VIRUS PHYSICAL DRIVE
Résolu
cécé de chez LELE
Messages postés
42
Date d'inscription
Statut
Membre
Dernière intervention
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour, depuis quelque temps mon ordi est infecté d'un virus physical drive mon anti virus (avast) me demande de le supprimer se que je fai a chaque fois mai il revien ts le temps! : resultat mon ordi rame, gell, il redemarre ts seul aidez moi sil vs plait je vs poste un scan hyjckathis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:20:01, on 03/05/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\vVX1000.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\SFR\Media Center\MediaCenter.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\Fichiers communs\Java\Java Update\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fr.fr.acer.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Productivity 2.2 Toolbar - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - C:\Program Files\Productivity_2.2\prxtbPro0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Productivity 2.2 - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - C:\Program Files\Productivity_2.2\prxtbPro0.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Productivity 2.2 Toolbar - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - C:\Program Files\Productivity_2.2\prxtbPro0.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/...
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} (CDFusionActiveXCtl Object) - http://tele.premiere.fr/...
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:20:01, on 03/05/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\vVX1000.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\SFR\Media Center\MediaCenter.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\Fichiers communs\Java\Java Update\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fr.fr.acer.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Productivity 2.2 Toolbar - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - C:\Program Files\Productivity_2.2\prxtbPro0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Productivity 2.2 - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - C:\Program Files\Productivity_2.2\prxtbPro0.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Productivity 2.2 Toolbar - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - C:\Program Files\Productivity_2.2\prxtbPro0.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/...
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} (CDFusionActiveXCtl Object) - http://tele.premiere.fr/...
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
A voir également:
- VIRUS PHYSICAL DRIVE
- Flash drive tester - Télécharger - Divers Utilitaires
- À quoi sert google drive sur android - Guide
- Google drive - Accueil - Arnaque
- Virus mcafee - Accueil - Piratage
- Suku drive - Télécharger - Téléchargement & Transfert
47 réponses
oh je sais plus ??? jen ai tellement fait ?? cest grave ??? en tous cas mon ordi va super mieux !! il rame plus il s'etein plu et avast ne me di plu ke jai un virus !! en plus jai nettoyer ma tour un une soufflette impecable !!il fait moins de bruit et jme sui acheter un disque dur externe parce que jai eu peur de perdr tte mes foto ! enfin voila quoi merci de ton aide si jamais cest important dutiliser defogger dis le moi sinon cest bon pr moi ! merci beaucoup de m'avoir consacré du temps
amicalement
céline
amicalement
céline
desactive tes protections puis enregistre ceci sur ton bureau
Pre_Scan
Avertissement: Il y aura une extinction courte du bureau --> pas de panique.
une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan.txt" sur le bureau.
si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"
si l'outil semble ne pas avoir fonctionné clique plusieurs fois très rapidement dessus ou renomme-le winlogon , ou change son extension en .com ou .scr
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus(Pre_Scan.txt).
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
juste au niveau du bouton , en fin de chargement du fichier , Un lien de cette forme apparaitra :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
▶ Copie ce lien dans ta réponse.
Pre_Scan
Avertissement: Il y aura une extinction courte du bureau --> pas de panique.
une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan.txt" sur le bureau.
si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"
si l'outil semble ne pas avoir fonctionné clique plusieurs fois très rapidement dessus ou renomme-le winlogon , ou change son extension en .com ou .scr
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus(Pre_Scan.txt).
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
juste au niveau du bouton , en fin de chargement du fichier , Un lien de cette forme apparaitra :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
▶ Copie ce lien dans ta réponse.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
▶ Télécharge : Gmer (by Przemyslaw Gmerek) et enregistre-le sur ton bureau
Desactive toutes tes protections le temps du scan de gMer
Pour XP => double clique sur gmer.exe
Pour Vista et 7 => clique droit "executer en tant que...."
▶ clique sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.
▶ Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)
Desactive toutes tes protections le temps du scan de gMer
Pour XP => double clique sur gmer.exe
Pour Vista et 7 => clique droit "executer en tant que...."
▶ clique sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.
▶ Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-04 22:48:35
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3250820AS rev.3.AAD
Running: gmer[1].exe; Driver: C:\DOCUME~1\deprez\LOCALS~1\Temp\uwxdqpog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA9F11202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA9F77C48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA9F356A1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA9F137F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA9F13848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA9F1395E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA9F35055]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA9F13746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA9F13898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA9F1379A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA9F1390C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA9F11226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA9F35D67]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA9F3601D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA9F13BE2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA9F35BD2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA9F35A3D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA9F77CF8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA9F10FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA9F1124A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA9F13D56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA9F11CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA9F13820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA9F13870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA9F13988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA9F353B1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA9F13772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA9F13A1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA9F138D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA9F137C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA9F13AFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA9F13936]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA9F77D90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA9F358B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA9F11BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA9F3570A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA9F80CAE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA9F346C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA9F1126E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA9F11292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA9F1104A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA9F11186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA9F35E6E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA9F11162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA9F111AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA9F112B6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA9F8D762]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
PAGE TUKERNEL.EXE!ObInsertObject 8056DA64 5 Bytes JMP A9F8ABBC \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE TUKERNEL.EXE!PsCreateSystemThread + 455 805766FB 4 Bytes CALL A9F12335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE TUKERNEL.EXE!SeQueryInformationToken + A0C 8058B9EC 7 Bytes JMP A9F8D766 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE TUKERNEL.EXE!ObMakeTemporaryObject 805AD1E0 5 Bytes JMP A9F8911E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngFreeUserMem + 674 BF80996D 5 Bytes JMP A9F14CA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF81395C 5 Bytes JMP A9F14BAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 7690 BF823FF7 5 Bytes JMP A9F13F34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPaint + 118C2 BF839930 5 Bytes JMP A9F14180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPaint + 1194D BF8399BB 5 Bytes JMP A9F14326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 33C8 BF83D961 5 Bytes JMP A9F13E70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + 698 BF847820 5 Bytes JMP A9F14E0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + 3A66 BF84ABEE 5 Bytes JMP A9F15014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTextOut + 1DB5 BF85352E 5 Bytes JMP A9F14B1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 3629 BF8578AB 5 Bytes JMP A9F13E58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + A0E7 BF85E369 5 Bytes JMP A9F14BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnicodeToMultiByteN + 2ED7 BF861C8A 5 Bytes JMP A9F14F72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF87C6BE 5 Bytes JMP A9F142FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 9219 BF8B0165 5 Bytes JMP A9F13FA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + ABB BF8B9773 5 Bytes JMP A9F14D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 4CA2 BF8C3290 5 Bytes JMP A9F1403E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8EB8E7 5 Bytes JMP A9F140AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8EBB67 5 Bytes JMP A9F140E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8F99C1 5 Bytes JMP A9F13D8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A0A BF913BA8 5 Bytes JMP A9F13EF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25DE BF91477C 5 Bytes JMP A9F14008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F3D BF9170DB 5 Bytes JMP A9F14440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 190E BF9454A3 5 Bytes JMP A9F14ECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\Ati2evxx.exe[176] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\Ati2evxx.exe[176] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[176] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\Ati2evxx.exe[176] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[176] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\Ati2evxx.exe[176] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\Ati2evxx.exe[176] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\Ati2evxx.exe[176] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\Ati2evxx.exe[176] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\Ati2evxx.exe[176] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\WINDOWS\system32\Ati2evxx.exe[176] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\WINDOWS\system32\Ati2evxx.exe[176] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\Ati2evxx.exe[176] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\Ati2evxx.exe[176] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[176] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\Ati2evxx.exe[176] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\Ati2evxx.exe[176] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\Ati2evxx.exe[176] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[196] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001601F8
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[196] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[196] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001603FC
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[196] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[196] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00581014
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[196] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00580804
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[196] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00580A08
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[196] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00580C0C
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[196] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00580E10
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[196] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 005801F8
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[196] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 005803FC
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[196] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00580600
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[196] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00590804
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[196] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00590A08
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[196] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00590600
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[196] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 005901F8
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[196] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 005903FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003B1014
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003B0804
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003B0A08
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003B0C0C
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003B0E10
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003B01F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003B03FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003B0600
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003C0804
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003C0600
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003C01F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] USER32.dll!UnhookWinEvent 7E3B18AC 3 Bytes JMP 003C03FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] USER32.dll!UnhookWinEvent + 4 7E3B18B0 1 Byte [82]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[524] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[524] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[524] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[744] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[744] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[744] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[744] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[744] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[744] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[744] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[744] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[744] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[744] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[744] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[744] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[744] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[744] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[744] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[744] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[744] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\ehome\mcrdsvc.exe[972] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\ehome\mcrdsvc.exe[972] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\ehome\mcrdsvc.exe[972] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\ehome\mcrdsvc.exe[972] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\ehome\mcrdsvc.exe[972] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\ehome\mcrdsvc.exe[972] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\ehome\mcrdsvc.exe[972] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\ehome\mcrdsvc.exe[972] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\ehome\mcrdsvc.exe[972] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\ehome\mcrdsvc.exe[972] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\ehome\mcrdsvc.exe[972] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\ehome\mcrdsvc.exe[972] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\ehome\mcrdsvc.exe[972] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\ehome\mcrdsvc.exe[972] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\ehome\mcrdsvc.exe[972] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\ehome\mcrdsvc.exe[972] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\ehome\mcrdsvc.exe[972] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002D0600
.text C:\WINDOWS\ehome\ehtray.exe[984] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\ehome\ehtray.exe[984] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\ehome\ehtray.exe[984] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\ehome\ehtray.exe[984] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\ehome\ehtray.exe[984] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002E0804
.text C:\WINDOWS\ehome\ehtray.exe[984] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002E0A08
.text C:\WINDOWS\ehome\ehtray.exe[984] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002E0600
.text C:\WINDOWS\ehome\ehtray.exe[984] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002E01F8
.text C:\WINDOWS\ehome\ehtray.exe[984] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002E03FC
.text C:\WINDOWS\ehome\ehtray.exe[984] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002F1014
.text C:\WINDOWS\ehome\ehtray.exe[984] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002F0804
.text C:\WINDOWS\ehome\ehtray.exe[984] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002F0A08
.text C:\WINDOWS\ehome\ehtray.exe[984] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\ehome\ehtray.exe[984] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002F0E10
.text C:\WINDOWS\ehome\ehtray.exe[984] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002F01F8
.text C:\WINDOWS\ehome\ehtray.exe[984] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002F03FC
.text C:\WINDOWS\ehome\ehtray.exe[984] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002F0600
.text C:\WINDOWS\System32\smss.exe[1008] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\SysMonitor.exe[1044] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\SysMonitor.exe[1044] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1068] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001601F8
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1068] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1068] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001603FC
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1068] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1068] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1068] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1068] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1068] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1068] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1068] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003B1014
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1068] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003B0804
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1068] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003B0A08
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1068] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003B0C0C
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1068] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003B0E10
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1068] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003B01F8
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1068] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003B03FC
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1068] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003B0600
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1088] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1088] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1088] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1088] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1088] ADVAPI32.DLL!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00641014
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1088] ADVAPI32.DLL!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00640804
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1088] ADVAPI32.DLL!ChangeServiceConfigW 77E07001 5 Bytes JMP 00640A08
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1088] ADVAPI32.DLL!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00640C0C
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1088] ADVAPI32.DLL!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00640E10
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1088] ADVAPI32.DLL!CreateServiceA 77E07211 5 Bytes JMP 006401F8
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1088] ADVAPI32.DLL!CreateServiceW 77E073A9 5 Bytes JMP 006403FC
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1088] ADVAPI32.DLL!DeleteService 77E074B1 5 Bytes JMP 00640600
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1088] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00650804
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1088] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00650A08
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1088] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00650600
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1088] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 006501F8
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1088] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 006503FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1100] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001601F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1100] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1100] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001603FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1100] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1100] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00390804
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1100] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1100] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00390600
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1100] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003901F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1100] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003903FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1100] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A1014
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1100] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A0804
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1100] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0A08
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1100] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1100] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0E10
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1100] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A01F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1100] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1100] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A0600
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001601F8
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001603FC
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A1014
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A0804
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0A08
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0E10
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A01F8
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A0600
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003B0804
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 3 Bytes JMP 003B0A08
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] USER32.dll!UnhookWindowsHookEx + 4 7E3AD5F7 1 Byte [82]
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003B0600
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003B03FC
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001601F8
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001603FC
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001601F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001603FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A1014
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A0804
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0A08
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A0C0C
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0E10
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A01F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A03FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A0600
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003B0804
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 3 Bytes JMP 003B0A08
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] USER32.dll!UnhookWindowsHookEx + 4 7E3AD5F7 1 Byte [82]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003B0600
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003B01F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003B03FC
.text C:\WINDOWS\system32\csrss.exe[1172] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1172] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\SFR\Media Center\MediaCenter.exe[1180] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001601F8
.text C:\Program Files\SFR\Media Center\MediaCenter.exe[1180] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\SFR\Media Center\MediaCenter.exe[1180] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001603FC
.text C:\Program Files\SFR\Media Center\MediaCenter.exe[1180] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\SFR\Media Center\MediaCenter.exe[1180] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804
.text C:\Program Files\SFR\Media Center\MediaCenter.exe[1180] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\SFR\Media Center\MediaCenter.exe[1180] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600
.text C:\Program Files\SFR\Media Center\MediaCenter.exe[1180] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8
.text C:\Program Files\SFR\Media Center\MediaCenter.exe[1180] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC
.text C:\Program Files\SFR\Media Center\MediaCenter.exe[1180] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003B1014
.text C:\Program Files\SFR\Media Center\MediaCenter.exe[1180] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003B0804
.text C:\Program Files\SFR\Media Center\MediaCenter.exe[1180] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003B0A08
.text C:\Program Files\SFR\Media Center\MediaCenter.exe[1180] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003B0C0C
.text C:\Program Files\SFR\Media Center\MediaCenter.exe[1180] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003B0E10
.text C:\Program Files\SFR\Media Center\MediaCenter.exe[1180] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003B01F8
.text C:\Program Files\SFR\Media Center\MediaCenter.exe[1180] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003B03FC
.text C:\Program Files\SFR\Media Center\MediaCenter.exe[1180] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003B0600
.text C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe[1188] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe[1188] ntdll.
Rootkit scan 2011-05-04 22:48:35
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3250820AS rev.3.AAD
Running: gmer[1].exe; Driver: C:\DOCUME~1\deprez\LOCALS~1\Temp\uwxdqpog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA9F11202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA9F77C48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA9F356A1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA9F137F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA9F13848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA9F1395E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA9F35055]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA9F13746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA9F13898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA9F1379A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA9F1390C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA9F11226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA9F35D67]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA9F3601D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA9F13BE2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA9F35BD2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA9F35A3D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA9F77CF8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA9F10FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA9F1124A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA9F13D56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA9F11CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA9F13820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA9F13870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA9F13988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA9F353B1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA9F13772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA9F13A1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA9F138D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA9F137C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA9F13AFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA9F13936]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA9F77D90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA9F358B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA9F11BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA9F3570A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA9F80CAE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA9F346C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA9F1126E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA9F11292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA9F1104A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA9F11186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA9F35E6E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA9F11162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA9F111AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA9F112B6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA9F8D762]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
PAGE TUKERNEL.EXE!ObInsertObject 8056DA64 5 Bytes JMP A9F8ABBC \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE TUKERNEL.EXE!PsCreateSystemThread + 455 805766FB 4 Bytes CALL A9F12335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE TUKERNEL.EXE!SeQueryInformationToken + A0C 8058B9EC 7 Bytes JMP A9F8D766 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE TUKERNEL.EXE!ObMakeTemporaryObject 805AD1E0 5 Bytes JMP A9F8911E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngFreeUserMem + 674 BF80996D 5 Bytes JMP A9F14CA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF81395C 5 Bytes JMP A9F14BAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 7690 BF823FF7 5 Bytes JMP A9F13F34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPaint + 118C2 BF839930 5 Bytes JMP A9F14180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPaint + 1194D BF8399BB 5 Bytes JMP A9F14326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 33C8 BF83D961 5 Bytes JMP A9F13E70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + 698 BF847820 5 Bytes JMP A9F14E0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + 3A66 BF84ABEE 5 Bytes JMP A9F15014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTextOut + 1DB5 BF85352E 5 Bytes JMP A9F14B1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 3629 BF8578AB 5 Bytes JMP A9F13E58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + A0E7 BF85E369 5 Bytes JMP A9F14BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnicodeToMultiByteN + 2ED7 BF861C8A 5 Bytes JMP A9F14F72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF87C6BE 5 Bytes JMP A9F142FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 9219 BF8B0165 5 Bytes JMP A9F13FA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + ABB BF8B9773 5 Bytes JMP A9F14D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 4CA2 BF8C3290 5 Bytes JMP A9F1403E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8EB8E7 5 Bytes JMP A9F140AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8EBB67 5 Bytes JMP A9F140E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8F99C1 5 Bytes JMP A9F13D8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A0A BF913BA8 5 Bytes JMP A9F13EF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25DE BF91477C 5 Bytes JMP A9F14008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F3D BF9170DB 5 Bytes JMP A9F14440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 190E BF9454A3 5 Bytes JMP A9F14ECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\Ati2evxx.exe[176] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\Ati2evxx.exe[176] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[176] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\Ati2evxx.exe[176] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[176] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\Ati2evxx.exe[176] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\Ati2evxx.exe[176] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\Ati2evxx.exe[176] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\Ati2evxx.exe[176] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\Ati2evxx.exe[176] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\WINDOWS\system32\Ati2evxx.exe[176] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\WINDOWS\system32\Ati2evxx.exe[176] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\Ati2evxx.exe[176] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\Ati2evxx.exe[176] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[176] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\Ati2evxx.exe[176] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\Ati2evxx.exe[176] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\Ati2evxx.exe[176] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[196] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001601F8
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[196] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[196] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001603FC
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[196] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[196] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00581014
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[196] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00580804
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[196] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00580A08
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[196] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00580C0C
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[196] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00580E10
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[196] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 005801F8
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[196] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 005803FC
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[196] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00580600
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[196] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00590804
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[196] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00590A08
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[196] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00590600
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[196] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 005901F8
.text C:\Program Files\IncrediMail\Bin\IncMail.exe[196] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 005903FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003B1014
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003B0804
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003B0A08
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003B0C0C
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003B0E10
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003B01F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003B03FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003B0600
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003C0804
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003C0600
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003C01F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] USER32.dll!UnhookWinEvent 7E3B18AC 3 Bytes JMP 003C03FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[324] USER32.dll!UnhookWinEvent + 4 7E3B18B0 1 Byte [82]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[524] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[524] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[524] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[744] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[744] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[744] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[744] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[744] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[744] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[744] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[744] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[744] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[744] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[744] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[744] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[744] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[744] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[744] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[744] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[744] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\ehome\mcrdsvc.exe[972] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\ehome\mcrdsvc.exe[972] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\ehome\mcrdsvc.exe[972] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\ehome\mcrdsvc.exe[972] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\ehome\mcrdsvc.exe[972] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\ehome\mcrdsvc.exe[972] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\ehome\mcrdsvc.exe[972] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\ehome\mcrdsvc.exe[972] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\ehome\mcrdsvc.exe[972] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\ehome\mcrdsvc.exe[972] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\ehome\mcrdsvc.exe[972] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\ehome\mcrdsvc.exe[972] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\ehome\mcrdsvc.exe[972] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\ehome\mcrdsvc.exe[972] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\ehome\mcrdsvc.exe[972] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\ehome\mcrdsvc.exe[972] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\ehome\mcrdsvc.exe[972] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002D0600
.text C:\WINDOWS\ehome\ehtray.exe[984] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\ehome\ehtray.exe[984] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\ehome\ehtray.exe[984] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\ehome\ehtray.exe[984] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\ehome\ehtray.exe[984] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002E0804
.text C:\WINDOWS\ehome\ehtray.exe[984] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002E0A08
.text C:\WINDOWS\ehome\ehtray.exe[984] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002E0600
.text C:\WINDOWS\ehome\ehtray.exe[984] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002E01F8
.text C:\WINDOWS\ehome\ehtray.exe[984] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002E03FC
.text C:\WINDOWS\ehome\ehtray.exe[984] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002F1014
.text C:\WINDOWS\ehome\ehtray.exe[984] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002F0804
.text C:\WINDOWS\ehome\ehtray.exe[984] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002F0A08
.text C:\WINDOWS\ehome\ehtray.exe[984] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\ehome\ehtray.exe[984] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002F0E10
.text C:\WINDOWS\ehome\ehtray.exe[984] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002F01F8
.text C:\WINDOWS\ehome\ehtray.exe[984] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002F03FC
.text C:\WINDOWS\ehome\ehtray.exe[984] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002F0600
.text C:\WINDOWS\System32\smss.exe[1008] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\SysMonitor.exe[1044] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\SysMonitor.exe[1044] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1068] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001601F8
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1068] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1068] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001603FC
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1068] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1068] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1068] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1068] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1068] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1068] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1068] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003B1014
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1068] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003B0804
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1068] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003B0A08
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1068] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003B0C0C
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1068] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003B0E10
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1068] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003B01F8
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1068] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003B03FC
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1068] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003B0600
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1088] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1088] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1088] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1088] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1088] ADVAPI32.DLL!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00641014
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1088] ADVAPI32.DLL!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00640804
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1088] ADVAPI32.DLL!ChangeServiceConfigW 77E07001 5 Bytes JMP 00640A08
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1088] ADVAPI32.DLL!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00640C0C
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1088] ADVAPI32.DLL!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00640E10
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1088] ADVAPI32.DLL!CreateServiceA 77E07211 5 Bytes JMP 006401F8
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1088] ADVAPI32.DLL!CreateServiceW 77E073A9 5 Bytes JMP 006403FC
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1088] ADVAPI32.DLL!DeleteService 77E074B1 5 Bytes JMP 00640600
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1088] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00650804
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1088] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00650A08
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1088] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00650600
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1088] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 006501F8
.text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1088] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 006503FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1100] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001601F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1100] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1100] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001603FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1100] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1100] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00390804
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1100] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1100] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00390600
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1100] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003901F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1100] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003903FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1100] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A1014
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1100] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A0804
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1100] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0A08
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1100] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1100] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0E10
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1100] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A01F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1100] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1100] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A0600
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001601F8
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001603FC
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A1014
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A0804
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0A08
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0E10
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A01F8
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A0600
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003B0804
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 3 Bytes JMP 003B0A08
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] USER32.dll!UnhookWindowsHookEx + 4 7E3AD5F7 1 Byte [82]
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003B0600
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1132] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003B03FC
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001601F8
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001603FC
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8
.text C:\Program Files\OO Software\Defrag\oodtray.exe[1144] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001601F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001603FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A1014
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A0804
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0A08
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A0C0C
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0E10
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A01F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A03FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A0600
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003B0804
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 3 Bytes JMP 003B0A08
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] USER32.dll!UnhookWindowsHookEx + 4 7E3AD5F7 1 Byte [82]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003B0600
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003B01F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1152] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003B03FC
.text C:\WINDOWS\system32\csrss.exe[1172] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1172] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\SFR\Media Center\MediaCenter.exe[1180] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001601F8
.text C:\Program Files\SFR\Media Center\MediaCenter.exe[1180] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\SFR\Media Center\MediaCenter.exe[1180] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001603FC
.text C:\Program Files\SFR\Media Center\MediaCenter.exe[1180] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\SFR\Media Center\MediaCenter.exe[1180] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804
.text C:\Program Files\SFR\Media Center\MediaCenter.exe[1180] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\SFR\Media Center\MediaCenter.exe[1180] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600
.text C:\Program Files\SFR\Media Center\MediaCenter.exe[1180] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8
.text C:\Program Files\SFR\Media Center\MediaCenter.exe[1180] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC
.text C:\Program Files\SFR\Media Center\MediaCenter.exe[1180] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003B1014
.text C:\Program Files\SFR\Media Center\MediaCenter.exe[1180] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003B0804
.text C:\Program Files\SFR\Media Center\MediaCenter.exe[1180] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003B0A08
.text C:\Program Files\SFR\Media Center\MediaCenter.exe[1180] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003B0C0C
.text C:\Program Files\SFR\Media Center\MediaCenter.exe[1180] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003B0E10
.text C:\Program Files\SFR\Media Center\MediaCenter.exe[1180] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003B01F8
.text C:\Program Files\SFR\Media Center\MediaCenter.exe[1180] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003B03FC
.text C:\Program Files\SFR\Media Center\MediaCenter.exe[1180] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003B0600
.text C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe[1188] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe[1188] ntdll.
tu l'a pa entierement ?? et ya pa un autre moyen ??? parce que jcompren rien sur cijoint.fr !!!!:-((
a wé ok jetai pa sur le bon site jme suis retrouvé sur un site orange enfin bref jvien d'essayer les fichiers avec extension log ne peuvent pa etr déposé !!
jai plu le temps jpar au taf juska 20 h !! :-(
a ce soir peut etr
merci!
jai plu le temps jpar au taf juska 20 h !! :-(
a ce soir peut etr
merci!
comment je fai pr fair une copie dans un nouveau doc texte ?? je fait ça avc open office ??? jsui nul en traitement de texte !
non cest une blague ? est se ke je fai tous simplement une copie du racourcie et je met cell ci sur cijoint !??
jvien de reessayer avec une copie !sa march tjr pa !! non mais tes sur kil fau fair ts ça ??mon ordi se porte comme un charme !il va super bien c cool en tous cas tu ma bien aidé jte remercie enormement de m'avoir consacré beaucoup de temps si on est obligé de continuer bah fait moi signe sinon merci a toi tu es un super antibiotique
merci amicalement
céline ...??
merci amicalement
céline ...??
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[3952] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A0C0C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[3952] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0E10
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[3952] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A01F8
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[3952] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A03FC
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[3952] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A0600
.text C:\Documents and Settings\deprez\Local Settings\Temporary Internet Files\Content.IE5\QBE5J0VA\gmer[1].exe[3988] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Documents and Settings\deprez\Local Settings\Temporary Internet Files\Content.IE5\QBE5J0VA\gmer[1].exe[3988] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[1324] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002
IAT C:\WINDOWS\system32\services.exe[1324] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs psdfilter.sys (PSD Filter Driver/HiTRUST)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat psdfilter.sys (PSD Filter Driver/HiTRUST)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL 8CA25B5C4732B7A88D4AE98A691B244981644C0B32797A144D47F89441BA190D8939E1792A81FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A6A0AC4980AC79339DB7CE019D40AA5CC2B150ED21BE7E7A04A23DC14AF10878B7812627CA4C15C485D47744D347AE00D966AD28B6069F92A08D639963D50F631157EBBD84F4226A866E068C1B273809E962179431A1AA3A32B67D129EC428096440EA4F5BA19CE4395A565CDED12039C0E2F792972585589C8D58E6EA156DBED183F015448D6C1817D4D60ABE89401FCB37FD32D1F69DCC6B97838896F1794E98FA8D7A99CBFE59B92DBA1F3D64F9BF21C49EBD2BD1E0E5C9EED399595B6FF6219317201BBF4874DF46F55AC24AAC14F6828FABD445C46A8840E0F04C2672E8F352A5DBE922BCA7EC18442A1AFAC10629FCCBADE2323F921D4C871CEBF82B4B3E4A18B48DFE55A7E6AC2337F207A1F639D614A4CD504D0C20E9E7D89AD047B7D3288D67EEB9111AF92455D86055BCBA4A41E8A8722BEE774E01E41B9D7BF5BC2A296CE55E84EF9BF3B1DF9D5A9E051AA384938110212669090F280B1D1EECDC5AA05ED20DE979B8481D0E47BB71EFCFB1001F304DE3FBEAD5251D04A830E38C22724F8791C5B6F60FC0ECCA452E7B8C84A05AE6307CFA7ADBE
---- Files - GMER 1.0.15 ----
File C:\## aswSnx private storage 0 bytes
File C:\## aswSnx private storage\snx_rhive 262144 bytes
File C:\## aswSnx private storage\snx_rhive.LOG 1024 bytes
File C:\## aswSnx private storage\webStorage 0 bytes
File C:\## aswSnx private storage\webStorage\attrib 0 bytes
File C:\## aswSnx private storage\webStorage\image 0 bytes
File C:\## aswSnx private storage\webStorage\snx_fs.dat 180 bytes
---- EOF - GMER 1.0.15 ----
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[3952] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0E10
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[3952] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A01F8
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[3952] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A03FC
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[3952] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A0600
.text C:\Documents and Settings\deprez\Local Settings\Temporary Internet Files\Content.IE5\QBE5J0VA\gmer[1].exe[3988] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Documents and Settings\deprez\Local Settings\Temporary Internet Files\Content.IE5\QBE5J0VA\gmer[1].exe[3988] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[1324] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002
IAT C:\WINDOWS\system32\services.exe[1324] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs psdfilter.sys (PSD Filter Driver/HiTRUST)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat psdfilter.sys (PSD Filter Driver/HiTRUST)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL 8CA25B5C4732B7A88D4AE98A691B244981644C0B32797A144D47F89441BA190D8939E1792A81FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A6A0AC4980AC79339DB7CE019D40AA5CC2B150ED21BE7E7A04A23DC14AF10878B7812627CA4C15C485D47744D347AE00D966AD28B6069F92A08D639963D50F631157EBBD84F4226A866E068C1B273809E962179431A1AA3A32B67D129EC428096440EA4F5BA19CE4395A565CDED12039C0E2F792972585589C8D58E6EA156DBED183F015448D6C1817D4D60ABE89401FCB37FD32D1F69DCC6B97838896F1794E98FA8D7A99CBFE59B92DBA1F3D64F9BF21C49EBD2BD1E0E5C9EED399595B6FF6219317201BBF4874DF46F55AC24AAC14F6828FABD445C46A8840E0F04C2672E8F352A5DBE922BCA7EC18442A1AFAC10629FCCBADE2323F921D4C871CEBF82B4B3E4A18B48DFE55A7E6AC2337F207A1F639D614A4CD504D0C20E9E7D89AD047B7D3288D67EEB9111AF92455D86055BCBA4A41E8A8722BEE774E01E41B9D7BF5BC2A296CE55E84EF9BF3B1DF9D5A9E051AA384938110212669090F280B1D1EECDC5AA05ED20DE979B8481D0E47BB71EFCFB1001F304DE3FBEAD5251D04A830E38C22724F8791C5B6F60FC0ECCA452E7B8C84A05AE6307CFA7ADBE
---- Files - GMER 1.0.15 ----
File C:\## aswSnx private storage 0 bytes
File C:\## aswSnx private storage\snx_rhive 262144 bytes
File C:\## aswSnx private storage\snx_rhive.LOG 1024 bytes
File C:\## aswSnx private storage\webStorage 0 bytes
File C:\## aswSnx private storage\webStorage\attrib 0 bytes
File C:\## aswSnx private storage\webStorage\image 0 bytes
File C:\## aswSnx private storage\webStorage\snx_fs.dat 180 bytes
---- EOF - GMER 1.0.15 ----
