A voir également:
- MBR infesté par Alureon-g !!!!
- G-talk - Télécharger - Messagerie
- G mail connexion - Guide
- Logitech g hub ne se lance pas - Forum Logiciels
- Logitech g hub installation impossible - Forum Jeux vidéo
75 réponses
autre essai
ComboFix 10-04-14.01 - Andre 2010-04-14 20:04:59.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.502.239 [GMT -4:00]
Lancé depuis: c:\documents and settings\Andre\Bureau\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Internet Explorer\SET1C2.tmp
c:\program files\Internet Explorer\SET1C7.tmp
c:\windows\Fonts\NfoViewer.ttf
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-15 au 2010-04-15 ))))))))))))))))))))))))))))))))))))
.
2010-03-17 07:17 . 2010-03-17 07:17 -------- d-sh--w- c:\documents and settings\Andre\PrivacIE
2010-03-17 07:14 . 2010-03-17 07:14 -------- d-sh--w- c:\documents and settings\Andre\IETldCache
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-14 22:53 . 2006-04-17 21:13 495306 ----a-w- c:\windows\system32\perfh00C.dat
2010-04-14 22:53 . 2006-04-17 21:13 79466 ----a-w- c:\windows\system32\perfc00C.dat
2010-04-07 05:30 . 2010-03-02 23:58 -------- d-----w- c:\documents and settings\Andre\Application Data\QuickScan
2010-04-02 19:50 . 2009-01-16 04:08 -------- d-----w- c:\documents and settings\Andre\Application Data\uTorrent
2010-03-31 01:56 . 2009-04-04 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-09 11:24 . 2010-03-03 00:45 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2010-03-03 00:45 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2010-03-03 00:45 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2010-03-03 00:45 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2010-03-03 00:45 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2010-03-03 00:45 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2010-03-03 00:45 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 11:08 . 2010-03-03 00:45 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-03 00:44 . 2010-03-02 11:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-02 11:49 . 2009-01-08 17:44 -------- d-----w- c:\program files\Alwil Software
2010-03-01 10:03 . 2010-03-01 08:26 -------- d-----w- c:\program files\Amorous Professor Cherry
2010-03-01 06:55 . 2010-03-01 06:55 -------- d-----w- c:\program files\ILLUSION
2010-03-01 06:55 . 2009-01-08 05:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-21 08:40 . 2006-04-17 21:13 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-02-21 08:07 . 2010-02-14 16:18 -------- d-----w- c:\program files\Full Tilt Poker.Net
2010-02-11 18:53 . 2010-03-03 00:45 38848 ----a-w- c:\windows\system32\avastSS.scr
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="NDSTray.exe" [BU]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-04-20 28672]
"TFncKy"="TFncKy.exe" [BU]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-06-22 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-06-22 88358]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-26 65536]
"TPSMain"="TPSMain.exe" [2005-01-21 266240]
"TOSHIBA Accessibility"="c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe" [2004-05-01 24576]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 1077327]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-04-29 675840]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-12-24 28672]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-30 53248]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-06-22 192512]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-04-05 73728]
"Zooming"="ZoomingHook.exe" [2004-07-14 24576]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-04-17 15360]
c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-11 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote.exe]
2005-06-22 22:12 386752 ----a-w- c:\progra~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-05-30 17:30 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-03-02 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-03-02 19024]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-01-08 721904]
S4 Trkwh!_a;Trkwh!_a; [x]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {B5474B9D-C8B9-4345-A6B1-43E2E41BCAC5} = 24.200.241.37,24.201.245.77
TCP: {CF0B487D-FFB4-4E07-A563-C4AC691923D9} = 24.200.241.37,24.201.245.77
FF - ProfilePath - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\umefcsf6.default\
FF - prefs.js: browser.startup.homepage - hxxp://qc.news.yahoo.com/
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-kwwsvlor - c:\documents and settings\Andre\Local Settings\Application Data\hddhvh\sdxesftav.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-14 20:09
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1757981266-57989841-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:32,89,82,df,74,da,7b,4e,69,75,2c,bd,f5,a3,2f,92,ff,99,6a,45,25,
05,9e,99,7f,72,e6,78,99,0c,59,ef,5e,0a,6d,d9,dc,dd,4d,29,c1,6a,a9,d3,6a,43,\
"rkeysecu"=hex:05,6a,40,5b,28,97,3a,2f,a4,73,ee,7a,cf,14,ec,1d
.
Heure de fin: 2010-04-14 20:13:11
ComboFix-quarantined-files.txt 2010-04-15 00:12
Avant-CF: 28 887 150 592 octets libres
Après-CF: 28 856 942 592 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
- - End Of File - - 8DA235C2BC67F0DCCA251321DFBBF111
ComboFix 10-04-14.01 - Andre 2010-04-14 20:04:59.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.502.239 [GMT -4:00]
Lancé depuis: c:\documents and settings\Andre\Bureau\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Internet Explorer\SET1C2.tmp
c:\program files\Internet Explorer\SET1C7.tmp
c:\windows\Fonts\NfoViewer.ttf
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-15 au 2010-04-15 ))))))))))))))))))))))))))))))))))))
.
2010-03-17 07:17 . 2010-03-17 07:17 -------- d-sh--w- c:\documents and settings\Andre\PrivacIE
2010-03-17 07:14 . 2010-03-17 07:14 -------- d-sh--w- c:\documents and settings\Andre\IETldCache
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-14 22:53 . 2006-04-17 21:13 495306 ----a-w- c:\windows\system32\perfh00C.dat
2010-04-14 22:53 . 2006-04-17 21:13 79466 ----a-w- c:\windows\system32\perfc00C.dat
2010-04-07 05:30 . 2010-03-02 23:58 -------- d-----w- c:\documents and settings\Andre\Application Data\QuickScan
2010-04-02 19:50 . 2009-01-16 04:08 -------- d-----w- c:\documents and settings\Andre\Application Data\uTorrent
2010-03-31 01:56 . 2009-04-04 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-09 11:24 . 2010-03-03 00:45 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2010-03-03 00:45 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2010-03-03 00:45 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2010-03-03 00:45 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2010-03-03 00:45 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2010-03-03 00:45 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2010-03-03 00:45 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 11:08 . 2010-03-03 00:45 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-03 00:44 . 2010-03-02 11:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-02 11:49 . 2009-01-08 17:44 -------- d-----w- c:\program files\Alwil Software
2010-03-01 10:03 . 2010-03-01 08:26 -------- d-----w- c:\program files\Amorous Professor Cherry
2010-03-01 06:55 . 2010-03-01 06:55 -------- d-----w- c:\program files\ILLUSION
2010-03-01 06:55 . 2009-01-08 05:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-21 08:40 . 2006-04-17 21:13 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-02-21 08:07 . 2010-02-14 16:18 -------- d-----w- c:\program files\Full Tilt Poker.Net
2010-02-11 18:53 . 2010-03-03 00:45 38848 ----a-w- c:\windows\system32\avastSS.scr
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="NDSTray.exe" [BU]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-04-20 28672]
"TFncKy"="TFncKy.exe" [BU]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-06-22 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-06-22 88358]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-26 65536]
"TPSMain"="TPSMain.exe" [2005-01-21 266240]
"TOSHIBA Accessibility"="c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe" [2004-05-01 24576]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 1077327]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-04-29 675840]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-12-24 28672]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-30 53248]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-06-22 192512]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-04-05 73728]
"Zooming"="ZoomingHook.exe" [2004-07-14 24576]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-04-17 15360]
c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-11 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote.exe]
2005-06-22 22:12 386752 ----a-w- c:\progra~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-05-30 17:30 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-03-02 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-03-02 19024]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-01-08 721904]
S4 Trkwh!_a;Trkwh!_a; [x]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {B5474B9D-C8B9-4345-A6B1-43E2E41BCAC5} = 24.200.241.37,24.201.245.77
TCP: {CF0B487D-FFB4-4E07-A563-C4AC691923D9} = 24.200.241.37,24.201.245.77
FF - ProfilePath - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\umefcsf6.default\
FF - prefs.js: browser.startup.homepage - hxxp://qc.news.yahoo.com/
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-kwwsvlor - c:\documents and settings\Andre\Local Settings\Application Data\hddhvh\sdxesftav.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-14 20:09
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1757981266-57989841-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:32,89,82,df,74,da,7b,4e,69,75,2c,bd,f5,a3,2f,92,ff,99,6a,45,25,
05,9e,99,7f,72,e6,78,99,0c,59,ef,5e,0a,6d,d9,dc,dd,4d,29,c1,6a,a9,d3,6a,43,\
"rkeysecu"=hex:05,6a,40,5b,28,97,3a,2f,a4,73,ee,7a,cf,14,ec,1d
.
Heure de fin: 2010-04-14 20:13:11
ComboFix-quarantined-files.txt 2010-04-15 00:12
Avant-CF: 28 887 150 592 octets libres
Après-CF: 28 856 942 592 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
- - End Of File - - 8DA235C2BC67F0DCCA251321DFBBF111
je n'y comprends rien.
J'ai refais étape par étape ce que tu me demandais et j'arrive toujours au même résultat!!!
J'ai refais étape par étape ce que tu me demandais et j'arrive toujours au même résultat!!!
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
quand la boite de combofix ouvre il y a des lignes qui défilent.
Une premiere série commence par suppression, une seconde par extraction et la troisieme par destination
Une premiere série commence par suppression, une seconde par extraction et la troisieme par destination
toujours pas correct ^
ComboFix 10-04-14.01 - Andre 2010-04-14 20:04:59.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.502.239 [GMT -4:00]
Lancé depuis: c:\documents and settings\Andre\Bureau\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Internet Explorer\SET1C2.tmp
c:\program files\Internet Explorer\SET1C7.tmp
c:\windows\Fonts\NfoViewer.ttf
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-15 au 2010-04-15 ))))))))))))))))))))))))))))))))))))
.
2010-03-17 07:17 . 2010-03-17 07:17 -------- d-sh--w- c:\documents and settings\Andre\PrivacIE
2010-03-17 07:14 . 2010-03-17 07:14 -------- d-sh--w- c:\documents and settings\Andre\IETldCache
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-14 22:53 . 2006-04-17 21:13 495306 ----a-w- c:\windows\system32\perfh00C.dat
2010-04-14 22:53 . 2006-04-17 21:13 79466 ----a-w- c:\windows\system32\perfc00C.dat
2010-04-07 05:30 . 2010-03-02 23:58 -------- d-----w- c:\documents and settings\Andre\Application Data\QuickScan
2010-04-02 19:50 . 2009-01-16 04:08 -------- d-----w- c:\documents and settings\Andre\Application Data\uTorrent
2010-03-31 01:56 . 2009-04-04 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-09 11:24 . 2010-03-03 00:45 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2010-03-03 00:45 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2010-03-03 00:45 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2010-03-03 00:45 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2010-03-03 00:45 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2010-03-03 00:45 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2010-03-03 00:45 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 11:08 . 2010-03-03 00:45 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-03 00:44 . 2010-03-02 11:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-02 11:49 . 2009-01-08 17:44 -------- d-----w- c:\program files\Alwil Software
2010-03-01 10:03 . 2010-03-01 08:26 -------- d-----w- c:\program files\Amorous Professor Cherry
2010-03-01 06:55 . 2010-03-01 06:55 -------- d-----w- c:\program files\ILLUSION
2010-03-01 06:55 . 2009-01-08 05:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-21 08:40 . 2006-04-17 21:13 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-02-21 08:07 . 2010-02-14 16:18 -------- d-----w- c:\program files\Full Tilt Poker.Net
2010-02-11 18:53 . 2010-03-03 00:45 38848 ----a-w- c:\windows\system32\avastSS.scr
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="NDSTray.exe" [BU]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-04-20 28672]
"TFncKy"="TFncKy.exe" [BU]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-06-22 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-06-22 88358]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-26 65536]
"TPSMain"="TPSMain.exe" [2005-01-21 266240]
"TOSHIBA Accessibility"="c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe" [2004-05-01 24576]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 1077327]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-04-29 675840]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-12-24 28672]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-30 53248]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-06-22 192512]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-04-05 73728]
"Zooming"="ZoomingHook.exe" [2004-07-14 24576]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-04-17 15360]
c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-11 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote.exe]
2005-06-22 22:12 386752 ----a-w- c:\progra~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-05-30 17:30 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-03-02 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-03-02 19024]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-01-08 721904]
S4 Trkwh!_a;Trkwh!_a; [x]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {B5474B9D-C8B9-4345-A6B1-43E2E41BCAC5} = 24.200.241.37,24.201.245.77
TCP: {CF0B487D-FFB4-4E07-A563-C4AC691923D9} = 24.200.241.37,24.201.245.77
FF - ProfilePath - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\umefcsf6.default\
FF - prefs.js: browser.startup.homepage - hxxp://qc.news.yahoo.com/
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-kwwsvlor - c:\documents and settings\Andre\Local Settings\Application Data\hddhvh\sdxesftav.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-14 20:09
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1757981266-57989841-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:32,89,82,df,74,da,7b,4e,69,75,2c,bd,f5,a3,2f,92,ff,99,6a,45,25,
05,9e,99,7f,72,e6,78,99,0c,59,ef,5e,0a,6d,d9,dc,dd,4d,29,c1,6a,a9,d3,6a,43,\
"rkeysecu"=hex:05,6a,40,5b,28,97,3a,2f,a4,73,ee,7a,cf,14,ec,1d
.
Heure de fin: 2010-04-14 20:13:11
ComboFix-quarantined-files.txt 2010-04-15 00:12
Avant-CF: 28 887 150 592 octets libres
Après-CF: 28 856 942 592 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
- - End Of File - - 8DA235C2BC67F0DCCA251321DFBBF111
ComboFix 10-04-14.01 - Andre 2010-04-14 20:04:59.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.502.239 [GMT -4:00]
Lancé depuis: c:\documents and settings\Andre\Bureau\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Internet Explorer\SET1C2.tmp
c:\program files\Internet Explorer\SET1C7.tmp
c:\windows\Fonts\NfoViewer.ttf
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-15 au 2010-04-15 ))))))))))))))))))))))))))))))))))))
.
2010-03-17 07:17 . 2010-03-17 07:17 -------- d-sh--w- c:\documents and settings\Andre\PrivacIE
2010-03-17 07:14 . 2010-03-17 07:14 -------- d-sh--w- c:\documents and settings\Andre\IETldCache
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-14 22:53 . 2006-04-17 21:13 495306 ----a-w- c:\windows\system32\perfh00C.dat
2010-04-14 22:53 . 2006-04-17 21:13 79466 ----a-w- c:\windows\system32\perfc00C.dat
2010-04-07 05:30 . 2010-03-02 23:58 -------- d-----w- c:\documents and settings\Andre\Application Data\QuickScan
2010-04-02 19:50 . 2009-01-16 04:08 -------- d-----w- c:\documents and settings\Andre\Application Data\uTorrent
2010-03-31 01:56 . 2009-04-04 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-09 11:24 . 2010-03-03 00:45 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2010-03-03 00:45 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2010-03-03 00:45 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2010-03-03 00:45 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2010-03-03 00:45 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2010-03-03 00:45 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2010-03-03 00:45 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 11:08 . 2010-03-03 00:45 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-03 00:44 . 2010-03-02 11:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-02 11:49 . 2009-01-08 17:44 -------- d-----w- c:\program files\Alwil Software
2010-03-01 10:03 . 2010-03-01 08:26 -------- d-----w- c:\program files\Amorous Professor Cherry
2010-03-01 06:55 . 2010-03-01 06:55 -------- d-----w- c:\program files\ILLUSION
2010-03-01 06:55 . 2009-01-08 05:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-21 08:40 . 2006-04-17 21:13 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-02-21 08:07 . 2010-02-14 16:18 -------- d-----w- c:\program files\Full Tilt Poker.Net
2010-02-11 18:53 . 2010-03-03 00:45 38848 ----a-w- c:\windows\system32\avastSS.scr
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="NDSTray.exe" [BU]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-04-20 28672]
"TFncKy"="TFncKy.exe" [BU]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-06-22 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-06-22 88358]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-26 65536]
"TPSMain"="TPSMain.exe" [2005-01-21 266240]
"TOSHIBA Accessibility"="c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe" [2004-05-01 24576]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 1077327]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-04-29 675840]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-12-24 28672]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-30 53248]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-06-22 192512]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-04-05 73728]
"Zooming"="ZoomingHook.exe" [2004-07-14 24576]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-04-17 15360]
c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-11 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote.exe]
2005-06-22 22:12 386752 ----a-w- c:\progra~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-05-30 17:30 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-03-02 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-03-02 19024]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-01-08 721904]
S4 Trkwh!_a;Trkwh!_a; [x]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {B5474B9D-C8B9-4345-A6B1-43E2E41BCAC5} = 24.200.241.37,24.201.245.77
TCP: {CF0B487D-FFB4-4E07-A563-C4AC691923D9} = 24.200.241.37,24.201.245.77
FF - ProfilePath - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\umefcsf6.default\
FF - prefs.js: browser.startup.homepage - hxxp://qc.news.yahoo.com/
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-kwwsvlor - c:\documents and settings\Andre\Local Settings\Application Data\hddhvh\sdxesftav.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-14 20:09
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1757981266-57989841-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:32,89,82,df,74,da,7b,4e,69,75,2c,bd,f5,a3,2f,92,ff,99,6a,45,25,
05,9e,99,7f,72,e6,78,99,0c,59,ef,5e,0a,6d,d9,dc,dd,4d,29,c1,6a,a9,d3,6a,43,\
"rkeysecu"=hex:05,6a,40,5b,28,97,3a,2f,a4,73,ee,7a,cf,14,ec,1d
.
Heure de fin: 2010-04-14 20:13:11
ComboFix-quarantined-files.txt 2010-04-15 00:12
Avant-CF: 28 887 150 592 octets libres
Après-CF: 28 856 942 592 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
- - End Of File - - 8DA235C2BC67F0DCCA251321DFBBF111
est-ce que tu crées bien le fichier texte comme je te le demande ?
est-ce que tu colles ce demandé dedans ?
est-ce que tu fais un glisser/deposer de ce fichier tecte sur l'icone rouge et blanc ?
¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
est-ce que tu colles ce demandé dedans ?
est-ce que tu fais un glisser/deposer de ce fichier tecte sur l'icone rouge et blanc ?
¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
▶ Télécharge : Gmer (by Przemyslaw Gmerek) clique sur "Download EXE" et enregistre-le sur ton bureau
Desactive toutes tes protections le temps du scan de gMer
Pour XP => double clique sur gmer.exe
Pour Vista et 7 => clique droit "executer en tant que...."
▶ clique sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.
▶ Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)
Desactive toutes tes protections le temps du scan de gMer
Pour XP => double clique sur gmer.exe
Pour Vista et 7 => clique droit "executer en tant que...."
▶ clique sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.
▶ Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)
Voila
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-25 12:56:10
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK1031GAS rev.AA204A
Running: gmer.exe; Driver: C:\DOCUME~1\Andre\LOCALS~1\Temp\uwtdapob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xAAC479CA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xAAC9CA68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xAAC67AF5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xAAC49EAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xAAC49F04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xAAC4A01A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xAAC674A9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xAAC49E02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xAAC49F54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xAAC49E56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xAAC49FC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xAAC479EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xAAC681BB]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xAAC68471]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xAAC4A29E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAAC68026]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAAC67E91]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xAAC9CB18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xAAC477B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xAAC47A12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xAAC4A412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xAAC484AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xAAC49EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xAAC49F2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xAAC4A044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xAAC67805]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xAAC49E2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xAAC4A0D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xAAC49F94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xAAC49E84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xAAC4A1BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xAAC49FF2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xAAC9CBB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xAAC67D0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xAAC48370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xAAC67B5E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAACA4E26]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xAAC66B1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xAAC47A36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xAAC47A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xAAC47812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xAAC4794E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xAAC682C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xAAC4792A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xAAC47972]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xAAC47A7E]
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80569FBB 4 Bytes CALL AAC48E25 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xAA5F6300, 0x3ACC8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF88FB300, 0x1B7E, 0xE8000020]
pnidata C:\WINDOWS\system32\DRIVERS\secdrv.sys unknown last section [0xAA462F00, 0x24000, 0x48000000]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\spoolsv.exe[192] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\spoolsv.exe[192] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\spoolsv.exe[192] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 002A01D4
.text C:\WINDOWS\system32\spoolsv.exe[192] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 002A00E4
.text C:\WINDOWS\system32\spoolsv.exe[192] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 002A0120
.text C:\WINDOWS\system32\spoolsv.exe[192] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 002A015C
.text C:\WINDOWS\system32\spoolsv.exe[192] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 002A0198
.text C:\WINDOWS\system32\spoolsv.exe[192] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 002A0030
.text C:\WINDOWS\system32\spoolsv.exe[192] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 002A006C
.text C:\WINDOWS\system32\spoolsv.exe[192] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 002A00A8
.text C:\WINDOWS\system32\spoolsv.exe[192] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\spoolsv.exe[192] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\spoolsv.exe[192] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\spoolsv.exe[192] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\spoolsv.exe[192] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 002B00A8
.text C:\Documents and Settings\Andre\Bureau\gmer\gmer.exe[212] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00150030
.text C:\Documents and Settings\Andre\Bureau\gmer\gmer.exe[212] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0015006C
.text C:\Documents and Settings\Andre\Bureau\gmer\gmer.exe[212] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 003C0030
.text C:\Documents and Settings\Andre\Bureau\gmer\gmer.exe[212] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 003C006C
.text C:\Documents and Settings\Andre\Bureau\gmer\gmer.exe[212] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 003C00E4
.text C:\Documents and Settings\Andre\Bureau\gmer\gmer.exe[212] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 003C0120
.text C:\Documents and Settings\Andre\Bureau\gmer\gmer.exe[212] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 003C00A8
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[240] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00150030
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[240] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0015006C
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[240] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 009701D4
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[240] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 009700E4
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[240] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00970120
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[240] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 0097015C
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[240] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00970198
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[240] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 00970030
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[240] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 0097006C
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[240] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 009700A8
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[240] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 00980030
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[240] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 0098006C
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[240] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 009800E4
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[240] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00980120
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[240] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 009800A8
.text C:\WINDOWS\system32\rundll32.exe[268] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\rundll32.exe[268] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\rundll32.exe[268] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 002A0030
.text C:\WINDOWS\system32\rundll32.exe[268] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 002A006C
.text C:\WINDOWS\system32\rundll32.exe[268] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 002A00E4
.text C:\WINDOWS\system32\rundll32.exe[268] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 002A0120
.text C:\WINDOWS\system32\rundll32.exe[268] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 002A00A8
.text C:\WINDOWS\system32\rundll32.exe[268] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\rundll32.exe[268] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\rundll32.exe[268] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\rundll32.exe[268] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\rundll32.exe[268] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\rundll32.exe[268] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\rundll32.exe[268] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\rundll32.exe[268] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\igfxtray.exe[296] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00140030
.text C:\WINDOWS\system32\igfxtray.exe[296] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0014006C
.text C:\WINDOWS\system32\igfxtray.exe[296] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 00370030
.text C:\WINDOWS\system32\igfxtray.exe[296] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 0037006C
.text C:\WINDOWS\system32\igfxtray.exe[296] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 003700E4
.text C:\WINDOWS\system32\igfxtray.exe[296] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00370120
.text C:\WINDOWS\system32\igfxtray.exe[296] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 003700A8
.text C:\WINDOWS\system32\igfxtray.exe[296] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 003801D4
.text C:\WINDOWS\system32\igfxtray.exe[296] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 003800E4
.text C:\WINDOWS\system32\igfxtray.exe[296] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00380120
.text C:\WINDOWS\system32\igfxtray.exe[296] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 0038015C
.text C:\WINDOWS\system32\igfxtray.exe[296] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00380198
.text C:\WINDOWS\system32\igfxtray.exe[296] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 00380030
.text C:\WINDOWS\system32\igfxtray.exe[296] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 0038006C
.text C:\WINDOWS\system32\igfxtray.exe[296] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 003800A8
.text C:\WINDOWS\system32\ctfmon.exe[436] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 000A0030
.text C:\WINDOWS\system32\ctfmon.exe[436] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 000A006C
.text C:\WINDOWS\system32\ctfmon.exe[436] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\ctfmon.exe[436] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\ctfmon.exe[436] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\ctfmon.exe[436] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\ctfmon.exe[436] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\ctfmon.exe[436] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\ctfmon.exe[436] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\ctfmon.exe[436] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\ctfmon.exe[436] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\ctfmon.exe[436] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\ctfmon.exe[436] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\ctfmon.exe[436] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\ctfmon.exe[436] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 002C00A8
.text C:\WINDOWS\System32\alg.exe[484] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00090030
.text C:\WINDOWS\System32\alg.exe[484] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0009006C
.text C:\WINDOWS\System32\alg.exe[484] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 002A0030
.text C:\WINDOWS\System32\alg.exe[484] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 002A006C
.text C:\WINDOWS\System32\alg.exe[484] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 002A00E4
.text C:\WINDOWS\System32\alg.exe[484] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 002A0120
.text C:\WINDOWS\System32\alg.exe[484] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 002A00A8
.text C:\WINDOWS\System32\alg.exe[484] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 002B01D4
.text C:\WINDOWS\System32\alg.exe[484] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 002B00E4
.text C:\WINDOWS\System32\alg.exe[484] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 002B0120
.text C:\WINDOWS\System32\alg.exe[484] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 002B015C
.text C:\WINDOWS\System32\alg.exe[484] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 002B0198
.text C:\WINDOWS\System32\alg.exe[484] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 002B0030
.text C:\WINDOWS\System32\alg.exe[484] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 002B006C
.text C:\WINDOWS\System32\alg.exe[484] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[524] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[524] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 002A01D4
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 002A00E4
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 002A0120
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 002A015C
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 002A0198
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 002A0030
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 002A006C
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 002A00A8
.text C:\WINDOWS\system32\svchost.exe[524] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[524] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[524] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[524] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[524] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\hkcmd.exe[568] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00140030
.text C:\WINDOWS\system32\hkcmd.exe[568] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0014006C
.text C:\WINDOWS\system32\hkcmd.exe[568] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 003701D4
.text C:\WINDOWS\system32\hkcmd.exe[568] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 003700E4
.text C:\WINDOWS\system32\hkcmd.exe[568] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00370120
.text C:\WINDOWS\system32\hkcmd.exe[568] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 0037015C
.text C:\WINDOWS\system32\hkcmd.exe[568] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00370198
.text C:\WINDOWS\system32\hkcmd.exe[568] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 00370030
.text C:\WINDOWS\system32\hkcmd.exe[568] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 0037006C
.text C:\WINDOWS\system32\hkcmd.exe[568] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 003700A8
.text C:\WINDOWS\system32\hkcmd.exe[568] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 00380030
.text C:\WINDOWS\system32\hkcmd.exe[568] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 0038006C
.text C:\WINDOWS\system32\hkcmd.exe[568] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 003800E4
.text C:\WINDOWS\system32\hkcmd.exe[568] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00380120
.text C:\WINDOWS\system32\hkcmd.exe[568] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 003800A8
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[588] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00150030
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[588] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0015006C
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[588] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 003801D4
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[588] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 003800E4
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[588] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00380120
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[588] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 0038015C
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[588] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00380198
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[588] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 00380030
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[588] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 0038006C
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[588] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 003800A8
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[588] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 00390030
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[588] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 0039006C
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[588] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 003900E4
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[588] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00390120
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[588] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 003900A8
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00150030
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0015006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 003801D4
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 003800E4
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00380120
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 0038015C
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00380198
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 00380030
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 0038006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 003800A8
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 00390030
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 0039006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 003900E4
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00390120
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 003900A8
.text C:\Program Files\PowerISO\PWRISOVM.EXE[624] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00140030
.text C:\Program Files\PowerISO\PWRISOVM.EXE[624] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0014006C
.text C:\Program Files\PowerISO\PWRISOVM.EXE[624] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 00370030
.text C:\Program Files\PowerISO\PWRISOVM.EXE[624] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 0037006C
.text C:\Program Files\PowerISO\PWRISOVM.EXE[624] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 003700E4
.text C:\Program Files\PowerISO\PWRISOVM.EXE[624] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00370120
.text C:\Program Files\PowerISO\PWRISOVM.EXE[624] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 003700A8
.text C:\Program Files\PowerISO\PWRISOVM.EXE[624] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 003801D4
.text C:\Program Files\PowerISO\PWRISOVM.EXE[624] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 003800E4
.text C:\Program Files\PowerISO\PWRISOVM.EXE[624] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00380120
.text C:\Program Files\PowerISO\PWRISOVM.EXE[624] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 0038015C
.text C:\Program Files\PowerISO\PWRISOVM.EXE[624] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00380198
.text C:\Program Files\PowerISO\PWRISOVM.EXE[624] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 00380030
.text C:\Program Files\PowerISO\PWRISOVM.EXE[624] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 0038006C
.text C:\Program Files\PowerISO\PWRISOVM.EXE[624] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 003800A8
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[632] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00140030
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[632] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0014006C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[632] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 003901D4
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[632] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 003900E4
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[632] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00390120
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[632] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 0039015C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[632] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00390198
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[632] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 00390030
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[632] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 0039006C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[632] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 003900A8
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[632] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 003A0030
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[632] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 003A006C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[632] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 003A00E4
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[632] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 003A0120
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[632] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 003A00A8
.text C:\Program Files\Apoint2K\Apntex.exe[676] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00140030
.text C:\Program Files\Apoint2K\Apntex.exe[676] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0014006C
.text C:\Program Files\Apoint2K\Apntex.exe[676] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 00370030
.text C:\Program Files\Apoint2K\Apntex.exe[676] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 0037006C
.text C:\Program Files\Apoint2K\Apntex.exe[676] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 003700E4
.text C:\Program Files\Apoint2K\Apntex.exe[676] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00370120
.text C:\Program Files\Apoint2K\Apntex.exe[676] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 003700A8
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[728] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00150030
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[728] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0015006C
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[728] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 00380030
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[728] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 0038006C
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[728] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 003800E4
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[728] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00380120
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[728] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 003800A8
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[728] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 003901D4
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[728] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 003900E4
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[728] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00390120
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[728] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 0039015C
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[728] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00390198
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[728] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 00390030
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[728] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 0039006C
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[728] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 003900A8
.text C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe[736] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00150030
.text C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe[736] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0015006C
.text C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe[736] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 003801D4
.text C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe[736] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 003800E4
.text C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe[736] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00380120
.text C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe[736] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 0038015C
.text C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe[736] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00380198
.text C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe[736] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 00380030
.text C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe[736] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 0038006C
.text C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe[736] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 003800A8
.text C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe[736] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 00390030
.text C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe[736] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 0039006C
.text C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe[736] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 003900E4
.text C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe[736] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00390120
.text C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe[736] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 003900A8
.text C:\Program Files\iTunes\iTunesHelper.exe[764] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00150030
.text C:\Program Files\iTunes\iTunesHelper.exe[764] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0015006C
.text C:\Program Files\iTunes\iTunesHelper.exe[764] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 00380030
.text C:\Program Files\iTunes\iTunesHelper.exe[764] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 0038006C
.text C:\Program Files\iTunes\iTunesHelper.exe[764] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 003800E4
.text C:\Program Files\iTunes\iTunesHelper.exe[764] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00380120
.text C:\Program Files\iTunes\iTunesHelper.exe[764] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 003800A8
.text C:\Program Files\iTunes\iTunesHelper.exe[764] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 003901D4
.text C:\Program Files\iTunes\iTunesHelper.exe[764] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 003900E4
.text C:\Program Files\iTunes\iTunesHelper.exe[764] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00390120
.text C:\Program Files\iTunes\iTunesHelper.exe[764] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 0039015C
.text C:\Program Files\iTunes\iTunesHelper.exe[764] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00390198
.text C:\Program Files\iTunes\iTunesHelper.exe[764] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 00390030
.text C:\Program Files\iTunes\iTunesHelper.exe[764] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 0039006C
.text C:\Program Files\iTunes\iTunesHelper.exe[764] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 003900A8
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[784] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00150030
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[784] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0015006C
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[784] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 009401D4
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[784] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 009400E4
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[784] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00940120
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[784] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 0094015C
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[784] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00940198
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[784] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 00940030
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[784] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 0094006C
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[784] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 009400A8
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[784] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 00950030
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[784] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 0095006C
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[784] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 009500E4
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[784] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00950120
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[784] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 009500A8
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[788] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00140030
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[788] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0014006C
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[788] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 00370030
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[788] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 0037006C
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[788] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 003700E4
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[788] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00370120
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[788] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 003700A8
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[788] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 003801D4
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[788] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 003800E4
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[788] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00380120
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[788] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 0038015C
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[788] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00380198
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[788] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 00380030
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[788] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 0038006C
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[788] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 003800A8
.text C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe[832] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00150030
.text C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe[832] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0015006C
.text C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe[832] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 003901D4
.text C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe[832] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 003900E4
.text C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe[832] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00390120
.text C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe[832] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 0039015C
.text C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe[832] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00390198
.text C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe[832] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 00390030
.text C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe[832] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 0039006C
.text C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe[832] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 003900A8
.text C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe[832] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 003A0030
.text C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe[832] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 003A006C
.text C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe[832] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 003A00E4
.text C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe[832] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 003A0120
.text C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe[832] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 003A00A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[876] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00150030
.text C:\Program Files\Java\jre6\bin\jqs.exe[876] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0015006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[876] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 003801D4
.text C:\Program Files\Java\jre6\bin\jqs.exe[876] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 003800E4
.text C:\Program Files\Java\jre6\bin\jqs.exe[876] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00380120
.text C:\Program Files\Java\jre6\bin\jqs.exe[876] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 0038015C
.text C:\Program Files\Java\jre6\bin\jqs.exe[876] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00380198
.text C:\Program Files\Java\jre6\bin\jqs.exe[876] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 00380030
.text C:\Program F
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-25 12:56:10
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK1031GAS rev.AA204A
Running: gmer.exe; Driver: C:\DOCUME~1\Andre\LOCALS~1\Temp\uwtdapob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xAAC479CA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xAAC9CA68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xAAC67AF5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xAAC49EAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xAAC49F04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xAAC4A01A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xAAC674A9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xAAC49E02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xAAC49F54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xAAC49E56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xAAC49FC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xAAC479EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xAAC681BB]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xAAC68471]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xAAC4A29E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAAC68026]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAAC67E91]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xAAC9CB18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xAAC477B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xAAC47A12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xAAC4A412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xAAC484AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xAAC49EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xAAC49F2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xAAC4A044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xAAC67805]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xAAC49E2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xAAC4A0D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xAAC49F94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xAAC49E84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xAAC4A1BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xAAC49FF2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xAAC9CBB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xAAC67D0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xAAC48370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xAAC67B5E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAACA4E26]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xAAC66B1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xAAC47A36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xAAC47A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xAAC47812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xAAC4794E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xAAC682C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xAAC4792A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xAAC47972]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xAAC47A7E]
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80569FBB 4 Bytes CALL AAC48E25 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xAA5F6300, 0x3ACC8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF88FB300, 0x1B7E, 0xE8000020]
pnidata C:\WINDOWS\system32\DRIVERS\secdrv.sys unknown last section [0xAA462F00, 0x24000, 0x48000000]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\spoolsv.exe[192] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\spoolsv.exe[192] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\spoolsv.exe[192] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 002A01D4
.text C:\WINDOWS\system32\spoolsv.exe[192] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 002A00E4
.text C:\WINDOWS\system32\spoolsv.exe[192] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 002A0120
.text C:\WINDOWS\system32\spoolsv.exe[192] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 002A015C
.text C:\WINDOWS\system32\spoolsv.exe[192] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 002A0198
.text C:\WINDOWS\system32\spoolsv.exe[192] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 002A0030
.text C:\WINDOWS\system32\spoolsv.exe[192] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 002A006C
.text C:\WINDOWS\system32\spoolsv.exe[192] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 002A00A8
.text C:\WINDOWS\system32\spoolsv.exe[192] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\spoolsv.exe[192] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\spoolsv.exe[192] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\spoolsv.exe[192] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\spoolsv.exe[192] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 002B00A8
.text C:\Documents and Settings\Andre\Bureau\gmer\gmer.exe[212] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00150030
.text C:\Documents and Settings\Andre\Bureau\gmer\gmer.exe[212] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0015006C
.text C:\Documents and Settings\Andre\Bureau\gmer\gmer.exe[212] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 003C0030
.text C:\Documents and Settings\Andre\Bureau\gmer\gmer.exe[212] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 003C006C
.text C:\Documents and Settings\Andre\Bureau\gmer\gmer.exe[212] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 003C00E4
.text C:\Documents and Settings\Andre\Bureau\gmer\gmer.exe[212] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 003C0120
.text C:\Documents and Settings\Andre\Bureau\gmer\gmer.exe[212] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 003C00A8
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[240] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00150030
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[240] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0015006C
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[240] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 009701D4
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[240] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 009700E4
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[240] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00970120
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[240] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 0097015C
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[240] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00970198
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[240] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 00970030
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[240] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 0097006C
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[240] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 009700A8
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[240] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 00980030
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[240] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 0098006C
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[240] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 009800E4
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[240] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00980120
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[240] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 009800A8
.text C:\WINDOWS\system32\rundll32.exe[268] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\rundll32.exe[268] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\rundll32.exe[268] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 002A0030
.text C:\WINDOWS\system32\rundll32.exe[268] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 002A006C
.text C:\WINDOWS\system32\rundll32.exe[268] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 002A00E4
.text C:\WINDOWS\system32\rundll32.exe[268] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 002A0120
.text C:\WINDOWS\system32\rundll32.exe[268] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 002A00A8
.text C:\WINDOWS\system32\rundll32.exe[268] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\rundll32.exe[268] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\rundll32.exe[268] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\rundll32.exe[268] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\rundll32.exe[268] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\rundll32.exe[268] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\rundll32.exe[268] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\rundll32.exe[268] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\igfxtray.exe[296] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00140030
.text C:\WINDOWS\system32\igfxtray.exe[296] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0014006C
.text C:\WINDOWS\system32\igfxtray.exe[296] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 00370030
.text C:\WINDOWS\system32\igfxtray.exe[296] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 0037006C
.text C:\WINDOWS\system32\igfxtray.exe[296] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 003700E4
.text C:\WINDOWS\system32\igfxtray.exe[296] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00370120
.text C:\WINDOWS\system32\igfxtray.exe[296] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 003700A8
.text C:\WINDOWS\system32\igfxtray.exe[296] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 003801D4
.text C:\WINDOWS\system32\igfxtray.exe[296] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 003800E4
.text C:\WINDOWS\system32\igfxtray.exe[296] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00380120
.text C:\WINDOWS\system32\igfxtray.exe[296] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 0038015C
.text C:\WINDOWS\system32\igfxtray.exe[296] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00380198
.text C:\WINDOWS\system32\igfxtray.exe[296] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 00380030
.text C:\WINDOWS\system32\igfxtray.exe[296] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 0038006C
.text C:\WINDOWS\system32\igfxtray.exe[296] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 003800A8
.text C:\WINDOWS\system32\ctfmon.exe[436] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 000A0030
.text C:\WINDOWS\system32\ctfmon.exe[436] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 000A006C
.text C:\WINDOWS\system32\ctfmon.exe[436] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\ctfmon.exe[436] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\ctfmon.exe[436] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\ctfmon.exe[436] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\ctfmon.exe[436] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\ctfmon.exe[436] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\ctfmon.exe[436] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\ctfmon.exe[436] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\ctfmon.exe[436] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\ctfmon.exe[436] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\ctfmon.exe[436] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\ctfmon.exe[436] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\ctfmon.exe[436] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 002C00A8
.text C:\WINDOWS\System32\alg.exe[484] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00090030
.text C:\WINDOWS\System32\alg.exe[484] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0009006C
.text C:\WINDOWS\System32\alg.exe[484] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 002A0030
.text C:\WINDOWS\System32\alg.exe[484] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 002A006C
.text C:\WINDOWS\System32\alg.exe[484] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 002A00E4
.text C:\WINDOWS\System32\alg.exe[484] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 002A0120
.text C:\WINDOWS\System32\alg.exe[484] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 002A00A8
.text C:\WINDOWS\System32\alg.exe[484] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 002B01D4
.text C:\WINDOWS\System32\alg.exe[484] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 002B00E4
.text C:\WINDOWS\System32\alg.exe[484] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 002B0120
.text C:\WINDOWS\System32\alg.exe[484] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 002B015C
.text C:\WINDOWS\System32\alg.exe[484] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 002B0198
.text C:\WINDOWS\System32\alg.exe[484] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 002B0030
.text C:\WINDOWS\System32\alg.exe[484] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 002B006C
.text C:\WINDOWS\System32\alg.exe[484] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[524] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[524] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 002A01D4
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 002A00E4
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 002A0120
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 002A015C
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 002A0198
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 002A0030
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 002A006C
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 002A00A8
.text C:\WINDOWS\system32\svchost.exe[524] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[524] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[524] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[524] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[524] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\hkcmd.exe[568] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00140030
.text C:\WINDOWS\system32\hkcmd.exe[568] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0014006C
.text C:\WINDOWS\system32\hkcmd.exe[568] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 003701D4
.text C:\WINDOWS\system32\hkcmd.exe[568] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 003700E4
.text C:\WINDOWS\system32\hkcmd.exe[568] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00370120
.text C:\WINDOWS\system32\hkcmd.exe[568] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 0037015C
.text C:\WINDOWS\system32\hkcmd.exe[568] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00370198
.text C:\WINDOWS\system32\hkcmd.exe[568] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 00370030
.text C:\WINDOWS\system32\hkcmd.exe[568] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 0037006C
.text C:\WINDOWS\system32\hkcmd.exe[568] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 003700A8
.text C:\WINDOWS\system32\hkcmd.exe[568] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 00380030
.text C:\WINDOWS\system32\hkcmd.exe[568] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 0038006C
.text C:\WINDOWS\system32\hkcmd.exe[568] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 003800E4
.text C:\WINDOWS\system32\hkcmd.exe[568] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00380120
.text C:\WINDOWS\system32\hkcmd.exe[568] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 003800A8
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[588] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00150030
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[588] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0015006C
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[588] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 003801D4
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[588] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 003800E4
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[588] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00380120
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[588] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 0038015C
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[588] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00380198
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[588] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 00380030
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[588] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 0038006C
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[588] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 003800A8
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[588] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 00390030
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[588] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 0039006C
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[588] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 003900E4
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[588] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00390120
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[588] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 003900A8
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00150030
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0015006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 003801D4
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 003800E4
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00380120
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 0038015C
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00380198
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 00380030
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 0038006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 003800A8
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 00390030
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 0039006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 003900E4
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00390120
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 003900A8
.text C:\Program Files\PowerISO\PWRISOVM.EXE[624] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00140030
.text C:\Program Files\PowerISO\PWRISOVM.EXE[624] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0014006C
.text C:\Program Files\PowerISO\PWRISOVM.EXE[624] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 00370030
.text C:\Program Files\PowerISO\PWRISOVM.EXE[624] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 0037006C
.text C:\Program Files\PowerISO\PWRISOVM.EXE[624] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 003700E4
.text C:\Program Files\PowerISO\PWRISOVM.EXE[624] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00370120
.text C:\Program Files\PowerISO\PWRISOVM.EXE[624] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 003700A8
.text C:\Program Files\PowerISO\PWRISOVM.EXE[624] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 003801D4
.text C:\Program Files\PowerISO\PWRISOVM.EXE[624] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 003800E4
.text C:\Program Files\PowerISO\PWRISOVM.EXE[624] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00380120
.text C:\Program Files\PowerISO\PWRISOVM.EXE[624] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 0038015C
.text C:\Program Files\PowerISO\PWRISOVM.EXE[624] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00380198
.text C:\Program Files\PowerISO\PWRISOVM.EXE[624] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 00380030
.text C:\Program Files\PowerISO\PWRISOVM.EXE[624] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 0038006C
.text C:\Program Files\PowerISO\PWRISOVM.EXE[624] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 003800A8
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[632] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00140030
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[632] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0014006C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[632] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 003901D4
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[632] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 003900E4
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[632] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00390120
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[632] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 0039015C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[632] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00390198
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[632] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 00390030
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[632] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 0039006C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[632] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 003900A8
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[632] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 003A0030
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[632] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 003A006C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[632] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 003A00E4
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[632] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 003A0120
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[632] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 003A00A8
.text C:\Program Files\Apoint2K\Apntex.exe[676] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00140030
.text C:\Program Files\Apoint2K\Apntex.exe[676] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0014006C
.text C:\Program Files\Apoint2K\Apntex.exe[676] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 00370030
.text C:\Program Files\Apoint2K\Apntex.exe[676] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 0037006C
.text C:\Program Files\Apoint2K\Apntex.exe[676] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 003700E4
.text C:\Program Files\Apoint2K\Apntex.exe[676] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00370120
.text C:\Program Files\Apoint2K\Apntex.exe[676] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 003700A8
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[728] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00150030
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[728] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0015006C
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[728] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 00380030
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[728] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 0038006C
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[728] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 003800E4
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[728] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00380120
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[728] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 003800A8
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[728] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 003901D4
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[728] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 003900E4
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[728] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00390120
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[728] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 0039015C
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[728] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00390198
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[728] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 00390030
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[728] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 0039006C
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[728] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 003900A8
.text C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe[736] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00150030
.text C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe[736] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0015006C
.text C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe[736] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 003801D4
.text C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe[736] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 003800E4
.text C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe[736] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00380120
.text C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe[736] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 0038015C
.text C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe[736] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00380198
.text C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe[736] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 00380030
.text C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe[736] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 0038006C
.text C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe[736] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 003800A8
.text C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe[736] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 00390030
.text C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe[736] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 0039006C
.text C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe[736] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 003900E4
.text C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe[736] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00390120
.text C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe[736] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 003900A8
.text C:\Program Files\iTunes\iTunesHelper.exe[764] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00150030
.text C:\Program Files\iTunes\iTunesHelper.exe[764] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0015006C
.text C:\Program Files\iTunes\iTunesHelper.exe[764] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 00380030
.text C:\Program Files\iTunes\iTunesHelper.exe[764] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 0038006C
.text C:\Program Files\iTunes\iTunesHelper.exe[764] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 003800E4
.text C:\Program Files\iTunes\iTunesHelper.exe[764] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00380120
.text C:\Program Files\iTunes\iTunesHelper.exe[764] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 003800A8
.text C:\Program Files\iTunes\iTunesHelper.exe[764] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 003901D4
.text C:\Program Files\iTunes\iTunesHelper.exe[764] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 003900E4
.text C:\Program Files\iTunes\iTunesHelper.exe[764] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00390120
.text C:\Program Files\iTunes\iTunesHelper.exe[764] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 0039015C
.text C:\Program Files\iTunes\iTunesHelper.exe[764] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00390198
.text C:\Program Files\iTunes\iTunesHelper.exe[764] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 00390030
.text C:\Program Files\iTunes\iTunesHelper.exe[764] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 0039006C
.text C:\Program Files\iTunes\iTunesHelper.exe[764] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 003900A8
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[784] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00150030
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[784] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0015006C
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[784] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 009401D4
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[784] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 009400E4
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[784] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00940120
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[784] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 0094015C
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[784] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00940198
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[784] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 00940030
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[784] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 0094006C
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[784] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 009400A8
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[784] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 00950030
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[784] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 0095006C
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[784] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 009500E4
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[784] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00950120
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[784] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 009500A8
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[788] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00140030
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[788] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0014006C
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[788] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 00370030
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[788] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 0037006C
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[788] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 003700E4
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[788] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 00370120
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[788] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 003700A8
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[788] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 003801D4
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[788] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 003800E4
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[788] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00380120
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[788] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 0038015C
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[788] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00380198
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[788] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 00380030
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[788] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 0038006C
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[788] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 003800A8
.text C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe[832] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00150030
.text C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe[832] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0015006C
.text C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe[832] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 003901D4
.text C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe[832] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 003900E4
.text C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe[832] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00390120
.text C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe[832] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 0039015C
.text C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe[832] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00390198
.text C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe[832] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 00390030
.text C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe[832] ADVAPI32.dll!CreateServiceW 77E07251 5 Bytes JMP 0039006C
.text C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe[832] ADVAPI32.dll!DeleteService 77E07359 5 Bytes JMP 003900A8
.text C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe[832] USER32.dll!SetWinEventHook 77D3E3D3 5 Bytes JMP 003A0030
.text C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe[832] USER32.dll!UnhookWinEvent 77D3E544 5 Bytes JMP 003A006C
.text C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe[832] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 003A00E4
.text C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe[832] USER32.dll!UnhookWindowsHookEx 77D3F29F 5 Bytes JMP 003A0120
.text C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe[832] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 003A00A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[876] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00150030
.text C:\Program Files\Java\jre6\bin\jqs.exe[876] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0015006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[876] ADVAPI32.dll!SetServiceObjectSecurity 77E06C29 5 Bytes JMP 003801D4
.text C:\Program Files\Java\jre6\bin\jqs.exe[876] ADVAPI32.dll!ChangeServiceConfigA 77E06D11 5 Bytes JMP 003800E4
.text C:\Program Files\Java\jre6\bin\jqs.exe[876] ADVAPI32.dll!ChangeServiceConfigW 77E06EA9 5 Bytes JMP 00380120
.text C:\Program Files\Java\jre6\bin\jqs.exe[876] ADVAPI32.dll!ChangeServiceConfig2A 77E06FA9 5 Bytes JMP 0038015C
.text C:\Program Files\Java\jre6\bin\jqs.exe[876] ADVAPI32.dll!ChangeServiceConfig2W 77E07031 5 Bytes JMP 00380198
.text C:\Program Files\Java\jre6\bin\jqs.exe[876] ADVAPI32.dll!CreateServiceA 77E070B9 5 Bytes JMP 00380030
.text C:\Program F
