comment supprimer antimalware doctor? Fermé

Question

Bonsoir a tous

je pense que mon probleme n'est pas nouveau

anti malware doctor s'est installé sur mon pc et je n'arrive pas à le desinstaller

avant de m'inscrire et de poster sur le forum j'ai fais de nombreuses recherches sur internet jai tenté pas mal de choses mais en vain

Il ne cesse de me dire que mon pc est infecté m'envoie des rappels presque toutes les minutes, des publiitées...

ajoutez a cela que mon ordinateur s'etteinds tout seul et quand on ne s'y attends pas donc cela rends compliqué les analyses fait par des anti virus ou autre

merci de bien vouloir m'aider

gen-hackman · Answer

salut :

DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)

&#9654 Télécharge List_Kill'em et enregistre le sur ton bureau 

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

Laisse coché :

&#9830 Executer Shortcut
&#9830 Executer List_Kill'em

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis l'option Search

&#9654 laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

&#9654 Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

soulysilak · Answer

MERCI DE VOTRE REPONSE

List'em by g3n-h@ckm@n 1.7.2.5

User : abu wa umm'outhman (Administrateurs) 
Update on 29/04/2010 by g3n-h@ckm@n ::::: 21.00
Start at: 06:46:32 | 30/04/2010

              Intel(R) Pentium(R) 4 CPU 3.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
FW : F-Secure Anti-Virus 2006 6.12[ (!) Disabled ]6.12

C:\ -> Disque fixe local | 70,32 Go (29,86 Go free) | NTFS
D:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
 
Boot: Normal 
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running 

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\abu wa umm'outhman\Application Data\5939795A660779C6143E3D1A9B8E1F36
ewupdate1142C.exe
C:\WINDOWS\Wqasya.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe

======================
Keys "Run" 
======================

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Power2GoExpress	REG_SZ         	
MsnMsgr	REG_SZ         	"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSMSGS	REG_SZ         	"C:\Program Files\Messenger\msmsgs.exe" /background
swg	REG_SZ         	"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
SpyEmergency	REG_SZ         	C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergency.exe
HiChatter	REG_SZ         	C:\Program Files\Beyluxe Messenger\Beyluxe Messenger.exe
InternetCalls	REG_SZ         	"C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized
FreeCall	REG_SZ         	"C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
VoipBuster	REG_SZ         	"C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
ctfmon.exe	REG_SZ         	C:\WINDOWS\system32\ctfmon.exe
fsm	REG_SZ         	
newupdate1142C.exe	REG_SZ         	C:\Documents and Settings\abu wa umm'outhman\Application Data\5939795A660779C6143E3D1A9B8E1F36
ewupdate1142C.exe
YVIBBBHA8C	REG_SZ         	C:\DOCUME~1\ABUWAU~1\LOCALS~1\Temp\Wwd.exe
QZAIB7KITK	REG_SZ         	C:\WINDOWS\Wqasya.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
ehTray	REG_SZ         	C:\WINDOWS\ehome\ehtray.exe 
Recguard	REG_SZ         	C:\WINDOWS\SMINST\RECGUARD.EXE 
ATICCC	REG_SZ         	"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime 
SoundMan	REG_SZ         	SOUNDMAN.EXE 
Synchronization Manager	REG_SZ         	"C:\WINDOWS\system32\mobsync.exe" /logon 
TkBellExe	REG_SZ         	"C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot 
Norman ZANDA	REG_SZ         	C:\VIRUSfighter\Npm\bin\ZLH.EXE /LOAD /SPLASH 
DrWebScheduler	REG_SZ         	"C:\Program Files\DrWeb\DRWEBSCD.EXE" 
KernelFaultCheck	REG_EXPAND_SZ  	%systemroot%\system32\dumprep 0 -k 
Waiting1690	REG_SZ         	C:\Windows\stid1690.exe 
SunJavaUpdateSched	REG_SZ         	"C:\Program Files\Java\jre6\bin\jusched.exe" 
MSSE	REG_SZ         	"c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey 
QuickTime Task	REG_SZ         	"C:\Program Files\QuickTime\qttask.exe" -atboottime 
Adobe Reader Speed Launcher	REG_SZ         	"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" 
Adobe ARM	REG_SZ         	"C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" 
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] 
legalnoticecaption	REG_SZ         	 
legalnoticetext	REG_SZ         	 
undockwithoutlogon	REG_DWORD      	1 (0x1) 
InstallVisualStyle	REG_EXPAND_SZ  	C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles 
InstallTheme	REG_EXPAND_SZ  	C:\WINDOWS\Resources\Themes\Royale.theme 
ShutdownWithoutLogon	REG_DWORD      	1 (0x1) 
DontDisplayLastUserName	REG_DWORD      	1 (0x1) 
DisableTaskMgr	REG_DWORD      	0 (0x0) 

===============

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 
NoDriveTypeAutoRun	REG_DWORD      	145 (0x91) 
NoSimpleStartMenu	REG_DWORD      	0 (0x0) 
HideClock	REG_DWORD      	0 (0x0) 
NoTrayItemsDisplay	REG_DWORD      	0 (0x0) 
NoRecentDocsHistory	REG_DWORD      	0 (0x0) 
ClearRecentDocsOnExit	REG_DWORD      	1 (0x1) 
NoCDBurning	REG_DWORD      	0 (0x0) 

===============

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 
NoResolveTrack	REG_DWORD      	0 (0x0) 
HonorAutoRunSetting	REG_DWORD      	1 (0x1) 
NoCDBurning	REG_DWORD      	0 (0x0) 

===============
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS	REG_SZ         	

===============

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 
 DefaultUserName	REG_SZ         	abu wa umm'outhman 
 PowerdownAfterShutdown	REG_SZ         	0 
 ReportBootOk	REG_SZ         	1 
 Shell	REG_SZ         	Explorer.exe 
 ShutdownWithoutLogon	REG_SZ         	0 
 System	REG_SZ         	 
 Userinit	REG_SZ         	C:\WINDOWS\system32\userinit.exe, 
 VmApplet	REG_SZ         	rundll32 shell32,Control_RunDLL "sysdm.cpl" 
 SfcQuota	REG_DWORD      	-1 (0xffffffff) 
 allocatedasd	REG_SZ         	0 
 cachedlogonscount	REG_SZ         	10 
 forceunlocklogon	REG_DWORD      	0 (0x0) 
 passwordexpirywarning	REG_DWORD      	14 (0xe) 
 scremoveoption	REG_SZ         	0 
 UIHost	REG_EXPAND_SZ  	logonui.exe 
 Background	REG_SZ         	0 0 0 
 DebugServerCommand	REG_SZ         	no 
 SFCDisable	REG_DWORD      	0 (0x0) 
 WinStationsDisabled	REG_SZ         	0 
 HibernationPreviouslyEnabled	REG_DWORD      	1 (0x1) 
 ShowLogonOptions	REG_DWORD      	0 (0x0) 
 AltDefaultUserName	REG_SZ         	abu wa umm'outhman 
 AltDefaultDomainName	REG_SZ         	NOM-0BC262594E2 
 DefaultDomainName	REG_SZ         	NOM-0BC262594E2 
 AutoRestartShell	REG_DWORD      	0 (0x0) 
 LogonType	REG_DWORD      	1 (0x1) 
 DisableCAD	REG_DWORD      	1 (0x1) 
 IgnoreShiftOverride	REG_SZ         	0 
 AllowMultipleTSSessions	REG_DWORD      	1 (0x1) 
 LegalNoticeCaption	REG_SZ         	 
 LegalNoticeText	REG_SZ         	 
 AutoAdminLogon	REG_SZ         	0 
 ForceAutoLogon	REG_SZ         	0 
 AllocateFloppies	REG_SZ         	0 
 AllocateCDRoms	REG_SZ         	0 
 ChangePasswordUseKerberos	REG_DWORD      	1 (0x1) 
 Blud	REG_SZ         	n2pig9O8Y3Jc/luyQJ+J/291sGPwcOxG6/k2lWA60xq9OfOBxK015KWvWsSiUz6FmmlWz/05wQHGViyDC+HJGwkvHq9p/1Kmz6hvUlqTX61OOQJgNZmgjVcgDj8iB4q1FXvyQF8VrbKZ9OI9usoSZP5dRhGn4gR4iE2hZQBPs2TjvYCPCib+NrB9FY0jvViQe/nD1veSJqgXhboxzs9M/D+PLckAn66W5lFP833yqhfkPsFkGdXAvz/p7D4B+VKpI01skWDSSJL5vMFGh0inL8+3ddh1LjJEBfnxXf/ab97ANJ2UnX90kOIuqJdor5rc/pH5O33NOYeSumqH9aXSdu5jcid/rRPS6BvA1qjG2OqH2fz38EjS/fjKxCr5O70OO9vaqGmQ4cY5g8/cW8QOCzxLQxfAmiPIYGMo8MXXQmHTNNAu9ETUx/2+Py9ELLD0S/gY9F9yvfbKm3kxxtZnG053r8nsYnL7H3MQeT2Iu0d4B+Bzv38S/EDj97+1GwQS0lvBLJDTnaPQiqX3/ZAGTXRoS8xp5ALivTrECI39R2YNeHqRHoGnEmdQ/HPgxdvdroD5wLk5E/8oRwbqQ17kQJURri4Y4jF5dK416NZHC/hoDrNowwGwkk3Wpbfdb9P+VN/bzNJDhG7OaXQCvxF6CXeEwMEnwfjHjGaSneo3PZOn5BdxzpEnBqPK9Jrv8GagCvpISscs08UPFG5OPDLlEjyvsUhhYkoNmnaPFPkDnfkvIpqfy/LiiDLer3ticSuzZjQVWzy8C7NZmCA7aPqdJsqs8ZvXEDPZ45ZIAya0KkwTSEtQf2HBUZnfyFaribW/JPz2Vdc+xhWxdO7KLWcKWuQNn7jNSyANp+vQXW1hXCpIRxNoY6nmsVovFicPTsWpW8Zp8HP3q5ouIvLcPI1UCwcc8rqwwsLgSyPYpXlGGrfKTWqtL0dTKnnpi8R4NWLMvKeG2nt63WrQ4OI17uDrNg0PVH33CMofn4399sEgb2lr4OdUp4mvGnTJQOjacAu0tHGFfN5OMcfD7tkB/Al8yEELlpgdNFX/yvwFZcr87CXcERmD12YD/CSOLwtt4XgsOkJtV8cewv7qbgyF0OTXVwC/5ATvZgEiAN5L/+dyJeXt3ss6lQbp8PrlDG9QUxXRpIAC9pQlDQCErW+JM5uazQtYt49xUbnvZZ+NvO6ToZBdhyxDABrahEGhekSM2lsO9Y+0yxnsVqTCJXjw8VI3bt9LnOt11hDlJKI/c+eSVj1SVzx6YDWRUbJv0RF7MmDXUNvSA8JZNHdzqWF3p6HyhDBuUOwHHAGh0uXqft2SJBXtTHpGZzGkGLTI/bg7GjvGMWZvdTRcKpIbGw7MvsOwQ+e7RVpT7zhZC4SMQmsWOetSc+XL3Yqmalqj3cXSJQDc5mp+KCLsgPKN5veLHhGV6dwPXOC9YbVVTLRkLNqJ8x16v0aEPMYT2Ul2ml5Utni4mbkpJdQAY2ZBPbWDS4j+tcDN1utkexhu3yT9tgX7WOSqkYmjqC2pmoikYWXzGI65xSvJBcE0BJ7kreKKn9c7jSs5/KDRYyQ9VhzDV0e+SSv2w1p9v+CHN9n4080CABG/IiLQDrcRdNoayLR25RYXrnqitGw8gDZ4AOT2u6nK/sNJ/nR7ZrIEHzLFSfDEZauiLxYMh6rCoKs74smkJdyvtw== 
 EnableConcurrentSessions	REG_DWORD      	1 (0x1) 
 SfcDisabled	REG_DWORD      	0 (0x0)

soulysilak · Answer

===============

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify	ermsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\wlballoon]

===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972}	REG_SZ         	 

===============

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe	REG_SZ         	%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Paltalk Messenger\paltalk.exe	REG_SZ         	C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:Paltalk 9.0
C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe	REG_SZ         	C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:*:Enabled:FreeCall
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe	REG_SZ         	C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup
C:\Program Files\BitLord\BitLord.exe	REG_SZ         	C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord
C:\Program Files\Real\RealPlayerealplay.exe	REG_SZ         	C:\Program Files\Real\RealPlayerealplay.exe:*:Enabled:RealPlayer
C:\Program Files\eMule\emule.exe	REG_SZ         	C:\Program Files\eMule\emule.exe:*:Enabled:eMuleMorphXT
C:\Program Files\Internet Explorer\IEXPLORE.EXE	REG_SZ         	C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer
%windir%\Network Diagnostic\xpnetdiag.exe	REG_SZ         	%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Documents and Settings\joelle umm layla\Bureau\Dames_-_DO_1.1.exe	REG_SZ         	C:\Documents and Settings\joelle umm layla\Bureau\Dames_-_DO_1.1.exe:*:Enabled:Application MFC Dames
C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe	REG_SZ         	C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe:*:Enabled:InternetCalls
C:\Documents and Settings\abu wa umm'outhman\Bureauacer057aceracer.exe	REG_SZ         	C:\Documents and Settings\abu wa umm'outhman\Bureauacer057aceracer.exe:*:Enabled:racer
C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe	REG_SZ         	C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:*:Enabled:VoipBuster
C:\Program Files\Rockstar Games\Midnight Club II Demo\mc2_demo.exe	REG_SZ         	C:\Program Files\Rockstar Games\Midnight Club II Demo\mc2_demo.exe:*:Enabled:mc2_demo
C:\Program Files\SEGA\OutRun 2006 Coast 2 Coast\OR2006C2C.EXE	REG_SZ         	C:\Program Files\SEGA\OutRun 2006 Coast 2 Coast\OR2006C2C.EXE:*:Enabled:OR2006C2C
C:\Program Files\Windows Live\Messenger\msnmsgr.exe	REG_SZ         	C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe	REG_SZ         	C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\Bonjour\mDNSResponder.exe	REG_SZ         	C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
C:\WINDOWS\system32\dpvsetup.exe	REG_SZ         	C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
C:\WINDOWS\system32undll32.exe	REG_SZ         	C:\WINDOWS\system32undll32.exe:*:Disabled:Exécuter une DLL en tant qu'application
C:\Program Files\Skype\Plugin Manager\skypePM.exe	REG_SZ         	C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE	REG_SZ         	C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
C:\Program Files\Messenger\msmsgs.exe	REG_SZ         	C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\Skype\Phone\Skype.exe	REG_SZ         	C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
C:\Program Files\IEPro\MiniDM.exe	REG_SZ         	C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe	REG_SZ         	%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe	REG_SZ         	%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\msnmsgr.exe	REG_SZ         	C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe	REG_SZ         	C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare

===============
ActivX controls
===============

[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{233C1507-6A77-46A4-9443-F871F945D258}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{3FE16C08-D6A7-4133-84FC-D5BFB4F7D886}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8100D56A-5661-482C-BEE8-AFECE305D968}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{BA162249-F2C5-4851-8ADC-FC58CB424243}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D1548A26-B8F6-4E86-AE74-E7062CCC2E2A}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E1342154-4889-42B5-BEF6-19237577048F}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}]

===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\KB910393]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1325db73-d9f1-48f8-8895-6d814ec58889}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1BC46932-21B2-4130-86E0-B4EB4F7A7A7B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{407408d4-94ed-4d86-ab69-a7f649d112ee}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BDE0FA43-6952-4BA8-8C58-09AF690F88E1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E8EA5BD6-D931-4001-ABF6-81BAA500360A}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EA29D410-CE41-4953-A862-2DE706A1DAD7}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24}]

==============
BHO :
======

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{99EB6A92-0CA5-0F34-9473-71862BFA0C2A}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

===
DNS
===

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E5C83734-F181-47BD-8D18-EC78EC912DB6}: DhcpNameServer=194.168.4.100 194.168.8.100 
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E5C83734-F181-47BD-8D18-EC78EC912DB6}: DhcpNameServer=194.168.4.100 194.168.8.100 
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E5C83734-F181-47BD-8D18-EC78EC912DB6}: DhcpNameServer=194.168.4.100 194.168.8.100 
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100 
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100 
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100 

================
Internet Explorer :
================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.msn.com/fr-fr/?ocid=iehp
Local Page	REG_SZ         	C:\WINDOWS\system32\blank.htm
Default_Search_URL	REG_SZ         	https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL	REG_SZ         	https://www.msn.com/fr-fr/?ocid=iehp
Search Page	REG_SZ         	https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.google.fr/?gws_rd=ssl
Local Page	REG_SZ         	C:\WINDOWS\system32\blank.htm
Search Page	REG_SZ         	https://www.google.com/?gws_rd=ssl

soulysilak · Answer

======== Services ======== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services] Ndisuio : 0x3 ( OK = 3 ) EapHost : 0x3 ( OK = 2 ) SharedAccess : 0x4 ( OK = 2 ) wuauserv : 0x2 ( OK = 2 ) ======== Safemode ======== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !! ========= Atapi.sys ========= C:\My old Disk Structure -- 07-02-23 0535PM\WINDOWS\system32\dllcache\atapi.sys : MD5 :: [cdfe4411a69c224bd1d11b2da92dac51] SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d] C:\My old Disk Structure -- 07-02-23 0535PM\WINDOWS\system32\drivers\atapi.sys : MD5 :: [cdfe4411a69c224bd1d11b2da92dac51] SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d] C:\My old Disk Structure -- 07-04-30 0659PM\WINDOWS\system32\dllcache\atapi.sys : MD5 :: [cdfe4411a69c224bd1d11b2da92dac51] SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d] C:\My old Disk Structure -- 07-04-30 0659PM\WINDOWS\system32\drivers\atapi.sys : MD5 :: [cdfe4411a69c224bd1d11b2da92dac51] SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d] C:\WINDOWS\$NtServicePackUninstall$\atapi.sys : MD5 :: [cdfe4411a69c224bd1d11b2da92dac51] SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d] C:\WINDOWS\ServicePackFiles\i386\atapi.sys : MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674] SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9] C:\WINDOWS\system32\drivers\atapi.sys : MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674] SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9] Référence : ========== Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867 Win XP_32b : a64013e98426e1877cb653685c5c0009 Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51 Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674 Vista_32b : e03e8c99d15d0381e02743c36afc7c6f Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9 Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4 Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e ======= Drive : ======= D'fragmenteur de disque Windows Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc. Rapport d'analyse 70,32 Go total, 29,87 Go libre (42%), 16% fragment' (fragmentation du fichier 32%) Vous devriez d'fragmenter ce volume. ¤¤¤¤¤¤¤¤¤¤ Files/folders : Present !! : C:\Documents and Settings\All Users\Application Data\118300.34 Present !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache Present !! : C:\Documents and Settings\All Users\Favoris\_favdata.dat Present !! : C:\Program Files\BrowsingProgram Present !! : C:\Program Files\ezLife Present !! : C:\Program Files\Mozilla Firefox\Components\ffxShot.dll Present !! : C:\Program Files\Mozilla Firefox\components sFFxSHot.xpt Present !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadD500.exe Present !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadX800.exe Present !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadZ510.exe Present !! : C:\Program Files\Smart-Ads-Solutions Present !! : C:\WINDOWS\003212_.tmp Present !! : C:\WINDOWS\SkyCD.tmp Present !! : C:\WINDOWS\SkyInst.tmp Present !! : C:\WINDOWS\iun6002.exe Present !! : C:\WINDOWS\kb913800.exe Present !! : C:\WINDOWS egedit.com Present !! : C:\WINDOWS\System32\404Fix.exe Present !! : C:\WINDOWS\System32\b4fm.dll Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn Present !! : C:\WINDOWS\System32\dumphive.exe" Present !! : C:\WINDOWS\System32\IEDFix.exe Present !! : C:\WINDOWS\System32\Process.exe Present !! : C:\WINDOWS\System32\SET*.tmp Present !! : C:\WINDOWS\System32\SrchSTS.exe Present !! : C:\WINDOWS\System32 mp.reg" Present !! : C:\WINDOWS\System32\VACFix.exe Present !! : C:\WINDOWS\System32\VCCLSID.exe Present !! : C:\WINDOWS\System32\WS2Fix.exe Present !! : C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job Present !! : C:\WINDOWS asks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job Present !! : C:\WINDOWS\Temp\fla4.tmp Present !! : C:\WINDOWS\Temp\fla5.tmp Present !! : C:\WINDOWS\Temp\fla7.tmp Present !! : C:\WINDOWS\Temp\GUR2.tmp Present !! : C:\WINDOWS\Temp\jar_cache4251407466303109911.tmp Present !! : C:\WINDOWS\Temp\WFV18.tmp Present !! : C:\WINDOWS\Temp\WinD.tmp Present !! : C:\Documents and Settings\abu wa umm'outhman\Application Data\wklnhst.dat Present !! : C:\Documents and Settings\abu wa umm'outhman\Application Data\wklnhst.dat Present !! : C:\Documents and Settings\abu wa umm'outhman\Application Data\Desktopicon Present !! : C:\Documents and Settings\abu wa umm'outhman\Application Data\Smart-Ads-Solutions Present !! : C:\Documents and Settings\abu wa umm'outhman\Local Settings\Temp\c.dat Present !! : C:\Documents and Settings\abu wa umm'outhman\Local Settings\Temp\dw.log Present !! : C:\Documents and Settings\abu wa umm'outhman\LOCAL Settings\Temp\c.dat Present !! : C:\Documents and Settings\abu wa umm'outhman\LOCAL Settings\Temp\Perflib_Perfdata_12c8.dat Present !! : C:\Documents and Settings\abu wa umm'outhman\LOCAL Settings\Temp\Perflib_Perfdata_188.dat Present !! : C:\Documents and Settings\abu wa umm'outhman\LOCAL Settings\Temp\Perflib_Perfdata_1b0.dat Present !! : C:\Documents and Settings\abu wa umm'outhman\LOCAL Settings\Temp\Perflib_Perfdata_1c8.dat Present !! : C:\Documents and Settings\abu wa umm'outhman\LOCAL Settings\Temp\Perflib_Perfdata_22c.dat Present !! : C:\Documents and Settings\abu wa umm'outhman\LOCAL Settings\Temp\Perflib_Perfdata_36c.dat Present !! : C:\Documents and Settings\abu wa umm'outhman\LOCAL Settings\Temp\Perflib_Perfdata_374.dat Present !! : C:\Documents and Settings\abu wa umm'outhman\LOCAL Settings\Temp\Perflib_Perfdata_478.dat Present !! : C:\Documents and Settings\abu wa umm'outhman\LOCAL Settings\Temp\Perflib_Perfdata_4dc.dat Present !! : C:\Documents and Settings\abu wa umm'outhman\LOCAL Settings\Temp\Perflib_Perfdata_4e8.dat Present !! : C:\Documents and Settings\abu wa umm'outhman\LOCAL Settings\Temp\Perflib_Perfdata_514.dat Present !! : C:\Documents and Settings\abu wa umm'outhman\LOCAL Settings\Temp\Perflib_Perfdata_624.dat Present !! : C:\Documents and Settings\abu wa umm'outhman\LOCAL Settings\Temp\Perflib_Perfdata_678.dat Present !! : C:\Documents and Settings\abu wa umm'outhman\LOCAL Settings\Temp\Perflib_Perfdata_6b4.dat Present !! : C:\Documents and Settings\abu wa umm'outhman\LOCAL Settings\Temp\Perflib_Perfdata_6c4.dat Present !! : C:\Documents and Settings\abu wa umm'outhman\LOCAL Settings\Temp\Perflib_Perfdata_81c.dat Present !! : C:\Documents and Settings\abu wa umm'outhman\LOCAL Settings\Temp\Perflib_Perfdata_864.dat Present !! : C:\Documents and Settings\abu wa umm'outhman\LOCAL Settings\Temp\Perflib_Perfdata_9bc.dat Present !! : C:\Documents and Settings\abu wa umm'outhman\LOCAL Settings\Temp\Perflib_Perfdata_a5c.dat Present !! : C:\Documents and Settings\abu wa umm'outhman\LOCAL Settings\Temp\Perflib_Perfdata_bac.dat Present !! : C:\Documents and Settings\abu wa umm'outhman\LOCAL Settings\Temp\Perflib_Perfdata_c40.dat ¤¤¤¤¤¤¤¤¤¤ Keys : Present !! : HKCU\Software\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383} Present !! : "HKCU\Software\Antimalware Doctor Inc" Present !! : "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor" Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe" Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe" Present !! : "HKLM\Software\Trymedia Systems" Present !! : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d} Present !! : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d} Present !! : HKCR\secfile Present !! : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d} Present !! : HKCU\SOFTWARE\XML Present !! : HKCU\Software\YVIBBBHA8C ============ catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-30 08:17:31 Windows 5.1.2600 Service Pack 3 FAT NTAPI scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x85AB4EE4]<< kernel: MBR read successfully user & kernel MBR OK copy of MBR has been found in sector 0x0950E4C1 malicious code @ sector 0x0950E4C4 ! PE file found in sector at 0x0950E4DA ! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify REG_DWORD 1 (0x1) UpdatesDisableNotify REG_DWORD 1 (0x1) AntiVirusOverride REG_DWORD 1 (0x1) FirewallOverride REG_DWORD 1 (0x1) AntiVirusDisableNotify REG_DWORD 1 (0x1) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ End of scan : 8:17:33,84 (désolé j'aurais voulu l'inserer en une fois mais cela ne passait pas)

gen-hackman · Answer

bonjour :

&#9654 Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :

&#9654 choisis l'Option Clean

ton PC va redemarrer,

laisse travailler l'outil.

en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

&#9654 colle le contenu dans ta reponse

soulysilak · Answer

bonjour

je suis désolé mais cela rique de prendre un peu de temps car mon pc s'etteind tout seul et par deux fois il s'est etteind en plein analyse

gen-hackman · Answer

ok

soulysilak · Answer

Kill'em by g3n-h@ckm@n 1.7.2.5 
 
User : abu wa umm'outhman (Administrateurs) 
Update on 29/04/2010 by g3n-h@ckm@n ::::: 21.00
Start at: 23:40:44 | 30/04/2010

              Intel(R) Pentium(R) 4 CPU 3.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
FW : F-Secure Anti-Virus 2006 6.12[ (!) Disabled ]6.12

C:\ -> Disque fixe local | 70,32 Go (30,59 Go free) | NTFS
D:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Wqasya.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\eHome\ehRec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe
 
¤¤¤¤¤¤¤¤¤¤ Files/folders : 

 
Quarantined & Deleted !! : C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job 
Quarantined & Deleted !! : C:\Documents and Settings\abu wa umm'outhman\Local Settings\Temp\a.dat 
 
=======
Hosts :
=======

127.0.0.1       localhost   

========
Registry
========

Deleted : "HKCU\Software\Antimalware Doctor Inc"  
Deleted : "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor"  
=================
Internet Explorer
=================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.msn.com/fr-fr/?ocid=iehp
Local Page	REG_SZ         	C:\WINDOWS\system32\blank.htm
Default_Search_URL	REG_SZ         	https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL	REG_SZ         	https://www.msn.com/fr-fr/?ocid=iehp
Search Page	REG_SZ         	https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.google.com/?gws_rd=ssl
Local Page	REG_SZ         	C:\WINDOWS\system32\blank.htm
Search Page	REG_SZ         	http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

===============
Security Center
===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] 
FirewallDisableNotify	REG_DWORD      	0 (0x0) 
UpdatesDisableNotify	REG_DWORD      	0 (0x0) 
AntiVirusOverride	REG_DWORD      	1 (0x1) 
FirewallOverride	REG_DWORD      	1 (0x1) 
AntiVirusDisableNotify	REG_DWORD      	0 (0x0) 
FirstRunDisabled	REG_DWORD      	1 (0x1) 
 
========
Services
=========

 Ndisuio : Start = 3   
 EapHost : Start = 2   
 Ip6Fw : Start = 2   
 SharedAccess : Start = 2   
 wuauserv : Start = 2   
 wscsvc : Start = 2   

============
Disk Cleaned
anti-ver blaster : OK 
Prefetch cleaned 
================
 
 
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

gen-hackman · Answer

hello

Télécharge OTL de OLDTimer

&#9654 enregistre le sur ton Bureau.

&#9654 Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.

&#9654 Coche les 2 cases Lop et Purity

&#9654 Coche la case devant tous les utilisateurs

&#9654 règle age du fichier sur "60 jours"

&#9654 dans la moitié gauche , mets tout sur "tous"

ne modifie pas ceci : 

"fichiers créés" et "fichiers Modifiés" 

&#9654Clic sur Analyse.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

&#9654&#9654&#9654 NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

&#9654 Clique sur Parcourir et cherche le fichier ci-dessus.

&#9654 Clique sur Ouvrir.

&#9654 Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

&#9654 Copie ce lien dans ta réponse.

&#9654&#9654 Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.

soulysilak · Answer

Bonjour,

fichier OTL

http://www.cijoint.fr/cjlink.php?file=cj201005/cijurh7gF5.txt 

fichier extra

http://www.cijoint.fr/cjlink.php?file=cj201005/cijC8aSuka.txt 

merci bcp

gen-hackman · Answer

&#9654 Télécharge UsbFix

 (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

&#9654 Double clic sur le raccourci UsbFix présent sur ton bureau .

&#9654 Au menu principal choisis l'option " F " pour français et tape sur [entrée] . 

&#9654 Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée] 

&#9654 Laisse travailler l'outil.

&#9654 Ensuite post le rapport UsbFix.txt qui apparaitra.

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller ) 

 Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. 
          Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. 
          Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

soulysilak · Answer

############################## | UsbFix V6.110 |

User : abu wa umm'outhman (Administrateurs) # NOM-0BC262594E2
Update on 29/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 16:03:25 | 01/05/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

              Intel(R) Pentium(R) 4 CPU 3.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
FW : F-Secure Anti-Virus 2006 6.12[ (!) Disabled ]6.12

C:\ -> Disque fixe local # 70,32 Go (30,56 Go free) # NTFS
D:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible

################## | Elements infectieux |

C:\WINDOWS\PRAGMAprrpinlnos 
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job  
C:\DOCUME~1\ABUWAU~1\LOCALS~1\Temp\a.dat  

################## | Registre |

[HKCU\SOFTWARE\QZAIB7KITK]  
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QZAIB7KITK"  
[HKLM\SOFTWARE\PRAGMA]  
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRecentDocsHistory"  

################## | Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\Z
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL 

HKCU\..\..\Explorer\MountPoints2\{230c421a-dca0-11dc-8af0-000c6e26be42}
Shell\AutoRun\command =I:\setupSNK.exe 

HKCU\..\..\Explorer\MountPoints2\{d78ef264-9e46-11de-8f21-001558787531}
Shell\AutoRun\command =E:\installer.exe 
Shell\verb\command =E:\installer.exe 

HKCU\..\..\Explorer\MountPoints2\{fb43c0a7-5336-11dd-8c4a-000c6e26be42}
Shell\AutoRun\command =ie.exe 
Shell\explore\Command =ie.exe 
Shell\open\Command =ie.exe 

################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné !  

################## | ! Fin du rapport # UsbFix V6.110 ! |

gen-hackman · Answer

&#9654  (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

&#9654 Double clic (clic droit "en tant qu'administrateur" pour Vista)sur le raccourci UsbFix présent sur ton bureau

&#9654 Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

&#9654 Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]  

&#9654 Ton bureau disparaitra et le pc redémarrera .

&#9654 Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

&#9654 Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

soulysilak · Answer

je suis désolé mais jai un petit probleme

mon pc s'etteind tout seul lorsque l'analyse arrive a 80%

j'ai essayé par 3 ou 4 fois mais c'est toujours la meme chose

Avez vous eventuellement une autre solution à me proposer?

Merci.

gen-hackman · Answer

redemarre ton pc en mode sans echec et fais l'option 4 d'USBFix

soulysilak · Answer

bah jai de nouveau un petit probleme puisque je n'arrive pas a acceder au mode sans echec et a toutes les autres modes présent quand on tape f8

je tombe sur une page noir qui ne s'enleve tout simplement pas

donc.... je ne sais plus quoi faire

Merci.

gen-hackman · Answer

&#9654 Télécharge FindyKill sur ton bureau : 

http://pagesperso-orange.fr/NosTools/Chiquitine29/Setup.exe

! Déconnecte toi et ferme toutes applications en cours ! 

&#9654 Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)

&#9654 Double-clique (clic droit "en tant qu'administrateur" pour Vista)sur le raccourci FindyKill qui est sur ton bureau pour lancer l'outil .
 
&#9654 Au menu principal choisis l'option " F " pour français et tape sur [entrée] . 

&#9654 Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée] 

&#9654 Laisse travailler l'outil et ne touche à rien ... 

&#9654 Poste le rapport qui apparait à la fin , sur le forum ...

( le rapport est sauvegardé aussi sous C:\FindyKill.txt ) 
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

soulysilak · Answer

bonjour

finalement jai reussi a me mettre en mode sous echec mais le constat est le meme a partir de 80%( comme en mode normal) le pc s'etteind

J'ai quand meme fait l'autre analyse que vous avais demandé

voici les resultats

############################## | FindyKill V5.041 |

# User : abu wa umm'outhman (Administrateurs) # NOM-0BC262594E2
# Update on 29/04/2010 by El Desaparecido
# Start at: 23:50:50 | 01/05/2010
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com

#               Intel(R) Pentium(R) 4 CPU 3.00GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# FW : F-Secure Anti-Virus 2006 6.12[ (!) Disabled ]6.12

# C:\ # Disque fixe local # 70,32 Go (30,45 Go free) # NTFS
# D:\ # Disque CD-ROM
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible

################## | Eléments infectieux |


################## | Registre |


################## | Etat |

# Affichage des fichiers cachés : OK
 
# Mode sans echec : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 ) 
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 ) 
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 ) 
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 ) 
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 ) 
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 ) 

################## | ! Fin du rapport # FindyKill V5.041 ! |

J'avoue que depuis de debut je ne comprends pas grand chose pouvez vous me dire ce qu'il se passe un peu avec le pc? il y a t-il des virus?...

Un grand merci.

gen-hackman · Answer

oui apparement bien infecté ^^


Télécharge The Avenger sur ton Bureau.
http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/


--> Dézippe le fichier avenger.zip (Clique droit > Extraire).
--> Ferme toutes les fenêtres et toutes les applications en cours et double-clique sur l'icône avenger (Icône avec l'épée).
--> Clique sur OK pour accepter les termes d'utilisation.
--> Une fois le programme lancé, verifie bien que :
- La case "Scan For RootKit" soit cochée.
- La case "Automatically disable any rootkits found" ne soit pas cochée.
--> Clique sur Execute pour lancer le scan.
--> Répondre Oui à ce message de confirmation.
--> Répondre Oui pour exécuter un scan antirootkit.
--> La première étape étant finie, The Avenger a désormais besoin de redémarrer votre PC pour finir, clique sur Oui.
Ton PC redémarrera alors automatiquement.
--> Au redémarrage, le rapport de The Avenger s'ouvrira automatiquement, poste-le (C:\avenger.txt).

soulysilak · Answer

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished!  Terminate.

gen-hackman · Answer

je tombe sur une page noir qui ne s'enleve tout simplement pas 

tu attends combien de temps ?

soulysilak · Answer

le probleme a été résolu hier

enfaite hier soir les premieres fois ou j'ai essayé de me mettre en mode sans echec j'ai du attendre une vingtaine de minute et j'aurais encore pu attendre longtemps

ensuite je me suis mis en mode normal et l'ecran etait tout bleu windows " m'a dis" que si je cliquais pas avant 10sec sur une touche une analyse du lecteur c je pense se mettra en plus ( c'est une analyse en 3 temps)

j'ai laissé faire

Et apres je me suis dit que c'est peut etre ca qui bloquait le fait que je ne puisse pas me mettre en mode sans echec et directement apres jai pu y acceder

gen-hackman · Answer

ok donc refais OTL stp 
?G3?-?@¢??@?(TM)©®?

soulysilak · Answer

OTL

http://www.cijoint.fr/cjlink.php?file=cj201005/cijKLZuX3v.txt 

EXTRA

http://www.cijoint.fr/cjlink.php?file=cj201005/cijSR9dryx.txt

soulysilak · Answer

bonsoir

Jespere que vous avez pu acceder aux pieces jointes

je vais tenter de refaire les suppression ayant échouées

Merci

gen-hackman · Answer

&#9654 clic droit "executer en tant qu'administrateur" sur OTL.exe pour le lancer.


&#9654Copie la liste qui se trouve en gras ci-dessous,

&#9654 colle-la dans la zone sous Personnalisation:


:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
newupdate1142C.exe

:OTL
O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (UltimateContext) - {99EB6A92-0CA5-0F34-9473-71862BFA0C2A} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O4 - HKLM..\Run: [DrWebScheduler] C:\Program Files\DrWeb\DRWEBSCD.EXE File not found
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [Norman ZANDA] C:\VIRUSfighter\Npm\bin\ZLH.EXE File not found
O4 - HKLM..\Run: [Waiting1690] C:\Windows\stid1690.exe File not found
O4 - HKU\S-1-5-21-3281192550-3576006143-3423133932-1006..\Run: [FreeCall] C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe File not found
O4 - HKU\S-1-5-21-3281192550-3576006143-3423133932-1006..\Run: [fsm]  File not found
O4 - HKU\S-1-5-21-3281192550-3576006143-3423133932-1006..\Run: [HiChatter] C:\Program Files\Beyluxe Messenger\Beyluxe Messenger.exe File not found
O4 - HKU\S-1-5-21-3281192550-3576006143-3423133932-1006..\Run: [newupdate1142C.exe] C:\Documents and Settings\abu wa umm'outhman\Application Data\5939795A660779C6143E3D1A9B8E1F36
ewupdate1142C.exe ()
O4 - HKU\S-1-5-21-3281192550-3576006143-3423133932-1006..\Run: [Power2GoExpress]  File not found
O4 - HKU\S-1-5-21-3281192550-3576006143-3423133932-1006..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergency.exe File not found
O4 - HKU\S-1-5-21-3281192550-3576006143-3423133932-1006..\Run: [VoipBuster] C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe File not found
O4 - Startup: C:\Documents and Settings\joelle umm layla\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe File not found
O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll File not found
O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll File not found
O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll File not found
O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll File not found
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.zebulon.fr/scan8/oscan8.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} http://www.trendsecure.com/easy_install/_activex/fr/TSEasyInstallX.CAB (Reg Error: Key error.)
016 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
C:\Documents and Settings\abu wa umm'outhman\Mes documents\SpyHunter-Installer.exe

:reg
HKEY_LOCAL_MMACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HonorAutoRunSetting"=1

:Files
C:\Documents and Settings\abu wa umm'outhman\Application Data\5939795A660779C6143E3D1A9B8E1F36
C:\Documents and Settings\LocalService\Application Data\McAfee
C:\Documents and Settings\abu wa umm'outhman\Mes documents\spywarefighter.exe
C:\WINDOWS	asks\XJPZKNZUP.job
C:\WINDOWS\System32\o.dat
C:\Documents and Settings\All Users\Application Data\U8yYP41Rt
C:\Documents and Settings\All Users\Application Data\768409850
C:\Documents and Settings\abu wa umm'outhman\Mes documents\SpyHunter-Installer.exe
C:\Documents and Settings\abu wa umm'outhman\Local Settings\Application Data\U8yYP41Rt
C:\WINDOWS\System32ppbzokwbd.exe
C:\WINDOWS\Wqasya.exe
C:\WINDOWS\System32\szysdpzu.dll
C:\WINDOWS\System32\poqlnbzr.dll
C:\WINDOWS\System32\oejgmhjziuth.dll
C:\Documents and Settings\abu wa umm'outhman\Application Data\7910.org
C:\Documents and Settings\abu wa umm'outhman\Application Data\ezLife
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD



:commands
[emptytemp]
[start explorer]
[reboot]


&#9654 Clique sur "Correction" pour lancer la suppression.


&#9654 Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.

soulysilak · Answer

Bonjour,

J'ai suivi vos instructions mais lors de la correction le pc s'etteind

Jai essayé plusieurs fois et ca s'etteind toujours

cependant j'ai constaté une grande amélioration concernant mon pc

anti malware doctor n'apparait plus du tout

plus aucune fenetre ne sort pour me dire que c'est infecté

MAIS il y a des pubs qui apparaissent toujours subitement

et dans le panneau de configuration antimalware est toujours la

gen-hackman · Answer

/!\ ATTENTION SUIVRE SCRUPULEUSEMENT A LA LETTRE CES INDICATIONS/!\ ________________________________________________________________ >Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.< >>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<< ===================================================== ? Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur ? On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil: https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix Avant d'utiliser ComboFix : ______________________________________________________________________ >> referme les fenêtres de tous les programmes en cours. >> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, >>la protection en temps réel de ton Antivirus et de tes Antispywares, >>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil. °°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°° ? !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!! ? n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet. ?? Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message. ?G3?-?@¢??@?(TM)©®?

soulysilak · Answer

ComboFix 10-05-03.06 - abu wa umm'outhman 04/05/2010  16:18:36.1.2 - x86
Microsoft Windows XP Professionnel  5.1.2600.3.1252.33.1036.18.958.474 [GMT 1:00]
Lancé depuis: c:\documents and settings\abu wa umm'outhman\Bureau\ComboFix.exe
FW: F-Secure Anti-Virus 2006 6.12 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\abu wa umm'outhman\Application Data\5939795A660779C6143E3D1A9B8E1F36
c:\documents and settings\abu wa umm'outhman\Application Data\5939795A660779C6143E3D1A9B8E1F36\enemies-names.txt
c:\documents and settings\abu wa umm'outhman\Application Data\5939795A660779C6143E3D1A9B8E1F36\hookdll.dll
c:\documents and settings\abu wa umm'outhman\Application Data\5939795A660779C6143E3D1A9B8E1F36\lsrslt.ini
c:\documents and settings\abu wa umm'outhman\Application Data\ezLife
c:\documents and settings\abu wa umm'outhman\Local Settings\Temporary Internet Files\0EYaPJ.jpg
c:\documents and settings\abu wa umm'outhman\Local Settings\Temporary Internet Files\3S8BR45u.jpg
c:\documents and settings\abu wa umm'outhman\Local Settings\Temporary Internet Files\iq76hUJga.jpg
c:\documents and settings\abu wa umm'outhman\Local Settings\Temporary Internet Files
Rv4Okd.jpg
c:\documents and settings\Administrateur\Local Settings\Application Data\ave.exe
c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\c.cgm
C:\log.tmp

soulysilak · Answer

Je mettrais la suite apres car pour depuis tout a lheure j'essaie mais mes réponses n'apparaissent pas

Désolé

gen-hackman · Answer

fais-le passer par cijoint.fr

soulysilak · Answer

Bonjour 

je suis désolé mais je n'arrive pas a telecharger le document sur cijoint 

les autres oui mais pas celui-la 

de plus certaines de mes icones ne s'affichent plus correctement et a part internet je n'arrive a ouvrir aucun programme il n'y a d'ailleurs plus la fonction ouvrir

gen-hackman · Answer

bonjour je viens de demander le deblocage du reste du rapport combofix qui n'apparait pas , en attendant : ▶ Télécharge Dr Web CureIt sur ton Bureau : ▶ redemarre en mode sans échec ▶- Double clique (clic droit "en tant qu'admin" sous Vista) et ensuite clique sur ; ▶- Clique à l'invite de l'analyse rapide. S'il trouve des processus infectés alors clique le bouton . Note : une fenêtre s'ouvrira avec options pour "Commander" ou "50% de réduction" : Quitte en cliquant le "X". ▶- Lorsque le scan rapide est terminé, clique sur le menu puis ; Choisis l'onglet , et décoche . Clique ensuite sur . ▶- De retour à la fenêtre principale : clique pour activer ▶- Clique le bouton avec flèche verte sur la droite, et le scan débutera. ▶- Clique pour tout à l'invite "Désinfecter ?" lorsqu'un fichier est détecté, et ensuite clique "Désinfecter". ▶- Lorsque le scan sera complété, regarde si tu peux cliquer sur l' icône, adjacente aux fichiers détectés (plusieurs feuilles l'une sur l'autre). Si oui, alors clique dessus et ensuite clique sur l'icône , au dessous, et choisis . ▶- Du menu principal de l'outil, au haut à gauche, clique sur le menu et choisis . Sauvegarde le rapport sur ton Bureau. Ce dernier se nommera DrWeb.csv ▶-pour le rapport tu l enregistres sur ton bureau , tu clic droit dessus /envoyer vers / dossiers compresses ensuite : tu m'envoies l'archive comme ceci : clique sur ce lien : http://www.cijoint.fr/ ▶ Clique sur Parcourir et cherche le fichier ci-dessus. ▶ Clique sur Ouvrir. ▶ Clique sur "Cliquez ici pour déposer le fichier". Un lien de cette forme : http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt est ajouté dans la page. ▶ Copie ce lien dans ta réponse. ▶- Ferme Dr.Web Cureit ▶- Redémarre ton ordi (important car certains fichiers peuvent être déplacés/réparés au redémarrage).

soulysilak · Answer

voici la deuxieme partie 

http://www.cijoint.fr/cjlink.php?file=cj201005/cijhJXIifX.txt  

je n'arrive pas a telecharger la premiere partie quand je le fais cela me renvoie vers une page internet qui me dit qu'internet explorer ne peut pas afficher cette page 

depuis hier ca me fait ca mais seulement qu'avec ce document les autres passent tranquillement et la jai réussi qu'a telecharger la deuxieme partie 

j'essaierai apres concernant la premiere partie 

concernant DR web je l'ai telechargé l'icone est sur mon bureau mais je n'arrive pas a l'ouvrir c'est comme s'il ne reconaissait pas le programme 
quand je clique droit dessus il y a meme pas "ouvrir"

gen-hackman · Answer

ok laisse tomber DrWeb pour l instant ton pc finira pas l analyse il beuggera avant la fin :

&#9654 Télécharge : Gmer (by Przemyslaw Gmerek)


&#9654 Dezippe gmer ,cliques sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.

&#9654 Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)

Ensuite

&#9654 sur les lignes rouge:

&#9654 Services:cliques droit delete service
&#9654 Process:cliques droit kill process
&#9654 Adl ,file:cliques droit delete files

soulysilak · Answer

j'ai reessayé pour combofix rien n'a faire

concernant : GMER

je l'ai dezippé il me propose ensuite de télécharger le fichier je clique sur executer mais rien ne se passe

donc voila je commence a etre un peu pessimiste concernant mon pc et si vous pensez que tout a été envisagé et qu'il n y a plus rien a faire vaut mieux que je formate nan? (meme si c'est pas THE solution")

juste une question c'est antimalware doctor qui a crée tout cela?

gen-hackman · Answer

il me manque un rapport :

C:\_OTL\Moved Files\la_date_et_l_heure.txt

soulysilak · Answer

Je viens de regarder dans le dossier OTL et je ne l'ai pas

désolé

gen-hackman · Answer

pour gMer , il faut desactiver toutes les defenses

soulysilak · Answer

hormis Internet je ne peux plus ouvrir aucunes de mes icones dont mon anti-virus je ne peux donc pas desactiver mes defenses

Merci de votre aide

gen-hackman · Answer

en mode sans echec

soulysilak · Answer

les icones n'apparaissent toujours pas correctement et je ne peux toujours pas ouvrir les programmes meme en mode sans echec !!!

gen-hackman · Answer

bonjour 

cette version de gMer marchera-t-elle ?


http://www2.gmer.net/gmer.exe

soulysilak · Answer

Salut

windows ne peut pas ouvrir ce fichier et me demande soit

de selectionner le programme parmis une liste

ou d'utiliser le service web

gen-hackman · Answer

execute ceci , une clé de registre apparaitra sur ton bureau , execute-la , redemarre ton pc et reessaie

http://sd-1.archive-host.com/membres/up/829108531491024/Mes_Tools/FxEx.bat

soulysilak · Answer

jai telechargé et exécuté ce que vous m'avez donné

un ecran bleu s'est affiché puis est reparti trrrrrres vite

et depuis rien ne se passe

jai quand meme redémarré le pc pour voir et rien n'a changé

je ne peux toujours pas acceder a gmer

gen-hackman · Answer

tu as le cd de windows ?

soulysilak · Answer

non lors de la vente on ne nous l'a pas donné

gen-hackman · Answer

essaie de voir si tu peux lancer ceci :

https://www.androidworld.fr/

soulysilak · Answer

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-07 15:43:34
Windows 5.1.2600 Service Pack 3
Running: soulysilak.pif; Driver: C:\DOCUME~1\ABUWAU~1\LOCALS~1\Temp\agwyqaod.sys


---- Kernel code sections - GMER 1.0.15 ----

.rsrc           C:\WINDOWS\system32\DRIVERS	cpip.sys                                                                                                                                                                                                                                                                                                                                      entry point in ".rsrc" section [0xF16C2A94]
.text           C:\WINDOWS\system32\DRIVERS\atksgt.sys                                                                                                                                                                                                                                                                                                                                     section is writeable [0xEC599300, 0x3AE88, 0xE8000020]
.text           C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                                                                                                                                                                                                                                                                                                     section is writeable [0xF78E8300, 0x1B7E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[128] ntdll.dll!NtCreateFile                                                                                                                                                                                                                                                 7C91D0AE 5 Bytes  JMP 001340AE 
.text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[128] ntdll.dll!NtCreateThread                                                                                                                                                                                                                                               7C91D1AE 5 Bytes  JMP 00133E67 
.text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[128] ntdll.dll!NtQueryDirectoryFile                                                                                                                                                                                                                                         7C91D76E 5 Bytes  JMP 0013405A 
.text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[128] ntdll.dll!LdrLoadDll                                                                                                                                                                                                                                                   7C9263C3 5 Bytes  JMP 00133FC5 
.text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[128] WS2_32.dll!closesocket                                                                                                                                                                                                                                                 719F3E2B 5 Bytes  JMP 00141924 
.text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[128] WS2_32.dll!send                                                                                                                                                                                                                                                        719F4C27 5 Bytes  JMP 00141958 
.text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[128] WS2_32.dll!WSASend                                                                                                                                                                                                                                                     719F68FA 5 Bytes  JMP 00141975

soulysilak · Answer

.text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[128] USER32.dll!TranslateMessage                                                                                                                                                                                                                                            7E398BF6 5 Bytes  JMP 0014572E 
.text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[128] USER32.dll!DefWindowProcW                                                                                                                                                                                                                                              7E3A8D20 5 Bytes  JMP 001405E3 
.text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[128] USER32.dll!BeginPaint                                                                                                                                                                                                                                                  7E3A8FE9 5 Bytes  JMP 00140552 
.text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[128] USER32.dll!EndPaint                                                                                                                                                                                                                                                    7E3A8FFD 5 Bytes  JMP 001405B4 
.text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[128] USER32.dll!DefWindowProcA                                                                                                                                                                                                                                              7E3AC17E 5 Bytes  JMP 0014061F 
.text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[128] USER32.dll!GetClipboardData                                                                                                                                                                                                                                            7E3B0DBA 5 Bytes  JMP 00145863 
.text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[128] WININET.dll!InternetReadFile                                                                                                                                                                                                                                           404B654B 5 Bytes  JMP 00147D10 
.text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[128] WININET.dll!HttpQueryInfoA                                                                                                                                                                                                                                             404B878D 5 Bytes  JMP 00147DB7 
.text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[128] WININET.dll!InternetCloseHandle                                                                                                                                                                                                                                        404B9088 5 Bytes  JMP 00147D78 
.text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[128] WININET.dll!InternetQueryDataAvailable                                                                                                                                                                                                                                 404BBF7F 5 Bytes  JMP 00147D55 
.text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[128] WININET.dll!HttpSendRequestW                                                                                                                                                                                                                                           404BFABE 5 Bytes  JMP 00147C84 
.text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[128] WININET.dll!HttpSendRequestA                                                                                                                                                                                                                                           404CEE89 5 Bytes  JMP 00147CA6 
.text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[128] WININET.dll!InternetReadFileExA                                                                                                                                                                                                                                        404D3381 5 Bytes  JMP 00147D32 
.text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[128] WININET.dll!HttpSendRequestExA                                                                                                                                                                                                                                         4052A70A 5 Bytes  JMP 00147CEC 
.text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[128] WININET.dll!HttpSendRequestExW                                                                                                                                                                                                                                         4052A763 5 Bytes  JMP 00147CC8 
.text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[128] CRYPT32.dll!PFXImportCertStore                                                                                                                                                                                                                                         77A4FF8F 5 Bytes  JMP 00133909 
.text           C:\WINDOWS\system32\svchost.exe[560] ntdll.dll!NtCreateFile                                                                                                                                                                                                                                                                                                                7C91D0AE 5 Bytes  JMP 000840AE 
.text           C:\WINDOWS\system32\svchost.exe[560] ntdll.dll!NtCreateThread                                                                                                                                                                                                                                                                                                              7C91D1AE 5 Bytes  JMP 00083E67 
.text           C:\WINDOWS\system32\svchost.exe[560] ntdll.dll!NtQueryDirectoryFile                                                                                                                                                                                                                                                                                                        7C91D76E 5 Bytes  JMP 0008405A

soulysilak · Answer

.text           C:\WINDOWS\system32\svchost.exe[560] ntdll.dll!LdrLoadDll                                                                                                                                                                                                                                                                                                                  7C9263C3 5 Bytes  JMP 00083FC5 
.text           C:\WINDOWS\system32\svchost.exe[560] USER32.dll!TranslateMessage                                                                                                                                                                                                                                                                                                           7E398BF6 5 Bytes  JMP 0009572E 
.text           C:\WINDOWS\system32\svchost.exe[560] USER32.dll!DefWindowProcW                                                                                                                                                                                                                                                                                                             7E3A8D20 5 Bytes  JMP 000905E3 
.text           C:\WINDOWS\system32\svchost.exe[560] USER32.dll!BeginPaint                                                                                                                                                                                                                                                                                                                 7E3A8FE9 5 Bytes  JMP 00090552 
.text           C:\WINDOWS\system32\svchost.exe[560] USER32.dll!EndPaint                                                                                                                                                                                                                                                                                                                   7E3A8FFD 5 Bytes  JMP 000905B4 
.text           C:\WINDOWS\system32\svchost.exe[560] USER32.dll!DefWindowProcA                                                                                                                                                                                                                                                                                                             7E3AC17E 5 Bytes  JMP 0009061F 
.text           C:\WINDOWS\system32\svchost.exe[560] USER32.dll!GetClipboardData                                                                                                                                                                                                                                                                                                           7E3B0DBA 5 Bytes  JMP 00095863 
.text           C:\WINDOWS\system32\svchost.exe[560] WININET.dll!InternetReadFile                                                                                                                                                                                                                                                                                                          404B654B 5 Bytes  JMP 00097D10 
.text           C:\WINDOWS\system32\svchost.exe[560] WININET.dll!HttpQueryInfoA                                                                                                                                                                                                                                                                                                            404B878D 5 Bytes  JMP 00097DB7 
.text           C:\WINDOWS\system32\svchost.exe[560] WININET.dll!InternetCloseHandle                                                                                                                                                                                                                                                                                                       404B9088 5 Bytes  JMP 00097D78 
.text           C:\WINDOWS\system32\svchost.exe[560] WININET.dll!InternetQueryDataAvailable                                                                                                                                                                                                                                                                                                404BBF7F 5 Bytes  JMP 00097D55 
.text           C:\WINDOWS\system32\svchost.exe[560] WININET.dll!HttpSendRequestW                                                                                                                                                                                                                                                                                                          404BFABE 5 Bytes  JMP 00097C84 
.text           C:\WINDOWS\system32\svchost.exe[560] WININET.dll!HttpSendRequestA                                                                                                                                                                                                                                                                                                          404CEE89 5 Bytes  JMP 00097CA6 
.text           C:\WINDOWS\system32\svchost.exe[560] WININET.dll!InternetReadFileExA                                                                                                                                                                                                                                                                                                       404D3381 5 Bytes  JMP 00097D32 
.text           C:\WINDOWS\system32\svchost.exe[560] WININET.dll!HttpSendRequestExA                                                                                                                                                                                                                                                                                                        4052A70A 5 Bytes  JMP 00097CEC 
.text           C:\WINDOWS\system32\svchost.exe[560] WININET.dll!HttpSendRequestExW                                                                                                                                                                                                                                                                                                        4052A763 5 Bytes  JMP 00097CC8 
.text           C:\WINDOWS\system32\svchost.exe[560] WS2_32.dll!closesocket                                                                                                                                                                                                                                                                                                                719F3E2B 5 Bytes  JMP 00091924

soulysilak · Answer

.text           C:\WINDOWS\system32\svchost.exe[560] WS2_32.dll!send                                                                                                                                                                                                                                                                                                                       719F4C27 5 Bytes  JMP 00091958 
.text           C:\WINDOWS\system32\svchost.exe[560] WS2_32.dll!WSASend                                                                                                                                                                                                                                                                                                                    719F68FA 5 Bytes  JMP 00091975 
.text           C:\WINDOWS\system32\svchost.exe[560] CRYPT32.dll!PFXImportCertStore                                                                                                                                                                                                                                                                                                        77A4FF8F 5 Bytes  JMP 00083909 
.text           C:\WINDOWS\system32\services.exe[648] ntdll.dll!NtCreateFile                                                                                                                                                                                                                                                                                                               7C91D0AE 5 Bytes  JMP 012240AE 
.text           C:\WINDOWS\system32\services.exe[648] ntdll.dll!NtCreateThread                                                                                                                                                                                                                                                                                                             7C91D1AE 5 Bytes  JMP 01223E67 
.text           C:\WINDOWS\system32\services.exe[648] ntdll.dll!NtQueryDirectoryFile                                                                                                                                                                                                                                                                                                       7C91D76E 5 Bytes  JMP 0122405A 
.text           C:\WINDOWS\system32\services.exe[648] ntdll.dll!LdrLoadDll                                                                                                                                                                                                                                                                                                                 7C9263C3 5 Bytes  JMP 01223FC5 
.text           C:\WINDOWS\system32\services.exe[648] USER32.dll!TranslateMessage                                                                                                                                                                                                                                                                                                          7E398BF6 5 Bytes  JMP 0123572E 
.text           C:\WINDOWS\system32\services.exe[648] USER32.dll!DefWindowProcW                                                                                                                                                                                                                                                                                                            7E3A8D20 5 Bytes  JMP 012305E3 
.text           C:\WINDOWS\system32\services.exe[648] USER32.dll!BeginPaint                                                                                                                                                                                                                                                                                                                7E3A8FE9 5 Bytes  JMP 01230552 
.text           C:\WINDOWS\system32\services.exe[648] USER32.dll!EndPaint                                                                                                                                                                                                                                                                                                                  7E3A8FFD 5 Bytes  JMP 012305B4 
.text           C:\WINDOWS\system32\services.exe[648] USER32.dll!DefWindowProcA                                                                                                                                                                                                                                                                                                            7E3AC17E 5 Bytes  JMP 0123061F 
.text           C:\WINDOWS\system32\services.exe[648] USER32.dll!GetClipboardData                                                                                                                                                                                                                                                                                                          7E3B0DBA 5 Bytes  JMP 01235863 
.text           C:\WINDOWS\system32\services.exe[648] WININET.dll!InternetReadFile                                                                                                                                                                                                                                                                                                         404B654B 5 Bytes  JMP 01237D10 
.text           C:\WINDOWS\system32\services.exe[648] WININET.dll!HttpQueryInfoA                                                                                                                                                                                                                                                                                                           404B878D 5 Bytes  JMP 01237DB7 
.text           C:\WINDOWS\system32\services.exe[648] WININET.dll!InternetCloseHandle                                                                                                                                                                                                                                                                                                      404B9088 5 Bytes  JMP 01237D78 
.text           C:\WINDOWS\system32\services.exe[648] WININET.dll!InternetQueryDataAvailable                                                                                                                                                                                                                                                                                               404BBF7F 5 Bytes  JMP 01237D55 
.text           C:\WINDOWS\system32\services.exe[648] WININET.dll!HttpSendRequestW                                                                                                                                                                                                                                                                                                         404BFABE 5 Bytes  JMP 01237C84 
.text           C:\WINDOWS\system32\services.exe[648] WININET.dll!HttpSendRequestA                                                                                                                                                                                                                                                                                                         404CEE89 5 Bytes  JMP 01237CA6

soulysilak · Answer

.text           C:\WINDOWS\system32\services.exe[648] WININET.dll!InternetReadFileExA                                                                                                                                                                                                                                                                                                      404D3381 5 Bytes  JMP 01237D32 
.text           C:\WINDOWS\system32\services.exe[648] WININET.dll!HttpSendRequestExA                                                                                                                                                                                                                                                                                                       4052A70A 5 Bytes  JMP 01237CEC 
.text           C:\WINDOWS\system32\services.exe[648] WININET.dll!HttpSendRequestExW                                                                                                                                                                                                                                                                                                       4052A763 5 Bytes  JMP 01237CC8 
.text           C:\WINDOWS\system32\services.exe[648] WS2_32.dll!closesocket                                                                                                                                                                                                                                                                                                               719F3E2B 5 Bytes  JMP 01231924 
.text           C:\WINDOWS\system32\services.exe[648] WS2_32.dll!send                                                                                                                                                                                                                                                                                                                      719F4C27 5 Bytes  JMP 01231958 
.text           C:\WINDOWS\system32\services.exe[648] WS2_32.dll!WSASend                                                                                                                                                                                                                                                                                                                   719F68FA 5 Bytes  JMP 01231975 
.text           C:\WINDOWS\system32\services.exe[648] CRYPT32.dll!PFXImportCertStore                                                                                                                                                                                                                                                                                                       77A4FF8F 5 Bytes  JMP 01223909 
.text           C:\WINDOWS\system32\lsass.exe[660] ntdll.dll!NtCreateFile                                                                                                                                                                                                                                                                                                                  7C91D0AE 5 Bytes  JMP 00E840AE 
.text           C:\WINDOWS\system32\lsass.exe[660] ntdll.dll!NtCreateThread                                                                                                                                                                                                                                                                                                                7C91D1AE 5 Bytes  JMP 00E83E67 
.text           C:\WINDOWS\system32\lsass.exe[660] ntdll.dll!NtQueryDirectoryFile                                                                                                                                                                                                                                                                                                          7C91D76E 5 Bytes  JMP 00E8405A 
.text           C:\WINDOWS\system32\lsass.exe[660] ntdll.dll!LdrLoadDll                                                                                                                                                                                                                                                                                                                    7C9263C3 5 Bytes  JMP 00E83FC5 
.text           C:\WINDOWS\system32\lsass.exe[660] USER32.dll!TranslateMessage                                                                                                                                                                                                                                                                                                             7E398BF6 5 Bytes  JMP 00E9572E 
.text           C:\WINDOWS\system32\lsass.exe[660] USER32.dll!DefWindowProcW                                                                                                                                                                                                                                                                                                               7E3A8D20 5 Bytes  JMP 00E905E3 
.text           C:\WINDOWS\system32\lsass.exe[660] USER32.dll!BeginPaint                                                                                                                                                                                                                                                                                                                   7E3A8FE9 5 Bytes  JMP 00E90552 
.text           C:\WINDOWS\system32\lsass.exe[660] USER32.dll!EndPaint                                                                                                                                                                                                                                                                                                                     7E3A8FFD 5 Bytes  JMP 00E905B4 
.text           C:\WINDOWS\system32\lsass.exe[660] USER32.dll!DefWindowProcA                                                                                                                                                                                                                                                                                                               7E3AC17E 5 Bytes  JMP 00E9061F 
.text           C:\WINDOWS\system32\lsass.exe[660] USER32.dll!GetClipboardData                                                                                                                                                                                                                                                                                                             7E3B0DBA 5 Bytes  JMP 00E95863 
.text           C:\WINDOWS\system32\lsass.exe[660] WS2_32.dll!closesocket                                                                                                                                                                                                                                                                                                                  719F3E2B 5 Bytes  JMP 00E91924 
.text           C:\WINDOWS\system32\lsass.exe[660] WS2_32.dll!send                                                                                                                                                                                                                                                                                                                         719F4C27 5 Bytes  JMP 00E91958 
.text           C:\WINDOWS\system32\lsass.exe[660] WS2_32.dll!WSASend                                                                                                                                                                                                                                                                                                                      719F68FA 5 Bytes  JMP 00E91975 
.text           C:\WINDOWS\system32\lsass.exe[660] WININET.dll!InternetReadFile

soulysilak · Answer

.text           C:\WINDOWS\system32\lsass.exe[660] WININET.dll!HttpQueryInfoA                                                                                                                                                                                                                                                                                                              404B878D 5 Bytes  JMP 00E97DB7 
.text           C:\WINDOWS\system32\lsass.exe[660] WININET.dll!InternetCloseHandle                                                                                                                                                                                                                                                                                                         404B9088 5 Bytes  JMP 00E97D78 
.text           C:\WINDOWS\system32\lsass.exe[660] WININET.dll!InternetQueryDataAvailable                                                                                                                                                                                                                                                                                                  404BBF7F 5 Bytes  JMP 00E97D55 
.text           C:\WINDOWS\system32\lsass.exe[660] WININET.dll!HttpSendRequestW                                                                                                                                                                                                                                                                                                            404BFABE 5 Bytes  JMP 00E97C84 
.text           C:\WINDOWS\system32\lsass.exe[660] WININET.dll!HttpSendRequestA                                                                                                                                                                                                                                                                                                            404CEE89 5 Bytes  JMP 00E97CA6 
.text           C:\WINDOWS\system32\lsass.exe[660] WININET.dll!InternetReadFileExA                                                                                                                                                                                                                                                                                                         404D3381 5 Bytes  JMP 00E97D32 
.text           C:\WINDOWS\system32\lsass.exe[660] WININET.dll!HttpSendRequestExA                                                                                                                                                                                                                                                                                                          4052A70A 5 Bytes  JMP 00E97CEC 
.text           C:\WINDOWS\system32\lsass.exe[660] WININET.dll!HttpSendRequestExW                                                                                                                                                                                                                                                                                                          4052A763 5 Bytes  JMP 00E97CC8 
.text           C:\WINDOWS\system32\lsass.exe[660] CRYPT32.dll!PFXImportCertStore                                                                                                                                                                                                                                                                                                          77A4FF8F 5 Bytes  JMP 00E83909 
.text           C:\WINDOWS\system32\Ati2evxx.exe[832] ntdll.dll!NtCreateFile                                                                                                                                                                                                                                                                                                               7C91D0AE 5 Bytes  JMP 00FA40AE 
.text           C:\WINDOWS\system32\Ati2evxx.exe[832] ntdll.dll!NtCreateThread                                                                                                                                                                                                                                                                                                             7C91D1AE 5 Bytes  JMP 00FA3E67 
.text           C:\WINDOWS\system32\Ati2evxx.exe[832] ntdll.dll!NtQueryDirectoryFile                                                                                                                                                                                                                                                                                                       7C91D76E 5 Bytes  JMP 00FA405A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[832] ntdll.dll!LdrLoadDll                                                                                                                                                                                                                                                                                                                 7C9263C3 5 Bytes  JMP 00FA3FC5 
.text           C:\WINDOWS\system32\Ati2evxx.exe[832] USER32.dll!TranslateMessage                                                                                                                                                                                                                                                                                                          7E398BF6 5 Bytes  JMP 00FB572E 
.text           C:\WINDOWS\system32\Ati2evxx.exe[832] USER32.dll!DefWindowProcW                                                                                                                                                                                                                                                                                                            7E3A8D20 5 Bytes  JMP 00FB05E3 
.text           C:\WINDOWS\system32\Ati2evxx.exe[832] USER32.dll!BeginPaint                                                                                                                                                                                                                                                                                                                7E3A8FE9 5 Bytes  JMP 00FB0552 
.text           C:\WINDOWS\system32\Ati2evxx.exe[832] USER32.dll!EndPaint                                                                                                                                                                                                                                                                                                                  7E3A8FFD 5 Bytes  JMP 00FB05B4 
.text           C:\WINDOWS\system32\Ati2evxx.exe[832] USER32.dll!DefWindowProcA                                                                                                                                                                                                                                                                                                            7E3AC17E 5 Bytes  JMP 00FB061F 
.text           C:\WINDOWS\system32\Ati2evxx.exe[832] USER32.dll!GetClipboardData                                                                                                                                                                                                                                                                                                          7E3B0DBA 5 Bytes  JMP 00FB5863 
.text           C:\WINDOWS\system32\Ati2evxx.exe[832] WININET.dll!InternetReadFile                                                                                                                                                                                                                                                                                                         404B654B 5 Bytes  JMP 00FB7D10 
.text           C:\WINDOWS\system32\Ati2evxx.exe[832] WININET.dll!HttpQueryInfoA                                                                                                                                                                                                                                                                                                           404B878D 5 Bytes  JMP 00FB7DB7 
.text           C:\WINDOWS\system32\Ati2evxx.exe[832] WININET.dll!InternetCloseHandle                                                                                                                                                                                                                                                                                                      404B9088 5 Bytes  JMP 00FB7D78

soulysilak · Answer

.text           C:\WINDOWS\system32\Ati2evxx.exe[832] WININET.dll!InternetQueryDataAvailable                                                                                                                                                                                                                                                                                               404BBF7F 5 Bytes  JMP 00FB7D55 
.text           C:\WINDOWS\system32\Ati2evxx.exe[832] WININET.dll!HttpSendRequestW                                                                                                                                                                                                                                                                                                         404BFABE 5 Bytes  JMP 00FB7C84 
.text           C:\WINDOWS\system32\Ati2evxx.exe[832] WININET.dll!HttpSendRequestA                                                                                                                                                                                                                                                                                                         404CEE89 5 Bytes  JMP 00FB7CA6 
.text           C:\WINDOWS\system32\Ati2evxx.exe[832] WININET.dll!InternetReadFileExA                                                                                                                                                                                                                                                                                                      404D3381 5 Bytes  JMP 00FB7D32 
.text           C:\WINDOWS\system32\Ati2evxx.exe[832] WININET.dll!HttpSendRequestExA                                                                                                                                                                                                                                                                                                       4052A70A 5 Bytes  JMP 00FB7CEC 
.text           C:\WINDOWS\system32\Ati2evxx.exe[832] WININET.dll!HttpSendRequestExW                                                                                                                                                                                                                                                                                                       4052A763 5 Bytes  JMP 00FB7CC8 
.text           C:\WINDOWS\system32\Ati2evxx.exe[832] WS2_32.dll!closesocket                                                                                                                                                                                                                                                                                                               719F3E2B 5 Bytes  JMP 00FB1924 
.text           C:\WINDOWS\system32\Ati2evxx.exe[832] WS2_32.dll!send                                                                                                                                                                                                                                                                                                                      719F4C27 5 Bytes  JMP 00FB1958 
.text           C:\WINDOWS\system32\Ati2evxx.exe[832] WS2_32.dll!WSASend                                                                                                                                                                                                                                                                                                                   719F68FA 5 Bytes  JMP 00FB1975 
.text           C:\WINDOWS\system32\Ati2evxx.exe[832] CRYPT32.dll!PFXImportCertStore                                                                                                                                                                                                                                                                                                       77A4FF8F 5 Bytes  JMP 00FA3909 
.text           C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateThread                                                                                                                                                                                                                                                                                                              7C91D1AE 5 Bytes  JMP 006C3E67 
.text           C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!NtCreateFile                                                                                                                                                                                                                                                                                                                7C91D0AE 5 Bytes  JMP 00EA40AE 
.text           C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!NtCreateThread                                                                                                                                                                                                                                                                                                              7C91D1AE 5 Bytes  JMP 00EA3E67 
.text           C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!NtQueryDirectoryFile                                                                                                                                                                                                                                                                                                        7C91D76E 5 Bytes  JMP 00EA405A 
.text           C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!LdrLoadDll                                                                                                                                                                                                                                                                                                                  7C9263C3 5 Bytes  JMP 00EA3FC5 
.text           C:\WINDOWS\system32\svchost.exe[916] USER32.dll!TranslateMessage                                                                                                                                                                                                                                                                                                           7E398BF6 5 Bytes  JMP 00EB572E 
.text           C:\WINDOWS\system32\svchost.exe[916] USER32.dll!DefWindowProcW                                                                                                                                                                                                                                                                                                             7E3A8D20 5 Bytes  JMP 00EB05E3 
.text           C:\WINDOWS\system32\svchost.exe[916] USER32.dll!BeginPaint                                                                                                                                                                                                                                                                                                                 7E3A8FE9 5 Bytes  JMP 00EB0552 
.text           C:\WINDOWS\system32\svchost.exe[916] USER32.dll!EndPaint                                                                                                                                                                                                                                                                                                                   7E3A8FFD 5 Bytes  JMP 00EB05B4 
.text           C:\WINDOWS\system32\svchost.exe[916] USER32.dll!DefWindowProcA                                                                                                                                                                                                                                                                                                             7E3AC17E 5 Bytes  JMP 00EB061F 
.text           C:\WINDOWS\system32\svchost.exe[916] USER32.dll!GetClipboardData                                                                                                                                                                                                                                                                                                           7E3B0DBA 5 Bytes  JMP 00EB5863 
.text           C:\WINDOWS\system32\svchost.exe[916] WININET.dll!InternetReadFile                                                                                                                                                                                                                                                                                                          404B654B 5 Bytes  JMP 00EB7D10 
.text           C:\WINDOWS\system32\svchost.exe[916] WININET.dll!HttpQueryInfoA                                                                                                                                                                                                                                                                                                            404B878D 5 Bytes  JMP 00EB7DB7 
.text           C:\WINDOWS\system32\svchost.exe[916] WININET.dll!InternetCloseHandle                                                                                                                                                                                                                                                                                                       404B9088 5 Bytes  JMP 00EB7D78 
.text           C:\WINDOWS\system32\svchost.exe[916] WININET.dll!InternetQueryDataAvailable                                                                                                                                                                                                                                                                                                404BBF7F 5 Bytes  JMP 00EB7D55 
.text           C:\WINDOWS\system32\svchost.exe[916] WININET.dll!HttpSendRequestW                                                                                                                                                                                                                                                                                                          404BFABE 5 Bytes  JMP 00EB7C84 
.text           C:\WINDOWS\system32\svchost.exe[916] WININET.dll!HttpSendRequestA                                                                                                                                                                                                                                                                                                          404CEE89 5 Bytes  JMP 00EB7CA6

soulysilak · Answer

.text           C:\WINDOWS\system32\svchost.exe[916] WININET.dll!InternetReadFileExA                                                                                                                                                                                                                                                                                                       404D3381 5 Bytes  JMP 00EB7D32 
.text           C:\WINDOWS\system32\svchost.exe[916] WININET.dll!HttpSendRequestExA                                                                                                                                                                                                                                                                                                        4052A70A 5 Bytes  JMP 00EB7CEC 
.text           C:\WINDOWS\system32\svchost.exe[916] WININET.dll!HttpSendRequestExW                                                                                                                                                                                                                                                                                                        4052A763 5 Bytes  JMP 00EB7CC8 
.text           C:\WINDOWS\system32\svchost.exe[916] WS2_32.dll!closesocket                                                                                                                                                                                                                                                                                                                719F3E2B 5 Bytes  JMP 00EB1924 
.text           C:\WINDOWS\system32\svchost.exe[916] WS2_32.dll!send                                                                                                                                                                                                                                                                                                                       719F4C27 5 Bytes  JMP 00EB1958 
.text           C:\WINDOWS\system32\svchost.exe[916] WS2_32.dll!WSASend                                                                                                                                                                                                                                                                                                                    719F68FA 5 Bytes  JMP 00EB1975 
.text           C:\WINDOWS\system32\svchost.exe[916] CRYPT32.dll!PFXImportCertStore                                                                                                                                                                                                                                                                                                        77A4FF8F 5 Bytes  JMP 00EA3909 
.text           c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[972] ntdll.dll!NtCreateFile                                                                                                                                                                                                                                                                                     7C91D0AE 5 Bytes  JMP 00DC40AE 
.text           c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[972] ntdll.dll!NtCreateThread                                                                                                                                                                                                                                                                                   7C91D1AE 5 Bytes  JMP 00DC3E67 
.text           c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[972] ntdll.dll!NtQueryDirectoryFile                                                                                                                                                                                                                                                                             7C91D76E 5 Bytes  JMP 00DC405A 
.text           c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[972] ntdll.dll!LdrLoadDll                                                                                                                                                                                                                                                                                       7C9263C3 5 Bytes  JMP 00DC3FC5 
.text           c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[972] USER32.dll!TranslateMessage                                                                                                                                                                                                                                                                                7E398BF6 5 Bytes  JMP 00DD572E 
.text           c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[972] USER32.dll!DefWindowProcW                                                                                                                                                                                                                                                                                  7E3A8D20 5 Bytes  JMP 00DD05E3 
.text           c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[972] USER32.dll!BeginPaint                                                                                                                                                                                                                                                                                      7E3A8FE9 5 Bytes  JMP 00DD0552 
.text           c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[972] USER32.dll!EndPaint                                                                                                                                                                                                                                                                                        7E3A8FFD 5 Bytes  JMP 00DD05B4 
.text           c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[972] USER32.dll!DefWindowProcA                                                                                                                                                                                                                                                                                  7E3AC17E 5 Bytes  JMP 00DD061F 
.text           c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[972] USER32.dll!GetClipboardData                                                                                                                                                                                                                                                                                7E3B0DBA 5 Bytes  JMP 00DD5863 
.text           c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[972] WININET.dll!InternetReadFile                                                                                                                                                                                                                                                                               404B654B 5 Bytes  JMP 00DD7D10 
.text           c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[972] WININET.dll!HttpQueryInfoA                                                                                                                                                                                                                                                                                 404B878D 5 Bytes  JMP 00DD7DB7 
.text           c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[972] WININET.dll!InternetCloseHandle                                                                                                                                                                                                                                                                            404B9088 5 Bytes  JMP 00DD7D78 
.text           c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[972] WININET.dll!InternetQueryDataAvailable                                                                                                                                                                                                                                                                     404BBF7F 5 Bytes  JMP 00DD7D55 
.text           c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[972] WININET.dll!HttpSendRequestW                                                                                                                                                                                                                                                                               404BFABE 5 Bytes  JMP 00DD7C84 
.text           c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[972] WININET.dll!HttpSendRequestA                                                                                                                                                                                                                                                                               404CEE89 5 Bytes  JMP 00DD7CA6 
.text           c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[972] WININET.dll!InternetReadFileExA                                                                                                                                                                                                                                                                            404D3381 5 Bytes  JMP 00DD7D32 
.text           c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[972] WININET.dll!HttpSendRequestExA                                                                                                                                                                                                                                                                             4052A70A 5 Bytes  JMP 00DD7CEC 
.text           c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[972] WININET.dll!HttpSendRequestExW                                                                                                                                                                                                                                                                             4052A763 5 Bytes  JMP 00DD7CC8 
.text           c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[972] CRYPT32.dll!PFXImportCertStore                                                                                                                                                                                                                                                                             77A4FF8F 5 Bytes  JMP 00DC3909 
.text           c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[972] WS2_32.dll!closesocket                                                                                                                                                                                                                                                                                     719F3E2B 5 Bytes  JMP 00DD1924 
.text           c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[972] WS2_32.dll!send                                                                                                                                                                                                                                                                                            719F4C27 5 Bytes  JMP 00DD1958 
.text           c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[972] WS2_32.dll!WSASend                                                                                                                                                                                                                                                                                         719F68FA 5 Bytes  JMP 00DD1975 
.text           C:\WINDOWS\System32\svchost.exe[1036] ntdll.dll!NtProtectVirtualMemory                                                                                                                                                                                                                                                                                                     7C91D6EE 5 Bytes  JMP 006D000A 
.text           C:\WINDOWS\System32\svchost.exe[1036] ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                                                                                                                                                       7C91DFAE 5 Bytes  JMP 006E000A 
.text           C:\WINDOWS\System32\svchost.exe[1036] ntdll.dll!KiUserExceptionDispatcher                                                                                                                                                                                                                                                                                                  7C91E47C 5 Bytes  JMP 006C000C 
.text           C:\WINDOWS\System32\svchost.exe[1036] USER32.dll!GetCursorPos                                                                                                                                                                                                                                                                                                              7E3A974E 5 Bytes  JMP 026E000A 
.text           C:\WINDOWS\System32\svchost.exe[1036] ole32.dll!CoCreateInstance                                                                                                                                                                                                                                                                                                           774C057E 5 Bytes  JMP 0267000A

soulysilak · Answer

.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1072] ntdll.dll!NtCreateFile                                                                                                                                                                                                                                                                        7C91D0AE 5 Bytes  JMP 000740AE 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1072] ntdll.dll!NtCreateThread                                                                                                                                                                                                                                                                      7C91D1AE 5 Bytes  JMP 00073E67 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1072] ntdll.dll!NtQueryDirectoryFile                                                                                                                                                                                                                                                                7C91D76E 5 Bytes  JMP 0007405A 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1072] ntdll.dll!LdrLoadDll                                                                                                                                                                                                                                                                          7C9263C3 5 Bytes  JMP 00073FC5 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1072] USER32.dll!TranslateMessage                                                                                                                                                                                                                                                                   7E398BF6 5 Bytes  JMP 0008572E 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1072] USER32.dll!DefWindowProcW                                                                                                                                                                                                                                                                     7E3A8D20 5 Bytes  JMP 000805E3 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1072] USER32.dll!BeginPaint                                                                                                                                                                                                                                                                         7E3A8FE9 5 Bytes  JMP 00080552 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1072] USER32.dll!EndPaint                                                                                                                                                                                                                                                                           7E3A8FFD 5 Bytes  JMP 000805B4 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1072] USER32.dll!DefWindowProcA                                                                                                                                                                                                                                                                     7E3AC17E 5 Bytes  JMP 0008061F 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1072] USER32.dll!GetClipboardData                                                                                                                                                                                                                                                                   7E3B0DBA 5 Bytes  JMP 00085863 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1072] WS2_32.dll!closesocket                                                                                                                                                                                                                                                                        719F3E2B 5 Bytes  JMP 00081924 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1072] WS2_32.dll!send                                                                                                                                                                                                                                                                               719F4C27 5 Bytes  JMP 00081958 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1072] WS2_32.dll!WSASend                                                                                                                                                                                                                                                                            719F68FA 5 Bytes  JMP 00081975 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1072] CRYPT32.dll!PFXImportCertStore                                                                                                                                                                                                                                                                77A4FF8F 5 Bytes  JMP 00073909 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1072] WININET.dll!InternetReadFile                                                                                                                                                                                                                                                                  404B654B 5 Bytes  JMP 00087D10 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1072] WININET.dll!HttpQueryInfoA                                                                                                                                                                                                                                                                    404B878D 5 Bytes  JMP 00087DB7 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1072] WININET.dll!InternetCloseHandle                                                                                                                                                                                                                                                               404B9088 5 Bytes  JMP 00087D78 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1072] WININET.dll!InternetQueryDataAvailable                                                                                                                                                                                                                                                        404BBF7F 5 Bytes  JMP 00087D55 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1072] WININET.dll!HttpSendRequestW                                                                                                                                                                                                                                                                  404BFABE 5 Bytes  JMP 00087C84 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1072] WININET.dll!HttpSendRequestA                                                                                                                                                                                                                                                                  404CEE89 5 Bytes  JMP 00087CA6 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1072] WININET.dll!InternetReadFileExA                                                                                                                                                                                                                                                               404D3381 5 Bytes  JMP 00087D32 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1072] WININET.dll!HttpSendRequestExA                                                                                                                                                                                                                                                                4052A70A 5 Bytes  JMP 00087CEC 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1072] WININET.dll!HttpSendRequestExW                                                                                                                                                                                                                                                                4052A763 5 Bytes  JMP 00087CC8 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[1132] ntdll.dll!NtCreateFile                                                                                                                                                                                                                                                                                                    7C91D0AE 5 Bytes  JMP 001340AE 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[1132] ntdll.dll!NtCreateThread                                                                                                                                                                                                                                                                                                  7C91D1AE 5 Bytes  JMP 00133E67 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[1132] ntdll.dll!NtQueryDirectoryFile                                                                                                                                                                                                                                                                                            7C91D76E 5 Bytes  JMP 0013405A 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[1132] ntdll.dll!LdrLoadDll                                                                                                                                                                                                                                                                                                      7C9263C3 5 Bytes  JMP 00133FC5 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[1132] WS2_32.dll!closesocket                                                                                                                                                                                                                                                                                                    719F3E2B 5 Bytes  JMP 00141924 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[1132] WS2_32.dll!send                                                                                                                                                                                                                                                                                                           719F4C27 5 Bytes  JMP 00141958 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[1132] WS2_32.dll!WSASend                                                                                                                                                                                                                                                                                                        719F68FA 5 Bytes  JMP 00141975 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[1132] USER32.dll!TranslateMessage                                                                                                                                                                                                                                                                                               7E398BF6 5 Bytes  JMP 0014572E 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[1132] USER32.dll!DefWindowProcW                                                                                                                                                                                                                                                                                                 7E3A8D20 5 Bytes  JMP 001405E3 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[1132] USER32.dll!BeginPaint                                                                                                                                                                                                                                                                                                     7E3A8FE9 5 Bytes  JMP 00140552 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[1132] USER32.dll!EndPaint                                                                                                                                                                                                                                                                                                       7E3A8FFD 5 Bytes  JMP 001405B4 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[1132] USER32.dll!DefWindowProcA                                                                                                                                                                                                                                                                                                 7E3AC17E 5 Bytes  JMP 0014061F 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[1132] USER32.dll!GetClipboardData                                                                                                                                                                                                                                                                                               7E3B0DBA 5 Bytes  JMP 00145863

soulysilak · Answer

.text           C:\Program Files\Bonjour\mDNSResponder.exe[1132] WININET.dll!InternetReadFile                                                                                                                                                                                                                                                                                              404B654B 5 Bytes  JMP 00147D10 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[1132] WININET.dll!HttpQueryInfoA                                                                                                                                                                                                                                                                                                404B878D 5 Bytes  JMP 00147DB7 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[1132] WININET.dll!InternetCloseHandle                                                                                                                                                                                                                                                                                           404B9088 5 Bytes  JMP 00147D78 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[1132] WININET.dll!InternetQueryDataAvailable                                                                                                                                                                                                                                                                                    404BBF7F 5 Bytes  JMP 00147D55 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[1132] WININET.dll!HttpSendRequestW                                                                                                                                                                                                                                                                                              404BFABE 5 Bytes  JMP 00147C84 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[1132] WININET.dll!HttpSendRequestA                                                                                                                                                                                                                                                                                              404CEE89 5 Bytes  JMP 00147CA6 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[1132] WININET.dll!InternetReadFileExA                                                                                                                                                                                                                                                                                           404D3381 5 Bytes  JMP 00147D32 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[1132] WININET.dll!HttpSendRequestExA                                                                                                                                                                                                                                                                                            4052A70A 5 Bytes  JMP 00147CEC 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[1132] WININET.dll!HttpSendRequestExW                                                                                                                                                                                                                                                                                            4052A763 5 Bytes  JMP 00147CC8 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[1132] CRYPT32.dll!PFXImportCertStore                                                                                                                                                                                                                                                                                            77A4FF8F 5 Bytes  JMP 00133909 
.text           C:\WINDOWS\System32\svchost.exe[1208] ntdll.dll!NtCreateFile                                                                                                                                                                                                                                                                                                               7C91D0AE 5 Bytes  JMP 000840AE 
.text           C:\WINDOWS\System32\svchost.exe[1208] ntdll.dll!NtCreateThread                                                                                                                                                                                                                                                                                                             7C91D1AE 5 Bytes  JMP 00083E67 
.text           C:\WINDOWS\System32\svchost.exe[1208] ntdll.dll!NtQueryDirectoryFile                                                                                                                                                                                                                                                                                                       7C91D76E 5 Bytes  JMP 0008405A 
.text           C:\WINDOWS\System32\svchost.exe[1208] ntdll.dll!LdrLoadDll                                                                                                                                                                                                                                                                                                                 7C9263C3 5 Bytes  JMP 00083FC5 
.text           C:\WINDOWS\System32\svchost.exe[1208] USER32.dll!TranslateMessage                                                                                                                                                                                                                                                                                                          7E398BF6 5 Bytes  JMP 0009572E 
.text           C:\WINDOWS\System32\svchost.exe[1208] USER32.dll!DefWindowProcW                                                                                                                                                                                                                                                                                                            7E3A8D20 5 Bytes  JMP 000905E3 
.text           C:\WINDOWS\System32\svchost.exe[1208] USER32.dll!BeginPaint                                                                                                                                                                                                                                                                                                                7E3A8FE9 5 Bytes  JMP 00090552 
.text           C:\WINDOWS\System32\svchost.exe[1208] USER32.dll!EndPaint                                                                                                                                                                                                                                                                                                                  7E3A8FFD 5 Bytes  JMP 000905B4 
.text           C:\WINDOWS\System32\svchost.exe[1208] USER32.dll!DefWindowProcA                                                                                                                                                                                                                                                                                                            7E3AC17E 5 Bytes  JMP 0009061F 
.text           C:\WINDOWS\System32\svchost.exe[1208] USER32.dll!GetClipboardData                                                                                                                                                                                                                                                                                                          7E3B0DBA 5 Bytes  JMP 00095863 
.text           C:\WINDOWS\System32\svchost.exe[1208] WININET.dll!InternetReadFile                                                                                                                                                                                                                                                                                                         404B654B 5 Bytes  JMP 00097D10 
.text           C:\WINDOWS\System32\svchost.exe[1208] WININET.dll!HttpQueryInfoA                                                                                                                                                                                                                                                                                                           404B878D 5 Bytes  JMP 00097DB7 
.text           C:\WINDOWS\System32\svchost.exe[1208] WININET.dll!InternetCloseHandle                                                                                                                                                                                                                                                                                                      404B9088 5 Bytes  JMP 00097D78 
.text           C:\WINDOWS\System32\svchost.exe[1208] WININET.dll!InternetQueryDataAvailable                                                                                                                                                                                                                                                                                               404BBF7F 5 Bytes  JMP 00097D55 
.text           C:\WINDOWS\System32\svchost.exe[1208] WININET.dll!HttpSendRequestW                                                                                                                                                                                                                                                                                                         404BFABE 5 Bytes  JMP 00097C84 
.text           C:\WINDOWS\System32\svchost.exe[1208] WININET.dll!HttpSendRequestA                                                                                                                                                                                                                                                                                                         404CEE89 5 Bytes  JMP 00097CA6 
.text           C:\WINDOWS\System32\svchost.exe[1208] WININET.dll!InternetReadFileExA                                                                                                                                                                                                                                                                                                      404D3381 5 Bytes  JMP 00097D32 
.text           C:\WINDOWS\System32\svchost.exe[1208] WININET.dll!HttpSendRequestExA                                                                                                                                                                                                                                                                                                       4052A70A 5 Bytes  JMP 00097CEC 
.text           C:\WINDOWS\System32\svchost.exe[1208] WININET.dll!HttpSendRequestExW                                                                                                                                                                                                                                                                                                       4052A763 5 Bytes  JMP 00097CC8 
.text           C:\WINDOWS\System32\svchost.exe[1208] WS2_32.dll!closesocket                                                                                                                                                                                                                                                                                                               719F3E2B 5 Bytes  JMP 00091924 
.text           C:\WINDOWS\System32\svchost.exe[1208] WS2_32.dll!send                                                                                                                                                                                                                                                                                                                      719F4C27 5 Bytes  JMP 00091958 
.text           C:\WINDOWS\System32\svchost.exe[1208] WS2_32.dll!WSASend                                                                                                                                                                                                                                                                                                                   719F68FA 5 Bytes  JMP 00091975 
.text           C:\WINDOWS\System32\svchost.exe[1208] CRYPT32.dll!PFXImportCertStore                                                                                                                                                                                                                                                                                                       77A4FF8F 5 Bytes  JMP 00083909 
.text           C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!NtCreateFile                                                                                                                                                                                                                                                                                                               7C91D0AE 5 Bytes  JMP 006C40AE 
.text           C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!NtCreateThread                                                                                                                                                                                                                                                                                                             7C91D1AE 5 Bytes  JMP 006C3E67

soulysilak · Answer

.text           C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!NtQueryDirectoryFile                                                                                                                                                                                                                                                                                                       7C91D76E 5 Bytes  JMP 006C405A 
.text           C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!LdrLoadDll                                                                                                                                                                                                                                                                                                                 7C9263C3 5 Bytes  JMP 006C3FC5 
.text           C:\WINDOWS\system32\svchost.exe[1236] USER32.dll!TranslateMessage                                                                                                                                                                                                                                                                                                          7E398BF6 5 Bytes  JMP 006D572E 
.text           C:\WINDOWS\system32\svchost.exe[1236] USER32.dll!DefWindowProcW                                                                                                                                                                                                                                                                                                            7E3A8D20 5 Bytes  JMP 006D05E3 
.text           C:\WINDOWS\system32\svchost.exe[1236] USER32.dll!BeginPaint                                                                                                                                                                                                                                                                                                                7E3A8FE9 5 Bytes  JMP 006D0552 
.text           C:\WINDOWS\system32\svchost.exe[1236] USER32.dll!EndPaint                                                                                                                                                                                                                                                                                                                  7E3A8FFD 5 Bytes  JMP 006D05B4 
.text           C:\WINDOWS\system32\svchost.exe[1236] USER32.dll!DefWindowProcA                                                                                                                                                                                                                                                                                                            7E3AC17E 5 Bytes  JMP 006D061F 
.text           C:\WINDOWS\system32\svchost.exe[1236] USER32.dll!GetClipboardData                                                                                                                                                                                                                                                                                                          7E3B0DBA 5 Bytes  JMP 006D5863 
.text           C:\WINDOWS\system32\svchost.exe[1236] WININET.dll!InternetReadFile                                                                                                                                                                                                                                                                                                         404B654B 5 Bytes  JMP 006D7D10 
.text           C:\WINDOWS\system32\svchost.exe[1236] WININET.dll!HttpQueryInfoA                                                                                                                                                                                                                                                                                                           404B878D 5 Bytes  JMP 006D7DB7 
.text           C:\WINDOWS\system32\svchost.exe[1236] WININET.dll!InternetCloseHandle                                                                                                                                                                                                                                                                                                      404B9088 5 Bytes  JMP 006D7D78 
.text           C:\WINDOWS\system32\svchost.exe[1236] WININET.dll!InternetQueryDataAvailable                                                                                                                                                                                                                                                                                               404BBF7F 5 Bytes  JMP 006D7D55 
.text           C:\WINDOWS\system32\svchost.exe[1236] WININET.dll!HttpSendRequestW                                                                                                                                                                                                                                                                                                         404BFABE 5 Bytes  JMP 006D7C84 
.text           C:\WINDOWS\system32\svchost.exe[1236] WININET.dll!HttpSendRequestA                                                                                                                                                                                                                                                                                                         404CEE89 5 Bytes  JMP 006D7CA6 
.text           C:\WINDOWS\system32\svchost.exe[1236] WININET.dll!InternetReadFileExA                                                                                                                                                                                                                                                                                                      404D3381 5 Bytes  JMP 006D7D32 
.text           C:\WINDOWS\system32\svchost.exe[1236] WININET.dll!HttpSendRequestExA                                                                                                                                                                                                                                                                                                       4052A70A 5 Bytes  JMP 006D7CEC 
.text           C:\WINDOWS\system32\svchost.exe[1236] WININET.dll!HttpSendRequestExW                                                                                                                                                                                                                                                                                                       4052A763 5 Bytes  JMP 006D7CC8 
.text           C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!closesocket                                                                                                                                                                                                                                                                                                               719F3E2B 5 Bytes  JMP 006D1924 
.text           C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!send                                                                                                                                                                                                                                                                                                                      719F4C27 5 Bytes  JMP 006D1958 
.text           C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!WSASend                                                                                                                                                                                                                                                                                                                   719F68FA 5 Bytes  JMP 006D1975 
.text           C:\WINDOWS\system32\svchost.exe[1236] CRYPT32.dll!PFXImportCertStore                                                                                                                                                                                                                                                                                                       77A4FF8F 5 Bytes  JMP 006C3909 
.text           C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtCreateFile                                                                                                                                                                                                                                                                                                               7C91D0AE 5 Bytes  JMP 006C40AE 
.text           C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtCreateThread                                                                                                                                                                                                                                                                                                             7C91D1AE 5 Bytes  JMP 006C3E67 
.text           C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtQueryDirectoryFile                                                                                                                                                                                                                                                                                                       7C91D76E 5 Bytes  JMP 006C405A 
.text           C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!LdrLoadDll                                                                                                                                                                                                                                                                                                                 7C9263C3 5 Bytes  JMP 006C3FC5 
.text           C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!TranslateMessage                                                                                                                                                                                                                                                                                                          7E398BF6 5 Bytes  JMP 006D572E 
.text           C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!DefWindowProcW                                                                                                                                                                                                                                                                                                            7E3A8D20 5 Bytes  JMP 006D05E3 
.text           C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!BeginPaint                                                                                                                                                                                                                                                                                                                7E3A8FE9 5 Bytes  JMP 006D0552 
.text           C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!EndPaint                                                                                                                                                                                                                                                                                                                  7E3A8FFD 5 Bytes  JMP 006D05B4 
.text           C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!DefWindowProcA                                                                                                                                                                                                                                                                                                            7E3AC17E 5 Bytes  JMP 006D061F 
.text           C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!GetClipboardData                                                                                                                                                                                                                                                                                                          7E3B0DBA 5 Bytes  JMP 006D5863 
.text           C:\WINDOWS\system32\svchost.exe[1284] WININET.dll!InternetReadFile                                                                                                                                                                                                                                                                                                         404B654B 5 Bytes  JMP 006D7D10 
.text           C:\WINDOWS\system32\svchost.exe[1284] WININET.dll!HttpQueryInfoA                                                                                                                                                                                                                                                                                                           404B878D 5 Bytes  JMP 006D7DB7 
.text           C:\WINDOWS\system32\svchost.exe[1284] WININET.dll!InternetCloseHandle                                                                                                                                                                                                                                                                                                      404B9088 5 Bytes  JMP 006D7D78 
.text           C:\WINDOWS\system32\svchost.exe[1284] WININET.dll!InternetQueryDataAvailable                                                                                                                                                                                                                                                                                               404BBF7F 5 Bytes  JMP 006D7D55 
.text           C:\WINDOWS\system32\svchost.exe[1284] WININET.dll!HttpSendRequestW                                                                                                                                                                                                                                                                                                         404BFABE 5 Bytes  JMP 006D7C84 
.text           C:\WINDOWS\system32\svchost.exe[1284] WININET.dll!HttpSendRequestA                                                                                                                                                                                                                                                                                                         404CEE89 5 Bytes  JMP 006D7CA6 
.text           C:\WINDOWS\system32\svchost.exe[1284] WININET.dll!InternetReadFileExA                                                                                                                                                                                                                                                                                                      404D3381 5 Bytes  JMP 006D7D32 
.text           C:\WINDOWS\system32\svchost.exe[1284] WININET.dll!HttpSendRequestExA                                                                                                                                                                                                                                                                                                       4052A70A 5 Bytes  JMP 006D7CEC 
.text           C:\WINDOWS\system32\svchost.exe[1284] WININET.dll!HttpSendRequestExW                                                                                                                                                                                                                                                                                                       4052A763 5 Bytes  JMP 006D7CC8

soulysilak · Answer

.text           C:\WINDOWS\system32\svchost.exe[1284] WS2_32.dll!closesocket                                                                                                                                                                                                                                                                                                               719F3E2B 5 Bytes  JMP 006D1924 
.text           C:\WINDOWS\system32\svchost.exe[1284] WS2_32.dll!send                                                                                                                                                                                                                                                                                                                      719F4C27 5 Bytes  JMP 006D1958 
.text           C:\WINDOWS\system32\svchost.exe[1284] WS2_32.dll!WSASend                                                                                                                                                                                                                                                                                                                   719F68FA 5 Bytes  JMP 006D1975 
.text           C:\WINDOWS\system32\svchost.exe[1284] CRYPT32.dll!PFXImportCertStore                                                                                                                                                                                                                                                                                                       77A4FF8F 5 Bytes  JMP 006C3909 
.text           C:\WINDOWS\eHome\ehRecvr.exe[1388] ntdll.dll!NtCreateFile                                                                                                                                                                                                                                                                                                                  7C91D0AE 5 Bytes  JMP 000740AE 
.text           C:\WINDOWS\eHome\ehRecvr.exe[1388] ntdll.dll!NtCreateThread                                                                                                                                                                                                                                                                                                                7C91D1AE 5 Bytes  JMP 00073E67 
.text           C:\WINDOWS\eHome\ehRecvr.exe[1388] ntdll.dll!NtQueryDirectoryFile                                                                                                                                                                                                                                                                                                          7C91D76E 5 Bytes  JMP 0007405A 
.text           C:\WINDOWS\eHome\ehRecvr.exe[1388] ntdll.dll!LdrLoadDll                                                                                                                                                                                                                                                                                                                    7C9263C3 5 Bytes  JMP 00073FC5 
.text           C:\WINDOWS\eHome\ehRecvr.exe[1388] USER32.dll!TranslateMessage                                                                                                                                                                                                                                                                                                             7E398BF6 5 Bytes  JMP 0008572E 
.text           C:\WINDOWS\eHome\ehRecvr.exe[1388] USER32.dll!DefWindowProcW                                                                                                                                                                                                                                                                                                               7E3A8D20 5 Bytes  JMP 000805E3 
.text           C:\WINDOWS\eHome\ehRecvr.exe[1388] USER32.dll!BeginPaint                                                                                                                                                                                                                                                                                                                   7E3A8FE9 5 Bytes  JMP 00080552 
.text           C:\WINDOWS\eHome\ehRecvr.exe[1388] USER32.dll!EndPaint                                                                                                                                                                                                                                                                                                                     7E3A8FFD 5 Bytes  JMP 000805B4 
.text           C:\WINDOWS\eHome\ehRecvr.exe[1388] USER32.dll!DefWindowProcA                                                                                                                                                                                                                                                                                                               7E3AC17E 5 Bytes  JMP 0008061F 
.text           C:\WINDOWS\eHome\ehRecvr.exe[1388] USER32.dll!GetClipboardData                                                                                                                                                                                                                                                                                                             7E3B0DBA 5 Bytes  JMP 00085863 
.text           C:\WINDOWS\eHome\ehRecvr.exe[1388] WININET.dll!InternetReadFile                                                                                                                                                                                                                                                                                                            404B654B 5 Bytes  JMP 00087D10 
.text           C:\WINDOWS\eHome\ehRecvr.exe[1388] WININET.dll!HttpQueryInfoA                                                                                                                                                                                                                                                                                                              404B878D 5 Bytes  JMP 00087DB7 
.text           C:\WINDOWS\eHome\ehRecvr.exe[1388] WININET.dll!InternetCloseHandle                                                                                                                                                                                                                                                                                                         404B9088 5 Bytes  JMP 00087D78 
.text           C:\WINDOWS\eHome\ehRecvr.exe[1388] WININET.dll!InternetQueryDataAvailable                                                                                                                                                                                                                                                                                                  404BBF7F 5 Bytes  JMP 00087D55 
.text           C:\WINDOWS\eHome\ehRecvr.exe[1388] WININET.dll!HttpSendRequestW                                                                                                                                                                                                                                                                                                            404BFABE 5 Bytes  JMP 00087C84 
.text           C:\WINDOWS\eHome\ehRecvr.exe[1388] WININET.dll!HttpSendRequestA                                                                                                                                                                                                                                                                                                            404CEE89 5 Bytes  JMP 00087CA6 
.text           C:\WINDOWS\eHome\ehRecvr.exe[1388] WININET.dll!InternetReadFileExA                                                                                                                                                                                                                                                                                                         404D3381 5 Bytes  JMP 00087D32 
.text           C:\WINDOWS\eHome\ehRecvr.exe[1388] WININET.dll!HttpSendRequestExA                                                                                                                                                                                                                                                                                                          4052A70A 5 Bytes  JMP 00087CEC 
.text           C:\WINDOWS\eHome\ehRecvr.exe[1388] WININET.dll!HttpSendRequestExW                                                                                                                                                                                                                                                                                                          4052A763 5 Bytes  JMP 00087CC8 
.text           C:\WINDOWS\eHome\ehRecvr.exe[1388] WS2_32.dll!closesocket                                                                                                                                                                                                                                                                                                                  719F3E2B 5 Bytes  JMP 00081924

soulysilak · Answer

.text           C:\WINDOWS\eHome\ehRecvr.exe[1388] WS2_32.dll!send                                                                                                                                                                                                                                                                                                                         719F4C27 5 Bytes  JMP 00081958 
.text           C:\WINDOWS\eHome\ehRecvr.exe[1388] WS2_32.dll!WSASend                                                                                                                                                                                                                                                                                                                      719F68FA 5 Bytes  JMP 00081975 
.text           C:\WINDOWS\eHome\ehRecvr.exe[1388] CRYPT32.dll!PFXImportCertStore                                                                                                                                                                                                                                                                                                          77A4FF8F 5 Bytes  JMP 00073909 
.text           C:\WINDOWS\eHome\ehSched.exe[1416] ntdll.dll!NtCreateFile                                                                                                                                                                                                                                                                                                                  7C91D0AE 5 Bytes  JMP 000740AE 
.text           C:\WINDOWS\eHome\ehSched.exe[1416] ntdll.dll!NtCreateThread                                                                                                                                                                                                                                                                                                                7C91D1AE 5 Bytes  JMP 00073E67 
.text           C:\WINDOWS\eHome\ehSched.exe[1416] ntdll.dll!NtQueryDirectoryFile                                                                                                                                                                                                                                                                                                          7C91D76E 5 Bytes  JMP 0007405A 
.text           C:\WINDOWS\eHome\ehSched.exe[1416] ntdll.dll!LdrLoadDll                                                                                                                                                                                                                                                                                                                    7C9263C3 5 Bytes  JMP 00073FC5 
.text           C:\WINDOWS\eHome\ehSched.exe[1416] USER32.dll!TranslateMessage                                                                                                                                                                                                                                                                                                             7E398BF6 5 Bytes  JMP 0008572E 
.text           C:\WINDOWS\eHome\ehSched.exe[1416] USER32.dll!DefWindowProcW                                                                                                                                                                                                                                                                                                               7E3A8D20 5 Bytes  JMP 000805E3 
.text           C:\WINDOWS\eHome\ehSched.exe[1416] USER32.dll!BeginPaint                                                                                                                                                                                                                                                                                                                   7E3A8FE9 5 Bytes  JMP 00080552 
.text           C:\WINDOWS\eHome\ehSched.exe[1416] USER32.dll!EndPaint                                                                                                                                                                                                                                                                                                                     7E3A8FFD 5 Bytes  JMP 000805B4 
.text           C:\WINDOWS\eHome\ehSched.exe[1416] USER32.dll!DefWindowProcA                                                                                                                                                                                                                                                                                                               7E3AC17E 5 Bytes  JMP 0008061F 
.text           C:\WINDOWS\eHome\ehSched.exe[1416] USER32.dll!GetClipboardData                                                                                                                                                                                                                                                                                                             7E3B0DBA 5 Bytes  JMP 00085863 
.text           C:\WINDOWS\eHome\ehSched.exe[1416] WININET.dll!InternetReadFile                                                                                                                                                                                                                                                                                                            404B654B 5 Bytes  JMP 00087D10 
.text           C:\WINDOWS\eHome\ehSched.exe[1416] WININET.dll!HttpQueryInfoA                                                                                                                                                                                                                                                                                                              404B878D 5 Bytes  JMP 00087DB7 
.text           C:\WINDOWS\eHome\ehSched.exe[1416] WININET.dll!InternetCloseHandle                                                                                                                                                                                                                                                                                                         404B9088 5 Bytes  JMP 00087D78 
.text           C:\WINDOWS\eHome\ehSched.exe[1416] WININET.dll!InternetQueryDataAvailable                                                                                                                                                                                                                                                                                                  404BBF7F 5 Bytes  JMP 00087D55 
.text           C:\WINDOWS\eHome\ehSched.exe[1416] WININET.dll!HttpSendRequestW                                                                                                                                                                                                                                                                                                            404BFABE 5 Bytes  JMP 00087C84 
.text           C:\WINDOWS\eHome\ehSched.exe[1416] WININET.dll!HttpSendRequestA                                                                                                                                                                                                                                                                                                            404CEE89 5 Bytes  JMP 00087CA6 
.text           C:\WINDOWS\eHome\ehSched.exe[1416] WININET.dll!InternetReadFileExA                                                                                                                                                                                                                                                                                                         404D3381 5 Bytes  JMP 00087D32 
.text           C:\WINDOWS\eHome\ehSched.exe[1416] WININET.dll!HttpSendRequestExA                                                                                                                                                                                                                                                                                                          4052A70A 5 Bytes  JMP 00087CEC 
.text           C:\WINDOWS\eHome\ehSched.exe[1416] WININET.dll!HttpSendRequestExW                                                                                                                                                                                                                                                                                                          4052A763 5 Bytes  JMP 00087CC8 
.text           C:\WINDOWS\eHome\ehSched.exe[1416] WS2_32.dll!closesocket                                                                                                                                                                                                                                                                                                                  719F3E2B 5 Bytes  JMP 00081924 
.text           C:\WINDOWS\eHome\ehSched.exe[1416] WS2_32.dll!send                                                                                                                                                                                                                                                                                                                         719F4C27 5 Bytes  JMP 00081958 
.text           C:\WINDOWS\eHome\ehSched.exe[1416] WS2_32.dll!WSASend                                                                                                                                                                                                                                                                                                                      719F68FA 5 Bytes  JMP 00081975 
.text           C:\WINDOWS\eHome\ehSched.exe[1416] CRYPT32.dll!PFXImportCertStore                                                                                                                                                                                                                                                                                                          77A4FF8F 5 Bytes  JMP 00073909 
.text           C:\WINDOWS\system32\spoolsv.exe[1476] ntdll.dll!NtCreateFile                                                                                                                                                                                                                                                                                                               7C91D0AE 5 Bytes  JMP 009440AE 
.text           C:\WINDOWS\system32\spoolsv.exe[1476] ntdll.dll!NtCreateThread                                                                                                                                                                                                                                                                                                             7C91D1AE 5 Bytes  JMP 00943E67 
.text           C:\WINDOWS\system32\spoolsv.exe[1476] ntdll.dll!NtQueryDirectoryFile                                                                                                                                                                                                                                                                                                       7C91D76E 5 Bytes  JMP 0094405A 
.text           C:\WINDOWS\system32\spoolsv.exe[1476] ntdll.dll!LdrLoadDll                                                                                                                                                                                                                                                                                                                 7C9263C3 5 Bytes  JMP 00943FC5 
.text           C:\WINDOWS\system32\spoolsv.exe[1476] USER32.dll!TranslateMessage                                                                                                                                                                                                                                                                                                          7E398BF6 5 Bytes  JMP 0095572E 
.text           C:\WINDOWS\system32\spoolsv.exe[1476] USER32.dll!DefWindowProcW                                                                                                                                                                                                                                                                                                            7E3A8D20 5 Bytes  JMP 009505E3 
.text           C:\WINDOWS\system32\spoolsv.exe[1476] USER32.dll!BeginPaint                                                                                                                                                                                                                                                                                                                7E3A8FE9 5 Bytes  JMP 00950552 
.text           C:\WINDOWS\system32\spoolsv.exe[1476] USER32.dll!EndPaint                                                                                                                                                                                                                                                                                                                  7E3A8FFD 5 Bytes  JMP 009505B4 
.text           C:\WINDOWS\system32\spoolsv.exe[1476] USER32.dll!DefWindowProcA                                                                                                                                                                                                                                                                                                            7E3AC17E 5 Bytes  JMP 0095061F 
.text           C:\WINDOWS\system32\spoolsv.exe[1476] USER32.dll!GetClipboardData                                                                                                                                                                                                                                                                                                          7E3B0DBA 5 Bytes  JMP 00955863 
.text           C:\WINDOWS\system32\spoolsv.exe[1476] WININET.dll!InternetReadFile                                                                                                                                                                                                                                                                                                         404B654B 5 Bytes  JMP 00957D10

soulysilak · Answer

.text           C:\WINDOWS\system32\spoolsv.exe[1476] WININET.dll!HttpQueryInfoA                                                                                                                                                                                                                                                                                                           404B878D 5 Bytes  JMP 00957DB7 
.text           C:\WINDOWS\system32\spoolsv.exe[1476] WININET.dll!InternetCloseHandle                                                                                                                                                                                                                                                                                                      404B9088 5 Bytes  JMP 00957D78 
.text           C:\WINDOWS\system32\spoolsv.exe[1476] WININET.dll!InternetQueryDataAvailable                                                                                                                                                                                                                                                                                               404BBF7F 5 Bytes  JMP 00957D55 
.text           C:\WINDOWS\system32\spoolsv.exe[1476] WININET.dll!HttpSendRequestW                                                                                                                                                                                                                                                                                                         404BFABE 5 Bytes  JMP 00957C84 
.text           C:\WINDOWS\system32\spoolsv.exe[1476] WININET.dll!HttpSendRequestA                                                                                                                                                                                                                                                                                                         404CEE89 5 Bytes  JMP 00957CA6 
.text           C:\WINDOWS\system32\spoolsv.exe[1476] WININET.dll!InternetReadFileExA                                                                                                                                                                                                                                                                                                      404D3381 5 Bytes  JMP 00957D32 
.text           C:\WINDOWS\system32\spoolsv.exe[1476] WININET.dll!HttpSendRequestExA                                                                                                                                                                                                                                                                                                       4052A70A 5 Bytes  JMP 00957CEC 
.text           C:\WINDOWS\system32\spoolsv.exe[1476] WININET.dll!HttpSendRequestExW                                                                                                                                                                                                                                                                                                       4052A763 5 Bytes  JMP 00957CC8 
.text           C:\WINDOWS\system32\spoolsv.exe[1476] WS2_32.dll!closesocket                                                                                                                                                                                                                                                                                                               719F3E2B 5 Bytes  JMP 00951924 
.text           C:\WINDOWS\system32\spoolsv.exe[1476] WS2_32.dll!send                                                                                                                                                                                                                                                                                                                      719F4C27 5 Bytes  JMP 00951958 
.text           C:\WINDOWS\system32\spoolsv.exe[1476] WS2_32.dll!WSASend                                                                                                                                                                                                                                                                                                                   719F68FA 5 Bytes  JMP 00951975 
.text           C:\WINDOWS\system32\spoolsv.exe[1476] CRYPT32.dll!PFXImportCertStore                                                                                                                                                                                                                                                                                                       77A4FF8F 5 Bytes  JMP 00943909 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1612] ntdll.dll!NtCreateFile                                                                                                                                                                                                                                                                                                              7C91D0AE 5 Bytes  JMP 016D40AE 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1612] ntdll.dll!NtCreateThread                                                                                                                                                                                                                                                                                                            7C91D1AE 5 Bytes  JMP 016D3E67 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1612] ntdll.dll!NtQueryDirectoryFile                                                                                                                                                                                                                                                                                                      7C91D76E 5 Bytes  JMP 016D405A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1612] ntdll.dll!LdrLoadDll                                                                                                                                                                                                                                                                                                                7C9263C3 5 Bytes  JMP 016D3FC5 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1612] USER32.dll!TranslateMessage                                                                                                                                                                                                                                                                                                         7E398BF6 5 Bytes  JMP 016E572E 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1612] USER32.dll!DefWindowProcW                                                                                                                                                                                                                                                                                                           7E3A8D20 5 Bytes  JMP 016E05E3 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1612] USER32.dll!BeginPaint                                                                                                                                                                                                                                                                                                               7E3A8FE9 5 Bytes  JMP 016E0552 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1612] USER32.dll!EndPaint                                                                                                                                                                                                                                                                                                                 7E3A8FFD 5 Bytes  JMP 016E05B4 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1612] USER32.dll!DefWindowProcA                                                                                                                                                                                                                                                                                                           7E3AC17E 5 Bytes  JMP 016E061F 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1612] USER32.dll!GetClipboardData                                                                                                                                                                                                                                                                                                         7E3B0DBA 5 Bytes  JMP 016E5863 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1612] WININET.dll!InternetReadFile                                                                                                                                                                                                                                                                                                        404B654B 5 Bytes  JMP 016E7D10 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1612] WININET.dll!HttpQueryInfoA                                                                                                                                                                                                                                                                                                          404B878D 5 Bytes  JMP 016E7DB7 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1612] WININET.dll!InternetCloseHandle                                                                                                                                                                                                                                                                                                     404B9088 5 Bytes  JMP 016E7D78 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1612] WININET.dll!InternetQueryDataAvailable                                                                                                                                                                                                                                                                                              404BBF7F 5 Bytes  JMP 016E7D55 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1612] WININET.dll!HttpSendRequestW                                                                                                                                                                                                                                                                                                        404BFABE 5 Bytes  JMP 016E7C84

soulysilak · Answer

.text           C:\WINDOWS\system32\Ati2evxx.exe[1612] WININET.dll!HttpSendRequestA                                                                                                                                                                                                                                                                                                        404CEE89 5 Bytes  JMP 016E7CA6 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1612] WININET.dll!InternetReadFileExA                                                                                                                                                                                                                                                                                                     404D3381 5 Bytes  JMP 016E7D32 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1612] WININET.dll!HttpSendRequestExA                                                                                                                                                                                                                                                                                                      4052A70A 5 Bytes  JMP 016E7CEC 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1612] WININET.dll!HttpSendRequestExW                                                                                                                                                                                                                                                                                                      4052A763 5 Bytes  JMP 016E7CC8 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1612] WS2_32.dll!closesocket                                                                                                                                                                                                                                                                                                              719F3E2B 5 Bytes  JMP 016E1924 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1612] WS2_32.dll!send                                                                                                                                                                                                                                                                                                                     719F4C27 5 Bytes  JMP 016E1958 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1612] WS2_32.dll!WSASend                                                                                                                                                                                                                                                                                                                  719F68FA 5 Bytes  JMP 016E1975 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1612] CRYPT32.dll!PFXImportCertStore                                                                                                                                                                                                                                                                                                      77A4FF8F 5 Bytes  JMP 016D3909 
.text           C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!NtProtectVirtualMemory                                                                                                                                                                                                                                                                                                             7C91D6EE 5 Bytes  JMP 00B7000A 
.text           C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                                                                                                                                                               7C91DFAE 5 Bytes  JMP 00C1000A 
.text           C:\WINDOWS\Explorer.EXE[1760] ntdll.dll!KiUserExceptionDispatcher                                                                                                                                                                                                                                                                                                          7C91E47C 5 Bytes  JMP 00B6000C 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1796] ntdll.dll!NtCreateFile                                                                                                                                                                                                                                                                                                        7C91D0AE 5 Bytes  JMP 001340AE 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1796] ntdll.dll!NtCreateThread                                                                                                                                                                                                                                                                                                      7C91D1AE 5 Bytes  JMP 00133E67 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1796] ntdll.dll!NtQueryDirectoryFile                                                                                                                                                                                                                                                                                                7C91D76E 5 Bytes  JMP 0013405A 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1796] ntdll.dll!LdrLoadDll                                                                                                                                                                                                                                                                                                          7C9263C3 5 Bytes  JMP 00133FC5 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1796] WS2_32.dll!closesocket                                                                                                                                                                                                                                                                                                        719F3E2B 5 Bytes  JMP 00141924 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1796] WS2_32.dll!send                                                                                                                                                                                                                                                                                                               719F4C27 5 Bytes  JMP 00141958 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1796] WS2_32.dll!WSASend                                                                                                                                                                                                                                                                                                            719F68FA 5 Bytes  JMP 00141975 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1796] USER32.dll!TranslateMessage                                                                                                                                                                                                                                                                                                   7E398BF6 5 Bytes  JMP 0014572E 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1796] USER32.dll!DefWindowProcW                                                                                                                                                                                                                                                                                                     7E3A8D20 5 Bytes  JMP 001405E3 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1796] USER32.dll!BeginPaint                                                                                                                                                                                                                                                                                                         7E3A8FE9 5 Bytes  JMP 00140552 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1796] USER32.dll!EndPaint                                                                                                                                                                                                                                                                                                           7E3A8FFD 5 Bytes  JMP 001405B4 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1796] USER32.dll!DefWindowProcA                                                                                                                                                                                                                                                                                                     7E3AC17E 5 Bytes  JMP 0014061F 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1796] USER32.dll!GetClipboardData                                                                                                                                                                                                                                                                                                   7E3B0DBA 5 Bytes  JMP 00145863 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1796] WININET.dll!InternetReadFile                                                                                                                                                                                                                                                                                                  404B654B 5 Bytes  JMP 00147D10 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1796] WININET.dll!HttpQueryInfoA                                                                                                                                                                                                                                                                                                    404B878D 5 Bytes  JMP 00147DB7 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1796] WININET.dll!InternetCloseHandle                                                                                                                                                                                                                                                                                               404B9088 5 Bytes  JMP 00147D78 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1796] WININET.dll!InternetQueryDataAvailable                                                                                                                                                                                                                                                                                        404BBF7F 5 Bytes  JMP 00147D55 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1796] WININET.dll!HttpSendRequestW                                                                                                                                                                                                                                                                                                  404BFABE 5 Bytes  JMP 00147C84 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1796] WININET.dll!HttpSendRequestA                                                                                                                                                                                                                                                                                                  404CEE89 5 Bytes  JMP 00147CA6 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1796] WININET.dll!InternetReadFileExA                                                                                                                                                                                                                                                                                               404D3381 5 Bytes  JMP 00147D32 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1796] WININET.dll!HttpSendRequestExA                                                                                                                                                                                                                                                                                                4052A70A 5 Bytes  JMP 00147CEC 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1796] WININET.dll!HttpSendRequestExW                                                                                                                                                                                                                                                                                                4052A763 5 Bytes  JMP 00147CC8 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1796] CRYPT32.dll!PFXImportCertStore                                                                                                                                                                                                                                                                                                77A4FF8F 5 Bytes  JMP 00133909

soulysilak · Answer

text           C:\WINDOWS\system32\svchost.exe[2240] ntdll.dll!NtCreateFile                                                                                                                                                                                                                                                                                                               7C91D0AE 5 Bytes  JMP 000840AE 
.text           C:\WINDOWS\system32\svchost.exe[2240] ntdll.dll!NtCreateThread                                                                                                                                                                                                                                                                                                             7C91D1AE 5 Bytes  JMP 00083E67 
.text           C:\WINDOWS\system32\svchost.exe[2240] ntdll.dll!NtQueryDirectoryFile                                                                                                                                                                                                                                                                                                       7C91D76E 5 Bytes  JMP 0008405A 
.text           C:\WINDOWS\system32\svchost.exe[2240] ntdll.dll!LdrLoadDll                                                                                                                                                                                                                                                                                                                 7C9263C3 5 Bytes  JMP 00083FC5 
.text           C:\WINDOWS\system32\svchost.exe[2240] USER32.dll!TranslateMessage                                                                                                                                                                                                                                                                                                          7E398BF6 5 Bytes  JMP 0009572E 
.text           C:\WINDOWS\system32\svchost.exe[2240] USER32.dll!DefWindowProcW                                                                                                                                                                                                                                                                                                            7E3A8D20 5 Bytes  JMP 000905E3 
.text           C:\WINDOWS\system32\svchost.exe[2240] USER32.dll!BeginPaint                                                                                                                                                                                                                                                                                                                7E3A8FE9 5 Bytes  JMP 00090552 
.text           C:\WINDOWS\system32\svchost.exe[2240] USER32.dll!EndPaint                                                                                                                                                                                                                                                                                                                  7E3A8FFD 5 Bytes  JMP 000905B4 
.text           C:\WINDOWS\system32\svchost.exe[2240] USER32.dll!DefWindowProcA                                                                                                                                                                                                                                                                                                            7E3AC17E 5 Bytes  JMP 0009061F 
.text           C:\WINDOWS\system32\svchost.exe[2240] USER32.dll!GetClipboardData                                                                                                                                                                                                                                                                                                          7E3B0DBA 5 Bytes  JMP 00095863 
.text           C:\WINDOWS\system32\svchost.exe[2240] WININET.dll!InternetReadFile                                                                                                                                                                                                                                                                                                         404B654B 5 Bytes  JMP 00097D10 
.text           C:\WINDOWS\system32\svchost.exe[2240] WININET.dll!HttpQueryInfoA                                                                                                                                                                                                                                                                                                           404B878D 5 Bytes  JMP 00097DB7 
.text           C:\WINDOWS\system32\svchost.exe[2240] WININET.dll!InternetCloseHandle                                                                                                                                                                                                                                                                                                      404B9088 5 Bytes  JMP 00097D78 
.text           C:\WINDOWS\system32\svchost.exe[2240] WININET.dll!InternetQueryDataAvailable                                                                                                                                                                                                                                                                                               404BBF7F 5 Bytes  JMP 00097D55 
.text           C:\WINDOWS\system32\svchost.exe[2240] WININET.dll!HttpSendRequestW                                                                                                                                                                                                                                                                                                         404BFABE 5 Bytes  JMP 00097C84 
.text           C:\WINDOWS\system32\svchost.exe[2240] WININET.dll!HttpSendRequestA                                                                                                                                                                                                                                                                                                         404CEE89 5 Bytes  JMP 00097CA6 
.text           C:\WINDOWS\system32\svchost.exe[2240] WININET.dll!InternetReadFileExA                                                                                                                                                                                                                                                                                                      404D3381 5 Bytes  JMP 00097D32 
.text           C:\WINDOWS\system32\svchost.exe[2240] WININET.dll!HttpSendRequestExA                                                                                                                                                                                                                                                                                                       4052A70A 5 Bytes  JMP 00097CEC 
.text           C:\WINDOWS\system32\svchost.exe[2240] WININET.dll!HttpSendRequestExW                                                                                                                                                                                                                                                                                                       4052A763 5 Bytes  JMP 00097CC8 
.text           C:\WINDOWS\system32\svchost.exe[2240] WS2_32.dll!closesocket                                                                                                                                                                                                                                                                                                               719F3E2B 5 Bytes  JMP 00091924 
.text           C:\WINDOWS\system32\svchost.exe[2240] WS2_32.dll!send                                                                                                                                                                                                                                                                                                                      719F4C27 5 Bytes  JMP 00091958 
.text           C:\WINDOWS\system32\svchost.exe[2240] WS2_32.dll!WSASend                                                                                                                                                                                                                                                                                                                   719F68FA 5 Bytes  JMP 00091975 
.text           C:\WINDOWS\system32\svchost.exe[2240] CRYPT32.dll!PFXImportCertStore                                                                                                                                                                                                                                                                                                       77A4FF8F 5 Bytes  JMP 00083909 
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2340] ntdll.dll!NtCreateFile                                                                                                                                                                                                                                                                       7C91D0AE 5 Bytes  JMP 001340AE 
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2340] ntdll.dll!NtCreateThread                                                                                                                                                                                                                                                                     7C91D1AE 5 Bytes  JMP 00133E67 
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2340] ntdll.dll!NtQueryDirectoryFile                                                                                                                                                                                                                                                               7C91D76E 5 Bytes  JMP 0013405A 
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2340] ntdll.dll!LdrLoadDll                                                                                                                                                                                                                                                                         7C9263C3 5 Bytes  JMP 00133FC5 
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2340] USER32.dll!TranslateMessage                                                                                                                                                                                                                                                                  7E398BF6 5 Bytes  JMP 0014572E 
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2340] USER32.dll!DefWindowProcW                                                                                                                                                                                                                                                                    7E3A8D20 5 Bytes  JMP 001405E3 
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2340] USER32.dll!BeginPaint                                                                                                                                                                                                                                                                        7E3A8FE9 5 Bytes  JMP 00140552 
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2340] USER32.dll!EndPaint                                                                                                                                                                                                                                                                          7E3A8FFD 5 Bytes  JMP 001405B4 
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2340] USER32.dll!DefWindowProcA                                                                                                                                                                                                                                                                    7E3AC17E 5 Bytes  JMP 0014061F 
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2340] USER32.dll!GetClipboardData                                                                                                                                                                                                                                                                  7E3B0DBA 5 Bytes  JMP 00145863 
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2340] WININET.dll!InternetReadFile                                                                                                                                                                                                                                                                 404B654B 5 Bytes  JMP 00147D10

soulysilak · Answer

.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2340] WININET.dll!HttpQueryInfoA                                                                                                                                                                                                                                                                   404B878D 5 Bytes  JMP 00147DB7 
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2340] WININET.dll!InternetCloseHandle                                                                                                                                                                                                                                                              404B9088 5 Bytes  JMP 00147D78 
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2340] WININET.dll!InternetQueryDataAvailable                                                                                                                                                                                                                                                       404BBF7F 5 Bytes  JMP 00147D55 
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2340] WININET.dll!HttpSendRequestW                                                                                                                                                                                                                                                                 404BFABE 5 Bytes  JMP 00147C84 
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2340] WININET.dll!HttpSendRequestA                                                                                                                                                                                                                                                                 404CEE89 5 Bytes  JMP 00147CA6 
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2340] WININET.dll!InternetReadFileExA                                                                                                                                                                                                                                                              404D3381 5 Bytes  JMP 00147D32 
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2340] WININET.dll!HttpSendRequestExA                                                                                                                                                                                                                                                               4052A70A 5 Bytes  JMP 00147CEC 
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2340] WININET.dll!HttpSendRequestExW                                                                                                                                                                                                                                                               4052A763 5 Bytes  JMP 00147CC8 
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2340] WS2_32.dll!closesocket                                                                                                                                                                                                                                                                       719F3E2B 5 Bytes  JMP 00141924 
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2340] WS2_32.dll!send                                                                                                                                                                                                                                                                              719F4C27 5 Bytes  JMP 00141958 
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2340] WS2_32.dll!WSASend                                                                                                                                                                                                                                                                           719F68FA 5 Bytes  JMP 00141975 
.text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2340] CRYPT32.dll!PFXImportCertStore                                                                                                                                                                                                                                                               77A4FF8F 5 Bytes  JMP 00133909 
.text           C:\WINDOWS\system32\svchost.exe[2348] ntdll.dll!NtCreateFile                                                                                                                                                                                                                                                                                                               7C91D0AE 5 Bytes  JMP 000840AE 
.text           C:\WINDOWS\system32\svchost.exe[2348] ntdll.dll!NtCreateThread                                                                                                                                                                                                                                                                                                             7C91D1AE 5 Bytes  JMP 00083E67 
.text           C:\WINDOWS\system32\svchost.exe[2348] ntdll.dll!NtQueryDirectoryFile                                                                                                                                                                                                                                                                                                       7C91D76E 5 Bytes  JMP 0008405A 
.text           C:\WINDOWS\system32\svchost.exe[2348] ntdll.dll!LdrLoadDll                                                                                                                                                                                                                                                                                                                 7C9263C3 5 Bytes  JMP 00083FC5 
.text           C:\WINDOWS\system32\svchost.exe[2348] USER32.dll!TranslateMessage                                                                                                                                                                                                                                                                                                          7E398BF6 5 Bytes  JMP 0009572E 
.text           C:\WINDOWS\system32\svchost.exe[2348] USER32.dll!DefWindowProcW                                                                                                                                                                                                                                                                                                            7E3A8D20 5 Bytes  JMP 000905E3 
.text           C:\WINDOWS\system32\svchost.exe[2348] USER32.dll!BeginPaint                                                                                                                                                                                                                                                                                                                7E3A8FE9 5 Bytes  JMP 00090552 
.text           C:\WINDOWS\system32\svchost.exe[2348] USER32.dll!EndPaint                                                                                                                                                                                                                                                                                                                  7E3A8FFD 5 Bytes  JMP 000905B4 
.text           C:\WINDOWS\system32\svchost.exe[2348] USER32.dll!DefWindowProcA                                                                                                                                                                                                                                                                                                            7E3AC17E 5 Bytes  JMP 0009061F 
.text           C:\WINDOWS\system32\svchost.exe[2348] USER32.dll!GetClipboardData                                                                                                                                                                                                                                                                                                          7E3B0DBA 5 Bytes  JMP 00095863 
.text           C:\WINDOWS\system32\svchost.exe[2348] WININET.dll!InternetReadFile                                                                                                                                                                                                                                                                                                         404B654B 5 Bytes  JMP 00097D10 
.text           C:\WINDOWS\system32\svchost.exe[2348] WININET.dll!HttpQueryInfoA                                                                                                                                                                                                                                                                                                           404B878D 5 Bytes  JMP 00097DB7 
.text           C:\WINDOWS\system32\svchost.exe[2348] WININET.dll!InternetCloseHandle                                                                                                                                                                                                                                                                                                      404B9088 5 Bytes  JMP 00097D78 
.text           C:\WINDOWS\system32\svchost.exe[2348] WININET.dll!InternetQueryDataAvailable                                                                                                                                                                                                                                                                                               404BBF7F 5 Bytes  JMP 00097D55 
.text           C:\WINDOWS\system32\svchost.exe[2348] WININET.dll!HttpSendRequestW                                                                                                                                                                                                                                                                                                         404BFABE 5 Bytes  JMP 00097C84 
.text           C:\WINDOWS\system32\svchost.exe[2348] WININET.dll!HttpSendRequestA                                                                                                                                                                                                                                                                                                         404CEE89 5 Bytes  JMP 00097CA6 
.text           C:\WINDOWS\system32\svchost.exe[2348] WININET.dll!InternetReadFileExA                                                                                                                                                                                                                                                                                                      404D3381 5 Bytes  JMP 00097D32 
.text           C:\WINDOWS\system32\svchost.exe[2348] WININET.dll!HttpSendRequestExA                                                                                                                                                                                                                                                                                                       4052A70A 5 Bytes  JMP 00097CEC 
.text           C:\WINDOWS\system32\svchost.exe[2348] WININET.dll!HttpSendRequestExW                                                                                                                                                                                                                                                                                                       4052A763 5 Bytes  JMP 00097CC8 
.text           C:\WINDOWS\system32\svchost.exe[2348] WS2_32.dll!closesocket                                                                                                                                                                                                                                                                                                               719F3E2B 5 Bytes  JMP 00091924 
.text           C:\WINDOWS\system32\svchost.exe[2348] WS2_32.dll!send                                                                                                                                                                                                                                                                                                                      719F4C27 5 Bytes  JMP 00091958 
.text           C:\WINDOWS\system32\svchost.exe[2348] WS2_32.dll!WSASend                                                                                                                                                                                                                                                                                                                   719F68FA 5 Bytes  JMP 00091975 
.text           C:\WINDOWS\system32\svchost.exe[2348] CRYPT32.dll!PFXImportCertStore                                                                                                                                                                                                                                                                                                       77A4FF8F 5 Bytes  JMP 00083909 
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2524] ntdll.dll!NtCreateFile                                                                                                                                                                                                                                                                                           7C91D0AE 5 Bytes  JMP 000840AE 
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2524] ntdll.dll!NtCreateThread                                                                                                                                                                                                                                                                                         7C91D1AE 5 Bytes  JMP 00083E67 
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2524] ntdll.dll!NtQueryDirectoryFile                                                                                                                                                                                                                                                                                   7C91D76E 5 Bytes  JMP 0008405A 
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2524] ntdll.dll!LdrLoadDll                                                                                                                                                                                                                                                                                             7C9263C3 5 Bytes  JMP 00083FC5 
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2524] USER32.dll!TranslateMessage                                                                                                                                                                                                                                                                                      7E398BF6 5 Bytes  JMP 0009572E 
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2524] USER32.dll!DefWindowProcW                                                                                                                                                                                                                                                                                        7E3A8D20 5 Bytes  JMP 000905E3 
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2524] USER32.dll!BeginPaint                                                                                                                                                                                                                                                                                            7E3A8FE9 5 Bytes  JMP 00090552 
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2524] USER32.dll!EndPaint                                                                                                                                                                                                                                                                                              7E3A8FFD 5 Bytes  JMP 000905B4 
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2524] USER32.dll!DefWindowProcA                                                                                                                                                                                                                                                                                        7E3AC17E 5 Bytes  JMP 0009061F 
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2524] USER32.dll!CreateWindowExW                                                                                                                                                                                                                                                                                       7E3AD0A3 5 Bytes  JMP 28003CA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2524] USER32.dll!GetClipboardData                                                                                                                                                                                                                                                                                      7E3B0DBA 5 Bytes  JMP 00095863 
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2524] WS2_32.dll!closesocket                                                                                                                                                                                                                                                                                           719F3E2B 5 Bytes  JMP 00091924 
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2524] WS2_32.dll!send                                                                                                                                                                                                                                                                                                  719F4C27 5 Bytes  JMP 00091958 
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2524] WS2_32.dll!WSASend                                                                                                                                                                                                                                                                                               719F68FA 5 Bytes  JMP 00091975 
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2524] ole32.dll!CoInitializeEx                                                                                                                                                                                                                                                                                         774BEF7B 5 Bytes  JMP 28002100 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2524] CRYPT32.dll!PFXImportCertStore                                                                                                                                                                                                                                                                                   77A4FF8F 5 Bytes  JMP 00083909 
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2524] WININET.dll!InternetReadFile                                                                                                                                                                                                                                                                                     404B654B 5 Bytes  JMP 00097D10 
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2524] WININET.dll!HttpQueryInfoA                                                                                                                                                                                                                                                                                       404B878D 5 Bytes  JMP 00097DB7 
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2524] WININET.dll!InternetCloseHandle                                                                                                                                                                                                                                                                                  404B9088 5 Bytes  JMP 00097D78 
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2524] WININET.dll!InternetQueryDataAvailable                                                                                                                                                                                                                                                                           404BBF7F 5 Bytes  JMP 00097D55 
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2524] WININET.dll!HttpSendRequestW                                                                                                                                                                                                                                                                                     404BFABE 5 Bytes  JMP 00097C84 
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2524] WININET.dll!HttpSendRequestA                                                                                                                                                                                                                                                                                     404CEE89 5 Bytes  JMP 00097CA6 
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2524] WININET.dll!InternetReadFileExA                                                                                                                                                                                                                                                                                  404D3381 5 Bytes  JMP 00097D32 
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2524] WININET.dll!HttpSendRequestExA                                                                                                                                                                                                                                                                                   4052A70A 5 Bytes  JMP 00097CEC 
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2524] WININET.dll!HttpSendRequestExW                                                                                                                                                                                                                                                                                   4052A763 5 Bytes  JMP 00097CC8

soulysilak · Answer

.text           C:\WINDOWS\ehome\mcrdsvc.exe[2544] ntdll.dll!NtCreateFile                                                                                                                                                                                                                                                                                                                  7C91D0AE 5 Bytes  JMP 000740AE 
.text           C:\WINDOWS\ehome\mcrdsvc.exe[2544] ntdll.dll!NtCreateThread                                                                                                                                                                                                                                                                                                                7C91D1AE 5 Bytes  JMP 00073E67 
.text           C:\WINDOWS\ehome\mcrdsvc.exe[2544] ntdll.dll!NtQueryDirectoryFile                                                                                                                                                                                                                                                                                                          7C91D76E 5 Bytes  JMP 0007405A 
.text           C:\WINDOWS\ehome\mcrdsvc.exe[2544] ntdll.dll!LdrLoadDll                                                                                                                                                                                                                                                                                                                    7C9263C3 5 Bytes  JMP 00073FC5 
.text           C:\WINDOWS\ehome\mcrdsvc.exe[2544] USER32.dll!TranslateMessage                                                                                                                                                                                                                                                                                                             7E398BF6 5 Bytes  JMP 0008572E 
.text           C:\WINDOWS\ehome\mcrdsvc.exe[2544] USER32.dll!DefWindowProcW                                                                                                                                                                                                                                                                                                               7E3A8D20 5 Bytes  JMP 000805E3 
.text           C:\WINDOWS\ehome\mcrdsvc.exe[2544] USER32.dll!BeginPaint                                                                                                                                                                                                                                                                                                                   7E3A8FE9 5 Bytes  JMP 00080552 
.text           C:\WINDOWS\ehome\mcrdsvc.exe[2544] USER32.dll!EndPaint                                                                                                                                                                                                                                                                                                                     7E3A8FFD 5 Bytes  JMP 000805B4 
.text           C:\WINDOWS\ehome\mcrdsvc.exe[2544] USER32.dll!DefWindowProcA                                                                                                                                                                                                                                                                                                               7E3AC17E 5 Bytes  JMP 0008061F 
.text           C:\WINDOWS\ehome\mcrdsvc.exe[2544] USER32.dll!GetClipboardData                                                                                                                                                                                                                                                                                                             7E3B0DBA 5 Bytes  JMP 00085863 
.text           C:\WINDOWS\ehome\mcrdsvc.exe[2544] WS2_32.dll!closesocket                                                                                                                                                                                                                                                                                                                  719F3E2B 5 Bytes  JMP 00081924 
.text           C:\WINDOWS\ehome\mcrdsvc.exe[2544] WS2_32.dll!send                                                                                                                                                                                                                                                                                                                         719F4C27 5 Bytes  JMP 00081958 
.text           C:\WINDOWS\ehome\mcrdsvc.exe[2544] WS2_32.dll!WSASend                                                                                                                                                                                                                                                                                                                      719F68FA 5 Bytes  JMP 00081975 
.text           C:\WINDOWS\ehome\mcrdsvc.exe[2544] WININET.dll!InternetReadFile                                                                                                                                                                                                                                                                                                            404B654B 5 Bytes  JMP 00087D10 
.text           C:\WINDOWS\ehome\mcrdsvc.exe[2544] WININET.dll!HttpQueryInfoA                                                                                                                                                                                                                                                                                                              404B878D 5 Bytes  JMP 00087DB7 
.text           C:\WINDOWS\ehome\mcrdsvc.exe[2544] WININET.dll!InternetCloseHandle                                                                                                                                                                                                                                                                                                         404B9088 5 Bytes  JMP 00087D78 
.text           C:\WINDOWS\ehome\mcrdsvc.exe[2544] WININET.dll!InternetQueryDataAvailable                                                                                                                                                                                                                                                                                                  404BBF7F 5 Bytes  JMP 00087D55 
.text           C:\WINDOWS\ehome\mcrdsvc.exe[2544] WININET.dll!HttpSendRequestW                                                                                                                                                                                                                                                                                                            404BFABE 5 Bytes  JMP 00087C84 
.text           C:\WINDOWS\ehome\mcrdsvc.exe[2544] WININET.dll!HttpSendRequestA                                                                                                                                                                                                                                                                                                            404CEE89 5 Bytes  JMP 00087CA6 
.text           C:\WINDOWS\ehome\mcrdsvc.exe[2544] WININET.dll!InternetReadFileExA                                                                                                                                                                                                                                                                                                         404D3381 5 Bytes  JMP 00087D32 
.text           C:\WINDOWS\ehome\mcrdsvc.exe[2544] WININET.dll!HttpSendRequestExA                                                                                                                                                                                                                                                                                                          4052A70A 5 Bytes  JMP 00087CEC 
.text           C:\WINDOWS\ehome\mcrdsvc.exe[2544] WININET.dll!HttpSendRequestExW                                                                                                                                                                                                                                                                                                          4052A763 5 Bytes  JMP 00087CC8 
.text           C:\WINDOWS\ehome\mcrdsvc.exe[2544] CRYPT32.dll!PFXImportCertStore                                                                                                                                                                                                                                                                                                          77A4FF8F 5 Bytes  JMP 00073909 
.text           C:\WINDOWS\system32\dllhost.exe[3312] ntdll.dll!NtCreateFile                                                                                                                                                                                                                                                                                                               7C91D0AE 5 Bytes  JMP 000840AE 
.text           C:\WINDOWS\system32\dllhost.exe[3312] ntdll.dll!NtCreateThread                                                                                                                                                                                                                                                                                                             7C91D1AE 5 Bytes  JMP 00083E67 
.text           C:\WINDOWS\system32\dllhost.exe[3312] ntdll.dll!NtQueryDirectoryFile                                                                                                                                                                                                                                                                                                       7C91D76E 5 Bytes  JMP 0008405A 
.text           C:\WINDOWS\system32\dllhost.exe[3312] ntdll.dll!LdrLoadDll                                                                                                                                                                                                                                                                                                                 7C9263C3 5 Bytes  JMP 00083FC5 
.text           C:\WINDOWS\system32\dllhost.exe[3312] USER32.dll!TranslateMessage                                                                                                                                                                                                                                                                                                          7E398BF6 5 Bytes  JMP 0009572E 
.text           C:\WINDOWS\system32\dllhost.exe[3312] USER32.dll!DefWindowProcW                                                                                                                                                                                                                                                                                                            7E3A8D20 5 Bytes  JMP 000905E3 
.text           C:\WINDOWS\system32\dllhost.exe[3312] USER32.dll!BeginPaint                                                                                                                                                                                                                                                                                                                7E3A8FE9 5 Bytes  JMP 00090552 
.text           C:\WINDOWS\system32\dllhost.exe[3312] USER32.dll!EndPaint                                                                                                                                                                                                                                                                                                                  7E3A8FFD 5 Bytes  JMP 000905B4 
.text           C:\WINDOWS\system32\dllhost.exe[3312] USER32.dll!DefWindowProcA                                                                                                                                                                                                                                                                                                            7E3AC17E 5 Bytes  JMP 0009061F 
.text           C:\WINDOWS\system32\dllhost.exe[3312] USER32.dll!GetClipboardData                                                                                                                                                                                                                                                                                                          7E3B0DBA 5 Bytes  JMP 00095863 
.text           C:\WINDOWS\system32\dllhost.exe[3312] WININET.dll!InternetReadFile                                                                                                                                                                                                                                                                                                         404B654B 5 Bytes  JMP 00097D10 
.text           C:\WINDOWS\system32\dllhost.exe[3312] WININET.dll!HttpQueryInfoA                                                                                                                                                                                                                                                                                                           404B878D 5 Bytes  JMP 00097DB7 
.text           C:\WINDOWS\system32\dllhost.exe[3312] WININET.dll!InternetCloseHandle                                                                                                                                                                                                                                                                                                      404B9088 5 Bytes  JMP 00097D78 
.text           C:\WINDOWS\system32\dllhost.exe[3312] WININET.dll!InternetQueryDataAvailable                                                                                                                                                                                                                                                                                               404BBF7F 5 Bytes  JMP 00097D55 
.text           C:\WINDOWS\system32\dllhost.exe[3312] WININET.dll!HttpSendRequestW                                                                                                                                                                                                                                                                                                         404BFABE 5 Bytes  JMP 00097C84 
.text           C:\WINDOWS\system32\dllhost.exe[3312] WININET.dll!HttpSendRequestA                                                                                                                                                                                                                                                                                                         404CEE89 5 Bytes  JMP 00097CA6 
.text           C:\WINDOWS\system32\dllhost.exe[3312] WININET.dll!InternetReadFileExA                                                                                                                                                                                                                                                                                                      404D3381 5 Bytes  JMP 00097D32 
.text           C:\WINDOWS\system32\dllhost.exe[3312] WININET.dll!HttpSendRequestExA                                                                                                                                                                                                                                                                                                       4052A70A 5 Bytes  JMP 00097CEC 
.text           C:\WINDOWS\system32\dllhost.exe[3312] WININET.dll!HttpSendRequestExW                                                                                                                                                                                                                                                                                                       4052A763 5 Bytes  JMP 00097CC8 
.text           C:\WINDOWS\system32\dllhost.exe[3312] WS2_32.dll!closesocket                                                                                                                                                                                                                                                                                                               719F3E2B 5 Bytes  JMP 00091924 
.text           C:\WINDOWS\system32\dllhost.exe[3312] WS2_32.dll!send                                                                                                                                                                                                                                                                                                                      719F4C27 5 Bytes  JMP 00091958 
.text           C:\WINDOWS\system32\dllhost.exe[3312] WS2_32.dll!WSASend                                                                                                                                                                                                                                                                                                                   719F68FA 5 Bytes  JMP 00091975 
.text           C:\WINDOWS\system32\dllhost.exe[3312] CRYPT32.dll!PFXImportCertStore                                                                                                                                                                                                                                                                                                       77A4FF8F 5 Bytes  JMP 00083909 
.text           C:\WINDOWS\System32\svchost.exe[3408] ntdll.dll!NtCreateFile                                                                                                                                                                                                                                                                                                               7C91D0AE 5 Bytes  JMP 000840AE 
.text           C:\WINDOWS\System32\svchost.exe[3408] ntdll.dll!NtCreateThread                                                                                                                                                                                                                                                                                                             7C91D1AE 5 Bytes  JMP 00083E67 
.text           C:\WINDOWS\System32\svchost.exe[3408] ntdll.dll!NtQueryDirectoryFile                                                                                                                                                                                                                                                                                                       7C91D76E 5 Bytes  JMP 0008405A 
.text           C:\WINDOWS\System32\svchost.exe[3408] ntdll.dll!LdrLoadDll                                                                                                                                                                                                                                                                                                                 7C9263C3 5 Bytes  JMP 00083FC5 
.text           C:\WINDOWS\System32\svchost.exe[3408] USER32.dll!TranslateMessage                                                                                                                                                                                                                                                                                                          7E398BF6 5 Bytes  JMP 0009572E 
.text           C:\WINDOWS\System32\svchost.exe[3408] USER32.dll!DefWindowProcW                                                                                                                                                                                                                                                                                                            7E3A8D20 5 Bytes  JMP 000905E3 
.text           C:\WINDOWS\System32\svchost.exe[3408] USER32.dll!BeginPaint                                                                                                                                                                                                                                                                                                                7E3A8FE9 5 Bytes  JMP 00090552 
.text           C:\WINDOWS\System32\svchost.exe[3408] USER32.dll!EndPaint                                                                                                                                                                                                                                                                                                                  7E3A8FFD 5 Bytes  JMP 000905B4 
.text           C:\WINDOWS\System32\svchost.exe[3408] USER32.dll!DefWindowProcA                                                                                                                                                                                                                                                                                                            7E3AC17E 5 Bytes  JMP 0009061F 
.text           C:\WINDOWS\System32\svchost.exe[3408] USER32.dll!GetClipboardData                                                                                                                                                                                                                                                                                                          7E3B0DBA 5 Bytes  JMP 00095863 
.text           C:\WINDOWS\System32\svchost.exe[3408] WININET.dll!InternetReadFile                                                                                                                                                                                                                                                                                                         404B654B 5 Bytes  JMP 00097D10 
.text           C:\WINDOWS\System32\svchost.exe[3408] WININET.dll!HttpQueryInfoA                                                                                                                                                                                                                                                                                                           404B878D 5 Bytes  JMP 00097DB7 
.text           C:\WINDOWS\System32\svchost.exe[3408] WININET.dll!InternetCloseHandle                                                                                                                                                                                                                                                                                                      404B9088 5 Bytes  JMP 00097D78 
.text           C:\WINDOWS\System32\svchost.exe[3408] WININET.dll!InternetQueryDataAvailable                                                                                                                                                                                                                                                                                               404BBF7F 5 Bytes  JMP 00097D55

soulysilak · Answer

.text           C:\WINDOWS\System32\svchost.exe[3408] WININET.dll!HttpSendRequestW                                                                                                                                                                                                                                                                                                         404BFABE 5 Bytes  JMP 00097C84 
.text           C:\WINDOWS\System32\svchost.exe[3408] WININET.dll!HttpSendRequestA                                                                                                                                                                                                                                                                                                         404CEE89 5 Bytes  JMP 00097CA6 
.text           C:\WINDOWS\System32\svchost.exe[3408] WININET.dll!InternetReadFileExA                                                                                                                                                                                                                                                                                                      404D3381 5 Bytes  JMP 00097D32 
.text           C:\WINDOWS\System32\svchost.exe[3408] WININET.dll!HttpSendRequestExA                                                                                                                                                                                                                                                                                                       4052A70A 5 Bytes  JMP 00097CEC 
.text           C:\WINDOWS\System32\svchost.exe[3408] WININET.dll!HttpSendRequestExW                                                                                                                                                                                                                                                                                                       4052A763 5 Bytes  JMP 00097CC8 
.text           C:\WINDOWS\System32\svchost.exe[3408] WS2_32.dll!closesocket                                                                                                                                                                                                                                                                                                               719F3E2B 5 Bytes  JMP 00091924 
.text           C:\WINDOWS\System32\svchost.exe[3408] WS2_32.dll!send                                                                                                                                                                                                                                                                                                                      719F4C27 5 Bytes  JMP 00091958 
.text           C:\WINDOWS\System32\svchost.exe[3408] WS2_32.dll!WSASend                                                                                                                                                                                                                                                                                                                   719F68FA 5 Bytes  JMP 00091975 
.text           C:\WINDOWS\System32\svchost.exe[3408] CRYPT32.dll!PFXImportCertStore                                                                                                                                                                                                                                                                                                       77A4FF8F 5 Bytes  JMP 00083909 

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Fastfat \Fat                                                                                                                                                                                                                                                                                                                                                   EB1F2D20
Device          \FileSystem\Fastfat \Fat                                                                                                                                                                                                                                                                                                                                                   EB202428

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                                                                                                                                                                                                                                                                   fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device           -> \Driver\atapi \Device\Harddisk0\DR0                                                                                                                                                                                                                                                                                                                                    85A8EEE4

---- Files - GMER 1.0.15 ----

File            C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UP9IJF7W\AdServerServletCA1TQ71P.htm                                                                                                                                                                                                                                          2764 bytes
File            C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UP9IJF7W\AdServerServletCA5BJI03.htm                                                                                                                                                                                                                                          2091 bytes
File            C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UP9IJF7W\AdServerServletCA6L53BK.htm                                                                                                                                                                                                                                          1344 bytes
File            C:\My old Disk Structure -- 07-02-23 0535PM\Documents and Settings\abu wa umm outhman\Local Settings\Application Data\Microsoft\Messenger\joelle_bobigny@hotmail.fr\SharingMetadata\oum-ishaac@hotmail.fr\DFSR\Staging\CS{C23273BF-282D-D8FF-59AF-32670D8B5BA2}\01\10-{C23273BF-282D-D8FF-59AF-32670D8B5BA2}-v1-{5E13F5D7-115F-442F-883E-FAD33DE32810}-v10-Downloaded.frx  112 bytes
File            C:\WINDOWS\system32\DRIVERS	cpip.sys                                                                                                                                                                                                                                                                                                                                      suspicious modification
File            C:\WINDOWS\system32\drivers\atapi.sys                                                                                                                                                                                                                                                                                                                                      suspicious modification

---- EOF - GMER 1.0.15 ----

soulysilak · Answer

Bonjour

désolé jai du le couper en plusieurs parties je comprends que cela puisse etre illisible ou difficilement si je peux l'envoyer sous un autre format 
dites le moi

Merci

gen-hackman · Answer

___________________________________________________ =>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <= =>il est fort déconseillé de le transposer sur un autre ordinateur !<= --------------------------------------------------------------------------- Toujours avec toutes les protections désactivées, fais ceci : ? Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes) ? Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) : ---------------------------------------------------------- KillAll:: MBR:: TDL:: C:\Windows\System32\Drivers cpip.sys C:\Windows\system32\drivers\atapi.sys SkipFix:: ------------------------------------------------------------------ ? Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt ? Quitte le Bloc Notes ? Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix ? Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé. ? Une fois le scan achevé, un rapport va s'afficher: poste son contenu. ? Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt ?G3?-?@¢??@?(TM)©®?

soulysilak · Answer

je l'ai fais mais rien ne se passe

( je n'arrive toujours pas a ouvrir certains programme dont combofix par exemple)

gen-hackman · Answer

tu as bein fait glisser le txt sur l'icone ?

soulysilak · Answer

oui oui c'est ce que jai fais

gen-hackman · Answer

on va la jouer au vice :

reessaie avec juste ceci :

KillAll::

TDL::
C:\Windows\System32\Drivers	cpip.sys
C:\Windows\system32\drivers\atapi.sys

soulysilak · Answer

ca ne marche toujours pas

c'est peut etre du au fait que le programme ne s'ouvre pas en temps normal nan?

gen-hackman · Answer

Télécharge SF.exe de C_XX


*Double clique sur SF.exe (Exécuter en tant qu'administrateur pour Vista/7) .

*Une fenêtre "cmd" va s'ouvrir .

*Tape atapi.sys et dans cette fenêtre et [Entrée].

*Patiente pendant la recherche.

*Une fenêtre avec un log.txt va s'afficher.

*Copie/colle ce rapport dans ta prochaine réponse.

fais de meme avec tcpip.sys

soulysilak · Answer

Salut 

c'est toujours la meme histoire

windows ne peut pas ouvrir ce fichier et me demande soit 

de selectionner le programme parmis une liste 

ou d'utiliser le service web

pareil en mode sans echec

gen-hackman · Answer

ok dezippe ceci et execute-le par double clic

http://sd-1.archive-host.com/membres/up/829108531491024/Temp_Tools/Find.zip

soulysilak · Answer

Salut

J'ai dézippé et jai trouvé deux fichiers

le premier c'est un fichier EXE CHK-drv qui ne s'ouvre pas

et le deuxieme c'est un raccourci vers le programme cela donne a une fenetre noire il y a des ecritures et rien ne se passe

donc voila

mais bon laissé tomber car je déménage aujourdhui et dans mon prochain logement j'aurai une autre unité centrale donc fini antimalware doctor 

Je tiens a vous remercier pour votre patience et surtout pour votre aide

juste une question vous pouvez me dire ce qu'il en ressort de toutes les analyses faites?

et avez vous un anti virus a me conseiller?et si vous avez des conseils je suis preneur

MERCI ENCORE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

gen-hackman · Answer

je ne comprends pas comment tu as pu trouver deux fichiers alors qu'il n y en a qu un

Comment supprimer antimalware doctor?

80 réponses