Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
19 replies to this topic

#1 atomium

atomium

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 04 July 2012 - 12:04 PM

Hi everybody,

Here is the HijackThis log.
Can someone virus.help me, explain me how to recognize virus and tell what to do to get rid of this ?
Thanks for yor help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:52:44, on 4/07/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Portrait Displays\Plugins\AM\dtsslsrv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\McAfee\SystemCore\mcshield.exe
C:\Program Files\Fichiers communs\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Philips Display\SmartControl II\DTHtml.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\HookManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MyTomTom 3\MyTomTomSA.exe
C:\Documents and Settings\jean claude\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
D:\Download\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.search.yahoo.com/search?fr=mcafee&p=%s%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Fichiers communs\McAfee\SystemCore\ScriptSn.20110604000029.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [DT PHL] C:\Program Files\Philips Display\SmartControl II\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MyTomTomSA.exe] "C:\Program Files\MyTomTom 3\MyTomTomSA.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\jean claude\Application Data\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238612989125
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Fichiers communs\Portrait Displays\Plugins\AM\dtsslsrv.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Service McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 12916 bytes

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:23 AM

Posted 08 July 2012 - 06:55 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


And

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.


Then

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
Posted Image
m0le is a proud member of UNITE

#3 atomium

atomium
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 13 July 2012 - 06:50 AM

Hi Mûle,
I am not surprised by the delay it was announced on the site.
I wasn't at home so it took me some time to answer, sorry for that.

Unfortunately I did not save the DDS log, only attach.txt (here in rar format).
Do I have to rerun DDS ?

Below is the gmer.log.
Thanks to tell mle if something more is to be done.
Thanks for your help.


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-13 13:48:25
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6 ST3250310AS rev.3.AHC
Running: 2enr1k2z.exe; Driver: C:\DOCUME~1\JEANCL~1\LOCALS~1\Temp\kfldrfog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA9003620]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9EA9D70]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9EA9D84]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9EA9DB0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9EA9E06]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9EA9D5C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9EA9D34]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9EA9D48]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9EA9D9A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9EA9DDC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9EA9DC6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9EA9E1C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9EA9DF0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504B1C 7 Bytes JMP B9EA9DF4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2042 7 Bytes JMP B9EA9E0A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E50 5 Bytes JMP B9EA9E20 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetSecurityObject 805C0636 5 Bytes JMP B9EA9DE0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB456 5 Bytes JMP B9EA9D38 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB6E2 5 Bytes JMP B9EA9D4C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80622548 7 Bytes JMP B9EA9DCA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806239F8 7 Bytes JMP B9EA9D9E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 80623FD6 5 Bytes JMP B9EA9D74 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80624472 7 Bytes JMP B9EA9D88 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80624642 7 Bytes JMP B9EA9DB4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 806253B4 5 Bytes JMP B9EA9D60 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
init C:\WINDOWS\system32\drivers\monfilt.sys entry point in "init" section [0xA920E280]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA82D5300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xA8E0B300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[576] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 0163000A
.text C:\WINDOWS\Explorer.EXE[576] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 01630FCA
.text C:\WINDOWS\Explorer.EXE[576] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 01630FE5
.text C:\WINDOWS\Explorer.EXE[576] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01620000
.text C:\WINDOWS\Explorer.EXE[576] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0162005A
.text C:\WINDOWS\Explorer.EXE[576] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01620F6F
.text C:\WINDOWS\Explorer.EXE[576] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01620F80
.text C:\WINDOWS\Explorer.EXE[576] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01620F91
.text C:\WINDOWS\Explorer.EXE[576] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01620022
.text C:\WINDOWS\Explorer.EXE[576] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01620092
.text C:\WINDOWS\Explorer.EXE[576] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01620081
.text C:\WINDOWS\Explorer.EXE[576] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 016200CF
.text C:\WINDOWS\Explorer.EXE[576] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 016200B4
.text C:\WINDOWS\Explorer.EXE[576] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01620F1B
.text C:\WINDOWS\Explorer.EXE[576] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01620033
.text C:\WINDOWS\Explorer.EXE[576] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01620FDB
.text C:\WINDOWS\Explorer.EXE[576] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01620F4A
.text C:\WINDOWS\Explorer.EXE[576] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01620FB6
.text C:\WINDOWS\Explorer.EXE[576] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01620011
.text C:\WINDOWS\Explorer.EXE[576] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 016200A3
.text C:\WINDOWS\Explorer.EXE[576] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 03830FE5
.text C:\WINDOWS\Explorer.EXE[576] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 03830080
.text C:\WINDOWS\Explorer.EXE[576] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 03830036
.text C:\WINDOWS\Explorer.EXE[576] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 0383001B
.text C:\WINDOWS\Explorer.EXE[576] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 03830FC3
.text C:\WINDOWS\Explorer.EXE[576] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 03830000
.text C:\WINDOWS\Explorer.EXE[576] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 03830FD4
.text C:\WINDOWS\Explorer.EXE[576] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [A6, 8B]
.text C:\WINDOWS\Explorer.EXE[576] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 0383005B
.text C:\WINDOWS\Explorer.EXE[576] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 019D0FE5
.text C:\WINDOWS\Explorer.EXE[576] msvcrt.dll!system 77BF93C7 5 Bytes JMP 019D0070
.text C:\WINDOWS\Explorer.EXE[576] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 019D0044
.text C:\WINDOWS\Explorer.EXE[576] msvcrt.dll!_open 77BFF566 5 Bytes JMP 019D000C
.text C:\WINDOWS\Explorer.EXE[576] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 019D005F
.text C:\WINDOWS\Explorer.EXE[576] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 019D001D
.text C:\WINDOWS\Explorer.EXE[576] WININET.dll!InternetOpenW 77AAAF61 5 Bytes JMP 01650000
.text C:\WINDOWS\Explorer.EXE[576] WININET.dll!InternetOpenA 77AB57AE 5 Bytes JMP 01650FE5
.text C:\WINDOWS\Explorer.EXE[576] WININET.dll!InternetOpenUrlA 77AB5A7A 5 Bytes JMP 01650FCA
.text C:\WINDOWS\Explorer.EXE[576] WININET.dll!InternetOpenUrlW 77AC5BB2 5 Bytes JMP 01650FA3
.text C:\WINDOWS\Explorer.EXE[576] WS2_32.dll!socket 719F4211 5 Bytes JMP 01640FEF
.text C:\WINDOWS\system32\services.exe[1084] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 0005000A
.text C:\WINDOWS\system32\services.exe[1084] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 0005001B
.text C:\WINDOWS\system32\services.exe[1084] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00050FE5
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00040F7C
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00040F8D
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00040F9E
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0004005B
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00040040
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00040F6B
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 000400B3
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00040F35
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000400D8
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 000400E9
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00040FB9
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00040096
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00040025
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00040FCA
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00040F5A
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00DC0FC0
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00DC0F83
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00DC0011
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00DC0FDB
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00DC0F94
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00DC0000
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 00DC0036
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00DC0FAF
.text C:\WINDOWS\system32\services.exe[1084] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00070061
.text C:\WINDOWS\system32\services.exe[1084] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00070050
.text C:\WINDOWS\system32\services.exe[1084] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 0007002E
.text C:\WINDOWS\system32\services.exe[1084] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[1084] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 0007003F
.text C:\WINDOWS\system32\services.exe[1084] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 0007001D
.text C:\WINDOWS\system32\services.exe[1084] WS2_32.dll!socket 719F4211 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\lsass.exe[1096] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 00CA000A
.text C:\WINDOWS\system32\lsass.exe[1096] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 00CA0FD4
.text C:\WINDOWS\system32\lsass.exe[1096] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C1000A
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C100AE
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C1009D
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C1008C
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C10FC3
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C10040
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C10F72
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C10F83
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C10F3C
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C10F4D
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C100F0
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C10065
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C10F9E
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C10FD4
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C10025
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C100CB
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00FD0FA8
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00FD0F72
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00FD0FC3
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00FD0FD4
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00FD0F83
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00FD0FEF
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 00FD0025
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00FD0014
.text C:\WINDOWS\system32\lsass.exe[1096] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00E40FB9
.text C:\WINDOWS\system32\lsass.exe[1096] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00E40044
.text C:\WINDOWS\system32\lsass.exe[1096] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00E40FDE
.text C:\WINDOWS\system32\lsass.exe[1096] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00E40000
.text C:\WINDOWS\system32\lsass.exe[1096] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00E40033
.text C:\WINDOWS\system32\lsass.exe[1096] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00E40FEF
.text C:\WINDOWS\system32\lsass.exe[1096] WS2_32.dll!socket 719F4211 5 Bytes JMP 00E3000A
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 00FF0FDE
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00FF0014
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FE0082
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FE0F97
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FE0FA8
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FE0FB9
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FE004A
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FE0F66
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FE00AE
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FE00D3
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FE0F44
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FE0F29
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FE005B
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FE0FDE
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FE009D
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FE0039
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FE001E
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FE0F55
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 024B0FC0
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 024B0F6F
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 024B0FDB
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 024B0011
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 024B0F80
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 024B0000
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 024B002C
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 024B0FA5
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 024A003B
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!system 77BF93C7 5 Bytes JMP 024A0FB0
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 024A000C
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_open 77BFF566 5 Bytes JMP 024A0FEF
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 024A0FC1
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 024A0FD2
.text C:\WINDOWS\system32\svchost.exe[1268] WS2_32.dll!socket 719F4211 5 Bytes JMP 02490000
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 00D80000
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 00D80FE5
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00D80011
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D70FEF
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D70F3A
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D70F55
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D70F72
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D70F83
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D70FB9
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D70067
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D70F1F
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D700AE
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D7009D
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D700C9
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D70F9E
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D7000A
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D7004A
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D70FD4
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D7001B
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D70078
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00E30040
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00E30FBC
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00E3002F
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00E3000A
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00E30079
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00E30FEF
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 00E30FCD
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [06, 89]
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00E30FDE
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00DA0FD4
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00DA0FE5
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00DA0044
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00DA0000
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00DA0055
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00DA0029
.text C:\WINDOWS\system32\svchost.exe[1372] WS2_32.dll!socket 719F4211 5 Bytes JMP 00D90FEF
.text C:\WINDOWS\system32\svchost.exe[1448] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 00AA0FEF
.text C:\WINDOWS\system32\svchost.exe[1448] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 00AA0014
.text C:\WINDOWS\system32\svchost.exe[1448] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00AA0FDE
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A90FEF
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A90064
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A90053
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A90F79
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A90F94
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A90025
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A90F48
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A90090
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A900AB
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A90F12
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A900BC
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A90036
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A90FD4
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A9007F
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A9000A
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A90FB9
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A90F2D
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00AE0FB9
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00AE0040
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00AE0014
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00AE0FDE
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00AE0F83
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00AE0FEF
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 00AE0025
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00AE0F9E
.text C:\WINDOWS\system32\svchost.exe[1448] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00AD0047
.text C:\WINDOWS\system32\svchost.exe[1448] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00AD002C
.text C:\WINDOWS\system32\svchost.exe[1448] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00AD0FCD
.text C:\WINDOWS\system32\svchost.exe[1448] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00AD0000
.text C:\WINDOWS\system32\svchost.exe[1448] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00AD0FBC
.text C:\WINDOWS\system32\svchost.exe[1448] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00AD0011
.text C:\WINDOWS\system32\svchost.exe[1448] WININET.dll!InternetOpenW 77AAAF61 5 Bytes JMP 00AC0FE5
.text C:\WINDOWS\system32\svchost.exe[1448] WININET.dll!InternetOpenA 77AB57AE 5 Bytes JMP 00AC0000
.text C:\WINDOWS\system32\svchost.exe[1448] WININET.dll!InternetOpenUrlA 77AB5A7A 5 Bytes JMP 00AC0FD4
.text C:\WINDOWS\system32\svchost.exe[1448] WININET.dll!InternetOpenUrlW 77AC5BB2 5 Bytes JMP 00AC0FAD
.text C:\WINDOWS\system32\svchost.exe[1448] WS2_32.dll!socket 719F4211 5 Bytes JMP 00AB0FEF
.text C:\WINDOWS\System32\svchost.exe[1496] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 0272000A
.text C:\WINDOWS\System32\svchost.exe[1496] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 02720FDE
.text C:\WINDOWS\System32\svchost.exe[1496] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 02720FEF
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02710FEF
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0271006C
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0271005B
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02710F81
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0271004A
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02710FB9
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 027100B5
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 027100A4
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 027100EB
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 027100DA
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 027100FC
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02710F9E
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0271000A
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02710087
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02710025
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02710FD4
.text C:\WINDOWS\System32\svchost.exe[1496] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02710F5C
.text C:\WINDOWS\System32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 03460FC3
.text C:\WINDOWS\System32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 03460043
.text C:\WINDOWS\System32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 03460FD4
.text C:\WINDOWS\System32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 03460FEF
.text C:\WINDOWS\System32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 03460F90
.text C:\WINDOWS\System32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 0346000A
.text C:\WINDOWS\System32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 03460FA1
.text C:\WINDOWS\System32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [69, 8B]
.text C:\WINDOWS\System32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 03460FB2
.text C:\WINDOWS\System32\svchost.exe[1496] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 03450FC3
.text C:\WINDOWS\System32\svchost.exe[1496] msvcrt.dll!system 77BF93C7 5 Bytes JMP 0345004E
.text C:\WINDOWS\System32\svchost.exe[1496] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 03450FEF
.text C:\WINDOWS\System32\svchost.exe[1496] msvcrt.dll!_open 77BFF566 5 Bytes JMP 03450000
.text C:\WINDOWS\System32\svchost.exe[1496] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 03450FD4
.text C:\WINDOWS\System32\svchost.exe[1496] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 0345001D
.text C:\WINDOWS\System32\svchost.exe[1496] WS2_32.dll!socket 719F4211 5 Bytes JMP 02730FEF
.text C:\WINDOWS\System32\svchost.exe[1496] WININET.dll!InternetOpenW 77AAAF61 5 Bytes JMP 02740025
.text C:\WINDOWS\System32\svchost.exe[1496] WININET.dll!InternetOpenA 77AB57AE 5 Bytes JMP 0274000A
.text C:\WINDOWS\System32\svchost.exe[1496] WININET.dll!InternetOpenUrlA 77AB5A7A 5 Bytes JMP 02740042
.text C:\WINDOWS\System32\svchost.exe[1496] WININET.dll!InternetOpenUrlW 77AC5BB2 5 Bytes JMP 02740053
.text C:\WINDOWS\system32\svchost.exe[1540] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\svchost.exe[1540] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[1540] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 0064001B
.text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00630000
.text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00630093
.text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00630078
.text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00630F9E
.text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00630FAF
.text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00630FD4
.text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006300CB
.text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00630F83
.text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00630F3C
.text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00630F61
.text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006300F0
.text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00630051
.text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0063001B
.text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006300AE
.text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00630FE5
.text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00630040
.text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00630F72
.text C:\WINDOWS\system32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 3 Bytes JMP 00660FC0
.text C:\WINDOWS\system32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyExW + 4 77DA6AB3 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyExW 77DA776C 3 Bytes JMP 00660F79
.text C:\WINDOWS\system32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyExW + 4 77DA7770 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyExA 77DA7852 3 Bytes JMP 00660FD1
.text C:\WINDOWS\system32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyExA + 4 77DA7856 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyW 77DA7946 3 Bytes JMP 00660011
.text C:\WINDOWS\system32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyW + 4 77DA794A 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 3 Bytes JMP 00660F8A
.text C:\WINDOWS\system32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyExA + 4 77DAE9F8 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 3 Bytes JMP 00660000
.text C:\WINDOWS\system32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyA + 4 77DAEFCC 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 00660F9B
.text C:\WINDOWS\system32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [89, 88]
.text C:\WINDOWS\system32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00660022
.text C:\WINDOWS\system32\svchost.exe[1540] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00650058
.text C:\WINDOWS\system32\svchost.exe[1540] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00650047
.text C:\WINDOWS\system32\svchost.exe[1540] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00650022
.text C:\WINDOWS\system32\svchost.exe[1540] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[1540] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00650FD7
.text C:\WINDOWS\system32\svchost.exe[1540] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00650011
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes JMP 00920000
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtCreateFile + 4 7C91D0B2 1 Byte [84]
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtCreateProcess 7C91D14E 3 Bytes JMP 0092002F
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtCreateProcess + 4 7C91D152 1 Byte [84]
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 3 Bytes JMP 00920FEF
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtProtectVirtualMemory + 4 7C91D6F2 1 Byte [84]
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00910000
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00910089
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00910078
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00910067
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00910FA8
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00910FC3
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009100CB
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009100AE
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00910F4D
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00910F5E
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009100F7
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0091004A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0091001B
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00910F83
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00910FD4
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00910FE5
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009100DC
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00950051
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 009500A2
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00950040
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00950025
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00950087
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 0095000A
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 00950FE5
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [B8, 88]
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 0095006C
.text C:\WINDOWS\system32\svchost.exe[1664] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00940FA3
.text C:\WINDOWS\system32\svchost.exe[1664] msvcrt.dll!system 77BF93C7 5 Bytes JMP 0094002E
.text C:\WINDOWS\system32\svchost.exe[1664] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 0094001D
.text C:\WINDOWS\system32\svchost.exe[1664] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00940FEF
.text C:\WINDOWS\system32\svchost.exe[1664] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00940FBE
.text C:\WINDOWS\system32\svchost.exe[1664] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 0094000C
.text C:\WINDOWS\system32\svchost.exe[1664] WS2_32.dll!socket 719F4211 5 Bytes JMP 00930000
.text C:\WINDOWS\system32\svchost.exe[1844] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\svchost.exe[1844] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 00FE0FE5
.text C:\WINDOWS\system32\svchost.exe[1844] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00FE001B
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FD0000
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FD00B0
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FD009F
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FD008E
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FD0FD1
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FD0062
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FD0F6A
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FD0F85
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FD00E8
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FD00CD
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FD0F3E
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FD0073
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FD001B
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FD0FA0
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FD0047
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FD0036
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FD0F59
.text C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 01020FCA
.text C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 01020F83
.text C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 0102001B
.text C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 01020000
.text C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 01020F94
.text C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 01020FEF
.text C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 01020FA5
.text C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [25, 89]
.text C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 01020036
.text C:\WINDOWS\system32\svchost.exe[1844] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 01010F95
.text C:\WINDOWS\system32\svchost.exe[1844] msvcrt.dll!system 77BF93C7 5 Bytes JMP 01010FA6
.text C:\WINDOWS\system32\svchost.exe[1844] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 01010FD2
.text C:\WINDOWS\system32\svchost.exe[1844] msvcrt.dll!_open 77BFF566 5 Bytes JMP 01010000
.text C:\WINDOWS\system32\svchost.exe[1844] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 01010FC1
.text C:\WINDOWS\system32\svchost.exe[1844] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 01010FE3
.text C:\WINDOWS\system32\svchost.exe[1844] WS2_32.dll!socket 719F4211 5 Bytes JMP 00FF0FE5
.text C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe[2136] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Fichiers communs\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe[2136] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Fichiers communs\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\System32\svchost.exe[2564] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 00F90000
.text C:\WINDOWS\System32\svchost.exe[2564] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 00F90FD4
.text C:\WINDOWS\System32\svchost.exe[2564] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00F90FE5
.text C:\WINDOWS\System32\svchost.exe[2564] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F80FEF
.text C:\WINDOWS\System32\svchost.exe[2564] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F80F8D
.text C:\WINDOWS\System32\svchost.exe[2564] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F8008C
.text C:\WINDOWS\System32\svchost.exe[2564] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F80071
.text C:\WINDOWS\System32\svchost.exe[2564] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F80FA8
.text C:\WINDOWS\System32\svchost.exe[2564] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F80036
.text C:\WINDOWS\System32\svchost.exe[2564] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F80F61
.text C:\WINDOWS\System32\svchost.exe[2564] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F80F7C
.text C:\WINDOWS\System32\svchost.exe[2564] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F800C4
.text C:\WINDOWS\System32\svchost.exe[2564] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F80F2B
.text C:\WINDOWS\System32\svchost.exe[2564] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F80F06
.text C:\WINDOWS\System32\svchost.exe[2564] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F80FB9
.text C:\WINDOWS\System32\svchost.exe[2564] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F80FD4
.text C:\WINDOWS\System32\svchost.exe[2564] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F8009D
.text C:\WINDOWS\System32\svchost.exe[2564] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F80025
.text C:\WINDOWS\System32\svchost.exe[2564] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F8000A
.text C:\WINDOWS\System32\svchost.exe[2564] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F80F50
.text C:\WINDOWS\System32\svchost.exe[2564] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00F70F94
.text C:\WINDOWS\System32\svchost.exe[2564] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00F7002C
.text C:\WINDOWS\System32\svchost.exe[2564] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00F70FB9
.text C:\WINDOWS\System32\svchost.exe[2564] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00F70FCA
.text C:\WINDOWS\System32\svchost.exe[2564] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00F70011
.text C:\WINDOWS\System32\svchost.exe[2564] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00F70FEF
.text C:\WINDOWS\System32\svchost.exe[2564] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 00F70F6F
.text C:\WINDOWS\System32\svchost.exe[2564] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [1A, 89]
.text C:\WINDOWS\System32\svchost.exe[2564] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00F70000
.text C:\WINDOWS\System32\svchost.exe[2564] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00F60FC0
.text C:\WINDOWS\System32\svchost.exe[2564] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00F6004B
.text C:\WINDOWS\System32\svchost.exe[2564] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00F6003A
.text C:\WINDOWS\System32\svchost.exe[2564] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00F60000
.text C:\WINDOWS\System32\svchost.exe[2564] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00F60FE5
.text C:\WINDOWS\System32\svchost.exe[2564] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00F6001D
.text C:\WINDOWS\System32\svchost.exe[2564] WS2_32.dll!socket 719F4211 5 Bytes JMP 00F50000
.text C:\WINDOWS\system32\svchost.exe[3080] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 00C2000A
.text C:\WINDOWS\system32\svchost.exe[3080] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 00C2001B
.text C:\WINDOWS\system32\svchost.exe[3080] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00C20FE5
.text C:\WINDOWS\system32\svchost.exe[3080] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C10FE5
.text C:\WINDOWS\system32\svchost.exe[3080] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C10040
.text C:\WINDOWS\system32\svchost.exe[3080] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C10F4B
.text C:\WINDOWS\system32\svchost.exe[3080] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C10F66
.text C:\WINDOWS\system32\svchost.exe[3080] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C1002F
.text C:\WINDOWS\system32\svchost.exe[3080] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C10F9E
.text C:\WINDOWS\system32\svchost.exe[3080] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C10082
.text C:\WINDOWS\system32\svchost.exe[3080] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C10F30
.text C:\WINDOWS\system32\svchost.exe[3080] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C100A4
.text C:\WINDOWS\system32\svchost.exe[3080] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C10093
.text C:\WINDOWS\system32\svchost.exe[3080] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C10EF0
.text C:\WINDOWS\system32\svchost.exe[3080] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C10F8D
.text C:\WINDOWS\system32\svchost.exe[3080] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C10FD4
.text C:\WINDOWS\system32\svchost.exe[3080] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C10051
.text C:\WINDOWS\system32\svchost.exe[3080] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C10FC3
.text C:\WINDOWS\system32\svchost.exe[3080] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C10014
.text C:\WINDOWS\system32\svchost.exe[3080] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C10F15
.text C:\WINDOWS\system32\svchost.exe[3080] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00C00FCA
.text C:\WINDOWS\system32\svchost.exe[3080] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00C00F8A
.text C:\WINDOWS\system32\svchost.exe[3080] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00C0001B
.text C:\WINDOWS\system32\svchost.exe[3080] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\svchost.exe[3080] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00C00047
.text C:\WINDOWS\system32\svchost.exe[3080] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\svchost.exe[3080] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 00C00036
.text C:\WINDOWS\system32\svchost.exe[3080] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00C00FAF
.text C:\WINDOWS\system32\svchost.exe[3080] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00BF0FB4
.text C:\WINDOWS\system32\svchost.exe[3080] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00BF0049
.text C:\WINDOWS\system32\svchost.exe[3080] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00BF001D
.text C:\WINDOWS\system32\svchost.exe[3080] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\svchost.exe[3080] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00BF002E
.text C:\WINDOWS\system32\svchost.exe[3080] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00BF0FE3
.text C:\WINDOWS\system32\svchost.exe[3108] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 01490FEF
.text C:\WINDOWS\system32\svchost.exe[3108] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 01490FC3
.text C:\WINDOWS\system32\svchost.exe[3108] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 01490FDE
.text C:\WINDOWS\system32\svchost.exe[3108] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01480FEF
.text C:\WINDOWS\system32\svchost.exe[3108] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01480FA6
.text C:\WINDOWS\system32\svchost.exe[3108] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01480FC1
.text C:\WINDOWS\system32\svchost.exe[3108] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01480FD2
.text C:\WINDOWS\system32\svchost.exe[3108] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0148009B
.text C:\WINDOWS\system32\svchost.exe[3108] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01480065
.text C:\WINDOWS\system32\svchost.exe[3108] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01480F69
.text C:\WINDOWS\system32\svchost.exe[3108] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01480F7A
.text C:\WINDOWS\system32\svchost.exe[3108] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 014800CC
.text C:\WINDOWS\system32\svchost.exe[3108] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01480F33
.text C:\WINDOWS\system32\svchost.exe[3108] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01480F18
.text C:\WINDOWS\system32\svchost.exe[3108] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01480080
.text C:\WINDOWS\system32\svchost.exe[3108] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0148000A
.text C:\WINDOWS\system32\svchost.exe[3108] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01480F95
.text C:\WINDOWS\system32\svchost.exe[3108] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0148004A
.text C:\WINDOWS\system32\svchost.exe[3108] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0148002F
.text C:\WINDOWS\system32\svchost.exe[3108] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01480F4E
.text C:\WINDOWS\system32\svchost.exe[3108] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 01470025
.text C:\WINDOWS\system32\svchost.exe[3108] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 01470F8D
.text C:\WINDOWS\system32\svchost.exe[3108] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 01470FD4
.text C:\WINDOWS\system32\svchost.exe[3108] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 0147000A
.text C:\WINDOWS\system32\svchost.exe[3108] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 01470F9E
.text C:\WINDOWS\system32\svchost.exe[3108] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 01470FEF
.text C:\WINDOWS\system32\svchost.exe[3108] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 01470036
.text C:\WINDOWS\system32\svchost.exe[3108] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 01470FB9
.text C:\WINDOWS\system32\svchost.exe[3108] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 01460FA3
.text C:\WINDOWS\system32\svchost.exe[3108] msvcrt.dll!system 77BF93C7 5 Bytes JMP 01460038
.text C:\WINDOWS\system32\svchost.exe[3108] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 0146001D
.text C:\WINDOWS\system32\svchost.exe[3108] msvcrt.dll!_open 77BFF566 5 Bytes JMP 01460000
.text C:\WINDOWS\system32\svchost.exe[3108] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 01460FC8
.text C:\WINDOWS\system32\svchost.exe[3108] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 01460FE3
.text C:\WINDOWS\system32\svchost.exe[3108] WS2_32.dll!socket 719F4211 5 Bytes JMP 01450FEF

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\mfevtps.exe[2176] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [0040A4B0] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\WINDOWS\system32\mfevtps.exe[2176] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0040A510] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 2
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x61 0xA6 0xD6 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x51 0xED 0x18 0x41 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x64 0x7E 0x93 0xF0 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x05 0xBA 0x93 0x90 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9C 0xA4 0x85 0x25 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x52 0xA2 0x89 0xD3 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x94 0x1A 0xA1 0xB4 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAE 0x40 0x75 0xEA ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF5 0x76 0x2A 0x23 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x94 0x1A 0xA1 0xB4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAE 0x40 0x75 0xEA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF5 0x76 0x2A 0x23 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 2
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x61 0xA6 0xD6 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x51 0xED 0x18 0x41 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x64 0x7E 0x93 0xF0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x38 0xC3 0x5C 0xA7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9C 0xA4 0x85 0x25 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x52 0xA2 0x89 0xD3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x94 0x1A 0xA1 0xB4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAE 0x40 0x75 0xEA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF5 0x76 0x2A 0x23 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 2
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x61 0xA6 0xD6 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x51 0xED 0x18 0x41 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x64 0x7E 0x93 0xF0 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x38 0xC3 0x5C 0xA7 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9C 0xA4 0x85 0x25 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x52 0xA2 0x89 0xD3 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x94 0x1A 0xA1 0xB4 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAE 0x40 0x75 0xEA ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF5 0x76 0x2A 0x23 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 2
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x61 0xA6 0xD6 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x51 0xED 0x18 0x41 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x64 0x7E 0x93 0xF0 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x38 0xC3 0x5C 0xA7 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9C 0xA4 0x85 0x25 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x52 0xA2 0x89 0xD3 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x94 0x1A 0xA1 0xB4 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAE 0x40 0x75 0xEA ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF5 0x76 0x2A 0x23 ...
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\0015833f7453 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 2
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x61 0xA6 0xD6 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x51 0xED 0x18 0x41 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x64 0x7E 0x93 0xF0 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x38 0xC3 0x5C 0xA7 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9C 0xA4 0x85 0x25 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x52 0xA2 0x89 0xD3 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x94 0x1A 0xA1 0xB4 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAE 0x40 0x75 0xEA ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF5 0x76 0x2A 0x23 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015833f7453
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x61 0xA6 0xD6 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x51 0xED 0x18 0x41 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x64 0x7E 0x93 0xF0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x38 0xC3 0x5C 0xA7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9C 0xA4 0x85 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x52 0xA2 0x89 0xD3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x94 0x1A 0xA1 0xB4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAE 0x40 0x75 0xEA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF5 0x76 0x2A 0x23 ...
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\0015833f7453 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 2
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x61 0xA6 0xD6 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x51 0xED 0x18 0x41 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x64 0x7E 0x93 0xF0 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x38 0xC3 0x5C 0xA7 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9C 0xA4 0x85 0x25 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x52 0xA2 0x89 0xD3 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x94 0x1A 0xA1 0xB4 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAE 0x40 0x75 0xEA ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF5 0x76 0x2A 0x23 ...

---- EOF - GMER 1.0.15 ----

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:23 AM

Posted 13 July 2012 - 06:44 PM

There's nothing showing there. Please run aswMBR

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Can you tell me what symptoms you are experiencing.
Posted Image
m0le is a proud member of UNITE

#5 atomium

atomium
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 14 July 2012 - 11:11 AM

Hi Mûle,
I encountered the following symtoms:
- Firefox could not start anymore: message 'firefox running, stop it'. I found the reason and fix this.
- Internet Explorer: impossible to download a file for security reasons.
- FXSvr2: I saw this program was growing in task manager.
I ran Malware, Superantispyware: some files have been deleted.
I reinstalled Firefox and it is ok.
Downloading is again available via InternetExplorer.

I would like to be sure that all viruses have been deleted from my pc.
Here is aswMBR.log

Thanks for your help.

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:23 AM

Posted 15 July 2012 - 07:12 PM

You ran tools that I didn't ask you to and haven't provided the logs. Please don't do this, it's a remote fix we're doing and I can't know what you are doing so I ask you not to run other tools. Thanks.

And you didn't attach the aswMBR log either.
Posted Image
m0le is a proud member of UNITE

#7 atomium

atomium
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 17 July 2012 - 06:20 AM

I ran these softs before posting my question on this forum.
I wanted to explain what I did before.
About aswMBR log, I probably forgot to attach it.
So I'll do it when back home.

Sorry for this.

#8 atomium

atomium
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 17 July 2012 - 01:18 PM

Here is the aswMBR log.

Attached Files



#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:23 AM

Posted 17 July 2012 - 02:54 PM

Sorry, I misunderstood the chronology of that. Anyway, no harm done, let's continue.

aswMBR looks clean so let's run OTL and see if anything's been left behind

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Posted Image
m0le is a proud member of UNITE

#10 atomium

atomium
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 20 July 2012 - 01:05 AM

Hi Mûle,

Here are the logs:

OTL.txt
OTL logfile created on: 19/07/2012 22:50:10 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\jean claude\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

1,99 Gb Total Physical Memory | 0,97 Gb Available Physical Memory | 48,97% Memory free
3,84 Gb Paging File | 3,01 Gb Available in Paging File | 78,31% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 22,95 Gb Free Space | 39,17% Space Free | Partition Type: NTFS
Drive D: | 174,28 Gb Total Space | 22,85 Gb Free Space | 13,11% Space Free | Partition Type: NTFS
Drive I: | 931,51 Gb Total Space | 757,84 Gb Free Space | 81,36% Space Free | Partition Type: NTFS

Computer Name: JEAN-CLAUDE | User Name: jean claude | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/19 22:48:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jean claude\Bureau\OTL.exe
PRC - [2012/07/18 20:09:03 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/05/24 20:39:22 | 027,112,840 | -H-- | M] (Dropbox, Inc.) -- C:\Documents and Settings\jean claude\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/05/18 11:04:52 | 000,434,168 | ---- | M] (TomTom) -- C:\Program Files\MyTomTom 3\MyTomTomSA.exe
PRC - [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012/02/27 00:15:42 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011/05/23 17:00:06 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Fichiers communs\Mcafee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Fichiers communs\Mcafee\SystemCore\mcshield.exe
PRC - [2011/04/05 11:50:44 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009/11/18 18:08:30 | 000,854,016 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
PRC - [2009/11/17 11:48:10 | 000,102,503 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
PRC - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2009/07/27 04:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/02/10 18:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/04/17 14:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/27 18:27:06 | 000,114,688 | ---- | M] () -- C:\Program Files\Fichiers communs\Portrait Displays\Plugins\AM\dtsslsrv.exe
PRC - [2007/07/27 18:26:38 | 000,292,352 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files\Philips Display\SmartControl II\dthtml.exe
PRC - [2007/07/27 18:24:46 | 000,073,728 | ---- | M] () -- C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
PRC - [2007/07/27 18:24:04 | 000,110,592 | ---- | M] (Portrait Displays Inc.) -- C:\Program Files\Fichiers communs\Portrait Displays\Shared\HookManager.exe
PRC - [2007/05/28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2005/07/19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/08 15:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 14:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/19 17:52:23 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\jean claude\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/07/18 20:09:02 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/05/18 11:04:54 | 000,252,408 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterProxy.dll
MOD - [2012/05/18 11:04:54 | 000,067,576 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterBase.dll
MOD - [2012/05/18 11:04:44 | 007,964,160 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtGui4.dll
MOD - [2012/05/18 11:04:44 | 000,980,480 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtNetwork4.dll
MOD - [2012/05/18 11:04:44 | 000,019,456 | ---- | M] () -- C:\Program Files\MyTomTom 3\DeviceDetection.dll
MOD - [2012/05/18 11:04:42 | 002,302,464 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtCore4.dll
MOD - [2012/05/18 11:04:42 | 000,357,888 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtXml4.dll
MOD - [2012/04/04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\libxml2.dll
MOD - [2012/02/17 21:12:47 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\jean claude\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/01/30 11:15:30 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\jean claude\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/01/08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/11/06 09:37:45 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2009/12/12 16:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/11/17 11:49:22 | 000,114,808 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\setup.dll
MOD - [2009/02/10 18:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
MOD - [2009/02/03 04:15:28 | 003,771,296 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2007/07/27 18:27:06 | 000,114,688 | ---- | M] () -- C:\Program Files\Fichiers communs\Portrait Displays\Plugins\AM\dtsslsrv.exe
MOD - [2007/07/27 18:24:52 | 000,167,936 | ---- | M] () -- C:\Program Files\Fichiers communs\Portrait Displays\Shared\DThook.dll
MOD - [2007/07/27 18:24:48 | 000,077,824 | ---- | M] () -- C:\Program Files\Fichiers communs\Portrait Displays\Plugins\CC\gui.dll
MOD - [2007/07/27 18:24:46 | 000,073,728 | ---- | M] () -- C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
MOD - [2007/07/27 18:24:02 | 000,102,400 | ---- | M] () -- C:\Program Files\Fichiers communs\Portrait Displays\Shared\PresetsCOM.dll
MOD - [2007/06/12 11:27:00 | 000,188,416 | ---- | M] () -- C:\Program Files\Fichiers communs\Portrait Displays\Drivers\di2c.dll
MOD - [2007/02/02 11:19:58 | 000,012,288 | ---- | M] () -- C:\WINDOWS\system32\LXF3PMRC.DLL
MOD - [2007/02/02 11:16:20 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\LXF3PMON.DLL
MOD - [2006/11/08 01:02:18 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\lxf3oem.dll
MOD - [2006/03/02 14:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
MOD - [2004/11/17 16:49:06 | 004,603,904 | ---- | M] () -- C:\Program Files\Fichiers communs\Portrait Displays\Plugins\AM\qt-mt332.dll
MOD - [2004/05/11 15:51:56 | 000,798,720 | ---- | M] () -- C:\Program Files\Fichiers communs\Portrait Displays\Plugins\AM\libeay32.dll
MOD - [2004/05/11 15:51:56 | 000,155,648 | ---- | M] () -- C:\Program Files\Fichiers communs\Portrait Displays\Plugins\AM\ssleay32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\int15.dll -- (zenos1)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\k750obex.dll -- (XTrapD12)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\el90xbc.dll -- (WUSB54Gv4SVC)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\McciCMService.dll -- (WinHttpAutoProxySvc)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\pccsmcfd.dll -- (webupdate)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\meraksmtp.dll -- (websenseuserservice)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\foldersize.dll -- (webfilter)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\hsxhwazl.dll -- (wcontrol)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\cm102u32.dll -- (wampmysqld)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\toscosrv.dll -- (wacommousefilter)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\AmdIde.dll -- (w810obex)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\downloadmanagerlite.dll -- (w800bus)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\portio.dll -- (w300mdfl)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ovepstatusengine.dll -- (W2acehid)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\nimcdlbk.dll -- (vzfw)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\SWMX00.dll -- (VX3000)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\mxnic.dll -- (vsbus)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\dvd_2K.dll -- (vpcnets2)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\qfcoresvc.dll -- (vpcbus)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\cacheserver.dll -- (vmparport)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\NvNdis.dll -- (videX32)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\symantecantibotfilter.dll -- (VIAPFD)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\wlmel51b.dll -- (VHidMinidrv)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\upsmonservice.dll -- (vet-filt)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\vmnetdhcp.dll -- (vetefile)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\hcmon.dll -- (VAIOMediaPlatform-VideoServer-UPnP)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\pctavsvc.dll -- (v2imount)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\E1000.dll -- (V0080Dev)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\CAMFLT.dll -- (UWProSys)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\eSettingsService.dll -- (usnjsvc)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\wdm_au8820.dll -- (usbser)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\symantecantibotdriver.dll -- (USBMN1X1)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\mcp.dll -- (usb20l)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\psdistributionagent.dll -- (UCTblHid)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\tdimsys.dll -- (U81xmdfl)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\sit_prt.dll -- (tvtfilter)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\bh611.dll -- (tsscoreservice)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\mediaviewer.dll -- (tsp)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\axinstsv.dll -- (tphkdrv)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\AtlsAud.dll -- (toshidpt)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\avgmfx86.dll -- (tng-dts)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\procmon10.dll -- (thotkey)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\se45unic.dll -- (thkeys)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\dot4.dll -- (teefer2)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\fireport.dll -- (tdrpman174)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ZSMC301b.dll -- (TcUsb)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\smrt.dll -- (Tb2RCAssist)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\aolservice.dll -- (T6963C)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\pavagente.dll -- (svcwmu)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\dcstor32.dll -- (SunkFilt39)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\clipsrv.dll -- (ssm_mdm)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\bits.dll -- (slssvc)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\icdsptsv.dll -- (Sk9920nt)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ASLDRService.dll -- (siswlsvc)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\spbbcdrv.dll -- (Si3132)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\scanwscs.dll -- (sfhlp01)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\symmpi.dll -- (ser2plms)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\avgascln.dll -- (se59obex)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\cwafeventrouter.dll -- (SE2Dmgmt)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\taphss.dll -- (se2Cunic)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\aswupdsv.dll -- (SE2Bmdm)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\sbservice.dll -- (savrt)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\elnkupdateservice.dll -- (SaiH040B)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\lbtserv.dll -- (s716obex)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\pcradminserver.dll -- (s217mgmt)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\MSMQ.dll -- (s117bus)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\schedule.dll -- (s116obex)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\slabser.dll -- (rspndr)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\InterBaseServer.dll -- (rrrspy)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\truecrypt.dll -- (roxwatch9)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\vgasave.dll -- (ROCKEYNT)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\AtiPcie.dll -- (razerusb)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\cnxtdiag.dll -- (QV2KUX)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\kbdhid.dll -- (qconsvc)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\SGIR.dll -- (qbcfmonitorservice)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\usbatapi2000.dll -- (Ptserlp)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\z525mgmt.dll -- (pserve)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ftpds.dll -- (prevxagent)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\rxfilter.dll -- (ppmoucls)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\tappsrv.dll -- (PNDIS5)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\w800mdm.dll -- (pinetmgr)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\wlluc48.dll -- (phnxvcdservice)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\sdcplh.dll -- (penrendezvous)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\agnwifi.dll -- (pdlnemap)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\W700obex.dll -- (pdlndtdl)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\rtl8187Se.dll -- (pdlndlpb)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ZTEusbnmea.dll -- (pdengine)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\MTC0001_ESB.dll -- (pcidrv)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\cpqrcmc.dll -- (PCDRSRVC)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\CTAudSvcService.dll -- (pae_avs)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\cwafnotesservice.dll -- (p17)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\smserial.dll -- (owstimer)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\rtl8023.dll -- (oracleorahome90agent)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\tosrfec.dll -- (o2flash)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\hpn.dll -- (NWSLP)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\gagp30kx.dll -- (NwSapAgent)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\hwdatacard.dll -- (nwcworkstation)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\c-dillacdac11ba.dll -- (ntiopnp)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\sgeclient.dll -- (NTIDrvr)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\OneCareMP.dll -- (nod32krn)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\msfwsvc.dll -- (networkx)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\swmsflt.dll -- (netrcacm)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\regspy.dll -- (NETMDUSB)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\idsvc.dll -- (NETGEAR_MA111)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\Invoker.dll -- (nchssvad)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\wampmysqld.dll -- (naveng)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\AEAudioService.dll -- (n558)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\wanatw.dll -- (mstdfrgs)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\npapimon.dll -- (mssql$soshome22)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\AFGSp50.dll -- (mskservice)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\tm_cfw.dll -- (msi_wlan_service)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\BcmSqlStartupSvc.dll -- (msfwsvc)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\Slntamr.dll -- (MRESP50a64)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\qmofiltr.dll -- (megamonitorsrv)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\CTAUDFX.DLL.dll -- (mediaviewer)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\w810mdfl.dll -- (mcrdsvc)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\npkcusb.dll -- (mcontrol)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\trlokom_rmhsvc.dll -- (MaxtorFrontPanel1)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\sndsrvc.dll -- (MaVctrl)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ALYac_PZSrv.dll -- (macformatservice)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\retinaengine.dll -- (MA8032U)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\btwdins.dll -- (ma763004)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\lemsgt.dll -- (lyncusbserv)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\cpqvcagent.dll -- (lxrjd31s)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\fetnd5bv.dll -- (lxby_device)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\vzupsvc.dll -- (lvckap)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\caili.dll -- (lpx)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\z800obex.dll -- (LMS)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\aswmon2.dll -- (lmimirr)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\pcandis5.dll -- (lkcitadelserver)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\s116nd5.dll -- (lgsnd_filter)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\pdlndldl.dll -- (lexbces)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\Wbutton.dll -- (kpf4)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\cqmgstor.dll -- (iteatapi)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\oracleorahomedatagatherer.dll -- (IntelC53)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\USR1806V.dll -- (ikfilesec)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\rdsessmgr.dll -- (ICM10USB)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\iomegaaccess.dll -- (HssTrayService)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\prtg4service.dll -- (HssDrv)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\mfebopk.dll -- (HpqKbFiltr)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\eloggersvc6.dll -- (HPFXBULK)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\mcods.dll -- (HECI)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\atirage3.dll -- (hap17v2k)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\hidbatt.dll -- (GT680x)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\carboncopyscheduler.dll -- (GBFSHook)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\nocashio.dll -- (fssfltr)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\s716mdm.dll -- (fsma)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\sonywbms.dll -- (FontCache3.0.0.0.)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\lxcg_device.dll -- (FireHook)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\phnxvcdservice.dll -- (fah@c:+fah+fah-service+fah502-console.exe)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\pcidrv.dll -- (fa_scheduler)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\qkbfiltr.dll -- (eskerlicensecontrol)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\mspqm.dll -- (EIO)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\Si3132.dll -- (ehsched)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\Eplpdx02.dll -- (eabusb)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ROOTUSB.dll -- (eabfiltr)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\incdsrv.dll -- (DSI_SiUSBXp_3_1)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\sfhlp02.dll -- (dpc_srv_webcast)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\lxcf_device.dll -- (dot4print)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\webrootenterpriseupdateservice.dll -- (dlaifs_m)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\tiwlnsvc.dll -- (dlaboiom)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\NWDHCP.dll -- (DgiVecp)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ipinip.dll -- (Dfs)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\EMCFILT.dll -- (Dell1100_FUService)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ventrilo.dll -- (cyberpowerups)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\pacsptisvr.dll -- (CTSYN)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\yediex.dll -- (ctsfm2k)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\RTLE8023xp.dll -- (CTAUDFX.DLL)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\mountmgr.dll -- (cqmgserv)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\SQLAgent$LG_LP2.dll -- (cpuidlep)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\lxce_device.dll -- (cpqnicmgmt)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\tones.dll -- (cdmservice)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\NVENET.dll -- (c-dillasrv)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\pxfhmdm.dll -- (CdaD10BA)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\dsbrokerservice.dll -- (CAMFLT)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\mi-raysat_3dsmax9_32.dll -- (CAM1210)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\drmkaud.dll -- (bwsvc)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\EUSBMSD.dll -- (btwrchid)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\DcCam.dll -- (bt3cser)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\mscsptisrv.dll -- (BootScreen)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\DgiVecp.dll -- (bgsvcgen)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\tdpipe.dll -- (bdselfpr)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\symappcore.dll -- (BCMWLNPF)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ltmodem5.dll -- (backuplauncher)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\scdemu.dll -- (b57w2k)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\dnetc.dll -- (avgio)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\hsfhwazl.dll -- (atimpab)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\FINEPIX_PCC.dll -- (aswlsvc)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\p3.dll -- (aslm75)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\acs.dll -- (appdrv)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\c34nb4c5.dll -- (aniwzcsdservice)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\mwstick.dll -- (ALABULK)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\lmimirr.dll -- (admservice)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\SNP2STD.dll -- (adiusbaw)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\tnbrlds.dll -- (addfiltr)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\filechecker.dll -- (adaptecstoragemanageragent)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\NtMtlFax.dll -- (acermemusagecheckservice)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\tphdexlgsvc.dll -- (61883)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\statusagent4.dll -- (3c1807pd)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\flashpnt.dll -- ({a7447300-8075-4b0d-83f1-3d75c8ebc623})
SRV - [2012/07/18 20:09:02 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/02/27 00:15:42 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Fichiers communs\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Auto | Running] -- C:\Program Files\Fichiers communs\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/01/15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/18 18:08:30 | 000,854,016 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2009/11/17 11:48:10 | 000,102,503 | ---- | M] (IVT Corporation) [On_Demand | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2009/05/10 17:12:01 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/02/19 00:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/02/10 18:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/04/17 14:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/07/27 18:27:06 | 000,114,688 | ---- | M] () [Auto | Running] -- C:\Program Files\Fichiers communs\Portrait Displays\Plugins\AM\dtsslsrv.exe -- (Asset Management Daemon)
SRV - [2007/07/27 18:24:46 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2007/05/28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 21:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mferkdet01)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\xahpwj.sys -- (ilwplxih)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Unavailable | Unknown] -- globalroot\C:\WINDOWS\system32\drivers\74666.sys -- (74666)
DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/03/30 11:51:44 | 000,034,376 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2011/03/30 11:51:42 | 000,040,648 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2011/03/13 11:20:10 | 000,459,728 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/03/13 11:20:10 | 000,118,784 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/05/10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/13 10:28:49 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/01/06 19:21:00 | 000,594,048 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/10/11 14:17:36 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/10/11 14:17:35 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/09/24 13:38:42 | 000,022,528 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2009/09/24 05:40:12 | 000,019,592 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2009/09/24 05:35:24 | 000,032,640 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2009/06/17 14:01:50 | 000,014,088 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)
DRV - [2009/06/17 14:01:42 | 000,025,480 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2009/06/17 14:01:10 | 000,032,392 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2009/06/17 14:01:04 | 000,014,856 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2008/12/18 23:44:00 | 000,028,816 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/12/18 23:43:54 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008/12/18 23:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/12/18 23:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/12/18 23:43:12 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/12/18 23:43:06 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/05/19 05:46:04 | 000,108,032 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/02/14 08:12:02 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2008/02/14 05:36:34 | 000,222,976 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2007/06/12 11:27:00 | 000,011,776 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pdiddcci.sys -- (pdiddcci)
DRV - [2006/11/16 17:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/07/31 14:44:00 | 000,580,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov550i.sys -- (APL531)
DRV - [2005/05/27 09:32:52 | 001,317,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2005/05/27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/08/13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001/07/13 14:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-854245398-1844237615-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-854245398-1844237615-725345543-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-854245398-1844237615-725345543-1003\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKU\S-1-5-21-854245398-1844237615-725345543-1003\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://fr.search.yahoo.com/search?fr=mcafee&p={searchTerms}
IE - HKU\S-1-5-21-854245398-1844237615-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-854245398-1844237615-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.be/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mytalkpal.com/ffplugin: C:\Program Files\Talkpal\Speech Plugin FF For EF\npTalkpalPlugin.dll (Shanghai Qitai Tech. Co., Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/02/26 23:12:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/18 20:09:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/07/11 20:45:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2012/07/08 19:08:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jean claude\Application Data\Mozilla\Extensions
[2012/07/11 18:35:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jean claude\Application Data\Mozilla\Firefox\Profiles\j4frlsd9.default\extensions
[2012/07/12 20:19:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/12 20:19:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/07/18 20:09:04 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2012/06/15 02:27:03 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2012/06/15 02:27:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/15 02:27:03 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012/06/15 02:27:03 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2012/06/15 02:27:03 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012/06/15 02:27:03 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

========== Chrome ==========

CHR - homepage: http://www.google.be/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.be/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\jean claude\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Talkpal Scriptable Plugin for Mozilla (Enabled) = C:\Program Files\Talkpal\Speech Plugin FF For EF\npTalkpalPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\jean claude\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Recherche Google = C:\Documents and Settings\jean claude\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SiteAdvisor = C:\Documents and Settings\jean claude\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: Gmail = C:\Documents and Settings\jean claude\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Fichiers communs\Mcafee\SystemCore\ScriptSn.20120708221928.dll (McAfee, Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-854245398-1844237615-725345543-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DT PHL] C:\Program Files\Philips Display\SmartControl II\DTHtml.exe (Portrait Displays, Inc)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKU\S-1-5-21-854245398-1844237615-725345543-1003..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-854245398-1844237615-725345543-1003..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKU\S-1-5-21-854245398-1844237615-725345543-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\jean claude\Menu Démarrer\Programmes\Démarrage\Dropbox.lnk = C:\Documents and Settings\jean claude\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342118111718 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64B70A2A-A95F-4D74-94B9-910A323D4B78}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/23 22:19:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{f888a28a-10bf-11df-ae99-00235451ef61}\Shell\Shell00\Command - "" = G:\Start.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/19 22:48:03 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jean claude\Bureau\OTL.exe
[2012/07/19 17:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\McAfee
[2012/07/14 16:28:00 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\jean claude\Bureau\aswMBR.exe
[2012/07/13 15:18:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/07/13 09:44:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jean claude\Menu Démarrer\Programmes\Outils d'administration
[2012/07/12 20:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jean claude\Local Settings\Application Data\Sun
[2012/07/12 20:23:29 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/07/12 20:23:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jean claude\Application Data\Oracle
[2012/07/12 20:23:18 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/07/12 20:23:13 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/07/12 20:23:13 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/07/12 20:19:34 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/07/12 20:19:34 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/07/11 20:29:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Camera Control Pro 2
[2012/07/11 20:21:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ViewNX 2
[2012/07/08 19:08:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jean claude\Application Data\Mozilla
[2012/07/08 19:08:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/07/08 19:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/07/07 14:02:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DBBK
[2012/07/06 22:48:21 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/06 21:19:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jean claude\Application Data\FixZeroAccess
[2012/07/04 18:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jean claude\Menu Démarrer\Programmes\HiJackThis
[2012/06/28 08:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
[2012/06/28 08:19:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Equalizer
[2012/06/28 08:19:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Echo
[2012/06/28 08:19:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Displays
[2012/06/27 16:54:21 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/27 16:54:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/27 13:19:20 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/06/27 10:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Echo(2)
[2012/06/27 10:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Equalizer(2)
[2012/06/27 10:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Displays(2)
[2012/06/27 10:10:04 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/19 22:48:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jean claude\Bureau\OTL.exe
[2012/07/19 22:15:00 | 000,001,066 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/19 22:14:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/19 18:01:25 | 000,505,110 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2012/07/19 18:01:25 | 000,437,226 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/19 18:01:25 | 000,082,546 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2012/07/19 18:01:25 | 000,069,390 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/19 17:51:47 | 000,005,855 | ---- | M] () -- C:\WINDOWS\System32\LOCALSERVICE.INI
[2012/07/19 17:51:47 | 000,001,607 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\McAfee AntiVirus Plus.lnk
[2012/07/19 17:50:36 | 000,001,015 | ---- | M] () -- C:\WINDOWS\System32\bscs.ini
[2012/07/19 17:50:33 | 000,001,062 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/19 17:50:30 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/19 17:50:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/16 02:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\Quark Updater.job
[2012/07/14 18:01:11 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\jean claude\Bureau\MBR.dat
[2012/07/14 16:28:20 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\jean claude\Bureau\aswMBR.exe
[2012/07/13 10:01:57 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\jean claude\Bureau\2enr1k2z.exe
[2012/07/13 09:54:18 | 000,000,190 | ---- | M] () -- C:\Documents and Settings\jean claude\defogger_reenable
[2012/07/13 09:52:54 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\jean claude\Bureau\Defogger.exe
[2012/07/13 09:49:30 | 000,007,469 | ---- | M] () -- C:\Documents and Settings\jean claude\Bureau\attach.rar
[2012/07/13 09:30:23 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\jean claude\Mes documents\cc_20120713_093013.reg
[2012/07/12 20:41:05 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
[2012/07/12 20:28:06 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\jean claude\Bureau\Internet Explorer (2).lnk
[2012/07/12 20:22:55 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/07/12 20:22:55 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/07/12 19:12:50 | 000,001,825 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Chrome.lnk
[2012/07/12 18:51:27 | 002,165,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/11 23:14:48 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/11 20:42:45 | 000,001,887 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Camera Control Pro 2.lnk
[2012/07/11 20:42:25 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdy.DAT
[2012/07/11 20:22:05 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
[2012/07/11 20:21:31 | 000,001,806 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\ViewNX 2.lnk
[2012/07/11 20:21:09 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2012/07/11 20:21:09 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2012/07/11 20:20:10 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ATL71.DLL
[2012/07/08 19:08:37 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\jean claude\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/08 19:08:37 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2012/07/08 09:40:51 | 000,016,356 | ---- | M] () -- C:\Documents and Settings\jean claude\Mes documents\cc_20120708_094021.reg
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/01 15:18:53 | 000,001,803 | ---- | M] () -- C:\Documents and Settings\jean claude\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/27 10:25:43 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\User Loops
[2012/06/27 10:25:43 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\jean claude\Application Data\Tribal Masks
[2012/06/27 10:24:44 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\User Pictures
[2012/06/27 10:24:44 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\URLs
[2012/06/27 10:24:44 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\jean claude\Application Data\Trumpet Section
[2012/06/27 10:24:44 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\jean claude\Application Data\Tremolo
[2012/06/26 13:13:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/14 18:01:11 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\jean claude\Bureau\MBR.dat
[2012/07/13 10:02:02 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\jean claude\Bureau\2enr1k2z.exe
[2012/07/13 09:54:07 | 000,000,190 | ---- | C] () -- C:\Documents and Settings\jean claude\defogger_reenable
[2012/07/13 09:52:57 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\jean claude\Bureau\Defogger.exe
[2012/07/13 09:49:30 | 000,007,469 | ---- | C] () -- C:\Documents and Settings\jean claude\Bureau\attach.rar
[2012/07/13 09:30:18 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\jean claude\Mes documents\cc_20120713_093013.reg
[2012/07/12 20:28:06 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\jean claude\Bureau\Internet Explorer (2).lnk
[2012/07/11 20:29:55 | 000,001,887 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Camera Control Pro 2.lnk
[2012/07/11 20:21:31 | 000,001,806 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\ViewNX 2.lnk
[2012/07/08 19:08:37 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\jean claude\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/08 19:08:37 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox.lnk
[2012/07/08 19:08:37 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2012/07/08 09:40:27 | 000,016,356 | ---- | C] () -- C:\Documents and Settings\jean claude\Mes documents\cc_20120708_094021.reg
[2012/06/27 16:54:23 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
[2012/06/27 10:25:43 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\User Loops
[2012/06/27 10:25:43 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\jean claude\Application Data\Tribal Masks
[2012/06/27 10:24:44 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\User Pictures
[2012/06/27 10:24:44 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\URLs
[2012/06/27 08:53:24 | 000,001,002 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/17 10:27:25 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Tribal Masks
[2012/06/17 10:27:25 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\jean claude\Application Data\Trance Pad
[2012/06/15 17:35:23 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdy.DAT
[2012/05/27 11:27:44 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Textures
[2012/05/27 11:26:25 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Techno Kit
[2012/05/16 11:04:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI
[2012/05/16 10:59:22 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\jean claude\Application Data\Trumpet Section
[2012/05/16 10:59:22 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2012/05/16 10:59:22 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
[2012/05/16 10:59:21 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\jean claude\Application Data\Tremolo
[2012/05/16 10:59:21 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2012/02/16 07:08:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/04 17:18:48 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2011/06/04 18:03:05 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2011/01/15 20:01:07 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS
[2011/01/15 20:01:07 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\DEVLOAD.EXE
[2011/01/15 20:01:06 | 000,000,543 | ---- | C] () -- C:\WINDOWS\SWISV3.INI
[2011/01/15 20:01:06 | 000,000,287 | ---- | C] () -- C:\WINDOWS\SKNIFE.INI
[2011/01/15 20:01:02 | 000,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI
[2010/11/06 09:37:45 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/11/06 09:37:45 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/07/04 17:42:01 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\jean claude\Application Data\Themes
[2009/07/04 17:42:01 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2009/07/04 17:34:59 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\jean claude\Application Data\Templates
[2009/07/04 17:34:59 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/05/21 08:47:56 | 000,000,760 | -H-- | C] () -- C:\Documents and Settings\jean claude\Application Data\setup_ldm.iss
[2009/04/09 16:40:09 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\jean claude\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/25 13:05:56 | 000,000,009 | -H-- | C] () -- C:\Documents and Settings\jean claude\Application Data\mdb.bin

< End of report >

Extras.txt
OTL Extras logfile created on: 19/07/2012 22:50:10 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\jean claude\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

1,99 Gb Total Physical Memory | 0,97 Gb Available Physical Memory | 48,97% Memory free
3,84 Gb Paging File | 3,01 Gb Available in Paging File | 78,31% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 22,95 Gb Free Space | 39,17% Space Free | Partition Type: NTFS
Drive D: | 174,28 Gb Total Space | 22,85 Gb Free Space | 13,11% Space Free | Partition Type: NTFS
Drive I: | 931,51 Gb Total Space | 757,84 Gb Free Space | 81,36% Space Free | Partition Type: NTFS

Computer Name: JEAN-CLAUDE | User Name: jean claude | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-854245398-1844237615-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Pixum EasyBook] -- "C:\Program Files\Pixum\Pixum EasyBook\Pixum EasyBook.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp
"48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Lexmark 2500 Series\app4r.exe" = C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:BorgListener

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\lxddcoms.exe" = C:\WINDOWS\system32\lxddcoms.exe:*:Enabled:Lexmark Communications System
"C:\Program Files\Lexmark 2500 Series\lxddamon.exe" = C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:Lexmark Device Monitor
"C:\Program Files\Lexmark 2500 Series\App4R.exe" = C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio
"C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" = C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:*:Enabled:VoipBuster
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS -- (IVT Corporation)
"C:\Program Files\ma-config.com\maconfservice.exe" = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice
"C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Documents and Settings\jean claude\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\jean claude\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08C7A49D-2B12-46F6-8B41-26D3B0D1C01F}" = Visual Studio C++ 9.0 Runtime
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{34C61823-151B-4CA8-9029-333C80139C89}" = Bluesoleil 5.4.286.0
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EE63BCE-7D9C-40E0-B770-07C6181EF55C}_is1" = RescuePRO Deluxe 5.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6B566EFE-DC1D-471F-93DD-84832663F140}" = OVT Scanner X86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}" = Google Earth
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8033FDC6-86F0-4F34-A2C1-822910825FCA}" = NRW Codec
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85CC6638-C827-40E8-94C7-110A77E7812B}" = Adobe Illustrator CS Tryout
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{9012040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1036-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Français
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logiciel QuickCam de Logitech
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D56401D6-E356-4CA5-97A3-024D666F5E5C}" = ArcSoft PhotoImpression 6
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDA7A7CB-F1DE-42A9-83A6-27BE6CD6E8F3}" = SmartControl II
"{FE96C49B-DB90-405E-A00E-09E38372F880}" = Camera Control Pro 2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_6e3bfc74fd651dd924b66b404f3a4dd" = Adobe Flash CS4 Professional
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Blokker Service Photo_is1" = Désinstaller Blokker Service Photo
"Blokker_is1" = Blokker V1.5.1.7
"CAL" = Canon Camera Access Library
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CentraClient" = Centra Client
"Chaoscope_is1" = Chaoscope 0.3.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CompuApps SwissKnife V3" = CompuApps SwissKnife V3
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DPP" = Canon Utilities Digital Photo Professional 3.9
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Enregistrement utilisateur de Canon MP270 series" = Enregistrement utilisateur de Canon MP270 series
"FileZilla Client" = FileZilla Client 3.5.3
"Free PDF to Word Converter_is1" = Free PDF to Word Converter 1.3
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Gestionnaire de périphériques de plate-forme
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 14.0.1 (x86 fr)" = Mozilla Firefox 14.0.1 (x86 fr)
"Mozilla Thunderbird 13.0.1 (x86 fr)" = Mozilla Thunderbird 13.0.1 (x86 fr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSC" = McAfee AntiVirus Plus
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"MyTomTom" = MyTomTom 3.2.0.700
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"Nvu_is1" = Nvu 1.0
"OVT Scanner" = Uninstall OVT Scanner
"Pdf995" = Pdf995
"PhotoOnline" = PhotoOnline
"PhotoStitch" = Canon Utilities PhotoStitch
"Pixum EasyBook" = Pixum EasyBook
"QcDrv" = Programme de gestion Camera de Logitech®
"Recuva" = Recuva
"Talkpal™ Speech Evaluation Plug-in for Firefox" = Talkpal™ Speech Evaluation Plug-in for Firefox
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Logiciel d'archivage WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-854245398-1844237615-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in
"Dropbox" = Dropbox
"Pixia 4.3a FR" = Pixia 4.3a FR

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/07/2012 12:29:31 | Computer Name = JEAN-CLAUDE | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
avec l'erreur : Le serveur spécifié ne peut pas exécuter l'opération demandée.

Error - 11/07/2012 12:29:33 | Computer Name = JEAN-CLAUDE | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
avec l'erreur : Le serveur spécifié ne peut pas exécuter l'opération demandée.

Error - 11/07/2012 12:29:33 | Computer Name = JEAN-CLAUDE | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
avec l'erreur : Le serveur spécifié ne peut pas exécuter l'opération demandée.

Error - 11/07/2012 12:29:33 | Computer Name = JEAN-CLAUDE | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
avec l'erreur : Le serveur spécifié ne peut pas exécuter l'opération demandée.

Error - 11/07/2012 12:29:34 | Computer Name = JEAN-CLAUDE | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
avec l'erreur : Le serveur spécifié ne peut pas exécuter l'opération demandée.

Error - 11/07/2012 12:29:34 | Computer Name = JEAN-CLAUDE | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
avec l'erreur : Le serveur spécifié ne peut pas exécuter l'opération demandée.

Error - 11/07/2012 12:29:34 | Computer Name = JEAN-CLAUDE | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
avec l'erreur : Le serveur spécifié ne peut pas exécuter l'opération demandée.

Error - 11/07/2012 12:29:35 | Computer Name = JEAN-CLAUDE | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
avec l'erreur : Le serveur spécifié ne peut pas exécuter l'opération demandée.

Error - 11/07/2012 12:29:36 | Computer Name = JEAN-CLAUDE | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
avec l'erreur : Le serveur spécifié ne peut pas exécuter l'opération demandée.

Error - 11/07/2012 12:29:36 | Computer Name = JEAN-CLAUDE | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
avec l'erreur : Le serveur spécifié ne peut pas exécuter l'opération demandée.

[ System Events ]
Error - 16/07/2012 12:34:35 | Computer Name = JEAN-CLAUDE | Source = DCOM | ID = 10010
Description = Le serveur {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 17/07/2012 3:46:27 | Computer Name = JEAN-CLAUDE | Source = Service Control Manager | ID = 7023
Description = Le service Carte de performance WMI s'est arrêté avec l'erreur : %%2147500037

Error - 17/07/2012 3:47:12 | Computer Name = JEAN-CLAUDE | Source = DCOM | ID = 10010
Description = Le serveur {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 17/07/2012 12:25:41 | Computer Name = JEAN-CLAUDE | Source = Service Control Manager | ID = 7023
Description = Le service Carte de performance WMI s'est arrêté avec l'erreur : %%2147500037

Error - 18/07/2012 1:56:07 | Computer Name = JEAN-CLAUDE | Source = Service Control Manager | ID = 7023
Description = Le service Carte de performance WMI s'est arrêté avec l'erreur : %%2147500037

Error - 18/07/2012 1:56:41 | Computer Name = JEAN-CLAUDE | Source = DCOM | ID = 10010
Description = Le serveur {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 18/07/2012 12:19:56 | Computer Name = JEAN-CLAUDE | Source = Service Control Manager | ID = 7023
Description = Le service Carte de performance WMI s'est arrêté avec l'erreur : %%2147500037

Error - 18/07/2012 12:20:24 | Computer Name = JEAN-CLAUDE | Source = DCOM | ID = 10010
Description = Le serveur {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 19/07/2012 11:52:05 | Computer Name = JEAN-CLAUDE | Source = Service Control Manager | ID = 7023
Description = Le service Carte de performance WMI s'est arrêté avec l'erreur : %%2147500037

Error - 19/07/2012 11:52:43 | Computer Name = JEAN-CLAUDE | Source = DCOM | ID = 10010
Description = Le serveur {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.


< End of report >

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:23 AM

Posted 20 July 2012 - 07:47 PM

Quite a lot to remove here.

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\int15.dll -- (zenos1)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\k750obex.dll -- (XTrapD12)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\el90xbc.dll -- (WUSB54Gv4SVC)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\McciCMService.dll -- (WinHttpAutoProxySvc)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\pccsmcfd.dll -- (webupdate)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\meraksmtp.dll -- (websenseuserservice)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\foldersize.dll -- (webfilter)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\hsxhwazl.dll -- (wcontrol)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\cm102u32.dll -- (wampmysqld)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\toscosrv.dll -- (wacommousefilter)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\AmdIde.dll -- (w810obex)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\downloadmanagerlite.dll -- (w800bus)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\portio.dll -- (w300mdfl)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ovepstatusengine.dll -- (W2acehid)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\nimcdlbk.dll -- (vzfw)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\SWMX00.dll -- (VX3000)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\mxnic.dll -- (vsbus)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\dvd_2K.dll -- (vpcnets2)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\qfcoresvc.dll -- (vpcbus)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\cacheserver.dll -- (vmparport)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\NvNdis.dll -- (videX32)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\symantecantibotfilter.dll -- (VIAPFD)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\wlmel51b.dll -- (VHidMinidrv)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\upsmonservice.dll -- (vet-filt)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\vmnetdhcp.dll -- (vetefile)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\hcmon.dll -- (VAIOMediaPlatform-VideoServer-UPnP)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\pctavsvc.dll -- (v2imount)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\E1000.dll -- (V0080Dev)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\CAMFLT.dll -- (UWProSys)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\eSettingsService.dll -- (usnjsvc)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\wdm_au8820.dll -- (usbser)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\symantecantibotdriver.dll -- (USBMN1X1)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\mcp.dll -- (usb20l)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\psdistributionagent.dll -- (UCTblHid)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\tdimsys.dll -- (U81xmdfl)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\sit_prt.dll -- (tvtfilter)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\bh611.dll -- (tsscoreservice)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\mediaviewer.dll -- (tsp)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\axinstsv.dll -- (tphkdrv)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\AtlsAud.dll -- (toshidpt)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\avgmfx86.dll -- (tng-dts)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\procmon10.dll -- (thotkey)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\se45unic.dll -- (thkeys)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\dot4.dll -- (teefer2)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\fireport.dll -- (tdrpman174)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ZSMC301b.dll -- (TcUsb)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\smrt.dll -- (Tb2RCAssist)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\aolservice.dll -- (T6963C)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\pavagente.dll -- (svcwmu)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\dcstor32.dll -- (SunkFilt39)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\clipsrv.dll -- (ssm_mdm)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\bits.dll -- (slssvc)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\icdsptsv.dll -- (Sk9920nt)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ASLDRService.dll -- (siswlsvc)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\spbbcdrv.dll -- (Si3132)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\scanwscs.dll -- (sfhlp01)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\symmpi.dll -- (ser2plms)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\avgascln.dll -- (se59obex)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\cwafeventrouter.dll -- (SE2Dmgmt)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\taphss.dll -- (se2Cunic)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\aswupdsv.dll -- (SE2Bmdm)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\sbservice.dll -- (savrt)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\elnkupdateservice.dll -- (SaiH040B)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\lbtserv.dll -- (s716obex)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\pcradminserver.dll -- (s217mgmt)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\MSMQ.dll -- (s117bus)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\schedule.dll -- (s116obex)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\slabser.dll -- (rspndr)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\InterBaseServer.dll -- (rrrspy)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\truecrypt.dll -- (roxwatch9)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\vgasave.dll -- (ROCKEYNT)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\AtiPcie.dll -- (razerusb)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\cnxtdiag.dll -- (QV2KUX)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\kbdhid.dll -- (qconsvc)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\SGIR.dll -- (qbcfmonitorservice)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\usbatapi2000.dll -- (Ptserlp)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\z525mgmt.dll -- (pserve)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ftpds.dll -- (prevxagent)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\rxfilter.dll -- (ppmoucls)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\tappsrv.dll -- (PNDIS5)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\w800mdm.dll -- (pinetmgr)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\wlluc48.dll -- (phnxvcdservice)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\sdcplh.dll -- (penrendezvous)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\agnwifi.dll -- (pdlnemap)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\W700obex.dll -- (pdlndtdl)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\rtl8187Se.dll -- (pdlndlpb)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ZTEusbnmea.dll -- (pdengine)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\MTC0001_ESB.dll -- (pcidrv)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\cpqrcmc.dll -- (PCDRSRVC)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\CTAudSvcService.dll -- (pae_avs)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\cwafnotesservice.dll -- (p17)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\smserial.dll -- (owstimer)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\rtl8023.dll -- (oracleorahome90agent)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\tosrfec.dll -- (o2flash)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\hpn.dll -- (NWSLP)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\gagp30kx.dll -- (NwSapAgent)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\hwdatacard.dll -- (nwcworkstation)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\c-dillacdac11ba.dll -- (ntiopnp)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\sgeclient.dll -- (NTIDrvr)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\OneCareMP.dll -- (nod32krn)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\msfwsvc.dll -- (networkx)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\swmsflt.dll -- (netrcacm)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\regspy.dll -- (NETMDUSB)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\idsvc.dll -- (NETGEAR_MA111)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\Invoker.dll -- (nchssvad)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\wampmysqld.dll -- (naveng)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\AEAudioService.dll -- (n558)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\wanatw.dll -- (mstdfrgs)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\npapimon.dll -- (mssql$soshome22)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\AFGSp50.dll -- (mskservice)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\tm_cfw.dll -- (msi_wlan_service)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\BcmSqlStartupSvc.dll -- (msfwsvc)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\Slntamr.dll -- (MRESP50a64)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\qmofiltr.dll -- (megamonitorsrv)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\CTAUDFX.DLL.dll -- (mediaviewer)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\w810mdfl.dll -- (mcrdsvc)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\npkcusb.dll -- (mcontrol)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\trlokom_rmhsvc.dll -- (MaxtorFrontPanel1)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\sndsrvc.dll -- (MaVctrl)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ALYac_PZSrv.dll -- (macformatservice)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\retinaengine.dll -- (MA8032U)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\btwdins.dll -- (ma763004)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\lemsgt.dll -- (lyncusbserv)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\cpqvcagent.dll -- (lxrjd31s)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\fetnd5bv.dll -- (lxby_device)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\vzupsvc.dll -- (lvckap)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\caili.dll -- (lpx)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\z800obex.dll -- (LMS)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\aswmon2.dll -- (lmimirr)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\pcandis5.dll -- (lkcitadelserver)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\s116nd5.dll -- (lgsnd_filter)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\pdlndldl.dll -- (lexbces)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\Wbutton.dll -- (kpf4)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\cqmgstor.dll -- (iteatapi)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\oracleorahomedatagatherer.dll -- (IntelC53)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\USR1806V.dll -- (ikfilesec)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\rdsessmgr.dll -- (ICM10USB)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\iomegaaccess.dll -- (HssTrayService)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\prtg4service.dll -- (HssDrv)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\mfebopk.dll -- (HpqKbFiltr)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\eloggersvc6.dll -- (HPFXBULK)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\mcods.dll -- (HECI)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\atirage3.dll -- (hap17v2k)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\hidbatt.dll -- (GT680x)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\carboncopyscheduler.dll -- (GBFSHook)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\nocashio.dll -- (fssfltr)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\s716mdm.dll -- (fsma)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\sonywbms.dll -- (FontCache3.0.0.0.)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\lxcg_device.dll -- (FireHook)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\phnxvcdservice.dll -- (fah@c:+fah+fah-service+fah502-console.exe)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\pcidrv.dll -- (fa_scheduler)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\qkbfiltr.dll -- (eskerlicensecontrol)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\mspqm.dll -- (EIO)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\Si3132.dll -- (ehsched)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\Eplpdx02.dll -- (eabusb)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ROOTUSB.dll -- (eabfiltr)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\incdsrv.dll -- (DSI_SiUSBXp_3_1)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\sfhlp02.dll -- (dpc_srv_webcast)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\lxcf_device.dll -- (dot4print)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\webrootenterpriseupdateservice.dll -- (dlaifs_m)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\tiwlnsvc.dll -- (dlaboiom)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\NWDHCP.dll -- (DgiVecp)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ipinip.dll -- (Dfs)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\EMCFILT.dll -- (Dell1100_FUService)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ventrilo.dll -- (cyberpowerups)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\pacsptisvr.dll -- (CTSYN)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\yediex.dll -- (ctsfm2k)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\RTLE8023xp.dll -- (CTAUDFX.DLL)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\mountmgr.dll -- (cqmgserv)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\SQLAgent$LG_LP2.dll -- (cpuidlep)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\lxce_device.dll -- (cpqnicmgmt)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\tones.dll -- (cdmservice)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\NVENET.dll -- (c-dillasrv)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\pxfhmdm.dll -- (CdaD10BA)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\dsbrokerservice.dll -- (CAMFLT)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\mi-raysat_3dsmax9_32.dll -- (CAM1210)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\drmkaud.dll -- (bwsvc)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\EUSBMSD.dll -- (btwrchid)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\DcCam.dll -- (bt3cser)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\mscsptisrv.dll -- (BootScreen)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\DgiVecp.dll -- (bgsvcgen)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\tdpipe.dll -- (bdselfpr)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\symappcore.dll -- (BCMWLNPF)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ltmodem5.dll -- (backuplauncher)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\scdemu.dll -- (b57w2k)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\dnetc.dll -- (avgio)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\hsfhwazl.dll -- (atimpab)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\FINEPIX_PCC.dll -- (aswlsvc)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\p3.dll -- (aslm75)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\acs.dll -- (appdrv)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\c34nb4c5.dll -- (aniwzcsdservice)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\mwstick.dll -- (ALABULK)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\lmimirr.dll -- (admservice)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\SNP2STD.dll -- (adiusbaw)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\tnbrlds.dll -- (addfiltr)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\filechecker.dll -- (adaptecstoragemanageragent)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\NtMtlFax.dll -- (acermemusagecheckservice)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\tphdexlgsvc.dll -- (61883)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\statusagent4.dll -- (3c1807pd)
    SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\flashpnt.dll -- ({a7447300-8075-4b0d-83f1-3d75c8ebc623})
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mferkdet01)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\xahpwj.sys -- (ilwplxih)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | Unavailable | Unknown] -- globalroot\C:\WINDOWS\system32\drivers\74666.sys -- (74666)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    :Commands
    [EmptyTemp]
    [Reboot]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

Please then run OTL again - as a scan (like the first time you did it) and post the fresh log
Posted Image
m0le is a proud member of UNITE

#12 atomium

atomium
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 23 July 2012 - 01:43 PM

Hello Mûle,

Please find in attachment the OTL reports.

Regards

Attached Files



#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:23 AM

Posted 23 July 2012 - 07:38 PM

Next go online and run ESET's scanner

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.

If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.
Posted Image
m0le is a proud member of UNITE

#14 atomium

atomium
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 24 July 2012 - 04:43 PM

Hi Mûle,
Here is the scan result:
D:\Mes Docs\Images CD\WinLsd 3.5\WinLSD.III.iso multiple threats deleted - quarantined
I:\Mes Docs\Images CD\WinLsd 3.5\WinLSD.III.iso multiple threats deleted - quarantined

And the log:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1095c2630458f841b037c38281d212f0
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-07-24 09:32:44
# local_time=2012-07-24 11:32:44 (+0100, Paris, Madrid (heure d'été))
# country="Belgium"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5121 16777173 100 75 36008686 56670691 0 0
# compatibility_mode=8192 67108863 100 0 271 271 0 0
# scanned=207843
# found=2
# cleaned=2
# scan_time=18415
D:\Mes Docs\Images CD\WinLsd 3.5\WinLSD.III.iso multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
I:\Mes Docs\Images CD\WinLsd 3.5\WinLSD.III.iso multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:23 AM

Posted 24 July 2012 - 05:20 PM

Okay, so how's the machine running at the moment?
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users