarde-le sur le Bureau
  • Copie/colle le contenu de ce rapport dans ta réponse.

Réactive ton antivirus en fin de scan après avoir fermé GMER. (re-coche " Activer Antivir Guard")

rolmic Member

rolmic

Posté(e)
  • Auteur
Posté(e)

OK, j'ai lancé le scan ce matin, mais ça tourne toujours, il passe en revue tous les fichiers sur tous les disques, alors ça prend pas mal de temps.

 

C'est bien un scan complet qu'il faut faire, avec la case Files cochée ?

 

RM

rolmic Member

rolmic

Posté(e)
  • Auteur
Posté(e) (modifié)

Après plusieurs plantages, j'ai relancé le scan en décochant la case Files.

 

Le rapport GMER est ci-dessous.

 

Truc bizarre : j'ai dû rebooter et ensuite il m'a demandé de réactiver Windows, ce que j'ai fait sans pb. Il a dit que le matériel de l'ordinateur avait évolué et qu'il fallait réactiver Windows...

 

 

Voici le rapport GMER :

 

GMER 1.0.15.15315 - GMER - Rootkit Detector and Remover

Rootkit scan 2010-10-17 14:23:54

Windows 5.1.2600 Service Pack 3

Running: mt8rh3ox.exe; Driver: D:\DOCUME~1\Rolland\LOCALS~1\Temp\kgrdauoc.sys

 

 

---- System - GMER 1.0.15 ----

 

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwClose [0xB7828110]

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateFile [0xB7827920]

SSDT F7A929BE ZwCreateKey

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcess [0xB7826F20]

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcessEx [0xB7826D90]

SSDT F7A929B4 ZwCreateThread

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteFile [0xB7828190]

SSDT F7A929C3 ZwDeleteKey

SSDT F7A929CD ZwDeleteValueKey

SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Kerio Host Intrusion Prevention Driver/Sunbelt Software) ZwLoadDriver [0xB769C9A0]

SSDT F7A929D2 ZwLoadKey

SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Kerio Host Intrusion Prevention Driver/Sunbelt Software) ZwMapViewOfSection [0xB769CB30]

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwOpenFile [0xB7827BF0]

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwOpenKey [0xB7824140]

SSDT F7A929A0 ZwOpenProcess

SSDT F7A929A5 ZwOpenThread

SSDT F7A929DC ZwReplaceKey

SSDT F7A929D7 ZwRestoreKey

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwResumeThread [0xB7827510]

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwSetInformationFile [0xB7827F00]

SSDT F7A929C8 ZwSetValueKey

SSDT F7A929AF ZwTerminateProcess

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwWriteFile [0xB7827E50]

 

---- Kernel code sections - GMER 1.0.15 ----

 

PAGENDSM NDIS.sys!NdisMIndicateStatus F784D9EF 6 Bytes JMP B781BED0 \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

.text D:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB95C0360, 0x24BB1D, 0xE8000020]

init D:\WINDOWS\system32\drivers\cmigameport.sys entry point in "init" section [0xBA0FE892]

 

---- User code sections - GMER 1.0.15 ----

 

.text D:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe[144] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8

.text D:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe[144] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090

.text D:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe[144] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694

.text D:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe[144] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0

.text D:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe[144] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234

.text D:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe[144] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004

.text D:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe[144] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C

.text D:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe[144] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0

.text D:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe[144] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C

.text D:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe[144] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8

.text D:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe[144] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C

.text D:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe[144] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464

.text D:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe[144] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608

.text D:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe[144] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001407AC

.text D:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe[144] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00140720

.text D:\WINDOWS\System32\svchost.exe[432] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8

.text D:\WINDOWS\System32\svchost.exe[432] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090

.text D:\WINDOWS\System32\svchost.exe[432] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694

.text D:\WINDOWS\System32\svchost.exe[432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0

.text D:\WINDOWS\System32\svchost.exe[432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234

.text D:\WINDOWS\System32\svchost.exe[432] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004

.text D:\WINDOWS\System32\svchost.exe[432] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C

.text D:\WINDOWS\System32\svchost.exe[432] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0

.text D:\WINDOWS\System32\svchost.exe[432] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C

.text D:\WINDOWS\System32\svchost.exe[432] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8

.text D:\WINDOWS\System32\svchost.exe[432] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C

.text D:\WINDOWS\System32\svchost.exe[432] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464

.text D:\WINDOWS\System32\svchost.exe[432] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608

.text D:\WINDOWS\System32\svchost.exe[432] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC

.text D:\WINDOWS\System32\svchost.exe[432] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720

.text D:\WINDOWS\system32\wdfmgr.exe[840] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8

.text D:\WINDOWS\system32\wdfmgr.exe[840] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090

.text D:\WINDOWS\system32\wdfmgr.exe[840] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694

.text D:\WINDOWS\system32\wdfmgr.exe[840] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0

.text D:\WINDOWS\system32\wdfmgr.exe[840] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234

.text D:\WINDOWS\system32\wdfmgr.exe[840] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004

.text D:\WINDOWS\system32\wdfmgr.exe[840] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C

.text D:\WINDOWS\system32\wdfmgr.exe[840] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0

.text D:\WINDOWS\system32\wdfmgr.exe[840] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C

.text D:\WINDOWS\system32\wdfmgr.exe[840] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8

.text D:\WINDOWS\system32\wdfmgr.exe[840] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C

.text D:\WINDOWS\system32\wdfmgr.exe[840] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464

.text D:\WINDOWS\system32\wdfmgr.exe[840] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608

.text D:\WINDOWS\system32\wdfmgr.exe[840] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000707AC

.text D:\WINDOWS\system32\wdfmgr.exe[840] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00070720

.text D:\WINDOWS\system32\csrss.exe[852] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001601A8

.text D:\WINDOWS\system32\csrss.exe[852] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00160090

.text D:\WINDOWS\system32\csrss.exe[852] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00160694

.text D:\WINDOWS\system32\csrss.exe[852] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001602C0

.text D:\WINDOWS\system32\csrss.exe[852] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00160234

.text D:\WINDOWS\system32\csrss.exe[852] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00160004

.text D:\WINDOWS\system32\csrss.exe[852] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0016011C

.text D:\WINDOWS\system32\csrss.exe[852] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001604F0

.text D:\WINDOWS\system32\csrss.exe[852] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0016057C

.text D:\WINDOWS\system32\csrss.exe[852] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001603D8

.text D:\WINDOWS\system32\csrss.exe[852] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0016034C

.text D:\WINDOWS\system32\csrss.exe[852] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 00160464

.text D:\WINDOWS\system32\csrss.exe[852] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00160608

.text D:\WINDOWS\system32\csrss.exe[852] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001607AC

.text D:\WINDOWS\system32\csrss.exe[852] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00160720

.text D:\WINDOWS\system32\winlogon.exe[876] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8

.text D:\WINDOWS\system32\winlogon.exe[876] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090

.text D:\WINDOWS\system32\winlogon.exe[876] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694

.text D:\WINDOWS\system32\winlogon.exe[876] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0

.text D:\WINDOWS\system32\winlogon.exe[876] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234

.text D:\WINDOWS\system32\winlogon.exe[876] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004

.text D:\WINDOWS\system32\winlogon.exe[876] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C

.text D:\WINDOWS\system32\winlogon.exe[876] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0

.text D:\WINDOWS\system32\winlogon.exe[876] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C

.text D:\WINDOWS\system32\winlogon.exe[876] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8

.text D:\WINDOWS\system32\winlogon.exe[876] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C

.text D:\WINDOWS\system32\winlogon.exe[876] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464

.text D:\WINDOWS\system32\winlogon.exe[876] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608

.text D:\WINDOWS\system32\winlogon.exe[876] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000707AC

.text D:\WINDOWS\system32\winlogon.exe[876] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00070720

.text D:\WINDOWS\system32\winlogon.exe[876] WS2_32.dll!socket 719F4211 5 Bytes JMP 000708C4

.text D:\WINDOWS\system32\winlogon.exe[876] WS2_32.dll!bind 719F4480 5 Bytes JMP 00070838

.text D:\WINDOWS\system32\winlogon.exe[876] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00070950

.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8

.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090

.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694

.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0

.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234

.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004

.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C

.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0

.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C

.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8

.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C

.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464

.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608

.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC

.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720

.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4

.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838

.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[920] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00130950

.text D:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[944] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8

.text D:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[944] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090

.text D:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[944] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694

.text D:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[944] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0

.text D:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[944] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234

.text D:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[944] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004

.text D:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[944] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C

.text D:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[944] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0

.text D:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[944] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C

.text D:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[944] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8

.text D:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[944] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C

.text D:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[944] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464

.text D:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[944] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608

.text D:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[944] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4

.text D:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[944] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838

.text D:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[944] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00130950

.text D:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[944] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC

.text D:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[944] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720

.text D:\Program Files\Bonjour\mDNSResponder.exe[956] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8

.text D:\Program Files\Bonjour\mDNSResponder.exe[956] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090

.text D:\Program Files\Bonjour\mDNSResponder.exe[956] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694

.text D:\Program Files\Bonjour\mDNSResponder.exe[956] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0

.text D:\Program Files\Bonjour\mDNSResponder.exe[956] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234

.text D:\Program Files\Bonjour\mDNSResponder.exe[956] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004

.text D:\Program Files\Bonjour\mDNSResponder.exe[956] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C

.text D:\Program Files\Bonjour\mDNSResponder.exe[956] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0

.text D:\Program Files\Bonjour\mDNSResponder.exe[956] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C

.text D:\Program Files\Bonjour\mDNSResponder.exe[956] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8

.text D:\Program Files\Bonjour\mDNSResponder.exe[956] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C

.text D:\Program Files\Bonjour\mDNSResponder.exe[956] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464

.text D:\Program Files\Bonjour\mDNSResponder.exe[956] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608

.text D:\Program Files\Bonjour\mDNSResponder.exe[956] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4

.text D:\Program Files\Bonjour\mDNSResponder.exe[956] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838

.text D:\Program Files\Bonjour\mDNSResponder.exe[956] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00130950

.text D:\Program Files\Bonjour\mDNSResponder.exe[956] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC

.text D:\Program Files\Bonjour\mDNSResponder.exe[956] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720

.text D:\WINDOWS\system32\services.exe[984] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8

.text D:\WINDOWS\system32\services.exe[984] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090

.text D:\WINDOWS\system32\services.exe[984] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694

.text D:\WINDOWS\system32\services.exe[984] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0

.text D:\WINDOWS\system32\services.exe[984] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234

.text D:\WINDOWS\system32\services.exe[984] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004

.text D:\WINDOWS\system32\services.exe[984] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C

.text D:\WINDOWS\system32\services.exe[984] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0

.text D:\WINDOWS\system32\services.exe[984] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C

.text D:\WINDOWS\system32\services.exe[984] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8

.text D:\WINDOWS\system32\services.exe[984] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C

.text D:\WINDOWS\system32\services.exe[984] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464

.text D:\WINDOWS\system32\services.exe[984] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608

.text D:\WINDOWS\system32\services.exe[984] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC

.text D:\WINDOWS\system32\services.exe[984] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720

.text D:\WINDOWS\system32\lsass.exe[996] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8

.text D:\WINDOWS\system32\lsass.exe[996] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090

.text D:\WINDOWS\system32\lsass.exe[996] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694

.text D:\WINDOWS\system32\lsass.exe[996] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0

.text D:\WINDOWS\system32\lsass.exe[996] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234

.text D:\WINDOWS\system32\lsass.exe[996] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004

.text D:\WINDOWS\system32\lsass.exe[996] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C

.text D:\WINDOWS\system32\lsass.exe[996] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0

.text D:\WINDOWS\system32\lsass.exe[996] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C

.text D:\WINDOWS\system32\lsass.exe[996] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8

.text D:\WINDOWS\system32\lsass.exe[996] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C

.text D:\WINDOWS\system32\lsass.exe[996] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464

.text D:\WINDOWS\system32\lsass.exe[996] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608

.text D:\WINDOWS\system32\lsass.exe[996] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC

.text D:\WINDOWS\system32\lsass.exe[996] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720

.text D:\WINDOWS\system32\lsass.exe[996] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4

.text D:\WINDOWS\system32\lsass.exe[996] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838

.text D:\WINDOWS\system32\lsass.exe[996] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950

.text D:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8

.text D:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090

.text D:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694

.text D:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0

.text D:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234

.text D:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004

.text D:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C

.text D:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0

.text D:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C

.text D:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8

.text D:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C

.text D:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464

.text D:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608

.text D:\WINDOWS\system32\svchost.exe[1196] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC

.text D:\WINDOWS\system32\svchost.exe[1196] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720

.text D:\WINDOWS\system32\svchost.exe[1196] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4

.text D:\WINDOWS\system32\svchost.exe[1196] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838

.text D:\WINDOWS\system32\svchost.exe[1196] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950

.text D:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8

.text D:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090

.text D:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694

.text D:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0

.text D:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234

.text D:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004

.text D:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C

.text D:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0

.text D:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C

.text D:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8

.text D:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C

.text D:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464

.text D:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608

.text D:\WINDOWS\system32\svchost.exe[1292] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC

.text D:\WINDOWS\system32\svchost.exe[1292] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720

.text D:\WINDOWS\system32\svchost.exe[1292] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4

.text D:\WINDOWS\system32\svchost.exe[1292] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838

.text D:\WINDOWS\system32\svchost.exe[1292] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950

.text D:\WINDOWS\System32\imapi.exe[1380] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8

.text D:\WINDOWS\System32\imapi.exe[1380] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090

.text D:\WINDOWS\System32\imapi.exe[1380] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694

.text D:\WINDOWS\System32\imapi.exe[1380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0

.text D:\WINDOWS\System32\imapi.exe[1380] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234

.text D:\WINDOWS\System32\imapi.exe[1380] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004

.text D:\WINDOWS\System32\imapi.exe[1380] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C

.text D:\WINDOWS\System32\imapi.exe[1380] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0

.text D:\WINDOWS\System32\imapi.exe[1380] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C

.text D:\WINDOWS\System32\imapi.exe[1380] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8

.text D:\WINDOWS\System32\imapi.exe[1380] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C

.text D:\WINDOWS\System32\imapi.exe[1380] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464

.text D:\WINDOWS\System32\imapi.exe[1380] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608

.text D:\WINDOWS\System32\imapi.exe[1380] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC

.text D:\WINDOWS\System32\imapi.exe[1380] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720

.text D:\Program Files\Windows Defender\MsMpEng.exe[1420] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8

.text D:\Program Files\Windows Defender\MsMpEng.exe[1420] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090

.text D:\Program Files\Windows Defender\MsMpEng.exe[1420] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694

.text D:\Program Files\Windows Defender\MsMpEng.exe[1420] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0

.text D:\Program Files\Windows Defender\MsMpEng.exe[1420] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234

.text D:\Program Files\Windows Defender\MsMpEng.exe[1420] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004

.text D:\Program Files\Windows Defender\MsMpEng.exe[1420] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C

.text D:\Program Files\Windows Defender\MsMpEng.exe[1420] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0

.text D:\Program Files\Windows Defender\MsMpEng.exe[1420] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C

.text D:\Program Files\Windows Defender\MsMpEng.exe[1420] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8

.text D:\Program Files\Windows Defender\MsMpEng.exe[1420] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C

.text D:\Program Files\Windows Defender\MsMpEng.exe[1420] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464

.text D:\Program Files\Windows Defender\MsMpEng.exe[1420] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608

.text D:\Program Files\Windows Defender\MsMpEng.exe[1420] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000707AC

.text D:\Program Files\Windows Defender\MsMpEng.exe[1420] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00070720

.text D:\Program Files\Windows Defender\MsMpEng.exe[1420] WS2_32.dll!socket 719F4211 5 Bytes JMP 000708C4

.text D:\Program Files\Windows Defender\MsMpEng.exe[1420] WS2_32.dll!bind 719F4480 5 Bytes JMP 00070838

.text D:\Program Files\Windows Defender\MsMpEng.exe[1420] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00070950

.text D:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8

.text D:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090

.text D:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694

.text D:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0

.text D:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234

.text D:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004

.text D:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C

.text D:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0

.text D:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C

.text D:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8

.text D:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C

.text D:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464

.text D:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608

.text D:\WINDOWS\System32\svchost.exe[1464] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC

.text D:\WINDOWS\System32\svchost.exe[1464] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720

.text D:\WINDOWS\System32\svchost.exe[1464] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4

.text D:\WINDOWS\System32\svchost.exe[1464] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838

.text D:\WINDOWS\System32\svchost.exe[1464] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950

.text D:\WINDOWS\System32\svchost.exe[1464] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 00080F54

.text D:\WINDOWS\System32\svchost.exe[1464] WININET.dll!InternetConnectW 404BF862 5 Bytes JMP 00080FE0

.text D:\WINDOWS\System32\svchost.exe[1464] WININET.dll!InternetOpenA 404CD690 5 Bytes JMP 00080D24

.text D:\WINDOWS\System32\svchost.exe[1464] WININET.dll!InternetOpenW 404CDB09 5 Bytes JMP 00080DB0

.text D:\WINDOWS\System32\svchost.exe[1464] WININET.dll!InternetOpenUrlA 404CF3A4 5 Bytes JMP 00080E3C

.text D:\WINDOWS\System32\svchost.exe[1464] WININET.dll!InternetOpenUrlW 40516D5F 5 Bytes JMP 00080EC8

.text D:\Program Files\Java\jre6\bin\jqs.exe[1528] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8

.text D:\Program Files\Java\jre6\bin\jqs.exe[1528] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090

.text D:\Program Files\Java\jre6\bin\jqs.exe[1528] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694

.text D:\Program Files\Java\jre6\bin\jqs.exe[1528] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0

.text D:\Program Files\Java\jre6\bin\jqs.exe[1528] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234

.text D:\Program Files\Java\jre6\bin\jqs.exe[1528] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004

.text D:\Program Files\Java\jre6\bin\jqs.exe[1528] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C

.text D:\Program Files\Java\jre6\bin\jqs.exe[1528] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0

.text D:\Program Files\Java\jre6\bin\jqs.exe[1528] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C

.text D:\Program Files\Java\jre6\bin\jqs.exe[1528] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8

.text D:\Program Files\Java\jre6\bin\jqs.exe[1528] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C

.text D:\Program Files\Java\jre6\bin\jqs.exe[1528] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464

.text D:\Program Files\Java\jre6\bin\jqs.exe[1528] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608

.text D:\Program Files\Java\jre6\bin\jqs.exe[1528] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4

.text D:\Program Files\Java\jre6\bin\jqs.exe[1528] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838

.text D:\Program Files\Java\jre6\bin\jqs.exe[1528] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00130950

.text D:\Program Files\Java\jre6\bin\jqs.exe[1528] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC

.text D:\Program Files\Java\jre6\bin\jqs.exe[1528] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720

.text D:\Program Files\CDBurnerXP\NMSAccessU.exe[1656] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8

.text D:\Program Files\CDBurnerXP\NMSAccessU.exe[1656] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090

.text D:\Program Files\CDBurnerXP\NMSAccessU.exe[1656] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694

.text D:\Program Files\CDBurnerXP\NMSAccessU.exe[1656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0

.text D:\Program Files\CDBurnerXP\NMSAccessU.exe[1656] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234

.text D:\Program Files\CDBurnerXP\NMSAccessU.exe[1656] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004

.text D:\Program Files\CDBurnerXP\NMSAccessU.exe[1656] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C

.text D:\Program Files\CDBurnerXP\NMSAccessU.exe[1656] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0

.text D:\Program Files\CDBurnerXP\NMSAccessU.exe[1656] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C

.text D:\Program Files\CDBurnerXP\NMSAccessU.exe[1656] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8

.text D:\Program Files\CDBurnerXP\NMSAccessU.exe[1656] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C

.text D:\Program Files\CDBurnerXP\NMSAccessU.exe[1656] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464

.text D:\Program Files\CDBurnerXP\NMSAccessU.exe[1656] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608

.text D:\Program Files\CDBurnerXP\NMSAccessU.exe[1656] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC

.text D:\Program Files\CDBurnerXP\NMSAccessU.exe[1656] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720

.text D:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8

.text D:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090

.text D:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694

.text D:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0

.text D:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234

.text D:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004

.text D:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C

.text D:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0

.text D:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C

.text D:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8

.text D:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C

.text D:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464

.text D:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608

.text D:\WINDOWS\System32\svchost.exe[1680] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC

.text D:\WINDOWS\System32\svchost.exe[1680] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720

.text D:\WINDOWS\System32\svchost.exe[1680] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4

.text D:\WINDOWS\System32\svchost.exe[1680] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838

.text D:\WINDOWS\System32\svchost.exe[1680] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950

.text D:\WINDOWS\System32\NMSSvc.exe[1700] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8

.text D:\WINDOWS\System32\NMSSvc.exe[1700] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090

.text D:\WINDOWS\System32\NMSSvc.exe[1700] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694

.text D:\WINDOWS\System32\NMSSvc.exe[1700] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0

.text D:\WINDOWS\System32\NMSSvc.exe[1700] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234

.text D:\WINDOWS\System32\NMSSvc.exe[1700] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004

.text D:\WINDOWS\System32\NMSSvc.exe[1700] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C

.text D:\WINDOWS\System32\NMSSvc.exe[1700] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0

.text D:\WINDOWS\System32\NMSSvc.exe[1700] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C

.text D:\WINDOWS\System32\NMSSvc.exe[1700] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8

.text D:\WINDOWS\System32\NMSSvc.exe[1700] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C

.text D:\WINDOWS\System32\NMSSvc.exe[1700] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464

.text D:\WINDOWS\System32\NMSSvc.exe[1700] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608

.text D:\WINDOWS\System32\NMSSvc.exe[1700] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC

.text D:\WINDOWS\System32\NMSSvc.exe[1700] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720

.text D:\WINDOWS\System32\NMSSvc.exe[1700] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4

.text D:\WINDOWS\System32\NMSSvc.exe[1700] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838

.text D:\WINDOWS\System32\NMSSvc.exe[1700] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00130950

.text D:\WINDOWS\system32\nvsvc32.exe[1764] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8

.text D:\WINDOWS\system32\nvsvc32.exe[1764] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090

.text D:\WINDOWS\system32\nvsvc32.exe[1764] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694

.text D:\WINDOWS\system32\nvsvc32.exe[1764] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0

.text D:\WINDOWS\system32\nvsvc32.exe[1764] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234

.text D:\WINDOWS\system32\nvsvc32.exe[1764] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004

.text D:\WINDOWS\system32\nvsvc32.exe[1764] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C

.text D:\WINDOWS\system32\nvsvc32.exe[1764] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0

.text D:\WINDOWS\system32\nvsvc32.exe[1764] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C

.text D:\WINDOWS\system32\nvsvc32.exe[1764] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8

.text D:\WINDOWS\system32\nvsvc32.exe[1764] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C

.text D:\WINDOWS\system32\nvsvc32.exe[1764] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464

.text D:\WINDOWS\system32\nvsvc32.exe[1764] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608

.text D:\WINDOWS\system32\nvsvc32.exe[1764] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC

.text D:\WINDOWS\system32\nvsvc32.exe[1764] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720

.text D:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8

.text D:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090

.text D:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694

.text D:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0

.text D:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234

.text D:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004

.text D:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C

.text D:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0

.text D:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C

.text D:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8

.text D:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C

.text D:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464

.text D:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608

.text D:\WINDOWS\System32\svchost.exe[1812] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC

.text D:\WINDOWS\System32\svchost.exe[1812] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720

.text D:\WINDOWS\System32\svchost.exe[1812] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4

.text D:\WINDOWS\System32\svchost.exe[1812] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838

.text D:\WINDOWS\System32\svchost.exe[1812] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950

.text D:\WINDOWS\system32\spoolsv.exe[1876] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8

.text D:\WINDOWS\system32\spoolsv.exe[1876] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090

.text D:\WINDOWS\system32\spoolsv.exe[1876] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694

.text D:\WINDOWS\system32\spoolsv.exe[1876] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0

.text D:\WINDOWS\system32\spoolsv.exe[1876] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234

.text D:\WINDOWS\system32\spoolsv.exe[1876] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004

.text D:\WINDOWS\system32\spoolsv.exe[1876] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C

.text D:\WINDOWS\system32\spoolsv.exe[1876] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0

.text D:\WINDOWS\system32\spoolsv.exe[1876] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C

.text D:\WINDOWS\system32\spoolsv.exe[1876] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8

.text D:\WINDOWS\system32\spoolsv.exe[1876] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C

.text D:\WINDOWS\system32\spoolsv.exe[1876] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464

.text D:\WINDOWS\system32\spoolsv.exe[1876] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608

.text D:\WINDOWS\system32\spoolsv.exe[1876] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC

.text D:\WINDOWS\system32\spoolsv.exe[1876] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720

.text D:\WINDOWS\system32\spoolsv.exe[1876] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4

.text D:\WINDOWS\system32\spoolsv.exe[1876] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838

.text D:\WINDOWS\system32\spoolsv.exe[1876] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950

.text D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1944] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8

.text D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1944] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090

.text D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1944] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694

.text D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1944] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0

.text D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1944] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234

.text D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1944] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004

.text D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1944] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C

.text D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1944] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0

.text D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1944] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C

.text D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1944] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8

.text D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1944] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C

.text D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1944] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464

.text D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1944] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608

.text D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1944] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000707AC

.text D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1944] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00070720

.text D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1944] WS2_32.dll!socket 719F4211 5 Bytes JMP 000708C4

.text D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1944] WS2_32.dll!bind 719F4480 5 Bytes JMP 00070838

.text D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1944] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00070950

.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[2044] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8

.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[2044] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090

.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[2044] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694

.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[2044] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0

.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[2044] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234

.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[2044] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004

.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[2044] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C

.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[2044] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0

.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[2044] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C

.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[2044] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8

.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[2044] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C

.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[2044] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464

.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[2044] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608

.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[2044] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC

.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[2044] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720

.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[2044] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4

.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[2044] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838

.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[2044] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00130950

.text D:\WINDOWS\system32\wscntfy.exe[2052] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8

.text D:\WINDOWS\system32\wscntfy.exe[2052] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090

.text D:\WINDOWS\system32\wscntfy.exe[2052] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694

.text D:\WINDOWS\system32\wscntfy.exe[2052] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0

.text D:\WINDOWS\system32\wscntfy.exe[2052] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234

.text D:\WINDOWS\system32\wscntfy.exe[2052] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004

.text D:\WINDOWS\system32\wscntfy.exe[2052] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C

.text D:\WINDOWS\system32\wscntfy.exe[2052] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0

.text D:\WINDOWS\system32\wscntfy.exe[2052] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C

.text D:\WINDOWS\system32\wscntfy.exe[2052] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8

.text D:\WINDOWS\system32\wscntfy.exe[2052] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C

.text D:\WINDOWS\system32\wscntfy.exe[2052] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464

.text D:\WINDOWS\system32\wscntfy.exe[2052] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608

.text D:\WINDOWS\system32\wscntfy.exe[2052] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000707AC

.text D:\WINDOWS\system32\wscntfy.exe[2052] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00070720

.text D:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[2172] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8

.text D:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[2172] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090

.text D:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[2172] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694

.text D:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[2172] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0

.text D:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[2172] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234

.text D:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[2172] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004

.text D:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[2172] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C

.text D:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[2172] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0

.text D:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[2172] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C

.text D:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[2172] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8

.text D:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[2172] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C

.text D:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[2172] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464

.text D:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[2172] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608

.text D:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[2172] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001407AC

.text D:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[2172] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00140720

.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2380] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8

.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2380] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090

.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2380] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694

.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0

.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2380] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234

.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2380] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004

.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2380] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C

.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2380] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0

.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2380] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C

.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2380] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8

.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2380] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C

.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2380] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464

.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2380] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608

.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2380] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001407AC

.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2380] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00140720

.text D:\WINDOWS\Explorer.EXE[2388] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8

.text D:\WINDOWS\Explorer.EXE[2388] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090

.text D:\WINDOWS\Explorer.EXE[2388] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694

.text D:\WINDOWS\Explorer.EXE[2388] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0

.text D:\WINDOWS\Explorer.EXE[2388] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234

.text D:\WINDOWS\Explorer.EXE[2388] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004

.text D:\WINDOWS\Explorer.EXE[2388] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C

.text D:\WINDOWS\Explorer.EXE[2388] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0

.text D:\WINDOWS\Explorer.EXE[2388] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C

.text D:\WINDOWS\Explorer.EXE[2388] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8

.text D:\WINDOWS\Explorer.EXE[2388] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C

.text D:\WINDOWS\Explorer.EXE[2388] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464

.text D:\WINDOWS\Explorer.EXE[2388] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608

.text D:\WINDOWS\Explorer.EXE[2388] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC

.text D:\WINDOWS\Explorer.EXE[2388] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720

.text D:\WINDOWS\Explorer.EXE[2388] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 00080F54

.text D:\WINDOWS\Explorer.EXE[2388] WININET.dll!InternetConnectW 404BF862 5 Bytes JMP 00080FE0

.text D:\WINDOWS\Explorer.EXE[2388] WININET.dll!InternetOpenA 404CD690 5 Bytes JMP 00080D24

.text D:\WINDOWS\Explorer.EXE[2388] WININET.dll!InternetOpenW 404CDB09 5 Bytes JMP 00080DB0

.text D:\WINDOWS\Explorer.EXE[2388] WININET.dll!InternetOpenUrlA 404CF3A4 5 Bytes JMP 00080E3C

.text D:\WINDOWS\Explorer.EXE[2388] WININET.dll!InternetOpenUrlW 40516D5F 5 Bytes JMP 00080EC8

.text D:\WINDOWS\Explorer.EXE[2388] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4

.text D:\WINDOWS\Explorer.EXE[2388] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838

.text D:\WINDOWS\Explorer.EXE[2388] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950

.text D:\Documents and Settings\Rolland\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe[2572] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8

.text D:\Documents and Settings\Rolland\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe[2572] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090

.text D:\Documents and Settings\Rolland\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe[2572] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694

.text D:\Documents and Settings\Rolland\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe[2572] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0

.text D:\Documents and Settings\Rolland\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe[2572] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234

.text D:\Documents and Settings\Rolland\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe[2572] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004

.text D:\Documents and Settings\Rolland\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe[2572] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C

.text D:\Documents and Settings\Rolland\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe[2572] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0

.text D:\Documents and Settings\Rolland\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe[2572] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C

.text D:\Documents and Settings\Rolland\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe[2572] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8

.text D:\Documents and Settings\Rolland\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe[2572] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C

.text D:\Documents and Settings\Rolland\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe[2572] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464

.text D:\Documents and Settings\Rolland\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe[2572] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608

.text D:\Documents and Settings\Rolland\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe[2572] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001407AC

.text D:\Documents and Settings\Rolland\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe[2572] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00140720

.text D:\WINDOWS\System32\svchost.exe[2580] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8

.text D:\WINDOWS\System32\svchost.exe[2580] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090

.text D:\WINDOWS\System32\svchost.exe[2580] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694

.text D:\WINDOWS\System32\svchost.exe[2580] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0

.text D:\WINDOWS\System32\svchost.exe[2580] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234

.text D:\WINDOWS\System32\svchost.exe[2580] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004

.text D:\WINDOWS\System32\svchost.exe[2580] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C

.text D:\WINDOWS\System32\svchost.exe[2580] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0

.text D:\WINDOWS\System32\svchost.exe[2580] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C

.text D:\WINDOWS\System32\svchost.exe[2580] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8

.text D:\WINDOWS\System32\svchost.exe[2580] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C

.text D:\WINDOWS\System32\svchost.exe[2580] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464

.text D:\WINDOWS\System32\svchost.exe[2580] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608

.text D:\WINDOWS\System32\svchost.exe[2580] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC

.text D:\WINDOWS\System32\svchost.exe[2580] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720

.text D:\WINDOWS\System32\svchost.exe[2580] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4

.text D:\WINDOWS\System32\svchost.exe[2580] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838

.text D:\WINDOWS\System32\svchost.exe[2580] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950

.text D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2604] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8

.text D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2604] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090

.text D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2604] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694

.text D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2604] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0

.text D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2604] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234

.text D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2604] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004

.text D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2604] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C

.text D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2604] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0

.text D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2604] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C

.text D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2604] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8

.text D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2604] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C

.text D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2604] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464

.text D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2604] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608

.text D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2604] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001407AC

.text D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2604] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00140720

.text D:\Program Files\Saitek\SD6\Software\ProfilerU.exe[2828] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8

.text D:\Program Files\Saitek\SD6\Software\ProfilerU.exe[2828] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090

.text D:\Program Files\Saitek\SD6\Software\ProfilerU.exe[2828] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694

.text D:\Program Files\Saitek\SD6\Software\ProfilerU.exe[2828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0

.text D:\Program Files\Saitek\SD6\Software\ProfilerU.exe[2828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234

.text D:\Program Files\Saitek\SD6\Software\ProfilerU.exe[2828] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004

.text D:\Program Files\Saitek\SD6\Software\ProfilerU.exe[2828] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C

.text D:\Program Files\Saitek\SD6\Software\ProfilerU.exe[2828] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0

.text D:\Program Files\Saitek\SD6\Software\ProfilerU.exe[2828] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C

.text D:\Program Files\Saitek\SD6\Software\ProfilerU.exe[2828] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8

.text D:\Program Files\Saitek\SD6\Software\ProfilerU.exe[2828] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C

.text D:\Program Files\Saitek\SD6\Software\ProfilerU.exe[2828] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464

.text D:\Program Files\Saitek\SD6\Software\ProfilerU.exe[2828] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608

.text D:\Program Files\Saitek\SD6\Software\ProfilerU.exe[2828] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001407AC

.text D:\Program Files\Saitek\SD6\Software\ProfilerU.exe[2828] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00140720

.text D:\Program Files\Saitek\SD6\Software\SaiMfd.exe[2924] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8

.text D:\Program Files\Saitek\SD6\Software\SaiMfd.exe[2924] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090

.text D:\Program Files\Saitek\SD6\Software\SaiMfd.exe[2924] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694

.text D:\Program Files\Saitek\SD6\Software\SaiMfd.exe[2924] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0

.text D:\Program Files\Saitek\SD6\Software\SaiMfd.exe[2924] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234

.text D:\Program Files\Saitek\SD6\Software\SaiMfd.exe[2924] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004

.text D:\Program Files\Saitek\SD6\Software\SaiMfd.exe[2924] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C

.text D:\Program Files\Saitek\SD6\Software\SaiMfd.exe[2924] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0

.text D:\Program Files\Saitek\SD6\Software\SaiMfd.exe[2924] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C

.text D:\Program Files\Saitek\SD6\Software\SaiMfd.exe[2924] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8

.text D:\Program Files\Saitek\SD6\Software\SaiMfd.exe[2924] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C

.text D:\Program Files\Saitek\SD6\Software\SaiMfd.exe[2924] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464

.text D:\Program Files\Saitek\SD6\Software\SaiMfd.exe[2924] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608

.text D:\Program Files\Saitek\SD6\Software\SaiMfd.exe[2924] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001407AC

.text D:\Program Files\Saitek\SD6\Software\SaiMfd.exe[2924] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00140720

.text D:\WINDOWS\system32\RUNDLL32.EXE[3060] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8

.text D:\WINDOWS\system32\RUNDLL32.EXE[3060] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090

.text D:\WINDOWS\system32\RUNDLL32.EXE[3060] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694

.text D:\WINDOWS\system32\RUNDLL32.EXE[3060] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0

.text D:\WINDOWS\system32\RUNDLL32.EXE[3060] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234

.text D:\WINDOWS\system32\RUNDLL32.EXE[3060] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004

.text D:\WINDOWS\system32\RUNDLL32.EXE[3060] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C

.text D:\WINDOWS\system32\RUNDLL32.EXE[3060] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0

.text D:\WINDOWS\system32\RUNDLL32.EXE[3060] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C

.text D:\WINDOWS\system32\RUNDLL32.EXE[3060] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8

.text D:\WINDOWS\system32\RUNDLL32.EXE[3060] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C

.text D:\WINDOWS\system32\RUNDLL32.EXE[3060] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464

.text D:\WINDOWS\system32\RUNDLL32.EXE[3060] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608

.text D:\WINDOWS\system32\RUNDLL32.EXE[3060] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC

.text D:\WINDOWS\system32\RUNDLL32.EXE[3060] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720

.text D:\Program Files\iTunes\iTunesHelper.exe[3200] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8

.text D:\Program Files\iTunes\iTunesHelper.exe[3200] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090

.text D:\Program Files\iTunes\iTunesHelper.exe[3200] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694

.text D:\Program Files\iTunes\iTunesHelper.exe[3200] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0

.text D:\Program Files\iTunes\iTunesHelper.exe[3200] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234

.text D:\Program Files\iTunes\iTunesHelper.exe[3200] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004

.text D:\Program Files\iTunes\iTunesHelper.exe[3200] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C

.text D:\Program Files\iTunes\iTunesHelper.exe[3200] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0

.text D:\Program Files\iTunes\iTunesHelper.exe[3200] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C

.text D:\Program Files\iTunes\iTunesHelper.exe[3200] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8

.text D:\Program Files\iTunes\iTunesHelper.exe[3200] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C

.text D:\Program Files\iTunes\iTunesHelper.exe[3200] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464

.text D:\Program Files\iTunes\iTunesHelper.exe[3200] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608

.text D:\Program Files\iTunes\iTunesHelper.exe[3200] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001407AC

.text D:\Program Files\iTunes\iTunesHelper.exe[3200] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00140720

.text D:\Program Files\iTunes\iTunesHelper.exe[3200] WS2_32.dll!socket 719F4211 5 Bytes JMP 001408C4

.text D:\Program Files\iTunes\iTunesHelper.exe[3200] WS2_32.dll!bind 719F4480 5 Bytes JMP 00140838

.text D:\Program Files\iTunes\iTunesHelper.exe[3200] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00140950

.text D:\Program Files\iTunes\iTunesHelper.exe[3200] WININET.DLL!InternetConnectA 404BDEAE 5 Bytes JMP 00140F54

.text D:\Program Files\iTunes\iTunesHelper.exe[3200] WININET.DLL!InternetConnectW 404BF862 5 Bytes JMP 00140FE0

.text D:\Program Files\iTunes\iTunesHelper.exe[3200] WININET.DLL!InternetOpenA 404CD690 5 Bytes JMP 00140D24

.text D:\Program Files\iTunes\iTunesHelper.exe[3200] WININET.DLL!InternetOpenW 404CDB09 5 Bytes JMP 00140DB0

.text D:\Program Files\iTunes\iTunesHelper.exe[3200] WININET.DLL!InternetOpenUrlA 404CF3A4 5 Bytes JMP 00140E3C

.text D:\Program Files\iTunes\iTunesHelper.exe[3200] WININET.DLL!InternetOpenUrlW 40516D5F 5 Bytes JMP 00140EC8

.text D:\WINDOWS\system32\ctfmon.exe[3252] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8

.text D:\WINDOWS\system32\ctfmon.exe[3252] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090

.text D:\WINDOWS\system32\ctfmon.exe[3252] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694

.text D:\WINDOWS\system32\ctfmon.exe[3252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0

.text D:\WINDOWS\system32\ctfmon.exe[3252] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234

.text D:\WINDOWS\system32\ctfmon.exe[3252] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004

.text D:\WINDOWS\system32\ctfmon.exe[3252] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C

.text D:\WINDOWS\system32\ctfmon.exe[3252] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0

.text D:\WINDOWS\system32\ctfmon.exe[3252] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C

.text D:\WINDOWS\system32\ctfmon.exe[3252] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8

.text D:\WINDOWS\system32\ctfmon.exe[3252] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C

.text D:\WINDOWS\system32\ctfmon.exe[3252] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464

.text D:\WINDOWS\system32\ctfmon.exe[3252] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608

.text D:\WINDOWS\system32\ctfmon.exe[3252] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC

.text D:\WINDOWS\system32\ctfmon.exe[3252] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720

.text D:\WINDOWS\System32\alg.exe[3600] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8

.text D:\WINDOWS\System32\alg.exe[3600] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090

.text D:\WINDOWS\System32\alg.exe[3600] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694

.text D:\WINDOWS\System32\alg.exe[3600] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0

.text D:\WINDOWS\System32\alg.exe[3600] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234

.text D:\WINDOWS\System32\alg.exe[3600] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004

.text D:\WINDOWS\System32\alg.exe[3600] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C

.text D:\WINDOWS\System32\alg.exe[3600] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0

.text D:\WINDOWS\System32\alg.exe[3600] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C

.text D:\WINDOWS\System32\alg.exe[3600] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8

.text D:\WINDOWS\System32\alg.exe[3600] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C

.text D:\WINDOWS\System32\alg.exe[3600] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464

.text D:\WINDOWS\System32\alg.exe[3600] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608

.text D:\WINDOWS\System32\alg.exe[3600] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC

.text D:\WINDOWS\System32\alg.exe[3600] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720

.text D:\WINDOWS\System32\alg.exe[3600] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4

.text D:\WINDOWS\System32\alg.exe[3600] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838

.text D:\WINDOWS\System32\alg.exe[3600] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950

.text D:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE[3856] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8

.text D:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE[3856] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090

.text D:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE[3856] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694

.text D:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE[3856] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0

.text D:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE[3856] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234

.text D:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE[3856] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004

.text D:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE[3856] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C

.text D:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE[3856] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0

.text D:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE[3856] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C

.text D:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE[3856] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8

.text D:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE[3856] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C

.text D:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE[3856] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464

.text D:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE[3856] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608

.text D:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE[3856] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001407AC

.text D:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE[3856] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00140720

.text D:\Program Files\iPod\bin\iPodService.exe[3868] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8

.text D:\Program Files\iPod\bin\iPodService.exe[3868] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090

.text D:\Program Files\iPod\bin\iPodService.exe[3868] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694

.text D:\Program Files\iPod\bin\iPodService.exe[3868] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0

.text D:\Program Files\iPod\bin\iPodService.exe[3868] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234

.text D:\Program Files\iPod\bin\iPodService.exe[3868] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004

.text D:\Program Files\iPod\bin\iPodService.exe[3868] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C

.text D:\Program Files\iPod\bin\iPodService.exe[3868] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0

.text D:\Program Files\iPod\bin\iPodService.exe[3868] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C

.text D:\Program Files\iPod\bin\iPodService.exe[3868] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8

.text D:\Program Files\iPod\bin\iPodService.exe[3868] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C

.text D:\Program Files\iPod\bin\iPodService.exe[3868] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464

.text D:\Program Files\iPod\bin\iPodService.exe[3868] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608

.text D:\Program Files\iPod\bin\iPodService.exe[3868] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC

.text D:\Program Files\iPod\bin\iPodService.exe[3868] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720

.text D:\Documents and Settings\Rolland\Bureau\mt8rh3ox.exe[3988] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8

.text D:\Documents and Settings\Rolland\Bureau\mt8rh3ox.exe[3988] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090

.text D:\Documents and Settings\Rolland\Bureau\mt8rh3ox.exe[3988] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694

.text D:\Documents and Settings\Rolland\Bureau\mt8rh3ox.exe[3988] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0

.text D:\Documents and Settings\Rolland\Bureau\mt8rh3ox.exe[3988] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234

.text D:\Documents and Settings\Rolland\Bureau\mt8rh3ox.exe[3988] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004

.text D:\Documents and Settings\Rolland\Bureau\mt8rh3ox.exe[3988] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C

.text D:\Documents and Settings\Rolland\Bureau\mt8rh3ox.exe[3988] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0

.text D:\Documents and Settings\Rolland\Bureau\mt8rh3ox.exe[3988] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C

.text D:\Documents and Settings\Rolland\Bureau\mt8rh3ox.exe[3988] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8

.text D:\Documents and Settings\Rolland\Bureau\mt8rh3ox.exe[3988] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C

.text D:\Documents and Settings\Rolland\Bureau\mt8rh3ox.exe[3988] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464

.text D:\Documents and Settings\Rolland\Bureau\mt8rh3ox.exe[3988] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608

.text D:\Documents and Settings\Rolland\Bureau\mt8rh3ox.exe[3988] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001407AC

.text D:\Documents and Settings\Rolland\Bureau\mt8rh3ox.exe[3988] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00140720

.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[4000] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8

.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[4000] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090

.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[4000] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694

.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[4000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0

.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[4000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234

.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[4000] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004

.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[4000] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C

.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[4000] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0

.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[4000] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C

.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[4000] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8

.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[4000] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C

.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[4000] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464

.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[4000] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608

.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[4000] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001407AC

.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[4000] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00140720

.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[4000] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 00140F54

.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[4000] WININET.dll!InternetConnectW 404BF862 5 Bytes JMP 00140FE0

.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[4000] WININET.dll!InternetOpenA 404CD690 5 Bytes JMP 00140D24

.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[4000] WININET.dll!InternetOpenW 404CDB09 5 Bytes JMP 00140DB0

.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[4000] WININET.dll!InternetOpenUrlA 404CF3A4 5 Bytes JMP 00140E3C

.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[4000] WININET.dll!InternetOpenUrlW 40516D5F 5 Bytes JMP 00140EC8

 

---- Kernel IAT/EAT - GMER 1.0.15 ----

 

IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [b781BCE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [b781BD00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [b781BD90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [b781BDC0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [b781BD90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [b781BD00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [b781BCE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClCloseCall] [b781C680] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClMakeCall] [b781C580] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCoDeleteVc] [b781C4C0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCoCreateVc] [b781C360] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [b781BCE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [b781BD00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClOpenAddressFamily] [b781CBB0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClCloseAddressFamily] [b781CE70] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCoSendPackets] [b781C210] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [b781BDC0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [b781BD90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

 

---- Devices - GMER 1.0.15 ----

 

AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (Noyau et système NT/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (Noyau et système NT/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (Noyau et système NT/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (Noyau et système NT/Microsoft Corporation)

 

---- Registry - GMER 1.0.15 ----

 

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x1E 0xC2 0x7C 0xF8 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x1E 0xC2 0x7C 0xF8 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x1E 0xC2 0x7C 0xF8 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ D:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ D:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ D:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ D:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ D:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ D:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ D:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ D:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ D:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ D:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ D:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ D:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x05 0x73 0x21 0xDD ...

 

---- EOF - GMER 1.0.15 ----

 

@+

Modifié par Thanos
Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

salut ;)

 

Désolé pour l'attente!

Bon rien d'inquiétant sur ce rapport GMER.

Quelques questions auxquelles je n'avais pas répondu =>

1) Démarrage du PC très lent

est ce récent ? on peut faire un petit déblayage dans les applications qui se lancent inutilement au démarrage afin d'économiser un peu de ressources.

CLE DE REGISTRE BIZARRE

 

Dans HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager

 

La clé en question est BootExecute et la valeur est :

 

autocheck autochk *

SsiEfr.e

Cette clé est tout à fait légitime: sa valeur par défaut est autocheck autochk * (point de lancement du checkdisk dans le registre en gros)

SsiEfr.exe est un fichier qui appartient à SpySweeper Early File Remover qui permet de supprimer des malwares assez tôt lors du lancement du système. Il est légitime aussi, donc pas de souci: tu avais ce programme et tu l'as désinstallé?

4) Message de mon FAI concernant des spams venant de mon ip :

Il est possible que ton ip ait été blacklistée! Rend toi sur cette page et fais le test proposé => Postmaster.free.fr

Des explications y sont données sur l'erreur 421.

Dis moi quel résultat il te retourne (sans indiquer en clair ton adresse ip sur le forum)

rolmic Member

rolmic

Posté(e)
  • Auteur
Posté(e)

Pas de souci pour l'attente !

 

Déblayage : ok, je veux bien, car c'est vraiment long, le démarrage et j'ai presque l'impression que ça s'est allongé petit à petit.

 

Spysweeper : jamais installé à ma connaissance

 

Adresse ip : effectivement l'adresse ip en question est blacklistée pendant 337651s !

 

Voilà tout!

 

RM

rolmic Member

rolmic

Posté(e)
  • Auteur
Posté(e)

UP ! Merci d'avance !

 

Pas de souci pour l'attente !

 

Déblayage : ok, je veux bien, car c'est vraiment long, le démarrage et j'ai presque l'impression que ça s'est allongé petit à petit.

 

Spysweeper : jamais installé à ma connaissance

 

Adresse ip : effectivement l'adresse ip en question est blacklistée pendant 337651s !

 

Voilà tout!

 

ROLMIC

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...