Sujet Précédent Sujet Suivant

Pc hyper lent souris incontrolable

Résolu/Fermé
lilou4515 Messages postés 392 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 19 mars 2023 - 5 sept. 2010 à 11:59
 Utilisateur anonyme - 12 sept. 2010 à 11:05
Bonjour,

j ai un gros soucis mon pc marche très lentement
. quand je veux ouvrir par exemple une icone que j'ai sur mon bureau , j'ai un mal fou et l'icone suit le curseur de ma souris.
j'ai un rapport ci dessous merci d'avance pour la suite..

Rapport de ZHPDiag v1.26.582 par Nicolas Coolman, Update du 03/09/2010
Run by HP_Propriétaire at 05/09/2010 11:49:45
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Contact : nicolascoolman@yahoo.fr

---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702

---\\ System Information
Platform : Microsoft Windows XP (5.1.2600) Service Pack 3
Processor: x86 Family 15 Model 12 Stepping 0, AuthenticAMD
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1023 MB (40% free)
System drive C: has 36 GB (25%) free of 144 GB

---\\ Logged in mode
Computer Name: NOM-641695C7437
User Name: HP_Propriétaire
All Users Names: SUPPORT_fddfa904, SUPPORT_388945a0, HP_Propriétaire, HelpAssistant, ASPNET, Administrateur,
Unselected Option: O1,O45,O61,O65,O82
Logged in as Administrator

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 36 Go of 144 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 58 Go of 153 Go)
E:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 5 Go)
F:\ CD-ROM drive (Not Inserted)
G:\ CD-ROM drive (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
K:\ Floppy drive, Flash card reader, USB Key (Not Inserted)


---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK


---\\ Processus lancés
[MD5.279764BFCE70AF320AA48E9C4A4B4721] - (.Lavasoft - Ad-Aware Service Application.) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [1355928]
[MD5.9015BC03F62940527EC92D45EE89E46F] - (.Avira GmbH - Antivirus Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [108289]
[MD5.B8720A787C1223492E6F319465E996CE] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [185089]
[MD5.557F35D1CA42AEA14A6690E21887A31F] - (.Apple Inc. - Apple Mobile Device Service.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144712]
[MD5.3F56903E124E820AEECE6D471583C6C1] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [238888]
[MD5.B0C9FFF54F16DF2012F53A34736A0975] - (.France Telecom SA - Orange Connection Kit.) -- C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [69632]
[MD5.67CF1F160CE06E45793EFB6D2FA41E16] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 61.72.) -- C:\WINDOWS\system32\nvsvc32.exe [114755]
[MD5.D31F88C5F19EEFA366A415D6BC5F2ABC] - (.HP - PML Driver.) -- C:\WINDOWS\system32\HPZipm12.exe [69632]
[MD5.8F0DE4FEF8201E306F9938B0905AC96A] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [135664]
[MD5.7234E4B852F8FA0C48FF0E4FD7394490] - (.Sunbelt Software - Sunbelt Firewall Service.) -- C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [1234480]
[MD5.A464B1F7249B9893AB3F08CDA55F18E5] - (.Sunbelt Software - Sunbelt Firewall GUI.) -- C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe [1967664]
[MD5.06A1ECB63DF139EC639E084D4AB3C9D7] - (.Hewlett-Packard Company - hpsysdrv.) -- C:\windows\system\hpsysdrv.exe [52736]
[MD5.A6FD829F428F6445B8F72FF725438590] - (.Hewlett-Packard - HPHmon06.) -- C:\WINDOWS\system32\hphmon06.exe [659456]
[MD5.4A95F15B706B8FD9EC8715B6401EAB7B] - (.Hewlett-Packard Company - KBD EXE.) -- C:\HP\KBD\KBD.EXE [61440]
[MD5.ECDCFBEA4CAEAF2DD5E9D0092396DFC1] - (.Silicon Integrated Systems Corporation - SiS Compatible Super VGA Keyboard Daemon.) -- C:\WINDOWS\system32\keyhook.exe [249856]
[MD5.E7BE65BF79906AEBC698E077D53F6A1C] - (.Agere Systems - SoftModem Messaging Applet.) -- C:\WINDOWS\AGRSMMSG.exe [88363]
[MD5.D40191AA225638AB20E59524CDD74030] - (.THOMSON Telecom Belgium - SpeedTouch Statistics.) -- C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [866816]
[MD5.C52E2D526A576D0917A8829D325DDE86] - (.Pas de propriétaire - UMonit MFC Application.) -- C:\WINDOWS\system32\UMonit.exe [200704]
[MD5.C5F49EEBA10F86A5AF1C2D7B126A90FF] - (.Sony Corporation - Content Transfer Walkman Detector.) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe [423200]
[MD5.29680A793F690EEF4AAA68479D2A6DF8] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [209153]
[MD5.72DE9723E5203A5C5D284C6D001A1D14] - (.France Telecom SA - Orange Connection Kit.) -- C:\Program Files\Orange\Connexion Internet Orange\Launcher\Launcher.exe [717552]
[MD5.E00765FD4417D4C60325BD49279D5C62] - (.Orange - Executable Orange Inside.) -- C:\Documents and Settings\HP_Propriétaire\Application Data\Orange\OrangeInside\one\OrangeInside.exe [812032]
[MD5.527F995C40417C0F4EBB74ACA98F915A] - (.France Telecom SA - Orange Connection Kit.) -- C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe [90112]
[MD5.ABC9091B6D438381DBACFD1A82E0C0EA] - (.France Telecom SA - Orange Connection Kit.) -- C:\Program Files\Orange\Connexion Internet Orange\systray\systrayapp.exe [282624]
[MD5.682DB04704A74F228A080B31003B6FC6] - (.France Telecom SA - Orange Connection Kit.) -- C:\Program Files\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe [974848]
[MD5.CAF2CCB6E9F5FDBE99EE8904EB9DC506] - (.France Telecom SA - Orange Connection Kit.) -- C:\Program Files\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe [495616]
[MD5.8E884B0A19679340BFFF5C157075D6B5] - (.France Telecom SA - Orange Connection Kit.) -- C:\Program Files\Orange\Connexion Internet Orange\connectivity\CoreCom\OraConfigRecover.exe [53248]
[MD5.8387F133A6EDB0B97C41CB55CEDBA041] - (.Lavasoft - Ad-Aware Tray Application.) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [864624]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [638816]
[MD5.7EE856AB0E8D63B4D180CE580E14A376] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [548352]


---\\ Plugins de navigateurs Opera/Firefox(P1/P2)
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@Apple.com/iTunes,version=1.0] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
P2 - FPN: [HKLM] [@garmin.com/GpsControl] - (.GARMIN Corp. - Garmin Communicator Plug-In 2.8.3.0.) -- C:\Program Files\Garmin GPS Plugin\npGarmin.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.50826.0.) -- C:\Program Files\Microsoft Silverlight\4.0.50826.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=14.0.8117.0416] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (.not file.)
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=8] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll


---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"


---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp


---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/spresults.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html


---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18939 (longhorn_ie8_gdr.100616-1700)) -- C:\WINDOWS\system32\ieframe.dll
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} . (.Pas de propriétaire - Pas de description.) (No version) -- C:\Program Files\Orange\Connexion Internet Orange\SearchURLHook\SearchPageURL.dll


---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} . (.Microsoft Corporation - Search Helper for Internet Explorer.) -- C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} . (.Microsoft Corporation - Internet Explorer Developer Toolbar.) -- C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} . (.Pas de propriétaire - Pas de description.) -- (.not file.)


---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} . (.Hewlett-Packard Company - hp view toolbar.) -- c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O3 - Toolbar: barre d'outils Orange - {D3028143-6145-4318-99D3-3EDCE54A95A9} . (.Orange - IE Toolbar Container.) -- C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll
O3 - Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O3 - Toolbar: (no name) - {1E796980-9CC5-11D1-A83F-00C04FC99D61} . (.Pas de propriétaire - Pas de description.) -- (.not file.)


---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard Company - hpsysdrv.) -- c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHmon06] . (.Hewlett-Packard - HPHmon06.) -- C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] . (.Hewlett-Packard Company - KBD EXE.) -- C:\HP\KBD\KBD.exe
O4 - HKLM\..\Run: [Recguard] . (.Pas de propriétaire - Recguard Application.) -- C:\WINDOWS\SMINST\RECGUARD.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] . (.Silicon Integrated Systems Corporation - SiS Compatible Super VGA Keyboard Daemon.) -- C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] . (.Agere Systems - SoftModem Messaging Applet.) -- C:\Windows\AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] . (.Hewlett-Packard Company - PS2 EXE.) -- C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] . (.THOMSON Telecom Belgium - SpeedTouch Statistics.) -- C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
O4 - HKLM\..\Run: [UMonit] . (.Pas de propriétaire - UMonit MFC Application.) -- C:\WINDOWS\system32\UMonit.exe
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] . (.Sony Corporation - Content Transfer Walkman Detector.) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] . (.Apple Inc. - AppleSyncNotifier.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] . (.France Telecom SA - Orange Connection Kit.) -- C:\Program Files\Orange\Connexion Internet Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [orangeinside] . (.Orange - Executable Orange Inside.) -- C:\Documents and Settings\HP_Propriétaire\Application Data\Orange\OrangeInside\one\OrangeInside.exe
O4 - HKUS\S-1-5-21-4104955527-856496882-2249289308-1007\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-4104955527-856496882-2249289308-1007\..\Run: [orangeinside] . (.Orange - Executable Orange Inside.) -- C:\Documents and Settings\HP_Propriétaire\Application Data\Orange\OrangeInside\one\OrangeInside.exe


---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - (.not file.) - C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\cce11E.html
O8 - Extra context menu item: orange.fr . (.Pas de propriétaire - Pas de description.) -- C:\Documents and Settings\HP_Propriétaire\Application Data\Orange\OrangeInside\src\orange_html\orange.html
O8 - Extra context menu item: traduire la page - (.not file.) - C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\cce11C.html
O8 - Extra context menu item: traduire le texte sélectionné - (.not file.) - C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\cce11D.html
O8 - Extra context menu item: _orange.fr . (.Pas de propriétaire - Pas de description.) -- C:\Documents and Settings\HP_Propriétaire\Application Data\Orange\OrangeInside\src\orange_html\orange.html


---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.not file.) - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} . (.Microsoft Corporation - Internet Explorer Developer Toolbar.) -- C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (.not file.) - (.not file.)


---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files\Bonjour\mdnsNSP.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\WINDOWS\system32\wshbth.dll


---\\ Piratage de l'Option 'Rétablir les paramètres Web' (O14)
O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome


---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5A779DC0-837B-4590-AC42-C7C0847478C5} (OrangeInstaller_ModuleIE Control) - http://logicielsgratuits.orange.fr/download_service/Install/OrangeInstaller.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} () - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab


---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{03D5B8EA-18B5-4ABE-AFD8-66E9B081FDDE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{03D5B8EA-18B5-4ABE-AFD8-66E9B081FDDE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{03D5B8EA-18B5-4ABE-AFD8-66E9B081FDDE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1


---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\System32\igfxsrvc.dll


---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll


---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll


---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device (Apple Mobile Device) . (.Apple Inc. - Apple Mobile Device Service.) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) . (.France Telecom SA - Orange Connection Kit.) - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Lavasoft Ad-Aware Service (Lavasoft Ad-Aware Service) . (.Lavasoft - Ad-Aware Service Application.) - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 61.72.) - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 (Pml Driver HPZ12) . (.HP - PML Driver.) - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) . (.Sunbelt Software - Sunbelt Firewall Service.) - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe


---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Pas de propriétaire - Pas de description.) - (.not file.)


---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{C4CA4977-2455-4245-971A-D452668B9EB6}.job


---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\regutils.dll
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msnetmtg.inf
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msmsgs.inf
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\wmp11.inf
O40 - ASIC: Fax - {8b15971b-5355-4c82-8c07-7e181ea07608} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\fxsocm.inf
O40 - ASIC: Adobe Flash Player 9 ActiveX - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 10.0 r45.) -- C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx


---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: Avg Anti-Rootkit Clean Driver (AvgArCln) . (.GRISOFT, s.r.o. - AVG7 Clean Driver.) - C:\Windows\system32\DRIVERS\AvgArCln.sys
O41 - Driver: avgio (avgio) . (.Avira GmbH - Avira AntiVir Support for Minifilter.) - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
O41 - Driver: avipbb (avipbb) . (.Avira GmbH - Avira Driver for RootKit Detection.) - C:\Windows\system32\DRIVERS\avipbb.sys
O41 - Driver: FNETDEVI (FNETDEVI) . (.FNet Co., Ltd. - FNETDEVI.SYS.) - C:\WINDOWS\system32\drivers\FNETDEVI.sys
O41 - Driver: Firewall Driver (fwdrv) . (.Sunbelt Software - Sunbelt Personal Firewall FWDRV.) - C:\WINDOWS\system32\drivers\fwdrv.sys
O41 - Driver: Kerio HIPS Driver (khips) . (.Sunbelt Software - Sunbelt Personal Firewall Host Intrusion Pr.) - C:\WINDOWS\system32\drivers\khips.sys
O41 - Driver: (SiSkp) . (.Silicon Integrated Systems Corporation - SiS VGA Driver Manager.) - C:\Windows\system32\DRIVERS\srvkp.sys
O41 - Driver: ssmdrv (ssmdrv) . (.Avira GmbH - AVIRA SnapShot Driver.) - C:\Windows\system32\DRIVERS\ssmdrv.sys


---\\ Logiciels installés (O42)
O42 - Logiciel: Ad-Aware - (.Lavasoft.) [HKLM] -- Ad-Aware
O42 - Logiciel: Ad-Aware - (.Lavasoft.) [HKLM] -- {DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Flash Player 9 ActiveX - (.Adobe Systems.) [HKLM] -- ShockwaveFlash
O42 - Logiciel: Adobe Reader 9.3.4 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A93000000001}
O42 - Logiciel: Agere Systems PCI Soft Modem - (.Pas de propriétaire.) [HKLM] -- Agere Systems Soft Modem
O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM] -- {3FA365DF-2D68-45ED-8F83-8C8A33E65143}
O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM] -- {AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {6956856F-B6B3-4BE0-BA0B-8F495BE32033}
O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] -- Avira AntiVir Desktop
O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM] -- {07287123-B8AC-41CE-8346-3D777245C35B}
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: Connexion Internet Orange - (.Pas de propriétaire.) [HKLM] -- {ORAHSS}.UninstallSuite
O42 - Logiciel: Content Transfer - (.Sony Corporation.) [HKLM] -- {CFADE4AF-C0CF-4A04-A776-741318F1658F}
O42 - Logiciel: Creative WebCam NX Driver (1.02.01.0827) - (.Pas de propriétaire.) [HKLM] -- Creative PD1110
O42 - Logiciel: EVEREST Home Edition v2.20 - (.Lavalys Inc.) [HKLM] -- EVEREST Home Edition_is1
O42 - Logiciel: FAT32 Format - (.Pas de propriétaire.) [HKLM] -- FAT32 Format
O42 - Logiciel: Free Mp3 Wma Converter V 1.81 - (.Pas de propriétaire.) [HKLM] -- Free Mp3 Wma Converter_is1
O42 - Logiciel: Galerie de photos Windows Live - (.Microsoft Corporation.) [HKLM] -- {1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}
O42 - Logiciel: Garmin Communicator Plugin - (.Garmin Ltd or its subsidiaries.) [HKLM] -- {03737893-5BEE-4C78-9C58-3AE7F172BBBE}
O42 - Logiciel: Garmin USB Drivers - (.Garmin Ltd or its subsidiaries.) [HKLM] -- {65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}
O42 - Logiciel: Genesys USB Mass Storage Device - (.Genesys Logic.) [HKLM] -- {959B7F35-2819-40C5-A0CD-3C53B5FCC935}
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: HP Customer Participation Program 7.0 - (.HP.) [HKLM] -- HPExtendedCapabilities
O42 - Logiciel: HP Deskjet Preloaded Printer Drivers - (.Hewlett-Packard Company.) [HKLM] -- {F419D20A-7719-4639-8E30-C073A040D878}
O42 - Logiciel: HP Image Zone 4.2 - (.HP.) [HKLM] -- HP Photo & Imaging
O42 - Logiciel: HP Image Zone Plus 4.2 - (.HP.) [HKLM] -- {5E1494D4-3562-4FFB-B35C-600F80F6934C}
O42 - Logiciel: HP Imaging Device Functions 7.0 - (.HP.) [HKLM] -- HP Imaging Device Functions
O42 - Logiciel: HP PSC & OfficeJet 4.0 - (.HP.) [HKLM] -- {A1062847-0846-427A-92A1-BB8251A91E91}
O42 - Logiciel: HP Photosmart Essential - (.HP.) [HKLM] -- {6994491D-D491-48F1-AE1F-E179C1FFFC2F}
O42 - Logiciel: HP Photosmart, Officejet and Deskjet 7.0.A - (.HP.) [HKLM] -- {BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}
O42 - Logiciel: HP Software Update - (.Hewlett-Packard.) [HKLM] -- {457791C5-D702-4143-A7B2-2744BE9573F2}
O42 - Logiciel: HP Solution Center 7.0 - (.HP.) [HKLM] -- HP Solution Center & Imaging Support Tools
O42 - Logiciel: HPIZ402 - (.Hewlett-Packard.) [HKLM] -- {8D9768AE-DE42-4A04-A461-2361A58C384D}
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5
O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM] -- KB976002-v5
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {133742BA-6F46-4D3E-85AF-78631D9AD8B8}
O42 - Logiciel: InterVideo WinDVD Creator 2 - (.InterVideo Inc..) [HKLM] -- {2FCE4FC5-6930-40E7-A4F1-F862207424EF}
O42 - Logiciel: InterVideo WinDVD Player - (.InterVideo Inc..) [HKLM] -- {91810AFC-A4F8-4EBA-A5AA-B198BBC81144}
O42 - Logiciel: Internet Explorer Developer Toolbar - (.Microsoft.) [HKLM] -- {E7081891-BC7F-43F9-9CE6-B5DD2F497156}
O42 - Logiciel: Java(TM) 6 Update 15 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216011FF}
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] -- {8E5233E1-7495-44FB-8DEB-4BE906D59619}
O42 - Logiciel: K-Lite Codec Pack 4.4.2 (Full) - (.Pas de propriétaire.) [HKLM] -- KLiteCodecPack_is1
O42 - Logiciel: KBD - (.Pas de propriétaire.) [HKLM] -- KBD
O42 - Logiciel: Lecteur Windows Media 11 - (.Pas de propriétaire.) [HKLM] -- Windows Media Player
O42 - Logiciel: Logiciel d'archivage WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
O42 - Logiciel: MSXML 4.0 SP2 (KB936181) - (.Microsoft Corporation.) [HKLM] -- {C04E32E0-0416-434D-AFB9-6969D703A9EF}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Media Manager for WALKMAN 1.2 - (.Sony.) [HKLM] -- {5A6ED905-D19D-4954-8499-0DAF386460F7}
O42 - Logiciel: Micro Application - 9 Dictionnaires Utiles - (.Pas de propriétaire.) [HKLM] -- {B410328C-0E8C-4DD2-9DB4-DE7766D0DFE0}
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM] -- {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM] -- Microsoft .NET Framework 1.1 (1033)
O42 - Logiciel: Microsoft .NET Framework 1.1 French Language Pack - (.Microsoft.) [HKLM] -- {9A394342-4A68-4EBA-85A6-55B559F4E700}
O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB979906) - (.Pas de propriétaire.) [HKLM] -- M979906
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {0BD83598-C2EF-3343-847B-7D2E84599128}
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra - (.Microsoft Corporation.) [HKLM] -- {3E31821C-7917-367E-938E-E65FC413EA31}
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP - (.Microsoft Corporation.) [HKLM] -- MSCompPackV1
O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs - (.Microsoft Corporation.) [HKLM] -- IDNMitigationAPIs
O42 - Logiciel: Microsoft National Language Support Downlevel APIs - (.Microsoft Corporation.) [HKLM] -- NLSDownlevelMapping
O42 - Logiciel: Microsoft Office 2000 Premium - (.Microsoft Corporation.) [HKLM] -- {0000040C-78E1-11D2-B60F-006097C998E7}
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM] -- {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
O42 - Logiciel: Microsoft Search Enhancement Pack - (.Microsoft Corporation.) [HKLM] -- {4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Sync Framework Runtime Native v1.0 (x86) - (.Microsoft Corporation.) [HKLM] -- {8A74E887-8F0F-4017-AF53-CBA42211AAA5}
O42 - Logiciel: Microsoft Sync Framework Services Native v1.0 (x86) - (.Microsoft Corporation.) [HKLM] -- {BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- Wudf01000
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {7299052b-02a4-4627-81f2-1818da5d550d}
O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}
O42 - Logiciel: Microsoft Visual J# .NET Redistributable Package 1.1 - (.Microsoft.) [HKLM] -- {1A655D51-1423-48A3-B748-8F5A0BE294C8}
O42 - Logiciel: MobileMe Control Panel - (.Apple Inc..) [HKLM] -- {3AC54383-31D1-4907-961B-B12CBB1D0AE8}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - fra
O42 - Logiciel: NVIDIA Drivers - (.Pas de propriétaire.) [HKLM] -- NVIDIA Drivers
O42 - Logiciel: Norton Internet Security - (.Symantec Corporation.) [HKLM] -- {F396D99B-1FA8-4ED1-A006-B7A5972E06E2}
O42 - Logiciel: OCR Software by I.R.I.S 7.0 - (.HP.) [HKLM] -- HPOCR
O42 - Logiciel: Orange Inside - (.Orange.) [HKCU] -- Orange Inside
O42 - Logiciel: Orange Installeur version 1.0.0.0 - (.Orange.) [HKLM] -- {D13FE823-C575-4451-AC37-E645A67AA581}_1.0.0.0
O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}
O42 - Logiciel: PC-Doctor pour Windows - (.Pas de propriétaire.) [HKLM] -- {1F7CCFA3-D926-4882-B2A5-A0217ED25597}
O42 - Logiciel: PS2 - (.Pas de propriétaire.) [HKLM] -- PS2
O42 - Logiciel: Photo et imagerie HP 3.5 - HP Devices - (.HP.) [HKLM] -- {15B9DC72-73F9-4d99-9E28-848D66DA8D99}
O42 - Logiciel: Photosmart 320,370,7400,8100,8400 Series (fra) - (.HP.) [HKLM] -- {AAC4FC36-8F89-4587-8DD3-EBC57C83374D}
O42 - Logiciel: Python 2.2 combined Win32 extensions - (.Pas de propriétaire.) [HKLM] -- Python 2.2 combined Win32 extensions
O42 - Logiciel: Python 2.2.1 - (.PythonLabs at Zope Corporation.) [HKLM] -- Python 2.2.1
O42 - Logiciel: Quick Zip 4.60.019 - (.Joseph Leung.) [HKLM] -- Quick Zip_is1
O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM] -- {1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
O42 - Logiciel: Rainlendar2 (remove only) - (.Pas de propriétaire.) [HKLM] -- Rainlendar2
O42 - Logiciel: Search Settings 1.2.2 - (.Spigot, Inc..) [HKLM] -- {0B1AAC97-8563-41D9-AE47-58E6A222F0E1}
O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
O42 - Logiciel: SiS VGA Utilities - (.Pas de propriétaire.) [HKLM] -- SiS VGA Driver
O42 - Logiciel: Sonic RecordNow! - (.Hewlett-Packard.) [HKLM] -- {9541FED0-327F-4DF0-8B96-EF57EF622F19}
O42 - Logiciel: SpeedTouch USB Software - (.Pas de propriétaire.) [HKLM] -- {D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}
O42 - Logiciel: Sunbelt Personal Firewall - (.Sunbelt Software.) [HKLM] -- {BFD080F6-3BF0-40E1-9507-9CA969C35870}
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
O42 - Logiciel: VLC media player 0.9.8a - (.VideoLAN Team.) [HKLM] -- VLC media player
O42 - Logiciel: Visual C++ 2008 x86 Runtime - (v9.0.30729) - (.Microsoft Corporation.) [HKLM] -- {F333A33D-125C-32A2-8DCE-5C5D14231E27}
O42 - Logiciel: Visual C++ 2008 x86 Runtime - v9.0.30729.01 - (.Microsoft Corporation.) [HKLM] -- {F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01
O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130) - (.Microsoft Corporation.) [HKLM] -- KB892130
O42 - Logiciel: Windows Internet Explorer 7 - (.Microsoft Corporation.) [HKLM] -- ie7
O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] -- ie8
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {B3B487E7-6171-4376-9074-B28082CEB504}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
O42 - Logiciel: Windows Live Contrôle parental - (.Microsoft Corporation.) [HKLM] -- {9FF9FDF7-F84A-4F99-B4BB-066B6F95F33D}
O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM] -- {5DD76286-9BE7-4894-A990-E905E91AC818}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {445B183D-F4F1-45C8-B9DB-F11355CA657B}
O42 - Logiciel: Windows Live Toolbar - (.Microsoft Corporation.) [HKLM] -- {9D6524E6-15CF-4852-BF70-04FE973A3DE1}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM] -- {4634B21A-CC07-4396-890C-2B8168661FEA}
O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM] -- WMFDist11
O42 - Logiciel: Windows Media Format 11 runtime - (.Pas de propriétaire.) [HKLM] -- Windows Media Format Runtime
O42 - Logiciel: Windows Media Player 11 - (.Microsoft Corporation.) [HKLM] -- wmp11
O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM] -- Windows XP Service
O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XPSEPSCLP
O42 - Logiciel: barre d'outils Orange - (.France Telecom SA.) [HKLM] -- OrangeToolbarFR
O42 - Logiciel: getPlus(R) for Adobe - (.NOS Microsystems Ltd..) [HKLM] -- {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
O42 - Logiciel: iPod Video Converter 3.80 - (.iPodRobot.com @ VOW Software Co, Ltd..) [HKLM] -- iPod Video Converter
O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM] -- {A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}

---\\ HKCU & HKLM Software Keys
[HKCU\Software\AC3filter]
[HKCU\Software\AVS4YOU]
[HKCU\Software\Adobe]
[HKCU\Software\Alcatel]
[HKCU\Software\AppDataLow]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\Apple Inc.]
[HKCU\Software\Audacity]
[HKCU\Software\Avg]
[HKCU\Software\Avira]
[HKCU\Software\CDDB]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Conduit]
[HKCU\Software\Creative Tech]
[HKCU\Software\Cygnus Solutions]
[HKCU\Software\DivXNetworks]
[HKCU\Software\Eraser]
[HKCU\Software\GNU]
[HKCU\Software\GSpot Appliance Corp]
[HKCU\Software\Gabest]
[HKCU\Software\GetData]
[HKCU\Software\Google]
[HKCU\Software\Haali]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\HookNetwork]
[HKCU\Software\IE]
[HKCU\Software\IM Providers]
[HKCU\Software\Illustrate]
[HKCU\Software\Intel]
[HKCU\Software\InterVideo]
[HKCU\Software\JEDI-VCL]
[HKCU\Software\JavaSoft]
[HKCU\Software\LAventure]
[HKCU\Software\Lake]
[HKCU\Software\Lavalys]
[HKCU\Software\Lavasoft]
[HKCU\Software\Leadertech]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Macromedia]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MediaInfo]
[HKCU\Software\Mininova]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\NVIDIA Corporation]
[HKCU\Software\Netscape]
[HKCU\Software\Novell]
[HKCU\Software\ODBC]
[HKCU\Software\ORL]
[HKCU\Software\Opendisc]
[HKCU\Software\OrangeInside]
[HKCU\Software\OrangeInstaller]
[HKCU\Software\Orange]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\Quickzip]
[HKCU\Software\SPAMfighter]
[HKCU\Software\SampleView]
[HKCU\Software\Serenescreen]
[HKCU\Software\SoftPerfect]
[HKCU\Software\Sonic]
[HKCU\Software\Sony Corporation]
[HKCU\Software\Sony Creative Software]
[HKCU\Software\SpoonInstall]
[HKCU\Software\Sunbelt Software]
[HKCU\Software\Symantec]
[HKCU\Software\Trolltech]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\VOWSoft]
[HKCU\Software\VirginMega]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\Windows Live Writer]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\Yahoo]
[HKCU\Software\eBay]
[HKCU\Software\keyhole.com]
[HKLM\Software\AVG]
[HKLM\Software\AVS4YOU]
[HKLM\Software\Adobe]
[HKLM\Software\Agere]
[HKLM\Software\Alcatel]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\Avance]
[HKLM\Software\AviSynth]
[HKLM\Software\Avira]
[HKLM\Software\BrowserChoice]
[HKLM\Software\C07ft5Y]
[HKLM\Software\CDDB]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Codec Tweak Tool]
[HKLM\Software\Conduit]
[HKLM\Software\Creative Tech]
[HKLM\Software\Cygnus Solutions]
[HKLM\Software\DivXNetworks]
[HKLM\Software\FNET]
[HKLM\Software\FRANCE TELECOM]
[HKLM\Software\FreeCDRIP]
[HKLM\Software\GEAR Software]
[HKLM\Software\GNU]
[HKLM\Software\Gabest]
[HKLM\Software\Garmin]
[HKLM\Software\Gemplus]
[HKLM\Software\Genesys Logic]
[HKLM\Software\Google]
[HKLM\Software\Grisoft]
[HKLM\Software\HP]
[HKLM\Software\HaaliMkx]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\HighCriteria]
[HKLM\Software\ICE]
[HKLM\Software\INTEL]
[HKLM\Software\InstallShield]
[HKLM\Software\InterVideo]
[HKLM\Software\JavaRa]
[HKLM\Software\JavaSoft]
[HKLM\Software\KLCodecPack]
[HKLM\Software\Kantaris]
[HKLM\Software\LEAD Technologies, Inc.]
[HKLM\Software\Lake]
[HKLM\Software\Lavasoft]
[HKLM\Software\Licenses]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\Micro Application]
[HKLM\Software\MicroVision]
[HKLM\Software\MimarSinan]
[HKLM\Software\Mininova]
[HKLM\Software\Motive]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\NOS]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\Nelco]
[HKLM\Software\Novell]
[HKLM\Software\ODBC]
[HKLM\Software\Orange]
[HKLM\Software\PC-Doctor]
[HKLM\Software\Policies]
[HKLM\Software\Program Groups]
[HKLM\Software\Python]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\S3R521]
[HKLM\Software\S3]
[HKLM\Software\SECURITOO]
[HKLM\Software\SPAMfighter]
[HKLM\Software\Safer Networking Limited]
[HKLM\Software\Schlumberger]
[HKLM\Software\Secure]
[HKLM\Software\SiS]
[HKLM\Software\Sonic]
[HKLM\Software\Sony Corporation]
[HKLM\Software\Sony Creative Software]
[HKLM\Software\Sunbelt Software]
[HKLM\Software\SymNRT]
[HKLM\Software\Symantec]
[HKLM\Software\Uniblue]
[HKLM\Software\VideoLAN]
[HKLM\Software\Wilson WindowWare]
[HKLM\Software\WinRAR]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\Windows]
[HKLM\Software\X-AVCSD]
[HKLM\Software\Yahoo]
[HKLM\Software\ZSMC]
[HKLM\Software\mozilla.org]


---\\ Contenu des dossiers ProgramFiles/ProgramData (O43)
O43 - CFD:Common File Directory ----D- C:\Program Files\a-squared Free
O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\Apple Software Update
O43 - CFD:Common File Directory ----D- C:\Program Files\Avira
O43 - CFD:Common File Directory ----D- C:\Program Files\AviSynth 2.5
O43 - CFD:Common File Directory ----D- C:\Program Files\AVS4YOU
O43 - CFD:Common File Directory ----D- C:\Program Files\Bonjour
O43 - CFD:Common File Directory ----D- C:\Program Files\CCleaner
O43 - CFD:Common File Directory ----D- C:\Program Files\Conduit
O43 - CFD:Common File Directory ----D- C:\Program Files\Creative
O43 - CFD:Common File Directory ----D- C:\Program Files\DIFX
O43 - CFD:Common File Directory ----D- C:\Program Files\Easy Internet signup
O43 - CFD:Common File Directory ----D- C:\Program Files\FAT32 Format
O43 - CFD:Common File Directory ----D- C:\Program Files\Fat32Format
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers communs
O43 - CFD:Common File Directory ----D- C:\Program Files\Free Audio Pack
O43 - CFD:Common File Directory ----D- C:\Program Files\Garmin
O43 - CFD:Common File Directory ----D- C:\Program Files\Garmin GPS Plugin
O43 - CFD:Common File Directory ----D- C:\Program Files\Google
O43 - CFD:Common File Directory ----D- C:\Program Files\Help and Support Additions
O43 - CFD:Common File Directory ----D- C:\Program Files\Hewlett-Packard
O43 - CFD:Common File Directory ----D- C:\Program Files\HP
O43 - CFD:Common File Directory ----D- C:\Program Files\Illustrate
O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer
O43 - CFD:Common File Directory ----D- C:\Program Files\InterVideo
O43 - CFD:Common File Directory ----D- C:\Program Files\IObit
O43 - CFD:Common File Directory ----D- C:\Program Files\iPod
O43 - CFD:Common File Directory ----D- C:\Program Files\iPodRobot
O43 - CFD:Common File Directory ----D- C:\Program Files\iTunes
O43 - CFD:Common File Directory ----D- C:\Program Files\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\Java(2)
O43 - CFD:Common File Directory ----D- C:\Program Files\K-Lite Codec Pack
O43 - CFD:Common File Directory ----D- C:\Program Files\Lavalys
O43 - CFD:Common File Directory ----D- C:\Program Files\Lavasoft
O43 - CFD:Common File Directory ----D- C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD:Common File Directory ----D- C:\Program Files\Micro Application
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft
O43 - CFD:Common File Directory ----D- C:\Program Files\microsoft frontpage
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft SQL Server Compact Edition
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Sync Framework
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Visual Studio
O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker
O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Gaming Zone
O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 4.0
O43 - CFD:Common File Directory ----D- C:\Program Files\NetMeeting
O43 - CFD:Common File Directory ----D- C:\Program Files\NOS
O43 - CFD:Common File Directory ----D- C:\Program Files\Orange
O43 - CFD:Common File Directory ----D- C:\Program Files\Outlook Express
O43 - CFD:Common File Directory ---AD- C:\Program Files\PC-Doctor for Windows
O43 - CFD:Common File Directory ----D- C:\Program Files\QuickTime
O43 - CFD:Common File Directory ----D- C:\Program Files\QuickZip4
O43 - CFD:Common File Directory ----D- C:\Program Files\Rainlendar2
O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies
O43 - CFD:Common File Directory ----D- C:\Program Files\Services en ligne
O43 - CFD:Common File Directory ----D- C:\Program Files\SiS VGA Utilities V3.59e
O43 - CFD:Common File Directory ----D- C:\Program Files\Sonic
O43 - CFD:Common File Directory ----D- C:\Program Files\Sonic RecordNow!
O43 - CFD:Common File Directory ----D- C:\Program Files\Sony
O43 - CFD:Common File Directory ----D- C:\Program Files\Sunbelt Software
O43 - CFD:Common File Directory ----D- C:\Program Files\Thomson
O43 - CFD:Common File Directory ----D- C:\Program Files\TomTom DesktopSuite
O43 - CFD:Common File Directory ----D- C:\Program Files\Trend Micro
O43 - CFD:Common File Directory ----D- C:\Program Files\Uniblue
O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information
O43 - CFD:Common File Directory ----D- C:\Program Files\VideoLAN
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Connect 2
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT
O43 - CFD:Common File Directory --H-D- C:\Program Files\WindowsUpdate
O43 - CFD:Common File Directory ----D- C:\Program Files\WinRAR
O43 - CFD:Common File Directory ----D- C:\Program Files\xerox
O43 - CFD:Common File Directory ----D- C:\Program Files\ZHPDiag
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Apple
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\AVSMedia
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\BitDefender
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Designer
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\France Telecom
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Hewlett-Packard
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\HP
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\InstallShield
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\MSSoap
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\ODBC
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\PC Tools
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Services
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Sony Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SureThing Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\System
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Windows Live
O43 - CFD:Common File Directory -SH-D- C:\Program Files\Fichiers Communs\WindowsLiveInstaller


---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.00000000000000000000000000000000] - 05/09/2010 - 09:15:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\SchedLgU.Txt [32010]
O44 - LFC:[MD5.C7DD7D9739785BD3A6B8499EEC1DEE7E] - 05/09/2010 - 08:29:25 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [38224]
O44 - LFC:[MD5.67B48A903430C6D4FB58CBACA1866601] - 05/09/2010 - 08:29:22 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbam.sys [20952]
O44 - LFC:[MD5.00000000000000000000000000000000] - 05/09/2010 - 08:17:13 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\WindowsUpdate.log [1246370]
O44 - LFC:[MD5.67F1C8C98C2148BAF4ED68ED5117CA9D] - 05/09/2010 - 08:15:55 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\nvapps.xml [4452]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 05/09/2010 - 08:15:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\0.log [0]
O44 - LFC:[MD5.00000000000000000000000000000000] - 05/09/2010 - 08:15:19 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.00000000000000000000000000000000] - 05/09/2010 - 08:15:18 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\sti.log [608]
O44 - LFC:[MD5.00000000000000000000000000000000] - 05/09/2010 - 08:15:15 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 05/09/2010 - 08:15:03 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\bootstat.dat [2048]
O44 - LFC:[MD5.C7F870B067A40E9AF203228853D23C73] - 05/09/2010 - 08:14:55 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\aaw7boot.log [90205]
O44 - LFC:[MD5.000471E081715A81805584AF2FCF8A0E] - 05/09/2010 - 08:14:01 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\bthservsdp.dat [3308]
O44 - LFC:[MD5.ADEFE7A022D977E431C17B46153707D2] - 05/09/2010 - 08:05:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\FaxSetup.log [61594]
O44 - LFC:[MD5.09724E220EEAB5395A4D8844C7463C79] - 05/09/2010 - 08:05:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\KB981332-IE8.log [7217]
O44 - LFC:[MD5.B953EB23165846090766FF9CA956073E] - 05/09/2010 - 08:05:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\comsetup.log [20422]
O44 - LFC:[MD5.C88D66ADEB230FD54D947B756C45F36C] - 05/09/2010 - 08:05:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\iis6.log [9634]
O44 - LFC:[MD5.39B3F72C9EEEE6AE609638B651CEDADA] - 05/09/2010 - 08:05:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\imsins.log [1355]
O44 - LFC:[MD5.EF62BD3FE5CB279D85DDB2736E6C921B] - 05/09/2010 - 08:05:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\msgsocm.log [3030]
O44 - LFC:[MD5.011D503AB844C213491083444AA50FEA] - 05/09/2010 - 08:05:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\ntdtcsetup.log [12362]
O44 - LFC:[MD5.50FB9C9E9EB994284AC3DC982EA14AF8] - 05/09/2010 - 08:05:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\ocgen.log [29560]
O44 - LFC:[MD5.31D3985B5BA22E48F6EC8D67AE5AE24B] - 05/09/2010 - 08:05:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\ocmsn.log [3420]
O44 - LFC:[MD5.61CABABC79465081062CD9BD2D16B91E] - 05/09/2010 - 08:05:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\setupapi.log [14964]
O44 - LFC:[MD5.F869CB40C5679555D2DEE4BBA2D10B09] - 05/09/2010 - 08:05:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\tsoc.log [23590]
O44 - LFC:[MD5.5DDBD7D9BC420CF34BCBF2B18699BFE8] - 05/09/2010 - 08:05:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\KB976662-IE8.log [8115]
O44 - LFC:[MD5.26146A18C026D9F44BB44822E2BFEF07] - 05/09/2010 - 08:05:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\imsins.BAK [1355]
O44 - LFC:[MD5.722F2988A014341A454FDAEDA02F8A8C] - 05/09/2010 - 08:05:15 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\updspapi.log [43257]
O44 - LFC:[MD5.C4B8DC578E4D69F8F7B093E4087F8460] - 05/09/2010 - 08:05:08 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\KB971961-IE8.log [7864]
O44 - LFC:[MD5.A6E2514716EC28AD305F35D921153495] - 05/09/2010 - 08:03:01 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\wpa.dbl [1158]
O44 - LFC:[MD5.6C67AC9BE6D413F6EABE66AFB1DAB355] - 05/09/2010 - 06:17:04 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\spupdsvc.log [7525]
O44 - LFC:[MD5.6828009A50744E5FA9EF26C7D95B53FB] - 05/09/2010 - 06:14:49 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\ie8_main.log [42880]
O44 - LFC:[MD5.1DCC9CFE391B87FE1F99026C9CC03865] - 05/09/2010 - 06:14:45 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\KB2183461-IE8.log [166858]
O44 - LFC:[MD5.E508F8C5D893547CFF5BCAFFEB878BDF] - 05/09/2010 - 06:14:09 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\KB982664-IE8.log [159863]
O44 - LFC:[MD5.F711748CA7CB773198A2126A705B634B] - 05/09/2010 - 06:13:57 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\KB982381-IE8.log [181668]
O44 - LFC:[MD5.7C536719CB6155EBB082238D090804AA] - 05/09/2010 - 06:12:51 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\ie8.log [176548]
O44 - LFC:[MD5.7301F1916E680D330326AE01802CC2DA] - 05/09/2010 - 05:47:47 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\KB2183461-IE7.log [73492]
O44 - LFC:[MD5.D3E15965DE089FBA16F2E82A0D9DCAF5] - 05/09/2010 - 05:47:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\KB981349.log [12176]
O44 - LFC:[MD5.CB446351EC02416C2795145EC3D8D8F5] - 05/09/2010 - 05:47:07 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\KB971961.log [8171]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 05/09/2010 - 05:47:05 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\setupact.log [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 05/09/2010 - 05:47:05 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\setuperr.log [0]
O44 - LFC:[MD5.408A6EAADFF48AC9D5F1F587A1CC15FA] - 31/08/2010 - 15:49:09 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\FNTCACHE.DAT [152384]
O44 - LFC:[MD5.2C46310AC8198036C99E7DA2F652E6F9] - 31/08/2010 - 15:45:02 ---A- . (.Pas de propri
A voir également:

51 réponses

Réponse 1 / 51
Utilisateur anonyme
5 sept. 2010 à 13:01
Salut

* Bienvenue sur CCM !
* N'ouvre pas d'autres sujets pour le même problème >> sur ce forum ou sur un autre
* Ensemble nous allons essayer de régler ton problème .


1)Rapport de ZHPDiag >> incomplet

poste un nouveau rapport ZHPDiag
* Héberge le rapport sur ce site,
>> Cijoint.fr
* puis copie/colle le lien fourni dans ta prochaine réponse sur le forum.


* Pour t aider ,pour heberger le rapport
* rends toi sur Cijoint.fr
* clic sur Parcourir
* trouve >> le rapport que tu viens d'enregistrer qui doit par exemple être sur ton bureau
* et valide en cliquant sur >> Cliquez ici pour déposer le Fichier
* un lien de ce genre http://www.cijoint.fr/cjlink.php?file=cj201004/cijecaEGX.txt te sera généré,
* il te suffit de le poster ici pour que je puisse voir le rapport


a premiére vue

2) * Télécharge de AD-Remover sur ton Bureau. (Merci à C_XX)

* Ad-Remover permet d'éliminer proprement les publiciels vérolés, « adware » en anglais.
* Affichant de la publicité en échange d'un service gratuit,
* certains d'entre eux contiennent des logiciels espions violant votre vie privée numérique tout en modifiant le comportement de ton système.

ICI >>AD-Remover

/!\ Déconnecte-toi d'internet et ferme toutes applications en cours /!\

* Double-clique sur l'icône Ad-remover située sur ton Bureau.
* Sur la page, clique sur le bouton « Nettoyer »
* Confirme l'opération
* Poste le rapport qui apparaît à la fin.
* (Le rapport est sauvegardé aussi sous C:\Ad-report.)
* (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)







Membre Contributeur sécurité CCM
Windows Vista // Windows XP
0
Réponse 2 / 51
lilou4515 Messages postés 392 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 19 mars 2023 3
5 sept. 2010 à 13:59
Bonjour

voici le premier résultat.

http://www.cijoint.fr/cjlink.php?file=cj201009/cijROgGphF.txt

je continue la suite

a+
0
Réponse 3 / 51
lilou4515 Messages postés 392 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 19 mars 2023 3
5 sept. 2010 à 14:19
voici le rapport complémentaire de ad remover



======= RAPPORT D'AD-REMOVER 2.0.0.1,E | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par C_XX le 03/09/10 à 23:00
Contact: AdRemover.contact[AT]gmail.com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 14:01:05 le 05/09/2010, Mode normal

Microsoft Windows XP Édition familiale Service Pack 3 (X86)
HP_Propriétaire@NOM-641695C7437 ( )

============== ACTION(S) ==============


0,Dossier supprimé: C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Conduit
0,Dossier supprimé: C:\Program Files\Conduit
3,Fichier supprimé: C:\WINDOWS\Installer\76a694.msi

(!) -- Fichiers temporaires supprimés.


1,Clé supprimée: HKLM\Software\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
1,Clé supprimée: HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
0,Clé supprimée: HKLM\Software\Classes\SearchSettings.BHO
0,Clé supprimée: HKLM\Software\Classes\SearchSettings.BHO.1
0,Clé supprimée: HKLM\Software\Conduit
0,Clé supprimée: HKCU\Software\Conduit
0,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}

0,Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}


============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [Impossible d'obtenir la version] **

========================================

** Internet Explorer Version [8.0.6001.18702] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 4 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 12 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 05/09/2010 (1469 Octet(s))

Fin à: 14:09:51, 05/09/2010

============== E.O.F ==============



merci d'avance pour la suite
0
Réponse 4 / 51
Utilisateur anonyme
Modifié par VIRUS-C-C le 5/09/2010 à 14:26
Salut lilou4515



1) -+-+-+-+-> ZHPFix <-+-+-+-+-


* ferme toutes les applications ouvertes.
* Copies tout le texte présent en gras dans l'encadré ci-dessous
*( tu le selectionnes avec ta souris >> Clique droit dessus et choisis "copier" ou fait Ctrl+C )



O3 - Toolbar: (no name) - {1E796980-9CC5-11D1-A83F-00C04FC99D61} . (.Pas de propriétaire - Pas de description.) -- (.not file.)
OPT:O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe
OPT:O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
OPT:OPT:O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
OPT:O4 - HKUS\S-1-5-21-4104955527-856496882-2249289308-1007\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O42 - Logiciel: Search Settings 1.2.2 - (.Spigot, Inc..) [HKLM] -- {0B1AAC97-8563-41D9-AE47-58E6A222F0E1}
[HKCU\Software\Conduit]
[HKCU\Software\Mininova]
[HKLM\Software\BrowserChoice]
O43 - CFD:Common File Directory ----D- C:\Program Files\Conduit
O53 - SMSR:HKLM\...\startupreg\swg [Key] . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe





* Double Clique sur l'icone ZhpFix du bureau pour le lancer .
* Windows7/Vista >> Fais un clic-droit sur le raccourci de ZHPFix et choisis "Exécuter en temps qu'administrateur"
* Une fois l'outil ZHPFix ouvert ,

* clique sur le bouton [ H ] ( "coller les lignes Helper" ) .

* Dans l'encadré principal
* tu verras donc les lignes que tu as copié précédemment apparaitre .
* Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.
* cliques >> OK puis
* Clques sur >>Tous
* Pour finir clique sur >> Nettoyer .
* colle le rapport obtenu .
( ce rapport est sauvegardé dans ce dossier C:\Program files\ZHPDiag\ZHPFixReport.txt )




2) /!\ Il faut IMPERATIVEMENT désactiver tous tes logiciels de protection pour utiliser ce programme/!\

* Télécharge GMER Rootkit Scanner :

* GMER est l'un des meilleurs scanneurs rootkits actuels.
* Il est capable de détecter la casi totalité des rootkits.

ICI >> gmer

* Ferme également toutes les applications actives dont ton navigateur.
* Clique sur le bouton "Download EXE"
* Sauvegarde-le sur ton Bureau.
* Double-clique sur l'exécutable téléchargé .
* Utilisateurs de Windows Vista / Windows7 tu fais un clic droit sur l'icône et exécute en tant qu'administrateur..
* Dans l'onglet "Rootkit", clique sur "SCAN" puis patiente...
* A la fin, clique sur "SAVE" et enregistre le rapport sur ton Bureau.
* Héberge le rapport de Gmer sur ce site,
cijoint.fr
* Copie/colle les liens générés ici


* Pour t aider
* rends toi sur http://www.cijoint.fr
* clic sur Parcourir
* trouve >> le rapport que tu viens d'enregistrer qui doit par exemple être sur ton bureau
* et valide en cliquant sur >> Cliquez ici pour déposer le Fichier
* un lien de ce genre http://www.cijoint.fr/cjlink.php?file=cj201004/cijecaEGX.txt te sera généré,


Si GMER plante, il faut savoir que certains logiciels peuvent gêner les outils de désinfection.
Utilise Defogger pour les désactiver temporairement



* Télécharge Defogger (de jpshortstuff) sur ton Bureau
ICI >> Defogger (de jpshortstuff)
* Lance le
* Pour Windows Vista et Windows 7,
* faire un clic droit et >> Exécuter en tant qu'administrateur.
* Une fenêtre apparait : clique sur "Disable"
* Fais redémarrer l'ordinateur si l'outil te le demande
* Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"

* puis réessaye Gmer :



3)/!\ Réactives tous tes logiciels de protection /!\



4)* J ai vu que tu as Malwarebytes

* Lances--> Malwarebytes (MBAM)
* Fais une mise a jour <== à faire
* Puis vas dans l'onglet "Recherche", coche >> Exécuter un examen complet
* puis "Rechercher"
* Sélectionnes tes disques durs" puis clique sur "Lancer l'examen"
* A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport
*Si MalwareBytes' détecte des infections, clique sur ==>Afficher les résultats, puis sur ==>Supprimer la sélection
* S'il t' es demandé de redémarrer, clique sur "oui "
* aprés la suppression(s) de ou des infections trouvées --> poste le rapport ici




Membre Contributeur sécurité CCM
Windows Vista // Windows XP
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 51
lilou4515 Messages postés 392 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 19 mars 2023 3
5 sept. 2010 à 14:35
voici le rapport:

O3 - Toolbar: (no name) - {1E796980-9CC5-11D1-A83F-00C04FC99D61} . (.Pas de propriétaire - Pas de description.) -- (.not file.)
OPT:O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe
OPT:O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
OPT:OPT:O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
OPT:O4 - HKUS\S-1-5-21-4104955527-856496882-2249289308-1007\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O42 - Logiciel: Search Settings 1.2.2 - (.Spigot, Inc..) [HKLM] -- {0B1AAC97-8563-41D9-AE47-58E6A222F0E1}
[HKCU\Software\Conduit]
[HKCU\Software\Mininova]
[HKLM\Software\BrowserChoice]
O43 - CFD:Common File Directory ----D- C:\Program Files\Conduit
O53 - SMSR:HKLM\...\startupreg\swg [Key] . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
0
Réponse 6 / 51
lilou4515 Messages postés 392 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 19 mars 2023 3
5 sept. 2010 à 14:36
pour la phase 2 :

il faut que je désactive antivir ad aware et ccleaner ?

A+
0
Réponse 7 / 51
lilou4515 Messages postés 392 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 19 mars 2023 3
5 sept. 2010 à 14:44
ainsi que mon pare feu ??

A+
0
Réponse 8 / 51
Utilisateur anonyme
5 sept. 2010 à 16:04
Salut

ce n est pas le rapport de ZHPDiag que tu m'as posté ,mais un copié/collé des lignes à fixer

refais en lisant bien !!!
0
Réponse 9 / 51
lilou4515 Messages postés 392 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 19 mars 2023 3
5 sept. 2010 à 18:42
Je pense avoir enfin réussi:
Rapport de ZHPDiag v1.26.582 par Nicolas Coolman, Update du 03/09/2010
Run by HP_Propriétaire at 05/09/2010 18:35:33
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Contact : nicolascoolman@yahoo.fr

---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702

---\\ System Information
Platform : Microsoft Windows XP (5.1.2600) Service Pack 3
Processor: x86 Family 15 Model 12 Stepping 0, AuthenticAMD
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1023 MB (44% free)
System drive C: has 36 GB (25%) free of 144 GB

---\\ Logged in mode
Computer Name: NOM-641695C7437
User Name: HP_Propriétaire
All Users Names: SUPPORT_fddfa904, SUPPORT_388945a0, HP_Propriétaire, HelpAssistant, ASPNET, Administrateur,
Unselected Option: O1,O45,O61,O65,O82
Logged in as Administrator

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 36 Go of 144 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 58 Go of 153 Go)
E:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 5 Go)
F:\ CD-ROM drive (Free 0 Go of 1 Go)
G:\ CD-ROM drive (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
K:\ Floppy drive, Flash card reader, USB Key (Not Inserted)


---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK


---\\ Processus lancés
[MD5.279764BFCE70AF320AA48E9C4A4B4721] - (.Lavasoft - Ad-Aware Service Application.) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [1355928]
[MD5.9015BC03F62940527EC92D45EE89E46F] - (.Avira GmbH - Antivirus Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [108289]
[MD5.B8720A787C1223492E6F319465E996CE] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [185089]
[MD5.557F35D1CA42AEA14A6690E21887A31F] - (.Apple Inc. - Apple Mobile Device Service.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144712]
[MD5.3F56903E124E820AEECE6D471583C6C1] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [238888]
[MD5.B0C9FFF54F16DF2012F53A34736A0975] - (.France Telecom SA - Orange Connection Kit.) -- C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [69632]
[MD5.67CF1F160CE06E45793EFB6D2FA41E16] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 61.72.) -- C:\WINDOWS\system32\nvsvc32.exe [114755]
[MD5.8F0DE4FEF8201E306F9938B0905AC96A] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [135664]
[MD5.7234E4B852F8FA0C48FF0E4FD7394490] - (.Sunbelt Software - Sunbelt Firewall Service.) -- C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [1234480]
[MD5.A464B1F7249B9893AB3F08CDA55F18E5] - (.Sunbelt Software - Sunbelt Firewall GUI.) -- C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe [1967664]
[MD5.06A1ECB63DF139EC639E084D4AB3C9D7] - (.Hewlett-Packard Company - hpsysdrv.) -- C:\windows\system\hpsysdrv.exe [52736]
[MD5.A6FD829F428F6445B8F72FF725438590] - (.Hewlett-Packard - HPHmon06.) -- C:\WINDOWS\system32\hphmon06.exe [659456]
[MD5.4A95F15B706B8FD9EC8715B6401EAB7B] - (.Hewlett-Packard Company - KBD EXE.) -- C:\HP\KBD\KBD.EXE [61440]
[MD5.ECDCFBEA4CAEAF2DD5E9D0092396DFC1] - (.Silicon Integrated Systems Corporation - SiS Compatible Super VGA Keyboard Daemon.) -- C:\WINDOWS\system32\keyhook.exe [249856]
[MD5.E7BE65BF79906AEBC698E077D53F6A1C] - (.Agere Systems - SoftModem Messaging Applet.) -- C:\WINDOWS\AGRSMMSG.exe [88363]
[MD5.D40191AA225638AB20E59524CDD74030] - (.THOMSON Telecom Belgium - SpeedTouch Statistics.) -- C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [866816]
[MD5.C52E2D526A576D0917A8829D325DDE86] - (.Pas de propriétaire - UMonit MFC Application.) -- C:\WINDOWS\system32\UMonit.exe [200704]
[MD5.C5F49EEBA10F86A5AF1C2D7B126A90FF] - (.Sony Corporation - Content Transfer Walkman Detector.) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe [423200]
[MD5.29680A793F690EEF4AAA68479D2A6DF8] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [209153]
[MD5.E00765FD4417D4C60325BD49279D5C62] - (.Orange - Executable Orange Inside.) -- C:\Documents and Settings\HP_Propriétaire\Application Data\Orange\OrangeInside\one\OrangeInside.exe [812032]
[MD5.72DE9723E5203A5C5D284C6D001A1D14] - (.France Telecom SA - Orange Connection Kit.) -- C:\Program Files\Orange\Connexion Internet Orange\Launcher\Launcher.exe [717552]
[MD5.527F995C40417C0F4EBB74ACA98F915A] - (.France Telecom SA - Orange Connection Kit.) -- C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe [90112]
[MD5.ABC9091B6D438381DBACFD1A82E0C0EA] - (.France Telecom SA - Orange Connection Kit.) -- C:\Program Files\Orange\Connexion Internet Orange\systray\systrayapp.exe [282624]
[MD5.682DB04704A74F228A080B31003B6FC6] - (.France Telecom SA - Orange Connection Kit.) -- C:\Program Files\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe [974848]
[MD5.CAF2CCB6E9F5FDBE99EE8904EB9DC506] - (.France Telecom SA - Orange Connection Kit.) -- C:\Program Files\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe [495616]
[MD5.8E884B0A19679340BFFF5C157075D6B5] - (.France Telecom SA - Orange Connection Kit.) -- C:\Program Files\Orange\Connexion Internet Orange\connectivity\CoreCom\OraConfigRecover.exe [53248]
[MD5.8387F133A6EDB0B97C41CB55CEDBA041] - (.Lavasoft - Ad-Aware Tray Application.) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [864624]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [638816]
[MD5.C78A7317A8554F4369DA522E0DCF87D6] - (.Nicolas Coolman - Nettoyeur de rapport ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPFix.exe [472576]
[MD5.7EE856AB0E8D63B4D180CE580E14A376] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [548352]


---\\ Plugins de navigateurs Opera/Firefox(P1/P2)
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@Apple.com/iTunes,version=1.0] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
P2 - FPN: [HKLM] [@garmin.com/GpsControl] - (.GARMIN Corp. - Garmin Communicator Plug-In 2.8.3.0.) -- C:\Program Files\Garmin GPS Plugin\npGarmin.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.50826.0.) -- C:\Program Files\Microsoft Silverlight\4.0.50826.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=14.0.8117.0416] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (.not file.)
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=8] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll


---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"


---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr


---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk


---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18939 (longhorn_ie8_gdr.100616-1700)) -- C:\WINDOWS\system32\ieframe.dll
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} . (.Pas de propriétaire - Pas de description.) (No version) -- C:\Program Files\Orange\Connexion Internet Orange\SearchURLHook\SearchPageURL.dll


---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} . (.Microsoft Corporation - Search Helper for Internet Explorer.) -- C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} . (.Pas de propriétaire - Pas de description.) -- (.not file.)


---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} . (.Hewlett-Packard Company - hp view toolbar.) -- c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O3 - Toolbar: barre d'outils Orange - {D3028143-6145-4318-99D3-3EDCE54A95A9} . (.Orange - IE Toolbar Container.) -- C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll
O3 - Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} . (.Pas de propriétaire - Pas de description.) -- (.not file.)


---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard Company - hpsysdrv.) -- c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHmon06] . (.Hewlett-Packard - HPHmon06.) -- C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] . (.Hewlett-Packard Company - KBD EXE.) -- C:\HP\KBD\KBD.exe
O4 - HKLM\..\Run: [Recguard] . (.Pas de propriétaire - Recguard Application.) -- C:\WINDOWS\SMINST\RECGUARD.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] . (.Silicon Integrated Systems Corporation - SiS Compatible Super VGA Keyboard Daemon.) -- C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] . (.Agere Systems - SoftModem Messaging Applet.) -- C:\Windows\AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] . (.Hewlett-Packard Company - PS2 EXE.) -- C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] . (.THOMSON Telecom Belgium - SpeedTouch Statistics.) -- C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
O4 - HKLM\..\Run: [UMonit] . (.Pas de propriétaire - UMonit MFC Application.) -- C:\WINDOWS\system32\UMonit.exe
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] . (.Sony Corporation - Content Transfer Walkman Detector.) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] . (.Apple Inc. - AppleSyncNotifier.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ORAHSSSessionManager] . (.France Telecom SA - Orange Connection Kit.) -- C:\Program Files\Orange\Connexion Internet Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKCU\..\Run: [orangeinside] . (.Orange - Executable Orange Inside.) -- C:\Documents and Settings\HP_Propriétaire\Application Data\Orange\OrangeInside\one\OrangeInside.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-4104955527-856496882-2249289308-1007\..\Run: [orangeinside] . (.Orange - Executable Orange Inside.) -- C:\Documents and Settings\HP_Propriétaire\Application Data\Orange\OrangeInside\one\OrangeInside.exe
O4 - HKUS\S-1-5-21-4104955527-856496882-2249289308-1007\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe


---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - (.not file.) - C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\cce11E.html
O8 - Extra context menu item: orange.fr . (.Pas de propriétaire - Pas de description.) -- C:\Documents and Settings\HP_Propriétaire\Application Data\Orange\OrangeInside\src\orange_html\orange.html
O8 - Extra context menu item: traduire la page - (.not file.) - C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\cce11C.html
O8 - Extra context menu item: traduire le texte sélectionné - (.not file.) - C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\cce11D.html
O8 - Extra context menu item: _orange.fr . (.Pas de propriétaire - Pas de description.) -- C:\Documents and Settings\HP_Propriétaire\Application Data\Orange\OrangeInside\src\orange_html\orange.html


---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.not file.) - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (.not file.) - (.not file.)


---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files\Bonjour\mdnsNSP.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\WINDOWS\system32\wshbth.dll


---\\ Piratage de l'Option 'Rétablir les paramètres Web' (O14)
O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome


---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5A779DC0-837B-4590-AC42-C7C0847478C5} (OrangeInstaller_ModuleIE Control) - http://logicielsgratuits.orange.fr/download_service/Install/OrangeInstaller.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} () - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab


---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{03D5B8EA-18B5-4ABE-AFD8-66E9B081FDDE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{03D5B8EA-18B5-4ABE-AFD8-66E9B081FDDE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{03D5B8EA-18B5-4ABE-AFD8-66E9B081FDDE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1


---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\System32\igfxsrvc.dll


---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll


---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll


---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device (Apple Mobile Device) . (.Apple Inc. - Apple Mobile Device Service.) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) . (.France Telecom SA - Orange Connection Kit.) - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Lavasoft Ad-Aware Service (Lavasoft Ad-Aware Service) . (.Lavasoft - Ad-Aware Service Application.) - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 61.72.) - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 (Pml Driver HPZ12) . (.HP - PML Driver.) - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) . (.Sunbelt Software - Sunbelt Firewall Service.) - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe


---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Pas de propriétaire - Pas de description.) - (.not file.)


---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{C4CA4977-2455-4245-971A-D452668B9EB6}.job


---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\regutils.dll
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msnetmtg.inf
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msmsgs.inf
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\wmp11.inf
O40 - ASIC: Fax - {8b15971b-5355-4c82-8c07-7e181ea07608} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\fxsocm.inf
O40 - ASIC: Adobe Flash Player 9 ActiveX - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 10.0 r45.) -- C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx


---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: Avg Anti-Rootkit Clean Driver (AvgArCln) . (.GRISOFT, s.r.o. - AVG7 Clean Driver.) - C:\Windows\system32\DRIVERS\AvgArCln.sys
O41 - Driver: avgio (avgio) . (.Avira GmbH - Avira AntiVir Support for Minifilter.) - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
O41 - Driver: avipbb (avipbb) . (.Avira GmbH - Avira Driver for RootKit Detection.) - C:\Windows\system32\DRIVERS\avipbb.sys
O41 - Driver: FNETDEVI (FNETDEVI) . (.FNet Co., Ltd. - FNETDEVI.SYS.) - C:\WINDOWS\system32\drivers\FNETDEVI.sys
O41 - Driver: Firewall Driver (fwdrv) . (.Sunbelt Software - Sunbelt Personal Firewall FWDRV.) - C:\WINDOWS\system32\drivers\fwdrv.sys
O41 - Driver: Kerio HIPS Driver (khips) . (.Sunbelt Software - Sunbelt Personal Firewall Host Intrusion Pr.) - C:\WINDOWS\system32\drivers\khips.sys
O41 - Driver: (SiSkp) . (.Silicon Integrated Systems Corporation - SiS VGA Driver Manager.) - C:\Windows\system32\DRIVERS\srvkp.sys
O41 - Driver: ssmdrv (ssmdrv) . (.Avira GmbH - AVIRA SnapShot Driver.) - C:\Windows\system32\DRIVERS\ssmdrv.sys


---\\ Logiciels installés (O42)
O42 - Logiciel: Ad-Aware - (.Lavasoft.) [HKLM] -- Ad-Aware
O42 - Logiciel: Ad-Aware - (.Lavasoft.) [HKLM] -- {DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Flash Player 9 ActiveX - (.Adobe Systems.) [HKLM] -- ShockwaveFlash
O42 - Logiciel: Adobe Reader 9.3.4 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A93000000001}
O42 - Logiciel: Agere Systems PCI Soft Modem - (.Pas de propriétaire.) [HKLM] -- Agere Systems Soft Modem
O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM] -- {3FA365DF-2D68-45ED-8F83-8C8A33E65143}
O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM] -- {AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {6956856F-B6B3-4BE0-BA0B-8F495BE32033}
O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] -- Avira AntiVir Desktop
O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM] -- {07287123-B8AC-41CE-8346-3D777245C35B}
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: Connexion Internet Orange - (.Pas de propriétaire.) [HKLM] -- {ORAHSS}.UninstallSuite
O42 - Logiciel: Content Transfer - (.Sony Corporation.) [HKLM] -- {CFADE4AF-C0CF-4A04-A776-741318F1658F}
O42 - Logiciel: Creative WebCam NX Driver (1.02.01.0827) - (.Pas de propriétaire.) [HKLM] -- Creative PD1110
O42 - Logiciel: EVEREST Home Edition v2.20 - (.Lavalys Inc.) [HKLM] -- EVEREST Home Edition_is1
O42 - Logiciel: FAT32 Format - (.Pas de propriétaire.) [HKLM] -- FAT32 Format
O42 - Logiciel: Free Mp3 Wma Converter V 1.81 - (.Pas de propriétaire.) [HKLM] -- Free Mp3 Wma Converter_is1
O42 - Logiciel: Galerie de photos Windows Live - (.Microsoft Corporation.) [HKLM] -- {1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}
O42 - Logiciel: Garmin Communicator Plugin - (.Garmin Ltd or its subsidiaries.) [HKLM] -- {03737893-5BEE-4C78-9C58-3AE7F172BBBE}
O42 - Logiciel: Garmin USB Drivers - (.Garmin Ltd or its subsidiaries.) [HKLM] -- {65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}
O42 - Logiciel: Genesys USB Mass Storage Device - (.Genesys Logic.) [HKLM] -- {959B7F35-2819-40C5-A0CD-3C53B5FCC935}
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: HP Customer Participation Program 7.0 - (.HP.) [HKLM] -- HPExtendedCapabilities
O42 - Logiciel: HP Deskjet Preloaded Printer Drivers - (.Hewlett-Packard Company.) [HKLM] -- {F419D20A-7719-4639-8E30-C073A040D878}
O42 - Logiciel: HP Image Zone 4.2 - (.HP.) [HKLM] -- HP Photo & Imaging
O42 - Logiciel: HP Image Zone Plus 4.2 - (.HP.) [HKLM] -- {5E1494D4-3562-4FFB-B35C-600F80F6934C}
O42 - Logiciel: HP Imaging Device Functions 7.0 - (.HP.) [HKLM] -- HP Imaging Device Functions
O42 - Logiciel: HP PSC & OfficeJet 4.0 - (.HP.) [HKLM] -- {A1062847-0846-427A-92A1-BB8251A91E91}
O42 - Logiciel: HP Photosmart Essential - (.HP.) [HKLM] -- {6994491D-D491-48F1-AE1F-E179C1FFFC2F}
O42 - Logiciel: HP Photosmart, Officejet and Deskjet 7.0.A - (.HP.) [HKLM] -- {BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}
O42 - Logiciel: HP Software Update - (.Hewlett-Packard.) [HKLM] -- {457791C5-D702-4143-A7B2-2744BE9573F2}
O42 - Logiciel: HP Solution Center 7.0 - (.HP.) [HKLM] -- HP Solution Center & Imaging Support Tools
O42 - Logiciel: HPIZ402 - (.Hewlett-Packard.) [HKLM] -- {8D9768AE-DE42-4A04-A461-2361A58C384D}
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5
O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM] -- KB976002-v5
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {133742BA-6F46-4D3E-85AF-78631D9AD8B8}
O42 - Logiciel: InterVideo WinDVD Creator 2 - (.InterVideo Inc..) [HKLM] -- {2FCE4FC5-6930-40E7-A4F1-F862207424EF}
O42 - Logiciel: InterVideo WinDVD Player - (.InterVideo Inc..) [HKLM] -- {91810AFC-A4F8-4EBA-A5AA-B198BBC81144}
O42 - Logiciel: Java(TM) 6 Update 15 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216011FF}
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] -- {8E5233E1-7495-44FB-8DEB-4BE906D59619}
O42 - Logiciel: K-Lite Codec Pack 4.4.2 (Full) - (.Pas de propriétaire.) [HKLM] -- KLiteCodecPack_is1
O42 - Logiciel: KBD - (.Pas de propriétaire.) [HKLM] -- KBD
O42 - Logiciel: Lecteur Windows Media 11 - (.Pas de propriétaire.) [HKLM] -- Windows Media Player
O42 - Logiciel: Logiciel d'archivage WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
O42 - Logiciel: MSXML 4.0 SP2 (KB936181) - (.Microsoft Corporation.) [HKLM] -- {C04E32E0-0416-434D-AFB9-6969D703A9EF}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Media Manager for WALKMAN 1.2 - (.Sony.) [HKLM] -- {5A6ED905-D19D-4954-8499-0DAF386460F7}
O42 - Logiciel: Micro Application - 9 Dictionnaires Utiles - (.Pas de propriétaire.) [HKLM] -- {B410328C-0E8C-4DD2-9DB4-DE7766D0DFE0}
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM] -- {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM] -- Microsoft .NET Framework 1.1 (1033)
O42 - Logiciel: Microsoft .NET Framework 1.1 French Language Pack - (.Microsoft.) [HKLM] -- {9A394342-4A68-4EBA-85A6-55B559F4E700}
O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB979906) - (.Pas de propriétaire.) [HKLM] -- M979906
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {0BD83598-C2EF-3343-847B-7D2E84599128}
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra - (.Microsoft Corporation.) [HKLM] -- {3E31821C-7917-367E-938E-E65FC413EA31}
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP - (.Microsoft Corporation.) [HKLM] -- MSCompPackV1
O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs - (.Microsoft Corporation.) [HKLM] -- IDNMitigationAPIs
O42 - Logiciel: Microsoft National Language Support Downlevel APIs - (.Microsoft Corporation.) [HKLM] -- NLSDownlevelMapping
O42 - Logiciel: Microsoft Office 2000 Premium - (.Microsoft Corporation.) [HKLM] -- {0000040C-78E1-11D2-B60F-006097C998E7}
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM] -- {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
O42 - Logiciel: Microsoft Search Enhancement Pack - (.Microsoft Corporation.) [HKLM] -- {4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Sync Framework Runtime Native v1.0 (x86) - (.Microsoft Corporation.) [HKLM] -- {8A74E887-8F0F-4017-AF53-CBA42211AAA5}
O42 - Logiciel: Microsoft Sync Framework Services Native v1.0 (x86) - (.Microsoft Corporation.) [HKLM] -- {BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- Wudf01000
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {7299052b-02a4-4627-81f2-1818da5d550d}
O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}
O42 - Logiciel: Microsoft Visual J# .NET Redistributable Package 1.1 - (.Microsoft.) [HKLM] -- {1A655D51-1423-48A3-B748-8F5A0BE294C8}
O42 - Logiciel: MobileMe Control Panel - (.Apple Inc..) [HKLM] -- {3AC54383-31D1-4907-961B-B12CBB1D0AE8}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - fra
O42 - Logiciel: NVIDIA Drivers - (.Pas de propriétaire.) [HKLM] -- NVIDIA Drivers
O42 - Logiciel: Norton Internet Security - (.Symantec Corporation.) [HKLM] -- {F396D99B-1FA8-4ED1-A006-B7A5972E06E2}
O42 - Logiciel: OCR Software by I.R.I.S 7.0 - (.HP.) [HKLM] -- HPOCR
O42 - Logiciel: Orange Inside - (.Orange.) [HKCU] -- Orange Inside
O42 - Logiciel: Orange Installeur version 1.0.0.0 - (.Orange.) [HKLM] -- {D13FE823-C575-4451-AC37-E645A67AA581}_1.0.0.0
O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}
O42 - Logiciel: PC-Doctor pour Windows - (.Pas de propriétaire.) [HKLM] -- {1F7CCFA3-D926-4882-B2A5-A0217ED25597}
O42 - Logiciel: PS2 - (.Pas de propriétaire.) [HKLM] -- PS2
O42 - Logiciel: Photo et imagerie HP 3.5 - HP Devices - (.HP.) [HKLM] -- {15B9DC72-73F9-4d99-9E28-848D66DA8D99}
O42 - Logiciel: Photosmart 320,370,7400,8100,8400 Series (fra) - (.HP.) [HKLM] -- {AAC4FC36-8F89-4587-8DD3-EBC57C83374D}
O42 - Logiciel: Python 2.2 combined Win32 extensions - (.Pas de propriétaire.) [HKLM] -- Python 2.2 combined Win32 extensions
O42 - Logiciel: Python 2.2.1 - (.PythonLabs at Zope Corporation.) [HKLM] -- Python 2.2.1
O42 - Logiciel: Quick Zip 4.60.019 - (.Joseph Leung.) [HKLM] -- Quick Zip_is1
O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM] -- {1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
O42 - Logiciel: Rainlendar2 (remove only) - (.Pas de propriétaire.) [HKLM] -- Rainlendar2
O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
O42 - Logiciel: SiS VGA Utilities - (.Pas de propriétaire.) [HKLM] -- SiS VGA Driver
O42 - Logiciel: Sonic RecordNow! - (.Hewlett-Packard.) [HKLM] -- {9541FED0-327F-4DF0-8B96-EF57EF622F19}
O42 - Logiciel: SpeedTouch USB Software - (.Pas de propriétaire.) [HKLM] -- {D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}
O42 - Logiciel: Sunbelt Personal Firewall - (.Sunbelt Software.) [HKLM] -- {BFD080F6-3BF0-40E1-9507-9CA969C35870}
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
O42 - Logiciel: VLC media player 0.9.8a - (.VideoLAN Team.) [HKLM] -- VLC media player
O42 - Logiciel: Visual C++ 2008 x86 Runtime - (v9.0.30729) - (.Microsoft Corporation.) [HKLM] -- {F333A33D-125C-32A2-8DCE-5C5D14231E27}
O42 - Logiciel: Visual C++ 2008 x86 Runtime - v9.0.30729.01 - (.Microsoft Corporation.) [HKLM] -- {F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01
O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130) - (.Microsoft Corporation.) [HKLM] -- KB892130
O42 - Logiciel: Windows Internet Explorer 7 - (.Microsoft Corporation.) [HKLM] -- ie7
O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] -- ie8
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {B3B487E7-6171-4376-9074-B28082CEB504}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
O42 - Logiciel: Windows Live Contrôle parental - (.Microsoft Corporation.) [HKLM] -- {9FF9FDF7-F84A-4F99-B4BB-066B6F95F33D}
O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM] -- {5DD76286-9BE7-4894-A990-E905E91AC818}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {445B183D-F4F1-45C8-B9DB-F11355CA657B}
O42 - Logiciel: Windows Live Toolbar - (.Microsoft Corporation.) [HKLM] -- {9D6524E6-15CF-4852-BF70-04FE973A3DE1}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM] -- {4634B21A-CC07-4396-890C-2B8168661FEA}
O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM] -- WMFDist11
O42 - Logiciel: Windows Media Format 11 runtime - (.Pas de propriétaire.) [HKLM] -- Windows Media Format Runtime
O42 - Logiciel: Windows Media Player 11 - (.Microsoft Corporation.) [HKLM] -- wmp11
O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM] -- Windows XP Service
O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XPSEPSCLP
O42 - Logiciel: barre d'outils Orange - (.France Telecom SA.) [HKLM] -- OrangeToolbarFR
O42 - Logiciel: getPlus(R) for Adobe - (.NOS Microsystems Ltd..) [HKLM] -- {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
O42 - Logiciel: iPod Video Converter 3.80 - (.iPodRobot.com @ VOW Software Co, Ltd..) [HKLM] -- iPod Video Converter
O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM] -- {A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}

---\\ HKCU & HKLM Software Keys
[HKCU\Software\AC3filter]
[HKCU\Software\AVS4YOU]
[HKCU\Software\Ad-Remover]
[HKCU\Software\Adobe]
[HKCU\Software\Alcatel]
[HKCU\Software\AppDataLow]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\Apple Inc.]
[HKCU\Software\Audacity]
[HKCU\Software\Avg]
[HKCU\Software\Avira]
[HKCU\Software\CDDB]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Creative Tech]
[HKCU\Software\Cygnus Solutions]
[HKCU\Software\DivXNetworks]
[HKCU\Software\Eraser]
[HKCU\Software\GNU]
[HKCU\Software\GSpot Appliance Corp]
[HKCU\Software\Gabest]
[HKCU\Software\GetData]
[HKCU\Software\Google]
[HKCU\Software\Haali]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\HookNetwork]
[HKCU\Software\IE]
[HKCU\Software\IM Providers]
[HKCU\Software\Illustrate]
[HKCU\Software\Intel]
[HKCU\Software\InterVideo]
[HKCU\Software\JEDI-VCL]
[HKCU\Software\JavaSoft]
[HKCU\Software\LAventure]
[HKCU\Software\Lake]
[HKCU\Software\Lavalys]
[HKCU\Software\Lavasoft]
[HKCU\Software\Leadertech]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Macromedia]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MediaInfo]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\NVIDIA Corporation]
[HKCU\Software\Netscape]
[HKCU\Software\Novell]
[HKCU\Software\ODBC]
[HKCU\Software\ORL]
[HKCU\Software\Opendisc]
[HKCU\Software\OrangeInside]
[HKCU\Software\OrangeInstaller]
[HKCU\Software\Orange]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\Quickzip]
[HKCU\Software\SPAMfighter]
[HKCU\Software\SampleView]
[HKCU\Software\Serenescreen]
[HKCU\Software\SoftPerfect]
[HKCU\Software\Sonic]
[HKCU\Software\Sony Corporation]
[HKCU\Software\Sony Creative Software]
[HKCU\Software\SpoonInstall]
[HKCU\Software\Sunbelt Software]
[HKCU\Software\Symantec]
[HKCU\Software\Trolltech]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\VOWSoft]
[HKCU\Software\VirginMega]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\Windows Live Writer]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\Yahoo]
[HKCU\Software\eBay]
[HKCU\Software\keyhole.com]
[HKLM\Software\AVG]
[HKLM\Software\AVS4YOU]
[HKLM\Software\Adobe]
[HKLM\Software\Agere]
[HKLM\Software\Alcatel]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\Avance]
[HKLM\Software\AviSynth]
[HKLM\Software\Avira]
[HKLM\Software\C07ft5Y]
[HKLM\Software\CDDB]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Codec Tweak Tool]
[HKLM\Software\Creative Tech]
[HKLM\Software\Cygnus Solutions]
[HKLM\Software\DivXNetworks]
[HKLM\Software\FNET]
[HKLM\Software\FRANCE TELECOM]
[HKLM\Software\FreeCDRIP]
[HKLM\Software\GEAR Software]
[HKLM\Software\GNU]
[HKLM\Software\Gabest]
[HKLM\Software\Garmin]
[HKLM\Software\Gemplus]
[HKLM\Software\Genesys Logic]
[HKLM\Software\Google]
[HKLM\Software\Grisoft]
[HKLM\Software\HP]
[HKLM\Software\HaaliMkx]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\HighCriteria]
[HKLM\Software\ICE]
[HKLM\Software\INTEL]
[HKLM\Software\InstallShield]
[HKLM\Software\InterVideo]
[HKLM\Software\JavaRa]
[HKLM\Software\JavaSoft]
[HKLM\Software\KLCodecPack]
[HKLM\Software\Kantaris]
[HKLM\Software\LEAD Technologies, Inc.]
[HKLM\Software\Lake]
[HKLM\Software\Lavasoft]
[HKLM\Software\Licenses]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\Micro Application]
[HKLM\Software\MicroVision]
[HKLM\Software\MimarSinan]
[HKLM\Software\Mininova]
[HKLM\Software\Motive]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\NOS]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\Nelco]
[HKLM\Software\Novell]
[HKLM\Software\ODBC]
[HKLM\Software\Orange]
[HKLM\Software\PC-Doctor]
[HKLM\Software\Policies]
[HKLM\Software\Program Groups]
[HKLM\Software\Python]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\S3R521]
[HKLM\Software\S3]
[HKLM\Software\SECURITOO]
[HKLM\Software\SPAMfighter]
[HKLM\Software\Safer Networking Limited]
[HKLM\Software\Schlumberger]
[HKLM\Software\Secure]
[HKLM\Software\SiS]
[HKLM\Software\Sonic]
[HKLM\Software\Sony Corporation]
[HKLM\Software\Sony Creative Software]
[HKLM\Software\Sunbelt Software]
[HKLM\Software\SymNRT]
[HKLM\Software\Symantec]
[HKLM\Software\Uniblue]
[HKLM\Software\VideoLAN]
[HKLM\Software\Wilson WindowWare]
[HKLM\Software\WinRAR]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\Windows]
[HKLM\Software\X-AVCSD]
[HKLM\Software\Yahoo]
[HKLM\Software\ZSMC]
[HKLM\Software\mozilla.org]


---\\ Contenu des dossiers ProgramFiles/ProgramData (O43)
O43 - CFD:Common File Directory ----D- C:\Program Files\a-squared Free
O43 - CFD:Common File Directory ----D- C:\Program Files\Ad-Remover
O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\Apple Software Update
O43 - CFD:Common File Directory ----D- C:\Program Files\Avira
O43 - CFD:Common File Directory ----D- C:\Program Files\AviSynth 2.5
O43 - CFD:Common File Directory ----D- C:\Program Files\AVS4YOU
O43 - CFD:Common File Directory ----D- C:\Program Files\Bonjour
O43 - CFD:Common File Directory ----D- C:\Program Files\CCleaner
O43 - CFD:Common File Directory ----D- C:\Program Files\Creative
O43 - CFD:Common File Directory ----D- C:\Program Files\DIFX
O43 - CFD:Common File Directory ----D- C:\Program Files\Easy Internet signup
O43 - CFD:Common File Directory ----D- C:\Program Files\FAT32 Format
O43 - CFD:Common File Directory ----D- C:\Program Files\Fat32Format
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers communs
O43 - CFD:Common File Directory ----D- C:\Program Files\Free Audio Pack
O43 - CFD:Common File Directory ----D- C:\Program Files\Garmin
O43 - CFD:Common File Directory ----D- C:\Program Files\Garmin GPS Plugin
O43 - CFD:Common File Directory ----D- C:\Program Files\Google
O43 - CFD:Common File Directory ----D- C:\Program Files\Help and Support Additions
O43 - CFD:Common File Directory ----D- C:\Program Files\Hewlett-Packard
O43 - CFD:Common File Directory ----D- C:\Program Files\HP
O43 - CFD:Common File Directory ----D- C:\Program Files\Illustrate
O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer
O43 - CFD:Common File Directory ----D- C:\Program Files\InterVideo
O43 - CFD:Common File Directory ----D- C:\Program Files\IObit
O43 - CFD:Common File Directory ----D- C:\Program Files\iPod
O43 - CFD:Common File Directory ----D- C:\Program Files\iPodRobot
O43 - CFD:Common File Directory ----D- C:\Program Files\iTunes
O43 - CFD:Common File Directory ----D- C:\Program Files\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\Java(2)
O43 - CFD:Common File Directory ----D- C:\Program Files\K-Lite Codec Pack
O43 - CFD:Common File Directory ----D- C:\Program Files\Lavalys
O43 - CFD:Common File Directory ----D- C:\Program Files\Lavasoft
O43 - CFD:Common File Directory ----D- C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD:Common File Directory ----D- C:\Program Files\Micro Application
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft
O43 - CFD:Common File Directory ----D- C:\Program Files\microsoft frontpage
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft SQL Server Compact Edition
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Sync Framework
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Visual Studio
O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker
O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Gaming Zone
O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 4.0
O43 - CFD:Common File Directory ----D- C:\Program Files\NetMeeting
O43 - CFD:Common File Directory ----D- C:\Program Files\NOS
O43 - CFD:Common File Directory ----D- C:\Program Files\Orange
O43 - CFD:Common File Directory ----D- C:\Program Files\Outlook Express
O43 - CFD:Common File Directory ---AD- C:\Program Files\PC-Doctor for Windows
O43 - CFD:Common File Directory ----D- C:\Program Files\QuickTime
O43 - CFD:Common File Directory ----D- C:\Program Files\QuickZip4
O43 - CFD:Common File Directory ----D- C:\Program Files\Rainlendar2
O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies
O43 - CFD:Common File Directory ----D- C:\Program Files\Services en ligne
O43 - CFD:Common File Directory ----D- C:\Program Files\SiS VGA Utilities V3.59e
O43 - CFD:Common File Directory ----D- C:\Program Files\Sonic
O43 - CFD:Common File Directory ----D- C:\Program Files\Sonic RecordNow!
O43 - CFD:Common File Directory ----D- C:\Program Files\Sony
O43 - CFD:Common File Directory ----D- C:\Program Files\Sunbelt Software
O43 - CFD:Common File Directory ----D- C:\Program Files\Thomson
O43 - CFD:Common File Directory ----D- C:\Program Files\TomTom DesktopSuite
O43 - CFD:Common File Directory ----D- C:\Program Files\Trend Micro
O43 - CFD:Common File Directory ----D- C:\Program Files\Uniblue
O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information
O43 - CFD:Common File Directory ----D- C:\Program Files\VideoLAN
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Connect 2
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT
O43 - CFD:Common File Directory --H-D- C:\Program Files\WindowsUpdate
O43 - CFD:Common File Directory ----D- C:\Program Files\WinRAR
O43 - CFD:Common File Directory ----D- C:\Program Files\xerox
O43 - CFD:Common File Directory ----D- C:\Program Files\ZHPDiag
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Apple
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\AVSMedia
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\BitDefender
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Designer
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\France Telecom
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Hewlett-Packard
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\HP
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\InstallShield
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\MSSoap
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\ODBC
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\PC Tools
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Services
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Sony Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SureThing Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\System
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Windows Live
O43 - CFD:Common File Directory -SH-D- C:\Program Files\Fichiers Communs\WindowsLiveInstaller


---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.00000000000000000000000000000000] - 05/09/2010 - 17:32:31 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\WindowsUpdate.log [1259436]
O44 - LFC:[MD5.67F1C8C98C2148BAF4ED68ED5117CA9D] - 05/09/2010 - 13:57:51 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\nvapps.xml [4452]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 05/09/2010 - 13:57:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\0.log [0]
O44 - LFC:[MD5.00000000000000000000000000000000] - 05/09/2010 - 13:57:21 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.00000000000000000000000000000000] - 05/09/2010 - 13:57:21 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\sti.log [627]
O44 - LFC:[MD5.00000000000000000000000000000000] - 05/09/2010 - 13:57:17 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 05/09/2010 - 13:57:05 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\bootstat.dat [2048]
O44 - LFC:[MD5.F4D843B0957A0EACCEA30F723F173611] - 05/09/2010 - 13:56:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\aaw7boot.log [90653]
O44 - LFC:[MD5.00000000000000000000000000000000] - 05/09/2010 - 13:55:59 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\SchedLgU.Txt [32076]
O44 - LFC:[MD5.873EA3362AA6AC9B704F6C27D2CC7445] - 05/09/2010 - 13:55:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\bthservsdp.dat [12]
O44 - LFC:[MD5.9BA0F076623E0606E74D179BF6244932] - 05/09/2010 - 13:34:10 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\ZHPExportRegistry-05-09-2010-14-34-10.txt [41298]
O44 - LFC:[MD5.129AF27B6B4AABB6338E934FB1F7C552] - 05/09/2010 - 13:27:45 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\setupact.log [75]
O44 - LFC:[MD5.67DCC536C5D3EB9208578FE60143D423] - 05/09/2010 - 13:27:45 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\setupapi.log [19240]
O44 - LFC:[MD5.CB5829F9B073B0A58FBE4308A4705181] - 05/09/2010 - 13:09:53 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Ad-Report-CLEAN[1].txt [2813]
O44 - LFC:[MD5.C7DD7D9739785BD3A6B8499EEC1DEE7E] - 05/09/2010 - 08:29:25 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [38224]
O44 - LFC:[MD5.67B48A903430C6D4FB58CBACA1866601] - 05/09/2010 - 08:29:22 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbam.sys [20952]
O44 - LFC:[MD5.ADEFE7A022D977E431C17B46153707D2] - 05/09/2010 - 08:05:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\FaxSetup.log [61594]
O44 - LFC:[MD5.09724E220EEAB5395A4D8844C7463C79] - 05/09/2010 - 08:05:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\KB981332-IE8.log [7217]
O44 - LFC:[MD5.B953EB23165846090766FF9CA956073E] - 05/09/2010 - 08:05:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\comsetup.log [20422]
O44 - LFC:[MD5.C88D66ADEB230FD54D947B756C45F36C] - 05/09/2010 - 08:05:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\iis6.log [9634]
O44 - LFC:[MD5.39B3F72C9EEEE6AE609638B651CEDADA] - 05/09/2010 - 08:05:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\imsins.log [1355]
O44 - LFC:[MD5.EF62BD3FE5CB279D85DDB2736E6C921B] - 05/09/2010 - 08:05:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\msgsocm.log [3030]
O44 - LFC:[MD5.011D503AB844C213491083444AA50FEA] - 05/09/2010 - 08:05:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\ntdtcsetup.log [12362]
O44 - LFC:[MD5.50FB9C9E9EB994284AC3DC982EA14AF8] - 05/09/2010 - 08:05:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\ocgen.log [29560]
O44 - LFC:[MD5.31D3985B5BA22E48F6EC8D67AE5AE24B] - 05/09/2010 - 08:05:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\ocmsn.log [3420]
O44 - LFC:[MD5.F869CB40C5679555D2DEE4BBA2D10B09] - 05/09/2010 - 08:05:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\tsoc.log [23590]
O44 - LFC:[MD5.5DDBD7D9BC420CF34BCBF2B18699BFE8] - 05/09/2010 - 08:05:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\KB976662-IE8.log [8115]
O44 - LFC:[MD5.26146A18C026D9F44BB44822E2BFEF07] - 05/09/2010 - 08:05:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\imsins.BAK [1355]
O44 - LFC:[MD5.722F2988A014341A454FDAEDA02F8A8C] - 05/09/2010 - 08:05:15 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\updspapi.log [43257]
O44 - LFC:[MD5.C4B8DC578E4D69F8F7B093E4087F8460] - 05/09/2010 - 08:05:08 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\KB971961-IE8.log [7864]
O44 - LFC:[MD5.A6E2514716EC28AD305F35D921153495] - 05/09/2010 - 08:03:01 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\wpa.dbl [1158]
O44 - LFC:[MD5.6C67AC9BE6D413F6EABE66AFB1DAB355] - 05/09/2010 - 06:17:04 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\spupdsvc.log [7525]
O44 - LFC:[MD5.6828009A50744E5FA9EF26C7D95B53FB] - 05/09/2010 - 06:14:49 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\ie8_main.log [42880]
O44 - LFC:[MD5.1DCC9CFE391B87FE1F99026C9CC03865] - 05/09/2010 - 06:14:45 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\KB2183461-IE8.log [166858]
O44 - LFC:[MD5.E508F8C5D893547CFF5BCAFFEB878BDF] - 05/09/2010 - 06:14:09 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\KB982664-IE8.log [159863]
O44 - LFC:[MD5.F711748CA7CB773198A2126A705B634B] - 05/09/2010 - 06:13:57 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\KB982381-IE8.log [181668]
O44 - LFC:[MD5.7C536719CB6155EBB082238D090804AA] - 05/09/2010 - 06:12:51 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\ie8.log [176548]
O44 - LFC:[MD5.7301F1916E680D330326AE01802CC2DA] - 05/09/2010 - 05:47:47 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\KB2183461-IE7.log [73492]
O44 - LFC:[MD5.D3E15965DE089FBA16F2E82A0D9DCAF5] - 05/09/2010 - 05:47:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\KB981349.log [12176]
O44 - LFC:[MD5.CB446351EC02416C2795145EC3D8D8F5] - 05/09/2010 - 05:47:07 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\KB971961.log [8171]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 05/09/2010 - 05:47:05 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\setuperr.log [0]
O44 - LFC:[MD5.408A6EAADFF48AC9D5F1F587A1CC15FA] - 31/08/2010 - 15:49:09 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\FNTCACHE.DAT [152384]
O44 - LFC:[MD5.2C46310AC8198036C99E7DA2F652E6F9] - 31/08/2010 - 15:45:02 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\PerfStringBackup.INI [1088680]
O44 - LFC:[MD5.93308D18DBAD016209C00274611BD6E9] - 31/08/2010 - 15:45:02 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfc009.dat [73000]
O44 - LFC:[MD5.FC1431D53644777EF267CA5C0A62EF2A] - 31/08/2010 - 15:45:02 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfc00C.dat [87108]
O44 - LFC:[MD5.DCAD67E15F103147C0AEFC56CD166913] - 31/08/2010 - 15:45:02 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfh009.dat [444118]
O44 - LFC:[MD5.5D0890ED95B8209A55475AD099D366A6] - 31/08/2010 - 15:45:02 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfh00C.dat [514548]


---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll


---\\ Export de clé d'application autorisée (ECAA) (O47)
O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessm
0
Réponse 10 / 51
Utilisateur anonyme
Modifié par VIRUS-C-C le 5/09/2010 à 19:19
Salut

non c'est pas ce qui t était demandé et en plus ce rapport est incomplet

lis bien ce qui suit étape par étape

-+-+-+-+-> ZHPFix <-+-+-+-+-


1) * ferme toutes les applications ouvertes.

2)* Copies tout le texte présent en gras dans l'encadré ci-dessous
*( tu le selectionnes avec ta souris >> Clique droit dessus et choisis "copier" ou fait Ctrl+C )



O3 - Toolbar: (no name) - {1E796980-9CC5-11D1-A83F-00C04FC99D61} . (.Pas de propriétaire - Pas de description.) -- (.not file.)
OPT:O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe
OPT:O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
OPT:OPT:O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
OPT:O4 - HKUS\S-1-5-21-4104955527-856496882-2249289308-1007\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O42 - Logiciel: Search Settings 1.2.2 - (.Spigot, Inc..) [HKLM] -- {0B1AAC97-8563-41D9-AE47-58E6A222F0E1}
[HKCU\Software\Conduit]
[HKCU\Software\Mininova]
[HKLM\Software\BrowserChoice]
O43 - CFD:Common File Directory ----D- C:\Program Files\Conduit
O53 - SMSR:HKLM\...\startupreg\swg [Key] . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe





3) * Double Clique sur l'icone ZhpFix du bureau pour le lancer .

4)* Une fois l'outil ZHPFix ouvert ,

5)* clique sur le bouton [ H ] cliques pour voir ==> Image ( "coller les lignes Helper" ) .

6)* Dans l'encadré principal

7)* tu verras donc les lignes que tu as copié précédemment apparaitre .

8) * Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.

9) * cliques >> OK puis

10) * Cliques sur >>Tous

11) * Pour finir clique sur >> Nettoyer .
* colle le rapport obtenu .
( ce rapport est sauvegardé dans ce dossier C:\Program files\ZHPDiag\ZHPFixReport.txt )




Membre Contributeur sécurité CCM
Windows Vista // Windows XP
0
Réponse 11 / 51
lilou4515 Messages postés 392 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 19 mars 2023 3
5 sept. 2010 à 20:02
voila je suis dur pour comprendre mais je pense que la c'est ok:

Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-21-4104955527-856496882-2249289308-1007\Software\Microsoft\Windows\CurrentVersion\Run]
"orangeinside"="C:\\Documents and Settings\\HP_Propriétaire\\Application Data\\Orange\\OrangeInside\\one\\OrangeInside.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
0
Utilisateur anonyme
5 sept. 2010 à 20:43
Salut

regarde a quoi ressemble un rapport de ZHPFix aprés suppressions

exemple pris au hasard


Rapport de ZHPFix v1.12.3143 par Nicolas Coolman, Update du 01/09/2010
Fichier d'export Registre :
Run by compaq at 05/09/2010 16:46:49
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Contact : nicolascoolman@yahoo.fr

========== Clé(s) du Registre ==========
HKLM\Software\pdfforge.org => Clé supprimée avec succès

========== Elément(s) de donnée du Registre ==========
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local> => Donnée supprimée avec succès


========== Récapitulatif ==========
1 : Clé(s) du Registre
1 : Elément(s) de donnée du Registre


End of the scan

0
Réponse 12 / 51
lilou4515 Messages postés 392 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 19 mars 2023 3
6 sept. 2010 à 17:21
salut

est ce que c'est ça?


Rapport de ZHPFix v1.12.3143 par Nicolas Coolman, Update du 01/09/2010
Fichier d'export Registre :
Run by HP_Propriétaire at 06/09/2010 17:19:18
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Contact : nicolascoolman@yahoo.fr

========== Clé(s) du Registre ==========
HKCU\Software\Conduit => Clé absente
HKCU\Software\Mininova => Clé absente
HKLM\Software\BrowserChoice => Clé absente
O53 - SMSR:HKLM\...\startupreg\swg [Key] . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe => Clé absente

========== Valeur(s) du Registre ==========
O3 - Toolbar: (no name) - {1E796980-9CC5-11D1-A83F-00C04FC99D61} . (.Pas de propriétaire - Pas de description.) -- (.not file.) => Valeur absente
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe => Valeur absente
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe => Valeur absente
O4 - HKUS\S-1-5-21-4104955527-856496882-2249289308-1007\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe => Valeur supprimée avec succès

========== Dossier(s) ==========
C:\Program Files\Conduit => Dossier absent

========== Fichier(s) ==========
c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe => Supprimé et mis en quarantaine

========== Logiciel(s) ==========
O42 - Logiciel: Search Settings 1.2.2 - (.Spigot, Inc..) [HKLM] -- {0B1AAC97-8563-41D9-AE47-58E6A222F0E1} => Logiciel déjà supprimé

========== Autre ==========
OPT:O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe => Format Non supporté


========== Récapitulatif ==========
4 : Clé(s) du Registre
4 : Valeur(s) du Registre
1 : Dossier(s)
1 : Fichier(s)
1 : Logiciel(s)
1 : Autre


End of the scan
0
Réponse 13 / 51
Utilisateur anonyme
7 sept. 2010 à 13:24
Salut


ok maintenant tu as reussie

fais ce qui suit

1) /!\ Il faut IMPERATIVEMENT désactiver tous tes logiciels de protection pour utiliser ce programme/!\

* Télécharge GMER Rootkit Scanner :

* GMER est l'un des meilleurs scanneurs rootkits actuels.
* Il est capable de détecter la casi totalité des rootkits.

ICI >> gmer

* Ferme également toutes les applications actives dont ton navigateur.
* Clique sur le bouton "Download EXE"
* Sauvegarde-le sur ton Bureau.
* Double-clique sur l'exécutable téléchargé .
* Utilisateurs de Windows Vista / Windows7 tu fais un clic droit sur l'icône et exécute en tant qu'administrateur..
* Dans l'onglet "Rootkit", clique sur "SCAN" puis patiente...
* A la fin, clique sur "SAVE" et enregistre le rapport sur ton Bureau.
* Héberge le rapport de Gmer sur ce site,
cijoint.fr
* Copie/colle les liens générés ici


* Pour t aider
* rends toi sur http://www.cijoint.fr
* clic sur Parcourir
* trouve >> le rapport que tu viens d'enregistrer qui doit par exemple être sur ton bureau
* et valide en cliquant sur >> Cliquez ici pour déposer le Fichier
* un lien de ce genre http://www.cijoint.fr/cjlink.php?file=cj201004/cijecaEGX.txt te sera généré,


Si GMER plante, il faut savoir que certains logiciels peuvent gêner les outils de désinfection.
Utilise Defogger pour les désactiver temporairement



* Télécharge Defogger (de jpshortstuff) sur ton Bureau
ICI >> Defogger (de jpshortstuff)
* Lance le
* Pour Windows Vista et Windows 7,
* faire un clic droit et >> Exécuter en tant qu'administrateur.
* Une fenêtre apparait : clique sur "Disable"
* Fais redémarrer l'ordinateur si l'outil te le demande
* Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"

* puis réessaye Gmer :



2)/!\ Réactives tous tes logiciels de protection /!\



3)* J ai vu que tu as Malwarebytes

* Lances--> Malwarebytes (MBAM)
* Fais une mise a jour <== à faire
* Puis vas dans l'onglet "Recherche", coche >> Exécuter un examen complet
* puis "Rechercher"
* Sélectionnes tes disques durs" puis clique sur "Lancer l'examen"
* A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport
*Si MalwareBytes' détecte des infections, clique sur ==>Afficher les résultats, puis sur ==>Supprimer la sélection
* S'il t' es demandé de redémarrer, clique sur "oui "
* aprés la suppression(s) de ou des infections trouvées --> poste le rapport ici






Membre Contributeur sécurité CCM
Windows Vista // Windows XP
0
Réponse 14 / 51
lilou4515 Messages postés 392 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 19 mars 2023 3
7 sept. 2010 à 18:42
salut
je le poste comme ça car, si je veux le poster part le lien ci joint.fr il me dit qu'il n'y a pas de fichier.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-07 17:52:04
Windows 5.1.2600 Service Pack 3
Running: yxh755it.exe; Driver: C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\pwloifow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwClose [0xF5492F80]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateFile [0xF5492552]
SSDT F7B72286 ZwCreateKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateProcess [0xF5491A1A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateProcessEx [0xF5491910]
SSDT F7B7227C ZwCreateThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwDeleteFile [0xF5493034]
SSDT F7B7228B ZwDeleteKey
SSDT F7B72295 ZwDeleteValueKey
SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software) ZwLoadDriver [0xF52EFF64]
SSDT F7B7229A ZwLoadKey
SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software) ZwMapViewOfSection [0xF52F024A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwOpenFile [0xF5492906]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwOpenKey [0xF548EB78]
SSDT F7B72268 ZwOpenProcess
SSDT F7B7226D ZwOpenThread
SSDT F7B722A4 ZwReplaceKey
SSDT F7B7229F ZwRestoreKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwResumeThread [0xF54920DC]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwSetInformationFile [0xF5492CE0]
SSDT F7B72290 ZwSetValueKey
SSDT F7B72277 ZwTerminateProcess
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwWriteFile [0xF5492BB2]

---- Kernel code sections - GMER 1.0.15 ----

PAGENDSM NDIS.sys!NdisMIndicateStatus F72139EF 6 Bytes JMP F5486C5E \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF68D1510]
init C:\WINDOWS\system32\drivers\FNETDEVI.SYS entry point in "init" section [0xF79B6000]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720
.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4
.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838
.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00130950
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00030090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00030694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00030234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00030004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0003011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0003057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0003034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00030464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00030608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00030720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] WS2_32.dll!socket 719F4211 5 Bytes JMP 000308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] WS2_32.dll!bind 719F4480 5 Bytes JMP 00030838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00030950
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 00030F54
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] WININET.dll!InternetConnectW 404BF862 5 Bytes JMP 00030FE0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] WININET.dll!InternetOpenA 404CD690 5 Bytes JMP 00030D24
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] WININET.dll!InternetOpenW 404CDB09 5 Bytes JMP 00030DB0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] WININET.dll!InternetOpenUrlA 404CF3A4 5 Bytes JMP 00030E3C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] WININET.dll!InternetOpenUrlW 40516DDF 5 Bytes JMP 00030EC8
.text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[428] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[428] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[608] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[608] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[632] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[632] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[632] WS2_32.dll!socket 719F4211 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[632] WS2_32.dll!bind 719F4480 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[632] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[676] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[676] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\services.exe[676] WS2_32.dll!socket 719F4211 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\services.exe[676] WS2_32.dll!bind 719F4480 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\services.exe[676] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[688] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\lsass.exe[688] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[688] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[688] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[688] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[852] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[852] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[852] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[852] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[852] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[908] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[908] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[908] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[908] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[908] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[976] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[976] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[976] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[976] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[976] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!InternetConnectW 404BF862 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!InternetOpenA 404CD690 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!InternetOpenW 404CDB09 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!InternetOpenUrlA 404CF3A4 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!InternetOpenUrlW 40516DDF 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1212] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1212] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1212] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1212] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1212] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\Explorer.EXE[1340] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[1340] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[1340] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[1340] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[1340] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[1340] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[1340] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[1340] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[1340] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[1340] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[1340] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[1340] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[1340] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[1340] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[1340] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[1340] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[1340] WININET.dll!InternetConnectW 404BF862 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[1340] WININET.dll!InternetOpenA 404CD690 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[1340] WININET.dll!InternetOpenW 404CDB09 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[1340] WININET.dll!InternetOpenUrlA 404CF3A4 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[1340] WININET.dll!InternetOpenUrlW 40516DDF 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[1340] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[1340] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[1340] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1356] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1356] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1356] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1356] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1356] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 40D85501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 40E59AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] USER32.dll!CallNextHookEx 7E3AB3C6 5 Bytes JMP 40E4D135 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 40E5DB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 40DC4666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00140720
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 40F54B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 40F54AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text
0
Réponse 15 / 51
Utilisateur anonyme
7 sept. 2010 à 18:56
Salut

le rapport est incomplet poste le en plusieurs fois >>mais il me le faut en entier
0
Réponse 16 / 51
lilou4515 Messages postés 392 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 19 mars 2023 3
7 sept. 2010 à 19:09
ok ça marche


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-07 17:52:04
Windows 5.1.2600 Service Pack 3
Running: yxh755it.exe; Driver: C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\pwloifow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwClose [0xF5492F80]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateFile [0xF5492552]
SSDT F7B72286 ZwCreateKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateProcess [0xF5491A1A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateProcessEx [0xF5491910]
SSDT F7B7227C ZwCreateThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwDeleteFile [0xF5493034]
SSDT F7B7228B ZwDeleteKey
SSDT F7B72295 ZwDeleteValueKey
SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software) ZwLoadDriver [0xF52EFF64]
SSDT F7B7229A ZwLoadKey
SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software) ZwMapViewOfSection [0xF52F024A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwOpenFile [0xF5492906]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwOpenKey [0xF548EB78]
SSDT F7B72268 ZwOpenProcess
SSDT F7B7226D ZwOpenThread
SSDT F7B722A4 ZwReplaceKey
SSDT F7B7229F ZwRestoreKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwResumeThread [0xF54920DC]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwSetInformationFile [0xF5492CE0]
SSDT F7B72290 ZwSetValueKey
SSDT F7B72277 ZwTerminateProcess
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwWriteFile [0xF5492BB2]

---- Kernel code sections - GMER 1.0.15 ----

PAGENDSM NDIS.sys!NdisMIndicateStatus F72139EF 6 Bytes JMP F5486C5E \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF68D1510]
init C:\WINDOWS\system32\drivers\FNETDEVI.SYS entry point in "init" section [0xF79B6000]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720
.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4
.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838
.text C:\Program Files\Google\Update\GoogleUpdate.exe[188] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00130950
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00030090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00030694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00030234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00030004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0003011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0003057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0003034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00030464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00030608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00030720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] WS2_32.dll!socket 719F4211 5 Bytes JMP 000308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] WS2_32.dll!bind 719F4480 5 Bytes JMP 00030838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00030950
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 00030F54
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] WININET.dll!InternetConnectW 404BF862 5 Bytes JMP 00030FE0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] WININET.dll!InternetOpenA 404CD690 5 Bytes JMP 00030D24
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] WININET.dll!InternetOpenW 404CDB09 5 Bytes JMP 00030DB0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] WININET.dll!InternetOpenUrlA 404CF3A4 5 Bytes JMP 00030E3C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[256] WININET.dll!InternetOpenUrlW 40516DDF 5 Bytes JMP 00030EC8
.text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[428] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[428] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[608] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[608] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[632] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[632] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[632] WS2_32.dll!socket 719F4211 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[632] WS2_32.dll!bind 719F4480 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[632] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[676] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[676] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\services.exe[676] WS2_32.dll!socket 719F4211 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\services.exe[676] WS2_32.dll!bind 719F4480 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\services.exe[676] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[688] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\lsass.exe[688] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[688] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[688] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[688] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[852] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[852] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[852] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[852] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[852] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[908] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[908] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[908] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[908] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[908] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[976] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[976] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[976] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[976] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[976] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!InternetConnectW 404BF862 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!InternetOpenA 404CD690 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!InternetOpenW 404CDB09 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!InternetOpenUrlA 404CF3A4 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!InternetOpenUrlW 40516DDF 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1160] WS2_32.dll!connect 719F4A07 5 Bytes
0
Réponse 17 / 51
lilou4515 Messages postés 392 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 19 mars 2023 3
7 sept. 2010 à 19:10
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1212] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1212] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1212] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1212] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1212] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\Explorer.EXE[1340] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[1340] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[1340] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[1340] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[1340] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[1340] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[1340] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[1340] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[1340] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[1340] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[1340] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[1340] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[1340] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[1340] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[1340] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[1340] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[1340] WININET.dll!InternetConnectW 404BF862 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[1340] WININET.dll!InternetOpenA 404CD690 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[1340] WININET.dll!InternetOpenW 404CDB09 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[1340] WININET.dll!InternetOpenUrlA 404CF3A4 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[1340] WININET.dll!InternetOpenUrlW 40516DDF 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[1340] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[1340] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[1340] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1356] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1356] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1356] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1356] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1356] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 40D85501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 40E59AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] USER32.dll!CallNextHookEx 7E3AB3C6 5 Bytes JMP 40E4D135 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 40E5DB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 40DC4666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00140720
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 40F54B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 40F54AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 40F54B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 40F54972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 40F549D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 40F54BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 40F54A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] ole32.dll!CoCreateInstance 774C057E 5 Bytes JMP 40E5DB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] ole32.dll!OleLoadFromStream 774E9C85 5 Bytes JMP 40F54EF0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 00140F54
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] WININET.dll!InternetConnectW 404BF862 5 Bytes JMP 00140FE0
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] WININET.dll!InternetOpenA 404CD690 5 Bytes JMP 00140D24
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] WININET.dll!InternetOpenW 404CDB09 5 Bytes JMP 00140DB0
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] WININET.dll!InternetOpenUrlA 404CF3A4 5 Bytes JMP 00140E3C
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] WININET.dll!InternetOpenUrlW 40516DDF 5 Bytes JMP 00140EC8
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] ws2_32.dll!socket 719F4211 5 Bytes JMP 001408C4
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] ws2_32.dll!bind 719F4480 5 Bytes JMP 00140838
.text C:\Program Files\Internet Explorer\iexplore.exe[1448] ws2_32.dll!connect 719F4A07 5 Bytes JMP 00140950
.text C:\WINDOWS\system32\spoolsv.exe[1504] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[1504] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[1504] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[1504] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[1504] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[1504] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[1504] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[1504] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[1504] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[1504] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[1504] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[1504] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[1504] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[1504] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\spoolsv.exe[1504] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[1504] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[1504] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[1504] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1556] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1556] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1556] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1556] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1556] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1556] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1556] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1556] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1556] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1556] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1556] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1556] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1556] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1556] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1556] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1556] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1556] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1556] WS2_32.dll!connect 719F4A07 5 Bytes
0
Réponse 18 / 51
lilou4515 Messages postés 392 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 19 mars 2023 3
7 sept. 2010 à 19:10
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1600] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1600] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1600] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[1600] WININET.dll!InternetConnectW 404BF862 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[1600] WININET.dll!InternetOpenA 404CD690 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[1600] WININET.dll!InternetOpenW 404CDB09 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[1600] WININET.dll!InternetOpenUrlA 404CF3A4 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[1600] WININET.dll!InternetOpenUrlW 40516DDF 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\svchost.exe[1600] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1600] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1600] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1656] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1656] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1656] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1656] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1656] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1656] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1656] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1656] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1656] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1656] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1656] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1656] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1656] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1656] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1656] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1656] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1656] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00130950
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1668] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1668] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1668] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1668] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1668] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1668] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1668] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1668] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1668] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1668] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1668] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1668] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1668] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1668] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1668] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1668] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00130950
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1668] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1668] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720
.text C:\Program Files\Bonjour\mDNSResponder.exe[1680] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1680] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Bonjour\mDNSResponder.exe[1680] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Bonjour\mDNSResponder.exe[1680] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1680] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Bonjour\mDNSResponder.exe[1680] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Bonjour\mDNSResponder.exe[1680] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1680] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1680] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1680] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1680] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1680] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Bonjour\mDNSResponder.exe[1680] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Bonjour\mDNSResponder.exe[1680] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4
.text C:\Program Files\Bonjour\mDNSResponder.exe[1680] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838
.text C:\Program Files\Bonjour\mDNSResponder.exe[1680] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00130950
.text C:\Program Files\Bonjour\mDNSResponder.exe[1680] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC
.text C:\Program Files\Bonjour\mDNSResponder.exe[1680] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1712] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1712] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1712] WS2_32.dll!socket 719F4211 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\svchost.exe[1712] WS2_32.dll!bind 719F4480 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\svchost.exe[1712] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00070950
.text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1784] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1784] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1784] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1784] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1784] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1784] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1784] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1784] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1784] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1784] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1784] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1784] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1784] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC
.text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1784] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720
.text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1784] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4
.text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1784] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838
.text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1784] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00130950
.text C:\Documents and Settings\HP_Propriétaire\Bureau\yxh755it.exe[1844] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Documents and Settings\HP_Propriétaire\Bureau\yxh755it.exe[1844] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Documents and Settings\HP_Propriétaire\Bureau\yxh755it.exe[1844] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Documents and Settings\HP_Propriétaire\Bureau\yxh755it.exe[1844] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Documents and Settings\HP_Propriétaire\Bureau\yxh755it.exe[1844] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Documents and Settings\HP_Propriétaire\Bureau\yxh755it.exe[1844] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Documents and Settings\HP_Propriétaire\Bureau\yxh755it.exe[1844] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Documents and Settings\HP_Propriétaire\Bureau\yxh755it.exe[1844] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Documents and Settings\HP_Propriétaire\Bureau\yxh755it.exe[1844] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Documents and Settings\HP_Propriétaire\Bureau\yxh755it.exe[1844] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Documents and Settings\HP_Propriétaire\Bureau\yxh755it.exe[1844] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Documents and Settings\HP_Propriétaire\Bureau\yxh755it.exe[1844] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Documents and Settings\HP_Propriétaire\Bureau\yxh755it.exe[1844] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Documents and Settings\HP_Propriétaire\Bureau\yxh755it.exe[1844] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001407AC
.text C:\Documents and Settings\HP_Propriétaire\Bureau\yxh755it.exe[1844] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00140720
.text C:\WINDOWS\system32\nvsvc32.exe[1952] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\nvsvc32.exe[1952] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\nvsvc32.exe[1952] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\nvsvc32.exe[1952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\nvsvc32.exe[1952] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\nvsvc32.exe[1952] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\nvsvc32.exe[1952] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\nvsvc32.exe[1952] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\nvsvc32.exe[1952] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\nvsvc32.exe[1952] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\nvsvc32.exe[1952] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\nvsvc32.exe[1952] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\nvsvc32.exe[1952] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\nvsvc32.exe[1952] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\nvsvc32.exe[1952] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\nvsvc32.exe[1952] WS2_32.dll!socket 719F4211 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\nvsvc32.exe[1952] WS2_32.dll!bind 719F4480 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\nvsvc32.exe[1952] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00070950
0
Réponse 19 / 51
lilou4515 Messages postés 392 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 19 mars 2023 3
7 sept. 2010 à 19:11
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2036] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2036] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2036] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2036] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2036] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2036] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2036] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2036] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2036] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2036] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2036] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2036] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2036] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2036] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000707AC
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2036] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00070720
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2036] WS2_32.dll!socket 719F4211 5 Bytes JMP 000708C4
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2036] WS2_32.dll!bind 719F4480 5 Bytes JMP 00070838
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2036] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00070950
.text C:\WINDOWS\System32\alg.exe[2320] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\alg.exe[2320] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\alg.exe[2320] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\alg.exe[2320] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\alg.exe[2320] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\alg.exe[2320] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\alg.exe[2320] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\alg.exe[2320] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\alg.exe[2320] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\alg.exe[2320] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\alg.exe[2320] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\alg.exe[2320] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\alg.exe[2320] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\alg.exe[2320] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\alg.exe[2320] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[2320] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\alg.exe[2320] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\alg.exe[2320] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950
.text C:\Program Files\Internet Explorer\iexplore.exe[2680] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001401A8
.text C:\Program Files\Internet Explorer\iexplore.exe[2680] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00140090
.text C:\Program Files\Internet Explorer\iexplore.exe[2680] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00140694
.text C:\Program Files\Internet Explorer\iexplore.exe[2680] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001402C0
.text C:\Program Files\Internet Explorer\iexplore.exe[2680] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00140234
.text C:\Program Files\Internet Explorer\iexplore.exe[2680] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00140004
.text C:\Program Files\Internet Explorer\iexplore.exe[2680] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0014011C
.text C:\Program Files\Internet Explorer\iexplore.exe[2680] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001404F0
.text C:\Program Files\Internet Explorer\iexplore.exe[2680] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0014057C
.text C:\Program Files\Internet Explorer\iexplore.exe[2680] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001403D8
.text C:\Program Files\Internet Explorer\iexplore.exe[2680] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0014034C
.text C:\Program Files\Internet Explorer\iexplore.exe[2680] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00140464
.text C:\Program Files\Internet Explorer\iexplore.exe[2680] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00140608
.text C:\Program Files\Internet Explorer\iexplore.exe[2680] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 40D85501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2680] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001407AC
.text C:\Program Files\Internet Explorer\iexplore.exe[2680] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 40E5DB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2680] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00140720
.text C:\Program Files\Internet Explorer\iexplore.exe[2680] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 40F54B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2680] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 40F54AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2680] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 40F54B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2680] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 40F54972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2680] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 40F549D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2680] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 40F54BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2680] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 40F54A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2680] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 00140F54
.text C:\Program Files\Internet Explorer\iexplore.exe[2680] WININET.dll!InternetConnectW 404BF862 5 Bytes JMP 00140FE0
.text C:\Program Files\Internet Explorer\iexplore.exe[2680] WININET.dll!InternetOpenA 404CD690 5 Bytes JMP 00140D24
.text C:\Program Files\Internet Explorer\iexplore.exe[2680] WININET.dll!InternetOpenW 404CDB09 5 Bytes JMP 00140DB0
.text C:\Program Files\Internet Explorer\iexplore.exe[2680] WININET.dll!InternetOpenUrlA 404CF3A4 5 Bytes JMP 00140E3C
.text C:\Program Files\Internet Explorer\iexplore.exe[2680] WININET.dll!InternetOpenUrlW 40516DDF 5 Bytes JMP 00140EC8
.text C:\Program Files\Internet Explorer\iexplore.exe[2680] ws2_32.dll!socket 719F4211 5 Bytes JMP 001408C4
.text C:\Program Files\Internet Explorer\iexplore.exe[2680] ws2_32.dll!bind 719F4480 5 Bytes JMP 00140838
.text C:\Program Files\Internet Explorer\iexplore.exe[2680] ws2_32.dll!connect 719F4A07 5 Bytes JMP 00140950
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2752] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2752] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2752] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2752] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2752] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2752] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2752] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2752] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2752] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2752] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2752] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2752] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2752] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2752] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2752] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2752] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00130950
.text C:\windows\system\hpsysdrv.exe[2920] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\windows\system\hpsysdrv.exe[2920] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\windows\system\hpsysdrv.exe[2920] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\windows\system\hpsysdrv.exe[2920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\windows\system\hpsysdrv.exe[2920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\windows\system\hpsysdrv.exe[2920] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\windows\system\hpsysdrv.exe[2920] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\windows\system\hpsysdrv.exe[2920] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\windows\system\hpsysdrv.exe[2920] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\windows\system\hpsysdrv.exe[2920] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\windows\system\hpsysdrv.exe[2920] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\windows\system\hpsysdrv.exe[2920] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\windows\system\hpsysdrv.exe[2920] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\windows\system\hpsysdrv.exe[2920] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC
.text C:\windows\system\hpsysdrv.exe[2920] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\hphmon06.exe[2928] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\hphmon06.exe[2928] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\hphmon06.exe[2928] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\hphmon06.exe[2928] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\hphmon06.exe[2928] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\hphmon06.exe[2928] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\hphmon06.exe[2928] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\hphmon06.exe[2928] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\hphmon06.exe[2928] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\hphmon06.exe[2928] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\hphmon06.exe[2928] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\hphmon06.exe[2928] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\hphmon06.exe[2928] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\hphmon06.exe[2928] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\hphmon06.exe[2928] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\hphmon06.exe[2928] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\hphmon06.exe[2928] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\hphmon06.exe[2928] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720
.text C:\HP\KBD\KBD.EXE[2936] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\HP\KBD\KBD.EXE[2936] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\HP\KBD\KBD.EXE[2936] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\HP\KBD\KBD.EXE[2936] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\HP\KBD\KBD.EXE[2936] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\HP\KBD\KBD.EXE[2936] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\HP\KBD\KBD.EXE[2936] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\HP\KBD\KBD.EXE[2936] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\HP\KBD\KBD.EXE[2936] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\HP\KBD\KBD.EXE[2936] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\HP\KBD\KBD.EXE[2936] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\HP\KBD\KBD.EXE[2936] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\HP\KBD\KBD.EXE[2936] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\HP\KBD\KBD.EXE[2936] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC
.text C:\HP\KBD\KBD.EXE[2936] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720
.text C:\HP\KBD\KBD.EXE[2936] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 00130F54
.text C:\HP\KBD\KBD.EXE[2936] WININET.dll!InternetConnectW 404BF862 5 Bytes JMP 00130FE0
.text C:\HP\KBD\KBD.EXE[2936] WININET.dll!InternetOpenA 404CD690 5 Bytes JMP 00130D24
.text C:\HP\KBD\KBD.EXE[2936] WININET.dll!InternetOpenW 404CDB09 5 Bytes JMP 00130DB0
.text C:\HP\KBD\KBD.EXE[2936] WININET.dll!InternetOpenUrlA 404CF3A4 5 Bytes JMP 00130E3C
.text C:\HP\KBD\KBD.EXE[2936] WININET.dll!InternetOpenUrlW 40516DDF 5 Bytes JMP 00130EC8
.text C:\WINDOWS\system32\keyhook.exe[2996] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\keyhook.exe[2996] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\keyhook.exe[2996] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\keyhook.exe[2996] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\keyhook.exe[2996] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\keyhook.exe[2996] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\keyhook.exe[2996] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\keyhook.exe[2996] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\keyhook.exe[2996] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\keyhook.exe[2996] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\keyhook.exe[2996] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\keyhook.exe[2996] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\keyhook.exe[2996] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\keyhook.exe[2996] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\keyhook.exe[2996] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720
.text C:\WINDOWS\AGRSMMSG.exe[3008] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\AGRSMMSG.exe[3008] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\AGRSMMSG.exe[3008] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\AGRSMMSG.exe[3008] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\AGRSMMSG.exe[3008] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\AGRSMMSG.exe[3008] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\AGRSMMSG.exe[3008] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\AGRSMMSG.exe[3008] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\AGRSMMSG.exe[3008] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\AGRSMMSG.exe[3008] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\AGRSMMSG.exe[3008] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\AGRSMMSG.exe[3008] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\AGRSMMSG.exe[3008] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\AGRSMMSG.exe[3008] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\AGRSMMSG.exe[3008] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720
.text C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe[3064] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe[3064] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe[3064] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe[3064] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe[3064] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe[3064] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe[3064] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe[3064] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe[3064] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe[3064] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe[3064] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe[3064] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe[3064] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe[3064] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC
.text C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe[3064] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\UMonit.exe[3072] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\UMonit.exe[3072] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\UMonit.exe[3072] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\UMonit.exe[3072] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\UMonit.exe[3072] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\UMonit.exe[3072] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\UMonit.exe[3072] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\UMonit.exe[3072] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\UMonit.exe[3072] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\UMonit.exe[3072] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\UMonit.exe[3072] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\UMonit.exe[3072] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\UMonit.exe[3072] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\UMonit.exe[3072] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\UMonit.exe[3072] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3080] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3080] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3080] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3080] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3080] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3080] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3080] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3080] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3080] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3080] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3080] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3080] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3080] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3080] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3080] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720
0
Réponse 20 / 51
lilou4515 Messages postés 392 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 19 mars 2023 3
7 sept. 2010 à 19:12
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3100] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3100] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3100] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3100] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3100] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3100] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3100] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3100] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3100] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3100] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3100] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3100] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3100] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3100] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3100] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3100] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 00070F54
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3100] WININET.dll!InternetConnectW 404BF862 5 Bytes JMP 00070FE0
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3100] WININET.dll!InternetOpenA 404CD690 5 Bytes JMP 00070D24
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3100] WININET.dll!InternetOpenW 404CDB09 5 Bytes JMP 00070DB0
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3100] WININET.dll!InternetOpenUrlA 404CF3A4 5 Bytes JMP 00070E3C
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3100] WININET.dll!InternetOpenUrlW 40516DDF 5 Bytes JMP 00070EC8
.text C:\WINDOWS\system32\rundll32.exe[3108] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\rundll32.exe[3108] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\rundll32.exe[3108] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\rundll32.exe[3108] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\rundll32.exe[3108] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\rundll32.exe[3108] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\rundll32.exe[3108] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\rundll32.exe[3108] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\rundll32.exe[3108] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\rundll32.exe[3108] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\rundll32.exe[3108] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\rundll32.exe[3108] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\rundll32.exe[3108] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\rundll32.exe[3108] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\rundll32.exe[3108] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720
.text C:\Program Files\Orange\Connexion Internet Orange\Launcher\Launcher.exe[3160] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Orange\Connexion Internet Orange\Launcher\Launcher.exe[3160] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Orange\Connexion Internet Orange\Launcher\Launcher.exe[3160] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Orange\Connexion Internet Orange\Launcher\Launcher.exe[3160] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Orange\Connexion Internet Orange\Launcher\Launcher.exe[3160] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Orange\Connexion Internet Orange\Launcher\Launcher.exe[3160] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Orange\Connexion Internet Orange\Launcher\Launcher.exe[3160] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Orange\Connexion Internet Orange\Launcher\Launcher.exe[3160] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Orange\Connexion Internet Orange\Launcher\Launcher.exe[3160] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Orange\Connexion Internet Orange\Launcher\Launcher.exe[3160] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Orange\Connexion Internet Orange\Launcher\Launcher.exe[3160] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Orange\Connexion Internet Orange\Launcher\Launcher.exe[3160] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Orange\Connexion Internet Orange\Launcher\Launcher.exe[3160] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Orange\Connexion Internet Orange\Launcher\Launcher.exe[3160] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC
.text C:\Program Files\Orange\Connexion Internet Orange\Launcher\Launcher.exe[3160] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720
.text C:\Program Files\Orange\Connexion Internet Orange\Launcher\Launcher.exe[3160] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 00130F54
.text C:\Program Files\Orange\Connexion Internet Orange\Launcher\Launcher.exe[3160] WININET.dll!InternetConnectW 404BF862 5 Bytes JMP 00130FE0
.text C:\Program Files\Orange\Connexion Internet Orange\Launcher\Launcher.exe[3160] WININET.dll!InternetOpenA 404CD690 5 Bytes JMP 00130D24
.text C:\Program Files\Orange\Connexion Internet Orange\Launcher\Launcher.exe[3160] WININET.dll!InternetOpenW 404CDB09 5 Bytes JMP 00130DB0
.text C:\Program Files\Orange\Connexion Internet Orange\Launcher\Launcher.exe[3160] WININET.dll!InternetOpenUrlA 404CF3A4 5 Bytes JMP 00130E3C
.text C:\Program Files\Orange\Connexion Internet Orange\Launcher\Launcher.exe[3160] WININET.dll!InternetOpenUrlW 40516DDF 5 Bytes JMP 00130EC8
.text C:\Program Files\Orange\Connexion Internet Orange\Launcher\Launcher.exe[3160] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4
.text C:\Program Files\Orange\Connexion Internet Orange\Launcher\Launcher.exe[3160] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838
.text C:\Program Files\Orange\Connexion Internet Orange\Launcher\Launcher.exe[3160] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00130950
.text C:\Documents and Settings\HP_Propriétaire\Application Data\Orange\OrangeInside\one\OrangeInside.exe[3196] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Documents and Settings\HP_Propriétaire\Application Data\Orange\OrangeInside\one\OrangeInside.exe[3196] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Documents and Settings\HP_Propriétaire\Application Data\Orange\OrangeInside\one\OrangeInside.exe[3196] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Documents and Settings\HP_Propriétaire\Application Data\Orange\OrangeInside\one\OrangeInside.exe[3196] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Documents and Settings\HP_Propriétaire\Application Data\Orange\OrangeInside\one\OrangeInside.exe[3196] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Documents and Settings\HP_Propriétaire\Application Data\Orange\OrangeInside\one\OrangeInside.exe[3196] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Documents and Settings\HP_Propriétaire\Application Data\Orange\OrangeInside\one\OrangeInside.exe[3196] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Documents and Settings\HP_Propriétaire\Application Data\Orange\OrangeInside\one\OrangeInside.exe[3196] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Documents and Settings\HP_Propriétaire\Application Data\Orange\OrangeInside\one\OrangeInside.exe[3196] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Documents and Settings\HP_Propriétaire\Application Data\Orange\OrangeInside\one\OrangeInside.exe[3196] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Documents and Settings\HP_Propriétaire\Application Data\Orange\OrangeInside\one\OrangeInside.exe[3196] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Documents and Settings\HP_Propriétaire\Application Data\Orange\OrangeInside\one\OrangeInside.exe[3196] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Documents and Settings\HP_Propriétaire\Application Data\Orange\OrangeInside\one\OrangeInside.exe[3196] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Documents and Settings\HP_Propriétaire\Application Data\Orange\OrangeInside\one\OrangeInside.exe[3196] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4
.text C:\Documents and Settings\HP_Propriétaire\Application Data\Orange\OrangeInside\one\OrangeInside.exe[3196] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838
.text C:\Documents and Settings\HP_Propriétaire\Application Data\Orange\OrangeInside\one\OrangeInside.exe[3196] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00130950
.text C:\Documents and Settings\HP_Propriétaire\Application Data\Orange\OrangeInside\one\OrangeInside.exe[3196] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC
.text C:\Documents and Settings\HP_Propriétaire\Application Data\Orange\OrangeInside\one\OrangeInside.exe[3196] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\ctfmon.exe[3208] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\ctfmon.exe[3208] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\ctfmon.exe[3208] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\ctfmon.exe[3208] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\ctfmon.exe[3208] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\ctfmon.exe[3208] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\ctfmon.exe[3208] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\ctfmon.exe[3208] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\ctfmon.exe[3208] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\ctfmon.exe[3208] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\ctfmon.exe[3208] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\ctfmon.exe[3208] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\ctfmon.exe[3208] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\ctfmon.exe[3208] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\ctfmon.exe[3208] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720
.text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe[3316] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe[3316] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe[3316] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe[3316] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe[3316] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe[3316] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe[3316] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe[3316] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe[3316] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe[3316] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe[3316] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe[3316] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe[3316] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe[3316] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC
.text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe[3316] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720
.text C:\Program Files\Avira\AntiVir Desktop\avcenter.exe[3388] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Avira\AntiVir Desktop\avcenter.exe[3388] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Avira\AntiVir Desktop\avcenter.exe[3388] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Avira\AntiVir Desktop\avcenter.exe[3388] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Avira\AntiVir Desktop\avcenter.exe[3388] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Avira\AntiVir Desktop\avcenter.exe[3388] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Avira\AntiVir Desktop\avcenter.exe[3388] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Avira\AntiVir Desktop\avcenter.exe[3388] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Avira\AntiVir Desktop\avcenter.exe[3388] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Avira\AntiVir Desktop\avcenter.exe[3388] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Avira\AntiVir Desktop\avcenter.exe[3388] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Avira\AntiVir Desktop\avcenter.exe[3388] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Avira\AntiVir Desktop\avcenter.exe[3388] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Avira\AntiVir Desktop\avcenter.exe[3388] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC
.text C:\Program Files\Avira\AntiVir Desktop\avcenter.exe[3388] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720
.text C:\Program Files\Avira\AntiVir Desktop\avcenter.exe[3388] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 00130F54
.text C:\Program Files\Avira\AntiVir Desktop\avcenter.exe[3388] WININET.dll!InternetConnectW 404BF862 5 Bytes JMP 00130FE0
.text C:\Program Files\Avira\AntiVir Desktop\avcenter.exe[3388] WININET.dll!InternetOpenA 404CD690 5 Bytes JMP 00130D24
.text C:\Program Files\Avira\AntiVir Desktop\avcenter.exe[3388] WININET.dll!InternetOpenW 404CDB09 5 Bytes JMP 00130DB0
.text C:\Program Files\Avira\AntiVir Desktop\avcenter.exe[3388] WININET.dll!InternetOpenUrlA 404CF3A4 5 Bytes JMP 00130E3C
.text C:\Program Files\Avira\AntiVir Desktop\avcenter.exe[3388] WININET.dll!InternetOpenUrlW 40516DDF 5 Bytes JMP 00130EC8
.text C:\Program Files\Orange\Connexion Internet Orange\systray\systrayapp.exe[3436] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Orange\Connexion Internet Orange\systray\systrayapp.exe[3436] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Orange\Connexion Internet Orange\systray\systrayapp.exe[3436] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Orange\Connexion Internet Orange\systray\systrayapp.exe[3436] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Orange\Connexion Internet Orange\systray\systrayapp.exe[3436] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Orange\Connexion Internet Orange\systray\systrayapp.exe[3436] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Orange\Connexion Internet Orange\systray\systrayapp.exe[3436] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Orange\Connexion Internet Orange\systray\systrayapp.exe[3436] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Orange\Connexion Internet Orange\systray\systrayapp.exe[3436] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Orange\Connexion Internet Orange\systray\systrayapp.exe[3436] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Orange\Connexion Internet Orange\systray\systrayapp.exe[3436] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Orange\Connexion Internet Orange\systray\systrayapp.exe[3436] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Orange\Connexion Internet Orange\systray\systrayapp.exe[3436] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Orange\Connexion Internet Orange\systray\systrayapp.exe[3436] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC
.text C:\Program Files\Orange\Connexion Internet Orange\systray\systrayapp.exe[3436] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe[3452] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe[3452] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe[3452] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe[3452] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe[3452] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe[3452] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe[3452] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe[3452] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe[3452] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe[3452] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe[3452] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe[3452] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe[3452] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe[3452] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe[3452] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe[3452] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe[3452] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe[3452] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00130950
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe[3508] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe[3508] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe[3508] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe[3508] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe[3508] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe[3508] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe[3508] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe[3508] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe[3508] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe[3508] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe[3508] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe[3508] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe[3508] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe[3508] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe[3508] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe[3508] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe[3508] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe[3508] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00130950
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe[3508] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 00130F54
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe[3508] WININET.dll!InternetConnectW 404BF862 5 Bytes JMP 00130FE0
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe[3508] WININET.dll!InternetOpenA 404CD690 5 Bytes JMP 00130D24
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe[3508] WININET.dll!InternetOpenW 404CDB09 5 Bytes JMP 00130DB0
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe[3508] WININET.dll!InternetOpenUrlA 404CF3A4 5 Bytes JMP 00130E3C
.text C:\Program Files\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe[3508] WININET.dll!InternetOpenUrlW 40516DDF 5 Bytes JMP 00130EC8
0