She actually started doing the preparation to post a topic on GTG when she started seeing that Google was redirecting every search towards malicious websites. The computer was also running slowly on startup since a while and everything.
Then, one day, she came home with the computer on a blue screen, with nothing to press. She could only reset the computer manually.
The blue screen said something like this (roughly translated from french):
*DRIVER_IRQL_NOT_LESS_OR_EQUAL
Technical information
****STOP : 0x000000D1 (0x00000004, 0x00000002, 0x00000000, 0xF6BC950A)
Then, it said something about windows...cleaning the physical memory? (not sure about how to say it in english) There was probably a bit more, a more precise description could be given if asked.
After reseting the computer, the maximum time it could stay up without getting a blue screen is more or less 20 minutes. It sometimes could get the screen upon startup, and it seems to come in randomly. Therefore, the ark.txt log has never been completed due to computer shutting down before, and is only partially complete.
Here's the Logs:
OTL
OTL logfile created on: 06/05/2010 18:23:11 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = F:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
894,00 Mb Total Physical Memory | 370,00 Mb Available Physical Memory | 41,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67,79 Gb Total Space | 31,60 Gb Free Space | 46,61% Space Free | Partition Type: NTFS
Drive D: | 71,50 Gb Total Space | 65,14 Gb Free Space | 91,10% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 7,46 Gb Total Space | 0,14 Gb Free Space | 1,90% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
Drive H: | 74,51 Gb Total Space | 34,79 Gb Free Space | 46,69% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Computer Name: EMACHINE-2E2F05
Current User Name: Christelle Maître
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/05/06 17:55:34 | 000,570,880 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2010/04/14 12:47:08 | 002,790,472 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/04/14 12:47:05 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/14 12:29:58 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Fichiers communs\Mcafee\SystemCore\mfefire.exe
PRC - [2010/04/14 12:29:58 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Fichiers communs\Mcafee\SystemCore\mfevtps.exe
PRC - [2010/04/01 23:05:04 | 001,180,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/01/21 19:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010/01/05 18:04:02 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Fichiers communs\Mcafee\SystemCore\mcshield.exe
PRC - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009/10/14 02:39:07 | 000,222,728 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2009/10/14 02:39:01 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
PRC - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/07/10 17:20:54 | 000,421,888 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2008/04/14 08:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/06 16:42:36 | 000,034,040 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
PRC - [2008/04/06 16:42:24 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008/04/03 21:03:14 | 000,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2008/03/03 07:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2007/12/10 14:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2007/08/30 10:50:42 | 000,205,480 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
PRC - [2007/01/17 05:20:10 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
PRC - [2002/11/21 02:40:50 | 000,151,552 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2002/11/08 01:27:18 | 000,049,152 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
========== Modules (SafeList) ==========
MOD - [2010/05/06 17:55:34 | 000,570,880 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2008/04/14 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2010/04/14 12:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/04/14 12:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/04/14 12:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/14 12:29:58 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/04/14 12:29:58 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Fichiers communs\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/04/07 13:21:45 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/10 11:16:56 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/01/21 19:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/01/18 15:14:24 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/01/05 18:04:02 | 000,170,144 | ---- | M] () [Unknown | Running] -- C:\Program Files\Fichiers communs\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/12/09 16:23:34 | 000,365,280 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/11/06 10:20:16 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/06 11:55:34 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2008/11/04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/04/06 16:42:24 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008/04/03 21:03:14 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008/03/03 07:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
SRV - [2007/12/10 14:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/02/05 10:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 10:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007/01/17 05:20:10 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/10/26 08:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2002/11/08 01:27:18 | 000,049,152 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
========== Driver Services (SafeList) ==========
DRV - [2010/04/14 12:35:47 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/04/14 12:35:25 | 000,162,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/04/14 12:31:39 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/04/14 12:31:12 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/04/14 12:31:01 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/14 12:30:45 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/04/14 12:29:58 | 000,385,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/04/14 12:29:58 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/04/14 12:29:58 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/04/14 12:29:58 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/04/14 12:29:58 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/04/14 12:29:58 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/04/14 12:29:58 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/04/14 12:29:58 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/04/14 12:29:58 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/04/14 12:29:58 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/23 17:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2008/05/19 20:53:00 | 004,800,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/13 11:45:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2008/02/24 15:29:00 | 006,867,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/01/30 01:56:42 | 000,012,288 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008/01/29 20:59:42 | 000,013,952 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008/01/28 15:37:48 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/01/28 15:37:46 | 000,054,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/01/06 19:54:50 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/01/13 15:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2003/03/11 04:53:20 | 000,011,392 | R--- | M] (Hitachi, Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dz3u2kxp.sys -- (Dz3u2kxp)
DRV - [2003/02/06 14:43:24 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/01/31 04:45:56 | 000,090,416 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/01/18 07:31:32 | 000,010,496 | R--- | M] (Hitachi, Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dz3s2kxp.sys -- (Dz3s2kxp)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...mp;m=el1200-01h
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...mp;m=el1200-01h
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...mp;m=el1200-01h
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/04/25 16:31:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/03 05:00:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/31 22:52:51 | 000,000,000 | ---D | M]
[2010/03/12 15:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christelle Maître\Application Data\Mozilla\Extensions
[2010/03/12 15:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christelle Maître\Application Data\Mozilla\Extensions\[email protected]
[2010/05/03 04:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christelle Maître\Application Data\Mozilla\Firefox\Profiles\s1xxum27.default\extensions
[2009/09/05 08:59:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Christelle Maître\Application Data\Mozilla\Firefox\Profiles\s1xxum27.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/04 17:32:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/14 12:29:58 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2009/05/27 00:04:02 | 000,155,648 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll
[2009/03/24 11:10:44 | 000,114,688 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2010/02/24 17:56:31 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/02/24 17:56:31 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/02/24 17:56:31 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2009/08/12 14:47:04 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2010/02/24 17:56:31 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/02/24 17:56:31 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
O1 HOSTS File: ([2010/04/07 14:44:36 | 000,001,272 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Fichiers communs\Mcafee\SystemCore\ScriptSn.20100428160556.dll (McAfee, Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LaunchApp] File not found
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [Power2GoExpress] File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Fichiers communs\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Fichiers communs\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Fichiers communs\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Fichiers communs\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer.bmp
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/03 07:51:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/04/05 12:57:58 | 000,000,000 | ---D | M] - H:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2005/11/15 11:08:04 | 000,000,036 | -H-- | M] () - H:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{23c3e242-2378-11de-a01d-001d72b21d8c}\Shell - "" = AutoRun
O33 - MountPoints2\{23c3e242-2378-11de-a01d-001d72b21d8c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/04/05 14:20:48 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)
========== Files/Folders - Created Within 90 Days ==========
[2010/05/05 07:16:53 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/05 07:16:53 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/05 07:16:51 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/05 07:16:50 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/05 07:16:47 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/05 07:16:47 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/05 07:16:47 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/05 07:16:26 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/05 07:16:26 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/05 07:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/05/05 07:16:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/04 17:36:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/04 17:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/04 17:36:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/04 17:36:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/04 17:33:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/04 17:29:34 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/07 14:46:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/04/07 13:36:47 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/04/07 13:32:47 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Adobe AIR
[2010/04/07 13:21:45 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Macrovision Shared
[2010/03/31 09:26:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/03/24 17:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christelle Maître\Local Settings\Application Data\Threat Expert
[2010/03/21 14:15:18 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/03/21 14:15:10 | 000,385,536 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/03/21 14:15:10 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/03/21 14:15:10 | 000,088,480 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/03/21 14:15:10 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/03/21 14:15:10 | 000,082,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/03/21 14:15:09 | 000,152,320 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/03/21 14:15:09 | 000,095,568 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/03/21 14:15:09 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/03/21 14:15:09 | 000,051,688 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/03/21 14:15:02 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Mcafee
[2010/03/21 14:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2010/03/21 14:14:49 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/03/21 14:07:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/03/12 15:48:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christelle Maître\Local Settings\Application Data\Greyfirst
[2010/03/12 15:48:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christelle Maître\Application Data\Greyfirst
[2010/03/10 18:14:47 | 000,000,000 | ---D | C] -- C:\Program Files\Celtx
[2010/02/24 18:37:29 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/02/24 13:20:14 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/02/24 13:20:13 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/02/24 13:20:13 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010/02/24 13:20:13 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/02/24 13:18:02 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/02/24 13:17:50 | 000,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/02/24 13:17:50 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/02/24 13:17:10 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/02/24 13:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\PC Tools
[2010/02/24 13:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/02/24 13:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/02/24 13:16:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/08 18:45:34 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
========== Files - Modified Within 90 Days ==========
[2010/05/06 18:18:01 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/06 18:14:59 | 000,514,778 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/05/06 18:14:58 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/06 18:14:58 | 000,086,240 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/05/06 18:14:58 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/06 18:14:57 | 001,134,110 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/06 18:14:41 | 000,153,088 | ---- | M] () -- C:\Documents and Settings\Christelle Maître\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/06 18:10:43 | 000,001,597 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\McAfee Internet Security.lnk
[2010/05/06 18:10:13 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/06 18:09:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/06 18:09:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/06 18:09:31 | 937,938,944 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/06 18:00:04 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\B8352C9C946AD968.job
[2010/05/06 16:00:02 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/05 07:16:54 | 000,001,702 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\avast! Free Antivirus.lnk
[2010/05/05 07:16:48 | 000,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/04 18:19:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/04 17:36:25 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/05/03 20:43:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/03 05:47:22 | 005,767,168 | -H-- | M] () -- C:\Documents and Settings\Christelle Maître\NTUSER.DAT
[2010/05/01 17:37:00 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 19:13:38 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk
[2010/04/26 04:11:01 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Christelle Maître\ntuser.ini
[2010/04/21 08:14:40 | 000,104,296 | ---- | M] () -- C:\Documents and Settings\Christelle Maître\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/15 03:05:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/14 12:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/14 12:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/14 12:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/14 12:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/14 12:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/14 12:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/14 12:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/14 12:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/14 12:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/14 12:29:58 | 000,385,536 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/04/14 12:29:58 | 000,312,616 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/04/14 12:29:58 | 000,152,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/04/14 12:29:58 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/04/14 12:29:58 | 000,088,480 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/04/14 12:29:58 | 000,083,496 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/04/14 12:29:58 | 000,082,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/04/14 12:29:58 | 000,055,456 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/04/14 12:29:58 | 000,051,688 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/04/14 12:29:58 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/04/14 11:34:39 | 000,079,428 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/11 16:36:40 | 002,266,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/07 14:47:14 | 000,104,296 | ---- | M] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2010/04/05 15:06:57 | 000,036,363 | ---- | M] () -- C:\WINDOWS\CSTBox.INI
[2010/03/31 10:59:09 | 001,607,912 | -H-- | M] () -- C:\Documents and Settings\Christelle Maître\Local Settings\Application Data\IconCache.db
[2010/03/31 09:43:06 | 000,000,552 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/31 09:43:06 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/31 09:43:06 | 000,000,216 | RHS- | M] () -- C:\boot.ini
[2010/03/28 12:43:15 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Christelle Maître\Bureau\Doc1.doc
[2010/02/24 18:37:26 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/02/24 13:17:30 | 000,001,639 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Spyware Doctor.lnk
[2010/02/18 20:18:14 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\Christelle Maître\Bureau\Paint.lnk
[2010/02/08 18:46:22 | 000,001,731 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 8.lnk
========== Files Created - No Company Name ==========
[2010/05/06 17:54:44 | 000,001,597 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\McAfee Internet Security.lnk
[2010/05/05 07:16:54 | 000,001,702 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\avast! Free Antivirus.lnk
[2010/05/04 17:36:25 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/04/14 11:34:39 | 000,079,428 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/05 15:06:56 | 000,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2010/02/24 13:20:14 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/02/24 13:20:14 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/02/24 13:20:14 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/02/24 13:20:14 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/02/24 13:20:14 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/02/24 13:20:13 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/02/24 13:18:02 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/02/24 13:17:50 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/02/24 13:17:50 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/02/24 13:17:30 | 000,001,639 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Spyware Doctor.lnk
[2010/02/24 13:17:10 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/02/08 18:46:22 | 000,001,731 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 8.lnk
[2009/11/26 14:29:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/08/06 15:10:15 | 000,000,044 | ---- | C] () -- C:\WINDOWS\GMAN.INI
[2009/07/06 11:55:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2009/04/10 17:55:06 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2009/04/05 15:53:11 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS3i.DLL
[2008/09/03 09:13:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/09/03 08:04:34 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIOFM4.dll
[2008/09/03 08:04:34 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN5.dll
[2008/09/03 08:03:48 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2008/09/03 08:03:48 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2008/08/25 04:17:58 | 000,023,634 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/06/25 20:45:44 | 001,613,955 | ---- | C] () -- C:\WINDOWS\System32\CXSDI_CIPConfigPages.dll
[2008/05/16 18:06:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\CIP_CommLink2.dll
[2008/05/07 18:15:06 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\ProHELP.dll
[2008/05/07 18:14:54 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\_isuser.dll
[2008/04/14 08:00:00 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/02/24 15:29:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/02/24 15:29:00 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/02/24 15:29:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/02/24 15:29:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/02/24 15:29:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/01/24 23:54:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\CXSDI_CS1ConfigTCPResource.dll
[2007/09/07 15:13:04 | 000,872,507 | ---- | C] () -- C:\WINDOWS\System32\mesa.dll
[2005/06/10 08:46:52 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\FDT100.dll
[2005/03/28 03:45:26 | 000,000,097 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2004/06/04 13:48:48 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\liclang.dll
[2002/12/05 11:30:02 | 000,412,672 | ---- | C] () -- C:\WINDOWS\System32\jvreport.dll
[2001/12/26 10:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 17:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 10:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 16:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2001/01/23 14:49:12 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\OSLicence.dll
[1999/11/13 12:31:42 | 000,160,256 | ---- | C] () -- C:\WINDOWS\System32\JiveView.dll
========== LOP Check ==========
[2010/05/05 07:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/04/27 07:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/04/06 20:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2009/12/17 10:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NtiDvdCopy
[2010/03/27 04:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Okay meta anti lite
[2009/04/05 15:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/06/06 22:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/11/26 14:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/05/06 18:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/05 20:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/06/06 22:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/04/05 14:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2009/10/06 19:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/03/27 04:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christelle Maître\Application Data\2 Global
[2009/07/22 15:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christelle Maître\Application Data\Azureus
[2009/11/26 14:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christelle Maître\Application Data\Canon
[2009/07/06 11:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christelle Maître\Application Data\EDrawings
[2010/03/12 15:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christelle Maître\Application Data\Greyfirst
[2009/12/11 03:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christelle Maître\Application Data\MessengerDiscovery 2
[2009/11/26 14:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christelle Maître\Application Data\ScanSoft
[2009/07/16 20:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christelle Maître\Application Data\Template
[2010/05/01 17:37:00 | 000,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/05/06 18:00:04 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\Tasks\B8352C9C946AD968.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/03/31 09:01:19 | 000,028,368 | ---- | M] () -- C:\aaw7boot.log
[2008/09/03 07:51:10 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/03/31 09:43:06 | 000,000,216 | RHS- | M] () -- C:\boot.ini
[2008/04/14 08:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2008/09/03 07:51:10 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/05/06 18:09:31 | 937,938,944 | -HS- | M] () -- C:\hiberfil.sys
[2008/09/03 07:51:10 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/09/03 07:51:10 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 08:00:00 | 000,252,240 | RHS- | M] () -- C:\ntldr
[2008/09/03 16:39:52 | 000,000,005 | ---- | M] () -- C:\P1.TAG
[2010/05/06 18:09:30 | 1409,286,144 | -HS- | M] () -- C:\pagefile.sys
[2008/09/03 18:15:32 | 000,000,080 | RHS- | M] () -- C:\Preload.aaa
[2008/09/03 08:01:32 | 000,000,522 | ---- | M] () -- C:\RHDSetup.log
[1999/11/10 12:17:54 | 000,000,049 | ---- | M] () -- C:\XPH.TAG
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2010/03/11 08:34:31 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/03/11 08:34:31 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008/09/03 09:45:22 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/09/03 09:45:22 | 001,069,056 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/09/03 09:45:22 | 000,442,368 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/14 12:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2010/04/14 12:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2010/04/14 12:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2010/04/14 12:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2010/04/14 12:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2010/04/14 12:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2010/04/14 12:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2010/04/14 12:29:58 | 000,055,456 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\cfwids.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/04/14 12:29:58 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeapfk.sys
[2010/04/14 12:29:58 | 000,152,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys
[2010/04/14 12:29:58 | 000,051,688 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys
[2010/04/14 12:29:58 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeclnk.sys
[2010/04/14 12:29:58 | 000,312,616 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfefirek.sys
[2010/04/14 12:29:58 | 000,385,536 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys
[2010/04/14 12:29:58 | 000,088,480 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfendisk.sys
[2010/04/14 12:29:58 | 000,083,496 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdet.sys
[2010/04/14 12:29:58 | 000,082,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/02/24 18:37:26 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\SBREDrv.sys
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
========== Alternate Data Streams ==========
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
Extra
OTL Extras logfile created on: 06/05/2010 18:23:11 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = F:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
894,00 Mb Total Physical Memory | 370,00 Mb Available Physical Memory | 41,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67,79 Gb Total Space | 31,60 Gb Free Space | 46,61% Space Free | Partition Type: NTFS
Drive D: | 71,50 Gb Total Space | 65,14 Gb Free Space | 91,10% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 7,46 Gb Total Space | 0,14 Gb Free Space | 1,90% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
Drive H: | 74,51 Gb Total Space | 34,79 Gb Free Space | 46,69% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Computer Name: EMACHINE-2E2F05
Current User Name: Christelle Maître
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2790:TCP" = 2790:TCP:*:Enabled:Services
"4080:TCP" = 4080:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"1614:TCP" = 1614:TCP:*:Enabled:Services
"1728:TCP" = 1728:TCP:*:Enabled:Services
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2790:TCP" = 2790:TCP:*:Enabled:Services
"4080:TCP" = 4080:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"1614:TCP" = 1614:TCP:*:Enabled:Services
"1728:TCP" = 1728:TCP:*:Enabled:Services
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe" = C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:*:Enabled:BackupSvc.exe -- (NewTech InfoSystems, Inc.)
"C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe" = C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:*:Enabled:AgentSvc.exe -- (NewTech Infosystems, Inc.)
"C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe" = C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:*:Enabled:SchedulerSvc.exe -- ()
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13C5282E-473B-4AA1-A659-FEC1A82F813B}" = SolidWorks eDrawings 2009
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13
"{2BD89359-93B3-400C-BD15-106211F29CF6}" = CX-Server Common Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B160861-7250-451E-B5EE-8B92BF30A710}" = Microsoft Works
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = MyDVD
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A1F7A06-8DCC-427D-A23F-C09F4E9D525D}" = CX-Server RT
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = Pilote du DVD-RAM
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1036-7B44-A82000000003}" = Adobe Reader 8.2.0 - Français
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7A9E601-0E82-11D5-AE91-444553540000}" = DVD-MovieAlbumSE 3
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C45EB9E5-7165-4FB0-8C31-77FC4743362F}" = Manual CanoScan LiDE 25
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = Canon CanoScan Toolbox 4.9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CF2E53AA-284F-4A9E-8061-4E0846B0A7F0}" = CX-Server Driver Mgt Tool
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1093A4F-1545-475D-AF93-A6DA0210FD52}" = CX-One For Sales Promotion
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem
"avast5" = avast! Free Antivirus
"Browser Defender_is1" = Browser Defender 2.0.6.15
"Celtx (2.7)" = Celtx (2.7)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{9A1F7A06-8DCC-427D-A23F-C09F4E9D525D}" = CX-Server
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{CF2E53AA-284F-4A9E-8061-4E0846B0A7F0}" = Outil de gestion des pilotes CX-Server
"InstallShield_{F1093A4F-1545-475D-AF93-A6DA0210FD52}" = CX-One For Sales Promotion
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live & Sponsor (CiD)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MSC" = McAfee Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"PROR" = Microsoft Office Professional 2007
"RealPlayer 12.0" = RealPlayer
"Spyware Doctor" = Spyware Doctor 7.0
"VLC media player" = VLC media player 0.9.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinLiveSuite_Wave3" = Installation Windows Live
"WMFDist11" = Windows Media Format 11 runtime
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 06/05/2010 17:27:32 | Computer Name = EMACHINE-2E2F05 | Source = McLogEvent | ID = 5051
Description = Un thread du processus C:\Program Files\Fichiers communs\McAfee\SystemCore\mcshield.exe
a mis plus de 90000 ms à effectuer une requête. Le processus va se terminer. ID du
thread : 3628 (0xe2c) Adresse du thread : 0x7C91E514 Message du thread : Build VSCORE.14.2.0.723
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Program Files\Alwil
Software\Avast5\AvastUI.exe by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0)
7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 06/05/2010 17:30:24 | Computer Name = EMACHINE-2E2F05 | Source = McLogEvent | ID = 5051
Description = Un thread du processus C:\Program Files\Fichiers communs\McAfee\SystemCore\mcshield.exe
a mis plus de 90000 ms à effectuer une requête. Le processus va se terminer. ID du
thread : 5784 (0x1698) Adresse du thread : 0x7C91E514 Message du thread : Build
VSCORE.14.2.0.723 / 5400.1158 Object being scanned = \Device\HarddiskVolume2\Program
Files\Fichiers communs\Mcafee\SystemCore\mfebopa.dll by C:\Program Files\Alwil
Software\Avast5\AvastSvc.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)
5006(0)(0) 5004(0)(0)
Error - 06/05/2010 17:39:29 | Computer Name = EMACHINE-2E2F05 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.
Error - 06/05/2010 17:56:21 | Computer Name = EMACHINE-2E2F05 | Source = McLogEvent | ID = 5051
Description = Un thread du processus C:\Program Files\Fichiers communs\McAfee\SystemCore\mcshield.exe
a mis plus de 90000 ms à effectuer une requête. Le processus va se terminer. ID du
thread : 3792 (0xed0) Adresse du thread : 0x7C91E514 Message du thread : Build VSCORE.14.2.0.723
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
by **\ALG.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0)
5004(0)(0)
Error - 06/05/2010 17:59:09 | Computer Name = EMACHINE-2E2F05 | Source = McLogEvent | ID = 5051
Description = Un thread du processus C:\Program Files\Fichiers communs\McAfee\SystemCore\mcshield.exe
a mis plus de 90000 ms à effectuer une requête. Le processus va se terminer. ID du
thread : 2188 (0x88c) Adresse du thread : 0x7C91E514 Message du thread : Build VSCORE.14.2.0.723
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Program Files\Fichiers
communs\Mcafee\SystemCore\mfebopa.dll by C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 06/05/2010 18:00:06 | Computer Name = EMACHINE-2E2F05 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.
Error - 06/05/2010 18:12:57 | Computer Name = EMACHINE-2E2F05 | Source = McLogEvent | ID = 5051
Description = Un thread du processus C:\Program Files\Fichiers communs\McAfee\SystemCore\mcshield.exe
a mis plus de 90000 ms à effectuer une requête. Le processus va se terminer. ID du
thread : 3956 (0xf74) Adresse du thread : 0x7C91E514 Message du thread : Build VSCORE.14.2.0.723
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\verclsid.exe
by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)
5006(0)(0) 5004(0)(0)
Error - 06/05/2010 18:15:34 | Computer Name = EMACHINE-2E2F05 | Source = McLogEvent | ID = 5051
Description = Un thread du processus C:\Program Files\Fichiers communs\McAfee\SystemCore\mcshield.exe
a mis plus de 90000 ms à effectuer une requête. Le processus va se terminer. ID du
thread : 2568 (0xa08) Adresse du thread : 0x7C91E514 Message du thread : Build VSCORE.14.2.0.723
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Program Files\Spyware
Doctor\pctsSvc.exe by C:\WINDOWS\system32\services.exe 4(0)(0) 4(0)(0) 7200(0)(0)
7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 06/05/2010 18:15:34 | Computer Name = EMACHINE-2E2F05 | Source = McLogEvent | ID = 5051
Description = Un thread du processus C:\Program Files\Fichiers communs\McAfee\SystemCore\mcshield.exe
a mis plus de 90000 ms à effectuer une requête. Le processus va se terminer. ID du
thread : 3200 (0xc80) Adresse du thread : 0x7C91E514 Message du thread : Build VSCORE.14.2.0.723
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\atl.dll
by C:\Program Files\Java\jre6\bin\jqs.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)
7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 06/05/2010 18:15:34 | Computer Name = EMACHINE-2E2F05 | Source = McLogEvent | ID = 5051
Description = Un thread du processus C:\Program Files\Fichiers communs\McAfee\SystemCore\mcshield.exe
a mis plus de 90000 ms à effectuer une requête. Le processus va se terminer. ID du
thread : 460 (0x1cc) Adresse du thread : 0x7C91E514 Message du thread : Build VSCORE.14.2.0.723
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Program Files\Fichiers
communs\Mcafee\SystemCore\mfebopa.dll by C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
[ OSession Events ]
Error - 29/01/2010 14:50:32 | Computer Name = EMACHINE-2E2F05 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 06/05/2010 17:55:20 | Computer Name = EMACHINE-2E2F05 | Source = Service Control Manager | ID = 7000
Description = Le service Service de la passerelle de la couche Application n'a pas
pu démarrer en raison de l'erreur : %%1053
Error - 06/05/2010 17:56:26 | Computer Name = EMACHINE-2E2F05 | Source = Service Control Manager | ID = 7031
Description = Le service McShield s'est terminé de manière inattendue. Ceci s'est
produit 1 fois. L'action corrective suivante va être effectuée dans 5000 millisecondes :
Redémarrer le service.
Error - 06/05/2010 17:59:18 | Computer Name = EMACHINE-2E2F05 | Source = Service Control Manager | ID = 7031
Description = Le service McShield s'est terminé de manière inattendue. Ceci s'est
produit 2 fois. L'action corrective suivante va être effectuée dans 5000 millisecondes :
Redémarrer le service.
Error - 06/05/2010 18:00:07 | Computer Name = EMACHINE-2E2F05 | Source = Service Control Manager | ID = 7009
Description = Délai (30000 millisecondes) d'attente pour une connexion du service
Carte de performance WMI.
Error - 06/05/2010 18:00:07 | Computer Name = EMACHINE-2E2F05 | Source = Service Control Manager | ID = 7000
Description = Le service Carte de performance WMI n'a pas pu démarrer en raison
de l'erreur : %%1053
Error - 06/05/2010 18:01:34 | Computer Name = EMACHINE-2E2F05 | Source = System Error | ID = 1003
Description = Code erreur 1000008e, paramètre 1 c0000005, paramètre 2 f726c244,
paramètre 3 b9fb2a40, paramètre 4 00000000.
Error - 06/05/2010 18:05:02 | Computer Name = EMACHINE-2E2F05 | Source = TermService | ID = 1036
Description = La création de la session Terminal Server a échoué. Le code d'état
approprié était 0x102.
Error - 06/05/2010 18:11:00 | Computer Name = EMACHINE-2E2F05 | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : Lbd
Error - 06/05/2010 18:12:58 | Computer Name = EMACHINE-2E2F05 | Source = Service Control Manager | ID = 7031
Description = Le service McShield s'est terminé de manière inattendue. Ceci s'est
produit 1 fois. L'action corrective suivante va être effectuée dans 5000 millisecondes :
Redémarrer le service.
Error - 06/05/2010 18:15:35 | Computer Name = EMACHINE-2E2F05 | Source = Service Control Manager | ID = 7031
Description = Le service McShield s'est terminé de manière inattendue. Ceci s'est
produit 2 fois. L'action corrective suivante va être effectuée dans 5000 millisecondes :
Redémarrer le service.
< End of report >
Ark.txt
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-06 17:50:30
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\kgxyqaod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF32FFC08]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF72CEE22]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF72AFCDC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF72AFECE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF72CF610]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF72CF8C4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF32FF69A]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF72CDB14]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF32FF5DA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF32FF63E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF32FFCBE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF72CFD30]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF32FFC7E]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF72CF0E2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF72AF982]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xF330C32E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xF330C468]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF727CCEA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF727CC14]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF727CC28]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF727CCC0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF727CD00]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF727CCD4]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP F330C46C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP F330C332 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP F33084AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP F330997E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6395360, 0x30AF87, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[164] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 05F52862
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[164] WS2_32.dll!send 719F4C27 5 Bytes JMP 05F526EE
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[164] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 05F527E0
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[164] WS2_32.dll!recv 719F676F 5 Bytes JMP 05F52726
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[164] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 05F5275E
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[328] kernel32.dll!LoadResource 7C80A055 7 Bytes JMP 28001E30 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[328] kernel32.dll!FindResourceExW 7C80AD28 7 Bytes JMP 28001C70 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[328] kernel32.dll!FindResourceW 7C80BC6E 7 Bytes JMP 28001BF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[328] kernel32.dll!SizeofResource 7C80BD09 7 Bytes JMP 28001EF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[328] kernel32.dll!FindResourceA 7C80BF29 7 Bytes JMP 28001D00 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[328] kernel32.dll!LockResource 7C80CD37 5 Bytes JMP 28001F60 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[328] kernel32.dll!CreateEventA 7C8308B5 5 Bytes JMP 28001850 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[328] kernel32.dll!FindResourceExA 7C835FA8 7 Bytes JMP 28001D90 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[328] ADVAPI32.dll!CryptDeriveKey 77DB9FFD 7 Bytes JMP 28001000 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[328] ADVAPI32.dll!CryptDecrypt 77DBA129 7 Bytes JMP 28001060 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[328] USER32.dll!GetWindowLongW 7E3988A6 7 Bytes JMP 28006AF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[328] USER32.dll!PeekMessageW 7E39929B 5 Bytes JMP 280046B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[328] USER32.dll!SetWindowPlacement 7E39DE46 5 Bytes JMP 28005E90 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[328] USER32.dll!CreateDialogParamW 7E39EA3B 5 Bytes JMP 28006110 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[328] USER32.dll!LoadImageW 7E3A7B97 5 Bytes JMP 28006760 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[328] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 28003CE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[328] USER32.dll!SetWindowRgn 7E3AE528 7 Bytes JMP 28005FD0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[328] USER32.dll!LoadIconW 7E3AE8BC 5 Bytes JMP 28006950 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[328] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 28006300 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[328] USER32.dll!TrackPopupMenuEx 7E3ECF62 5 Bytes JMP 28004F90 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[328] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 01252862
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[328] WS2_32.dll!send 719F4C27 5 Bytes JMP 012526EE
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[328] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 012527E0
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[328] WS2_32.dll!recv 719F676F 5 Bytes JMP 01252726
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[328] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 0125275E
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[328] SHELL32.dll!Shell_NotifyIconW 7CA3A5BF 5 Bytes JMP 28003430 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[328] ole32.dll!CoInitializeEx 774BEF7B 5 Bytes JMP 28002270 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[328] ole32.dll!CoCreateInstance 774C057E 5 Bytes JMP 28002610 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[328] ole32.dll!CoRegisterClassObject 774D7E90 5 Bytes JMP 28002370 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[328] WININET.dll!InternetCloseHandle 404B4261 5 Bytes JMP 2800A290 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[328] WININET.dll!HttpOpenRequestA 404BAA7B 5 Bytes JMP 28009F50 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[328] WININET.dll!InternetReadFile 404C13D4 5 Bytes JMP 2800A0E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[328] WININET.dll!HttpSendRequestA 404C3558 5 Bytes JMP 2800A1C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe[396] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 00F62862
.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe[396] WS2_32.dll!send 719F4C27 5 Bytes JMP 00F626EE
.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe[396] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 00F627E0
.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe[396] WS2_32.dll!recv 719F676F 5 Bytes JMP 00F62726
.text C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe[396] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 00F6275E
.text C:\WINDOWS\System32\alg.exe[416] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 00B72862
.text C:\WINDOWS\System32\alg.exe[416] WS2_32.dll!send 719F4C27 5 Bytes JMP 00B726EE
.text C:\WINDOWS\System32\alg.exe[416] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 00B727E0
.text C:\WINDOWS\System32\alg.exe[416] WS2_32.dll!recv 719F676F 5 Bytes JMP 00B72726
.text C:\WINDOWS\System32\alg.exe[416] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 00B7275E
.text C:\WINDOWS\Explorer.EXE[436] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 02860000
.text C:\WINDOWS\Explorer.EXE[436] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 0286002C
.text C:\WINDOWS\Explorer.EXE[436] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 0286001B
.text C:\WINDOWS\Explorer.EXE[436] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02850FEF
.text C:\WINDOWS\Explorer.EXE[436] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
.text C:\WINDOWS\Explorer.EXE[436] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02850065
.text C:\WINDOWS\Explorer.EXE[436] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02850F7A
.text C:\WINDOWS\Explorer.EXE[436] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02850054
.text C:\WINDOWS\Explorer.EXE[436] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02850F97
.text C:\WINDOWS\Explorer.EXE[436] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02850FA8
.text C:\WINDOWS\Explorer.EXE[436] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0285008C
.text C:\WINDOWS\Explorer.EXE[436] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02850F3A
.text C:\WINDOWS\Explorer.EXE[436] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02850F1F
.text C:\WINDOWS\Explorer.EXE[436] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 028500B8
.text C:\WINDOWS\Explorer.EXE[436] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 028500DD
.text C:\WINDOWS\Explorer.EXE[436] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0285002F
.text C:\WINDOWS\Explorer.EXE[436] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02850FDE
.text C:\WINDOWS\Explorer.EXE[436] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02850F55
.text C:\WINDOWS\Explorer.EXE[436] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02850FB9
.text C:\WINDOWS\Explorer.EXE[436] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0285000A
.text C:\WINDOWS\Explorer.EXE[436] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0285009D
.text C:\WINDOWS\Explorer.EXE[436] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 01CA001B
.text C:\WINDOWS\Explorer.EXE[436] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 01CA0051
.text C:\WINDOWS\Explorer.EXE[436] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 01CA0FCA
.text C:\WINDOWS\Explorer.EXE[436] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 01CA000A
.text C:\WINDOWS\Explorer.EXE[436] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 01CA0F8A
.text C:\WINDOWS\Explorer.EXE[436] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 01CA0FEF
.text C:\WINDOWS\Explorer.EXE[436] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 01CA0F9B
.text C:\WINDOWS\Explorer.EXE[436] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [ED, 89]
.text C:\WINDOWS\Explorer.EXE[436] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 01CA002C
.text C:\WINDOWS\Explorer.EXE[436] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 03280047
.text C:\WINDOWS\Explorer.EXE[436] msvcrt.dll!system 77BF93C7 5 Bytes JMP 03280036
.text C:\WINDOWS\Explorer.EXE[436] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 03280FC6
.text C:\WINDOWS\Explorer.EXE[436] msvcrt.dll!_open 77BFF566 5 Bytes JMP 03280FE3
.text C:\WINDOWS\Explorer.EXE[436] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 03280011
.text C:\WINDOWS\Explorer.EXE[436] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 03280000
.text C:\WINDOWS\Explorer.EXE[436] WININET.dll!InternetOpenA 404C3081 5 Bytes JMP 02870000
.text C:\WINDOWS\Explorer.EXE[436] WININET.dll!InternetOpenW 404C36B1 5 Bytes JMP 02870FE5
.text C:\WINDOWS\Explorer.EXE[436] WININET.dll!InternetOpenUrlA 404C6F5A 5 Bytes JMP 0287001B
.text C:\WINDOWS\Explorer.EXE[436] WININET.dll!InternetOpenUrlW 40508439 5 Bytes JMP 0287002C
.text C:\WINDOWS\Explorer.EXE[436] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 01722862
.text C:\WINDOWS\Explorer.EXE[436] WS2_32.dll!socket 719F4211 5 Bytes JMP 02880000
.text C:\WINDOWS\Explorer.EXE[436] WS2_32.dll!send 719F4C27 5 Bytes JMP 017226EE
.text C:\WINDOWS\Explorer.EXE[436] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 017227E0
.text C:\WINDOWS\Explorer.EXE[436] WS2_32.dll!recv 719F676F 5 Bytes JMP 01722726
.text C:\WINDOWS\Explorer.EXE[436] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 0172275E
.text C:\WINDOWS\system32\svchost.exe[524] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 00E50000
.text C:\WINDOWS\system32\svchost.exe[524] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 00E50022
.text C:\WINDOWS\system32\svchost.exe[524] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00E50011
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E40FE5
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E40F66
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E40F77
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E40051
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E40040
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E4000A
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E40F27
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E40F44
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E40F0C
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E400A5
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E400CA
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E40025
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E40FD4
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E40F55
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E40F9E
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E40FB9
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E40094
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 009F001B
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 009F0F8A
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 009F0FD4
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 009F000A
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 009F0FA5
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 009F0FEF
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 009F0047
.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 009F0036
.text C:\WINDOWS\system32\svchost.exe[524] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 009E003D
.text C:\WINDOWS\system32\svchost.exe[524] msvcrt.dll!system 77BF93C7 5 Bytes JMP 009E002C
.text C:\WINDOWS\system32\svchost.exe[524] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 009E0011
.text C:\WINDOWS\system32\svchost.exe[524] msvcrt.dll!_open 77BFF566 5 Bytes JMP 009E0FEF
.text C:\WINDOWS\system32\svchost.exe[524] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 009E0FBC
.text C:\WINDOWS\system32\svchost.exe[524] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 009E0000
.text C:\WINDOWS\system32\svchost.exe[524] WININET.dll!InternetOpenA 404C3081 5 Bytes JMP 009C000A
.text C:\WINDOWS\system32\svchost.exe[524] WININET.dll!InternetOpenW 404C36B1 5 Bytes JMP 009C0FEF
.text C:\WINDOWS\system32\svchost.exe[524] WININET.dll!InternetOpenUrlA 404C6F5A 5 Bytes JMP 009C0FDE
.text C:\WINDOWS\system32\svchost.exe[524] WININET.dll!InternetOpenUrlW 40508439 5 Bytes JMP 009C0FCD
.text C:\WINDOWS\system32\svchost.exe[524] WS2_32.dll!socket 719F4211 5 Bytes JMP 009D000A
.text C:\WINDOWS\system32\services.exe[1140] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 018C0FEF
.text C:\WINDOWS\system32\services.exe[1140] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 018C002F
.text C:\WINDOWS\system32\services.exe[1140] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 018C0014
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006F0FE5
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006F0F30
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006F0F4B
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006F0F66
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006F002F
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006F0014
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006F0EF3
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006F0F0E
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006F0EC7
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006F0060
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006F007B
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006F0F83
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006F0FCA
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006F0F1F
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006F0F9E
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006F0FB9
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006F0EE2
.text C:\WINDOWS\system32\services.exe[1140] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 028E0047
.text C:\WINDOWS\system32\services.exe[1140] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 028E008E
.text C:\WINDOWS\system32\services.exe[1140] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 028E002C
.text C:\WINDOWS\system32\services.exe[1140] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 028E0011
.text C:\WINDOWS\system32\services.exe[1140] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 028E007D
.text C:\WINDOWS\system32\services.exe[1140] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 028E0000
.text C:\WINDOWS\system32\services.exe[1140] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 028E0062
.text C:\WINDOWS\system32\services.exe[1140] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 028E0FDB
.text C:\WINDOWS\system32\services.exe[1140] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 028D0FB7
.text C:\WINDOWS\system32\services.exe[1140] msvcrt.dll!system 77BF93C7 5 Bytes JMP 028D0FC8
.text C:\WINDOWS\system32\services.exe[1140] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 028D0FE3
.text C:\WINDOWS\system32\services.exe[1140] msvcrt.dll!_open 77BFF566 5 Bytes JMP 028D0000
.text C:\WINDOWS\system32\services.exe[1140] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 028D0038
.text C:\WINDOWS\system32\services.exe[1140] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 028D0011
.text C:\WINDOWS\system32\services.exe[1140] WS2_32.dll!socket 719F4211 5 Bytes JMP 025D0000
.text C:\WINDOWS\system32\services.exe[1140] WININET.dll!InternetOpenA 404C3081 5 Bytes JMP 018F0FE5
.text C:\WINDOWS\system32\services.exe[1140] WININET.dll!InternetOpenW 404C36B1 5 Bytes JMP 018F0FD4
.text C:\WINDOWS\system32\services.exe[1140] WININET.dll!InternetOpenUrlA 404C6F5A 5 Bytes JMP 018F0FC3
.text C:\WINDOWS\system32\services.exe[1140] WININET.dll!InternetOpenUrlW 40508439 5 Bytes JMP 018F0FB2
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 008F0FEF
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 008F0014
.text C:\WINDOWS\system32\lsass.exe[1160] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 008F0FD4
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008E0000
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 008E0F8A
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 008E007F
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 008E0FA5
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 008E0FB6
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 008E0FD1
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 008E00D0
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 008E00B5
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008E00EB
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008E0F52
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008E00FC
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 008E0058
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008E0011
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 008E009A
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 008E003D
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 008E0022
.text C:\WINDOWS\system32\lsass.exe[1160] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008E0F6D
.text C:\WINDOWS\system32\lsass.exe[1160] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00B40FAF
.text C:\WINDOWS\system32\lsass.exe[1160] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00B40F9E
.text C:\WINDOWS\system32\lsass.exe[1160] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00B40FCA
.text C:\WINDOWS\system32\lsass.exe[1160] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00B40000
.text C:\WINDOWS\system32\lsass.exe[1160] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00B4005B
.text C:\WINDOWS\system32\lsass.exe[1160] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00B40FE5
.text C:\WINDOWS\system32\lsass.exe[1160] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 00B40036
.text C:\WINDOWS\system32\lsass.exe[1160] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00B4001B
.text C:\WINDOWS\system32\lsass.exe[1160] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00910F99
.text C:\WINDOWS\system32\lsass.exe[1160] msvcrt.dll!system 77BF93C7 5 Bytes JMP 0091002E
.text C:\WINDOWS\system32\lsass.exe[1160] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 0091001D
.text C:\WINDOWS\system32\lsass.exe[1160] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00910FE3
.text C:\WINDOWS\system32\lsass.exe[1160] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00910FBE
.text C:\WINDOWS\system32\lsass.exe[1160] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 0091000C
.text C:\WINDOWS\system32\lsass.exe[1160] WS2_32.dll!socket 719F4211 5 Bytes JMP 00900000
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1204] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 01112862
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1204] WS2_32.dll!send 719F4C27 5 Bytes JMP 011126EE
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1204] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 011127E0
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1204] WS2_32.dll!recv 719F676F 5 Bytes JMP 01112726
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1204] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 0111275E
.text C:\WINDOWS\System32\svchost.exe[1324] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 0111000A
.text C:\WINDOWS\System32\svchost.exe[1324] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 01110FE5
.text C:\WINDOWS\System32\svchost.exe[1324] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 0111001B
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FF0000
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FF00A9
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FF0098
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FF0FC0
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FF007D
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FF0047
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FF00E1
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FF0F99
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FF0F74
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FF0103
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FF0F59
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FF0062
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FF0011
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FF00C4
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FF0FDB
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FF0022
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FF00F2
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00C3002C
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00C30F80
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00C30FDB
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00C30011
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00C30F9B
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00C30000
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 00C30FAC
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [E6, 88] {OUT 0x88, AL}
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00C3003D
.text C:\WINDOWS\System32\svchost.exe[1324] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00C2003D
.text C:\WINDOWS\System32\svchost.exe[1324] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00C20FB2
.text C:\WINDOWS\System32\svchost.exe[1324] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00C20018
.text C:\WINDOWS\System32\svchost.exe[1324] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\System32\svchost.exe[1324] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00C20FC3
.text C:\WINDOWS\System32\svchost.exe[1324] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00C20FDE
.text C:\WINDOWS\System32\svchost.exe[1324] WS2_32.dll!socket 719F4211 5 Bytes JMP 00C10000
.text C:\WINDOWS\System32\svchost.exe[1324] WININET.dll!InternetOpenA 404C3081 5 Bytes JMP 00C00000
.text C:\WINDOWS\System32\svchost.exe[1324] WININET.dll!InternetOpenW 404C36B1 5 Bytes JMP 00C00011
.text C:\WINDOWS\System32\svchost.exe[1324] WININET.dll!InternetOpenUrlA 404C6F5A 5 Bytes JMP 00C00022
.text C:\WINDOWS\System32\svchost.exe[1324] WININET.dll!InternetOpenUrlW 40508439 5 Bytes JMP 00C00033
.text C:\WINDOWS\system32\svchost.exe[1328] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 009D000A
.text C:\WINDOWS\system32\svchost.exe[1328] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 009D0FE5
.text C:\WINDOWS\system32\svchost.exe[1328] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 009D001B
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009C0FEF
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009C0F88
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009C007D
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009C006C
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009C0FAF
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009C0036
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009C0F50
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009C0F61
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009C00D8
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009C0F35
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009C00E9
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009C005B
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009C0FD4
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009C0098
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009C0025
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009C000A
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009C00B3
.text C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00D40047
.text C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00D40FB6
.text C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00D4002C
.text C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00D40011
.text C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00D4007D
.text C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00D40000
.text C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 00D40062
.text C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00D40FDB
.text C:\WINDOWS\system32\svchost.exe[1328] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00D30F95
.text C:\WINDOWS\system32\svchost.exe[1328] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00D30FA6
.text C:\WINDOWS\system32\svchost.exe[1328] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00D30016
.text C:\WINDOWS\system32\svchost.exe[1328] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00D30FEF
.text C:\WINDOWS\system32\svchost.exe[1328] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00D30FB7
.text C:\WINDOWS\system32\svchost.exe[1328] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00D30FDE
.text C:\WINDOWS\system32\svchost.exe[1328] WS2_32.dll!socket 719F4211 5 Bytes JMP 009F0000
.text C:\WINDOWS\system32\svchost.exe[1328] WININET.dll!InternetOpenA 404C3081 5 Bytes JMP 009E0FEF
.text C:\WINDOWS\system32\svchost.exe[1328] WININET.dll!InternetOpenW 404C36B1 5 Bytes JMP 009E0FDE
.text C:\WINDOWS\system32\svchost.exe[1328] WININET.dll!InternetOpenUrlA 404C6F5A 5 Bytes JMP 009E0014
.text C:\WINDOWS\system32\svchost.exe[1328] WININET.dll!InternetOpenUrlW 40508439 5 Bytes JMP 009E0FC3
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 00AE0FE5
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 00AE0FD4
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00AE000A
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AD0000
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AD00AB
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AD009A
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AD0089
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AD0062
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AD003D
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AD0F79
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AD0F8A
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AD00F7
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AD00E6
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AD0F43
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AD0FC0
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AD0011
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AD0F9B
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AD0FD1
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AD0022
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AD0F68
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00E60FAF
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00E60040
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00E60000
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00E60FD4
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00E60F83
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00E60FE5
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 00E6001B
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00E60F9E
.text C:\WINDOWS\system32\svchost.exe[1380] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00E5004B
.text C:\WINDOWS\system32\svchost.exe[1380] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00E50FCA
.text C:\WINDOWS\system32\svchost.exe[1380] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00E50029
.text C:\WINDOWS\system32\svchost.exe[1380] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00E50FEF
.text C:\WINDOWS\system32\svchost.exe[1380] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00E5003A
.text C:\WINDOWS\system32\svchost.exe[1380] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00E5000C
.text C:\WINDOWS\system32\svchost.exe[1380] WS2_32.dll!socket 719F4211 5 Bytes JMP 00B00FEF
.text C:\WINDOWS\system32\svchost.exe[1380] WININET.dll!InternetOpenA 404C3081 5 Bytes JMP 00AF0FEF
.text C:\WINDOWS\system32\svchost.exe[1380] WININET.dll!InternetOpenW 404C36B1 5 Bytes JMP 00AF0000
.text C:\WINDOWS\system32\svchost.exe[1380] WININET.dll!InternetOpenUrlA 404C6F5A 5 Bytes JMP 00AF0FCA
.text C:\WINDOWS\system32\svchost.exe[1380] WININET.dll!InternetOpenUrlW 40508439 5 Bytes JMP 00AF001B
.text C:\WINDOWS\System32\svchost.exe[1504] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 02800000
.text C:\WINDOWS\System32\svchost.exe[1504] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 02800011
.text C:\WINDOWS\System32\svchost.exe[1504] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 02800FDB
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B40FEF
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B40F74
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B40F8F
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B40073
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B40FB6
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B4003D
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B400AB
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B4009A
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B400C6
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B40F2D
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B40F12
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B40058
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B40000
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B40F63
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B4002C
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B40011
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B40F48
.text C:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 02B90FD4
.text C:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 02B90076
.text C:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 02B90025
.text C:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 02B90FEF
.text C:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 02B9005B
.text C:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 02B90000
.text C:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 02B90040
.text C:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 02B90FB9
.text C:\WINDOWS\System32\svchost.exe[1504] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 02870F77
.text C:\WINDOWS\System32\svchost.exe[1504] msvcrt.dll!system 77BF93C7 5 Bytes JMP 02870F9C
.text C:\WINDOWS\System32\svchost.exe[1504] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 02870FC8
.text C:\WINDOWS\System32\svchost.exe[1504] msvcrt.dll!_open 77BFF566 5 Bytes JMP 02870000
.text C:\WINDOWS\System32\svchost.exe[1504] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 02870FB7
.text C:\WINDOWS\System32\svchost.exe[1504] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 02870FE3
.text C:\WINDOWS\System32\svchost.exe[1504] WS2_32.dll!socket 719F4211 5 Bytes JMP 02860FEF
.text C:\WINDOWS\System32\svchost.exe[1504] WININET.dll!InternetOpenA 404C3081 5 Bytes JMP 0285000A
.text C:\WINDOWS\System32\svchost.exe[1504] WININET.dll!InternetOpenW 404C36B1 5 Bytes JMP 02850FEF
.text C:\WINDOWS\System32\svchost.exe[1504] WININET.dll!InternetOpenUrlA 404C6F5A 5 Bytes JMP 0285001B
.text C:\WINDOWS\System32\svchost.exe[1504] WININET.dll!InternetOpenUrlW 40508439 5 Bytes JMP 0285002C
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1576] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 01142862
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1576] WS2_32.dll!send 719F4C27 5 Bytes JMP 011426EE
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1576] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 011427E0
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1576] WS2_32.dll!recv 719F676F 5 Bytes JMP 01142726
.text C:\Acer\Empowering Technology\eRecovery\eRAgent.exe[1576] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 0114275E
.text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 00870000
.text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 00870011
.text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00870FDB
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00860FEF
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0086008C
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00860F97
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00860071
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00860FB2
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00860FC3
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00860F4E
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00860F5F
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008600C2
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008600A7
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008600D3
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00860054
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0086000A
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00860F7C
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00860FD4
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00860025
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00860F29
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00B3000A
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00B30040
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00B30FB9
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00B30FDE
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00B30F83
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00B30FEF
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 00B30025
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00B30F9E
.text C:\WINDOWS\system32\svchost.exe[1604] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00B2003F
.text C:\WINDOWS\system32\svchost.exe[1604] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00B20FBE
.text C:\WINDOWS\system32\svchost.exe[1604] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00B2001D
.text C:\WINDOWS\system32\svchost.exe[1604] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00B20000
.text C:\WINDOWS\system32\svchost.exe[1604] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00B2002E
.text C:\WINDOWS\system32\svchost.exe[1604] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00B20FE3
.text C:\WINDOWS\system32\svchost.exe[1604] WS2_32.dll!socket 719F4211 5 Bytes JMP 00890FEF
.text C:\WINDOWS\system32\svchost.exe[1604] WININET.dll!InternetOpenA 404C3081 5 Bytes JMP 00880FEF
.text C:\WINDOWS\system32\svchost.exe[1604] WININET.dll!InternetOpenW 404C36B1 5 Bytes JMP 00880FD4
.text C:\WINDOWS\system32\svchost.exe[1604] WININET.dll!InternetOpenUrlA 404C6F5A 5 Bytes JMP 0088000A
.text C:\WINDOWS\system32\svchost.exe[1604] WININET.dll!InternetOpenUrlW 40508439 5 Bytes JMP 0088001B
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1636] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 00FE2862
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1636] WS2_32.dll!send 719F4C27 5 Bytes JMP 00FE26EE
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1636] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 00FE27E0
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1636] WS2_32.dll!recv 719F676F 5 Bytes JMP 00FE2726
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1636] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 00FE275E
.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1720] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 01382862
.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1720] WS2_32.dll!send 719F4C27 5 Bytes JMP 013826EE
.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1720] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 013827E0
.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1720] WS2_32.dll!recv 719F676F 5 Bytes JMP 01382726
.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1720] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 0138275E
.text C:\WINDOWS\system32\svchost.exe[1760] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 01650000
.text C:\WINDOWS\system32\svchost.exe[1760] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 01650FDB
.text C:\WINDOWS\system32\svchost.exe[1760] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 01650011
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01640FEF
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01640073
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01640062
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01640047
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01640F94
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01640036
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01640F2B
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01640F48
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01640F06
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0164009F
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 016400BA
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01640FA5
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0164000A
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01640F63
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0164001B
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01640FD4
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01640084
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 0169002C
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 01690F83
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 01690FDB
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 01690011
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 01690F9E
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 01690000
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 01690FAF
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [8C, 89]
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 01690FC0
.text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 01680FC0
.text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!system 77BF93C7 5 Bytes JMP 0168004B
.text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 01680029
.text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!_open 77BFF566 5 Bytes JMP 01680000
.text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 0168003A
.text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 01680FEF
.text C:\WINDOWS\system32\svchost.exe[1760] WS2_32.dll!socket 719F4211 5 Bytes JMP 01670FEF
.text C:\WINDOWS\system32\svchost.exe[1760] WININET.dll!InternetOpenA 404C3081 5 Bytes JMP 01660FE5
.text C:\WINDOWS\system32\svchost.exe[1760] WININET.dll!InternetOpenW 404C36B1 5 Bytes JMP 01660000
.text C:\WINDOWS\system32\svchost.exe[1760] WININET.dll!InternetOpenUrlA 404C6F5A 5 Bytes JMP 0166001B
.text C:\WINDOWS\system32\svchost.exe[1760] WININET.dll!InternetOpenUrlW 40508439 5 Bytes JMP 01660FD4
.text c:\program files\real\realplayer\RealPlay.exe[2152] ws2_32.dll!closesocket 719F3E2B 5 Bytes JMP 01552862
.text c:\program files\real\realplayer\RealPlay.exe[2152] ws2_32.dll!send 719F4C27 5 Bytes JMP 015526EE
.text c:\program files\real\realplayer\RealPlay.exe[2152] ws2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 015527E0
.text c:\program files\real\realplayer\RealPlay.exe[2152] ws2_32.dll!recv 719F676F 5 Bytes JMP 01552726
.text c:\program files\real\realplayer\RealPlay.exe[2152] ws2_32.dll!WSASend 719F68FA 5 Bytes JMP 0155275E
.text C:\Program Files\Fichiers communs\McAfee\SystemCore\mfefire.exe[2292] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 00C02862
.text C:\Program Files\Fichiers communs\McAfee\SystemCore\mfefire.exe[2292] WS2_32.dll!send 719F4C27 5 Bytes JMP 00C026EE
.text C:\Program Files\Fichiers communs\McAfee\SystemCore\mfefire.exe[2292] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 00C027E0
.text C:\Program Files\Fichiers communs\McAfee\SystemCore\mfefire.exe[2292] WS2_32.dll!recv 719F676F 5 Bytes JMP 00C02726
.text C:\Program Files\Fichiers communs\McAfee\SystemCore\mfefire.exe[2292] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 00C0275E
.text C:\WINDOWS\system32\svchost.exe[2452] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 00D80FEF
.text C:\WINDOWS\system32\svchost.exe[2452] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 00D80FCA
.text C:\WINDOWS\system32\svchost.exe[2452] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00D8000A
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D70FEF
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D70F4B
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D70040
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D70F5C
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D70F83
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D70025
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D7007D
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D7006C
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D70098
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D70EF5
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D70EE4
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D70F94
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D70FD4
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D7005B
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D70FB9
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D7000A
.text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D70F10
.text C:\WINDOWS\system32\svchost.exe[2452] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 006B0028
.text C:\WINDOWS\system32\svchost.exe[2452] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 006B0F86
.text C:\WINDOWS\system32\svchost.exe[2452] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 006B0FCD
.text C:\WINDOWS\system32\svchost.exe[2452] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 006B0FDE
.text C:\WINDOWS\system32\svchost.exe[2452] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 006B004D
.text C:\WINDOWS\system32\svchost.exe[2452] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 006B0FEF
.text C:\WINDOWS\system32\svchost.exe[2452] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 006B0FAB
.text C:\WINDOWS\system32\svchost.exe[2452] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [8E, 88]
.text C:\WINDOWS\system32\svchost.exe[2452] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 006B0FBC
.text C:\WINDOWS\system32\svchost.exe[2452] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 006A0F92
.text C:\WINDOWS\system32\svchost.exe[2452] msvcrt.dll!system 77BF93C7 5 Bytes JMP 006A0027
.text C:\WINDOWS\system32\svchost.exe[2452] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 006A0FC1
.text C:\WINDOWS\system32\svchost.exe[2452] msvcrt.dll!_open 77BFF566 5 Bytes JMP 006A0FEF
.text C:\WINDOWS\system32\svchost.exe[2452] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 006A0016
.text C:\WINDOWS\system32\svchost.exe[2452] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 006A0FDE
.text C:\WINDOWS\system32\svchost.exe[2452] WININET.dll!InternetOpenA 404C3081 5 Bytes JMP 0068000A
.text C:\WINDOWS\system32\svchost.exe[2452] WININET.dll!InternetOpenW 404C36B1 5 Bytes JMP 00680025
.text C:\WINDOWS\system32\svchost.exe[2452] WININET.dll!InternetOpenUrlA 404C6F5A 5 Bytes JMP 00680FEF
.text C:\WINDOWS\system32\svchost.exe[2452] WININET.dll!InternetOpenUrlW 40508439 5 Bytes JMP 00680040
.text C:\WINDOWS\system32\svchost.exe[2452] WS2_32.dll!socket 719F4211 5 Bytes JMP 00690000
.text C:\Program Files\Bonjour\mDNSResponder.exe[2972] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 00DE2862
.text C:\Program Files\Bonjour\mDNSResponder.exe[2972] WS2_32.dll!send 719F4C27 5 Bytes JMP 00DE26EE
.text C:\Program Files\Bonjour\mDNSResponder.exe[2972] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 00DE27E0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2972] WS2_32.dll!recv 719F676F 5 Bytes JMP 00DE2726
.text C:\Program Files\Bonjour\mDNSResponder.exe[2972] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 00DE275E
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[3224] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 00D32862
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[3224] WS2_32.dll!send 719F4C27 5 Bytes JMP 00D326EE
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[3224] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 00D327E0
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[3224] WS2_32.dll!recv 719F676F 5 Bytes JMP 00D32726
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[3224] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 00D3275E
.text C:\Program Files\Java\jre6\bin\jqs.exe[3416] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 023A2862
.text C:\Program Files\Java\jre6\bin\jqs.exe[3416] WS2_32.dll!send 719F4C27 5 Bytes JMP 023A26EE
.text C:\Program Files\Java\jre6\bin\jqs.exe[3416] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 023A27E0
.text C:\Program Files\Java\jre6\bin\jqs.exe[3416] WS2_32.dll!recv 719F676F 5 Bytes JMP 023A2726
.text C:\Program Files\Java\jre6\bin\jqs.exe[3416] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 023A275E
.text C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe[3804] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Fichiers communs\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe[3804] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Fichiers communs\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Fichiers communs\McAfee\SystemCore\mfevtps.exe[3840] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 00E02862
.text C:\Program Files\Fichiers communs\McAfee\SystemCore\mfevtps.exe[3840] WS2_32.dll!send 719F4C27 5 Bytes JMP 00E026EE
.text C:\Program Files\Fichiers communs\McAfee\SystemCore\mfevtps.exe[3840] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 00E027E0
.text C:\Program Files\Fichiers communs\McAfee\SystemCore\mfevtps.exe[3840] WS2_32.dll!recv 719F676F 5 Bytes JMP 00E02726
.text C:\Program Files\Fichiers communs\McAfee\SystemCore\mfevtps.exe[3840] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 00E0275E
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3860] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 012A2862
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3860] WS2_32.dll!send 719F4C27 5 Bytes JMP 012A26EE
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3860] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 012A27E0
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3860] WS2_32.dll!recv 719F676F 5 Bytes JMP 012A2726
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[3860] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 012A275E
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3928] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 011B2862
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3928] WS2_32.dll!send 719F4C27 5 Bytes JMP 011B26EE
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3928] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 011B27E0
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3928] WS2_32.dll!recv 719F676F 5 Bytes JMP 011B2726
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[3928] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 011B275E
.text C:\Program Files\Fichiers communs\McAfee\SystemCore\mcshield.exe[4384] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 0EB22862
.text C:\Program Files\Fichiers communs\McAfee\SystemCore\mcshield.exe[4384] WS2_32.dll!send 719F4C27 5 Bytes JMP 0EB226EE
.text C:\Program Files\Fichiers communs\McAfee\SystemCore\mcshield.exe[4384] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 0EB227E0
.text C:\Program Files\Fichiers communs\McAfee\SystemCore\mcshield.exe[4384] WS2_32.dll!recv 719F676F 5 Bytes JMP 0EB22726
.text C:\Program Files\Fichiers communs\McAfee\SystemCore\mcshield.exe[4384] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 0EB2275E
---- Devices - GMER 1.0.15 ----
Device aswSP.SYS (avast! self protection module/ALWIL Software)
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
AttachedDevice mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device Udfs.SYS (UDF File System Driver/Microsoft Corporation)
MBAM
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4066
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
06/05/2010 22:17:17
mbam-log-2010-05-06 (22-17-17).txt
Scan type: Quick scan
Objects scanned: 144051
Time elapsed: 20 minute(s), 33 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Thank you!
Max.