Windows recovery
tofrub
Messages postés
95
Statut
Membre
-
g3n-h@ckm@n -
g3n-h@ckm@n -
Bonjour,
mon pc est infecté avec un dénommé windows recovery pc, j'ai trouvé des infos pour l'éradiquer avec spyhunter4, mais qui est payant et en plus, j'ai lu que ce n'étais pas du sérieux, donc payer pour rien ca m'intéresse pas trop...avez vous une solution?ce serait super cool...par avance merci
mon pc est infecté avec un dénommé windows recovery pc, j'ai trouvé des infos pour l'éradiquer avec spyhunter4, mais qui est payant et en plus, j'ai lu que ce n'étais pas du sérieux, donc payer pour rien ca m'intéresse pas trop...avez vous une solution?ce serait super cool...par avance merci
A voir également:
- Windows recovery
- Android recovery - Guide
- Clé d'activation windows 10 - Guide
- Montage video windows - Guide
- Windows ne démarre pas - Guide
- Windows movie maker - Télécharger - Montage & Édition
174 réponses
▶ Télécharge : Gmer (by Przemyslaw Gmerek) et enregistre-le sur ton bureau
Desactive toutes tes protections le temps du scan de gMer
Pour XP => double clique sur gmer.exe
Pour Vista et 7 => clique droit "executer en tant que...."
▶ clique sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.
▶ Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)
Desactive toutes tes protections le temps du scan de gMer
Pour XP => double clique sur gmer.exe
Pour Vista et 7 => clique droit "executer en tant que...."
▶ clique sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.
▶ Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)
désolé super décousu pour moi aujourd'hui
donc le résultat :
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-05-31 23:10:43
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 TOSHIBA_MK8032GAX rev.AD002C
Running: gmer.exe; Driver: C:\DOCUME~1\Cristina\LOCALS~1\Temp\kgdciaoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB25C2202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB2628CB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB25E66C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB25C481C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB25C4874]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB25C498A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB25E6075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB25C4772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB25C48C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB25C47C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB25C4938]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB25C2226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB25E6D87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB25E703D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB25C4C0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB25E6BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB25E6A5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB2628D62]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB25C1FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB25C224A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB25C4D82]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB25C2CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB25C484C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB25C489C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB25C49B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB25E63D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB25C479E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB25C4A46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB25C4904]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB25C47F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB25C4B2A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB25C4962]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB2628DFA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB25E68D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB25C2BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB25E672A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB2631E48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB25E56E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB25C226E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB25C2292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB25C204A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB25C2186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB25E6E8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB25C2162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB25C21AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB25C22B6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB263E902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 256C 80501DA4 2 Bytes [46, 4A] {INC ESI; DEC EDX}
.text ntkrnlpa.exe!ZwCallbackReturn + 2584 80501DBC 2 Bytes [2A, 4B]
.text ntkrnlpa.exe!ZwCallbackReturn + 26B4 80501EEC 4 Bytes [E8, 56, 5E, B2]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059B8EC 4 Bytes CALL B25C3335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1DB4 5 Bytes JMP B263A2BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B8C2C 5 Bytes JMP B263BD5C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C74CC 7 Bytes JMP B263E906 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? Combo-Fix.sys Le fichier spécifié est introuvable. !
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF23D9DBF]
.text win32k.sys!EngFreeUserMem + 674 BF809922 5 Bytes JMP B25C5CCE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP B25C5BDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 783B BF824157 5 Bytes JMP B25C4F60 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828CE9 5 Bytes JMP B25C5E38 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316DA 5 Bytes JMP B25C6040 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B8F2 BF83A37C 5 Bytes JMP B25C5B4A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 5F35 BF857E69 5 Bytes JMP B25C4FD0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 348C BF866FF4 5 Bytes JMP B25C51AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3517 BF86707F 5 Bytes JMP B25C5352 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3F47 BF867AAF 5 Bytes JMP B25C4E84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + AAFC BF86E664 5 Bytes JMP B25C5C04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnicodeToMultiByteN + 2ED7 BF871F85 5 Bytes JMP B25C5F9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF88C9D8 5 Bytes JMP B25C532A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTextOut + 4149 BF8B0CBE 5 Bytes JMP B25C4E9C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 2DBF BF8C26A3 5 Bytes JMP B25C5D80 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 450 BF8C3048 3 Bytes JMP B25C506A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 454 BF8C304C 1 Byte [F2]
.text win32k.sys!EngFillPath + 1517 BF8CB4AA 5 Bytes JMP B25C50DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CB72A 5 Bytes JMP B25C5114 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8ED1B7 5 Bytes JMP B25C4DB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19B2 BF913F1F 5 Bytes JMP B25C4F1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2586 BF914AF3 5 Bytes JMP B25C5034 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EE5 BF917452 5 Bytes JMP B25C546C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1924 BF945FB0 5 Bytes JMP B25C5EF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\Christophe4601C\catchme.sys Le fichier spécifié est introuvable. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Le fichier spécifié est introuvable. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\System32\svchost.exe[236] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[236] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[236] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[236] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[236] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\System32\svchost.exe[236] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\System32\svchost.exe[236] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\System32\svchost.exe[236] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\System32\svchost.exe[236] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\System32\svchost.exe[236] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\System32\svchost.exe[236] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\System32\svchost.exe[236] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\System32\svchost.exe[236] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\System32\svchost.exe[236] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\System32\svchost.exe[236] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002F0600
.text C:\WINDOWS\System32\svchost.exe[236] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\System32\svchost.exe[236] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[244] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[244] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[244] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[244] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[244] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\svchost.exe[244] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\svchost.exe[244] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\svchost.exe[244] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\svchost.exe[244] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\svchost.exe[244] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\svchost.exe[244] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\svchost.exe[244] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\svchost.exe[244] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[244] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[244] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[244] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[244] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002F03FC
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003C1014
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003C0804
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003C0A08
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003C0C0C
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003C0E10
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003C01F8
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003C03FC
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003C0600
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003D0804
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003D0A08
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003D0600
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003D01F8
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003D03FC
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[572] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000801F8
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[572] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[572] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000803FC
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[572] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[572] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002F1014
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[572] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002F0804
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[572] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002F0A08
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[572] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002F0C0C
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[572] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002F0E10
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[572] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002F01F8
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[572] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002F03FC
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[572] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002F0600
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[572] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00300804
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[572] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00300A08
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[572] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00300600
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[572] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003001F8
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[572] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003003FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[648] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[648] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[648] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[648] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[648] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003C1014
.text C:\Program Files\Bonjour\mDNSResponder.exe[648] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003C0804
.text C:\Program Files\Bonjour\mDNSResponder.exe[648] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003C0A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[648] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003C0C0C
.text C:\Program Files\Bonjour\mDNSResponder.exe[648] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003C0E10
.text C:\Program Files\Bonjour\mDNSResponder.exe[648] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003C01F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[648] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003C03FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[648] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003C0600
.text C:\Program Files\Bonjour\mDNSResponder.exe[648] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003D0804
.text C:\Program Files\Bonjour\mDNSResponder.exe[648] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003D0A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[648] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003D0600
.text C:\Program Files\Bonjour\mDNSResponder.exe[648] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003D01F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[648] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003D03FC
.text C:\WINDOWS\System32\smss.exe[660] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[712] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[712] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[740] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[740] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[740] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[740] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[740] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\winlogon.exe[740] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\winlogon.exe[740] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\winlogon.exe[740] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\winlogon.exe[740] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\winlogon.exe[740] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\winlogon.exe[740] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\winlogon.exe[740] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\winlogon.exe[740] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\winlogon.exe[740] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\winlogon.exe[740] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\winlogon.exe[740] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\winlogon.exe[740] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\services.exe[792] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[792] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[792] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\services.exe[792] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\services.exe[792] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\services.exe[792] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\services.exe[792] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\services.exe[792] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\lsass.exe[804] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[804] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[804] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\lsass.exe[804] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\lsass.exe[804] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\lsass.exe[804] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\lsass.exe[804] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\lsass.exe[804] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002F03FC
.text C:\WINDOWS\System32\svchost.exe[1116] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 0073000A
.text C:\WINDOWS\System32\svchost.exe[1116] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 0074000A
.text C:\WINDOWS\System32\svchost.exe[1116] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 5 Bytes JMP 0072000C
.text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\System32\svchost.exe[1116] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\System32\svchost.exe[1116] USER32.dll!GetCursorPos 7E3A974E 5 Bytes JMP 006E000A
.text C:\WINDOWS\System32\svchost.exe[1116] USER32.dll!WindowFromPoint 7E3A9766 5 Bytes JMP 006F000A
.text C:\WINDOWS\System32\svchost.exe[1116] USER32.dll!GetForegroundWindow 7E3A9823 5 Bytes JMP 0070000A
.text C:\WINDOWS\System32\svchost.exe[1116] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\System32\svchost.exe[1116] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002F0600
.text C:\WINDOWS\System32\svchost.exe[1116] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\System32\svchost.exe[1116] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002F03FC
.text C:\WINDOWS\System32\svchost.exe[1116] ole32.dll!CoCreateInstance 774BF1AC 5 Bytes JMP 00B6000A
.text C:\WINDOWS\system32\spoolsv.exe[1168] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[1168] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1168] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[1168] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1168] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\spoolsv.exe[1168] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\spoolsv.exe[1168] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\spoolsv.exe[1168] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\spoolsv.exe[1168] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\spoolsv.exe[1168] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\spoolsv.exe[1168] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\spoolsv.exe[1168] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\spoolsv.exe[1168] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\spoolsv.exe[1168] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\spoolsv.exe[1168] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\spoolsv.exe[1168] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\spoolsv.exe[1168] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\svchost.exe[1172] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1172] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1172] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1172] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1172] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!GetBinaryTypeW + 80
donc le résultat :
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-05-31 23:10:43
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 TOSHIBA_MK8032GAX rev.AD002C
Running: gmer.exe; Driver: C:\DOCUME~1\Cristina\LOCALS~1\Temp\kgdciaoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB25C2202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB2628CB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB25E66C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB25C481C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB25C4874]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB25C498A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB25E6075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB25C4772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB25C48C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB25C47C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB25C4938]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB25C2226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB25E6D87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB25E703D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB25C4C0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB25E6BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB25E6A5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB2628D62]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB25C1FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB25C224A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB25C4D82]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB25C2CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB25C484C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB25C489C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB25C49B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB25E63D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB25C479E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB25C4A46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB25C4904]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB25C47F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB25C4B2A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB25C4962]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB2628DFA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB25E68D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB25C2BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB25E672A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB2631E48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB25E56E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB25C226E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB25C2292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB25C204A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB25C2186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB25E6E8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB25C2162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB25C21AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB25C22B6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB263E902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 256C 80501DA4 2 Bytes [46, 4A] {INC ESI; DEC EDX}
.text ntkrnlpa.exe!ZwCallbackReturn + 2584 80501DBC 2 Bytes [2A, 4B]
.text ntkrnlpa.exe!ZwCallbackReturn + 26B4 80501EEC 4 Bytes [E8, 56, 5E, B2]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059B8EC 4 Bytes CALL B25C3335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1DB4 5 Bytes JMP B263A2BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B8C2C 5 Bytes JMP B263BD5C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C74CC 7 Bytes JMP B263E906 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? Combo-Fix.sys Le fichier spécifié est introuvable. !
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF23D9DBF]
.text win32k.sys!EngFreeUserMem + 674 BF809922 5 Bytes JMP B25C5CCE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP B25C5BDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 783B BF824157 5 Bytes JMP B25C4F60 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828CE9 5 Bytes JMP B25C5E38 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316DA 5 Bytes JMP B25C6040 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B8F2 BF83A37C 5 Bytes JMP B25C5B4A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 5F35 BF857E69 5 Bytes JMP B25C4FD0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 348C BF866FF4 5 Bytes JMP B25C51AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3517 BF86707F 5 Bytes JMP B25C5352 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3F47 BF867AAF 5 Bytes JMP B25C4E84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + AAFC BF86E664 5 Bytes JMP B25C5C04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnicodeToMultiByteN + 2ED7 BF871F85 5 Bytes JMP B25C5F9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF88C9D8 5 Bytes JMP B25C532A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTextOut + 4149 BF8B0CBE 5 Bytes JMP B25C4E9C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 2DBF BF8C26A3 5 Bytes JMP B25C5D80 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 450 BF8C3048 3 Bytes JMP B25C506A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 454 BF8C304C 1 Byte [F2]
.text win32k.sys!EngFillPath + 1517 BF8CB4AA 5 Bytes JMP B25C50DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CB72A 5 Bytes JMP B25C5114 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8ED1B7 5 Bytes JMP B25C4DB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19B2 BF913F1F 5 Bytes JMP B25C4F1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2586 BF914AF3 5 Bytes JMP B25C5034 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EE5 BF917452 5 Bytes JMP B25C546C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1924 BF945FB0 5 Bytes JMP B25C5EF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\Christophe4601C\catchme.sys Le fichier spécifié est introuvable. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Le fichier spécifié est introuvable. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\System32\svchost.exe[236] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[236] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[236] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[236] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[236] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\System32\svchost.exe[236] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\System32\svchost.exe[236] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\System32\svchost.exe[236] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\System32\svchost.exe[236] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\System32\svchost.exe[236] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\System32\svchost.exe[236] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\System32\svchost.exe[236] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\System32\svchost.exe[236] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\System32\svchost.exe[236] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\System32\svchost.exe[236] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002F0600
.text C:\WINDOWS\System32\svchost.exe[236] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\System32\svchost.exe[236] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[244] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[244] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[244] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[244] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[244] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\svchost.exe[244] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\svchost.exe[244] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\svchost.exe[244] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\svchost.exe[244] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\svchost.exe[244] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\svchost.exe[244] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\svchost.exe[244] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\svchost.exe[244] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[244] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[244] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[244] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[244] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002F03FC
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003C1014
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003C0804
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003C0A08
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003C0C0C
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003C0E10
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003C01F8
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003C03FC
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003C0600
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003D0804
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003D0A08
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003D0600
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003D01F8
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003D03FC
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[572] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000801F8
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[572] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[572] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000803FC
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[572] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[572] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002F1014
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[572] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002F0804
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[572] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002F0A08
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[572] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002F0C0C
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[572] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002F0E10
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[572] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002F01F8
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[572] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002F03FC
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[572] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002F0600
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[572] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00300804
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[572] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00300A08
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[572] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00300600
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[572] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003001F8
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[572] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003003FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[648] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[648] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[648] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[648] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[648] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003C1014
.text C:\Program Files\Bonjour\mDNSResponder.exe[648] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003C0804
.text C:\Program Files\Bonjour\mDNSResponder.exe[648] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003C0A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[648] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003C0C0C
.text C:\Program Files\Bonjour\mDNSResponder.exe[648] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003C0E10
.text C:\Program Files\Bonjour\mDNSResponder.exe[648] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003C01F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[648] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003C03FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[648] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003C0600
.text C:\Program Files\Bonjour\mDNSResponder.exe[648] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003D0804
.text C:\Program Files\Bonjour\mDNSResponder.exe[648] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003D0A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[648] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003D0600
.text C:\Program Files\Bonjour\mDNSResponder.exe[648] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003D01F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[648] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003D03FC
.text C:\WINDOWS\System32\smss.exe[660] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[712] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[712] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[740] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[740] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[740] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[740] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[740] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\winlogon.exe[740] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\winlogon.exe[740] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\winlogon.exe[740] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\winlogon.exe[740] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\winlogon.exe[740] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\winlogon.exe[740] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\winlogon.exe[740] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\winlogon.exe[740] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\winlogon.exe[740] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\winlogon.exe[740] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\winlogon.exe[740] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\winlogon.exe[740] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\services.exe[792] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[792] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[792] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\services.exe[792] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\services.exe[792] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\services.exe[792] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\services.exe[792] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\services.exe[792] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\lsass.exe[804] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[804] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[804] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\lsass.exe[804] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\lsass.exe[804] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\lsass.exe[804] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\lsass.exe[804] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\lsass.exe[804] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002F03FC
.text C:\WINDOWS\System32\svchost.exe[1116] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 0073000A
.text C:\WINDOWS\System32\svchost.exe[1116] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 0074000A
.text C:\WINDOWS\System32\svchost.exe[1116] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 5 Bytes JMP 0072000C
.text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\System32\svchost.exe[1116] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\System32\svchost.exe[1116] USER32.dll!GetCursorPos 7E3A974E 5 Bytes JMP 006E000A
.text C:\WINDOWS\System32\svchost.exe[1116] USER32.dll!WindowFromPoint 7E3A9766 5 Bytes JMP 006F000A
.text C:\WINDOWS\System32\svchost.exe[1116] USER32.dll!GetForegroundWindow 7E3A9823 5 Bytes JMP 0070000A
.text C:\WINDOWS\System32\svchost.exe[1116] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\System32\svchost.exe[1116] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002F0600
.text C:\WINDOWS\System32\svchost.exe[1116] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\System32\svchost.exe[1116] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002F03FC
.text C:\WINDOWS\System32\svchost.exe[1116] ole32.dll!CoCreateInstance 774BF1AC 5 Bytes JMP 00B6000A
.text C:\WINDOWS\system32\spoolsv.exe[1168] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[1168] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1168] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[1168] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1168] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\spoolsv.exe[1168] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\spoolsv.exe[1168] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\spoolsv.exe[1168] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\spoolsv.exe[1168] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\spoolsv.exe[1168] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\spoolsv.exe[1168] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\spoolsv.exe[1168] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\spoolsv.exe[1168] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\spoolsv.exe[1168] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\spoolsv.exe[1168] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\spoolsv.exe[1168] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\spoolsv.exe[1168] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\svchost.exe[1172] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1172] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1172] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1172] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1172] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!GetBinaryTypeW + 80
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ma foi je vois alcool soft actif moi
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
la sandbox d'avast est bien desactivée ?
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
la sandbox d'avast est bien desactivée ?
sur avast je fais clic droit, tout déconnecter...
c quoi la sandbox ?
et que alcohol soit actif singifie quoi, on peut le supprimer j'ai du m'en servir une fois et je ne sais mm plus pourquoi ni comment...
c quoi la sandbox ?
et que alcohol soit actif singifie quoi, on peut le supprimer j'ai du m'en servir une fois et je ne sais mm plus pourquoi ni comment...
et je pense qu'il y a d'autres appli comme ça, donc si ca pose problème on les vire ca fera du ménage
ok desinstalle ce qui te sert à rien
regarde ici pour la sandbox
https://forums.commentcamarche.net/forum/affich-20970010-mises-a-jour-avast-problemes
regarde ici pour la sandbox
https://forums.commentcamarche.net/forum/affich-20970010-mises-a-jour-avast-problemes
je n'ai que la V5 de avast et ils disent que la sandbox existe que depuis la V6...
certains programmes à l'époque je n'arrivait pas à les supprimer ou à les désinstaller...je vais essayer de voir lesquels...
certains programmes à l'époque je n'arrivait pas à les supprimer ou à les désinstaller...je vais essayer de voir lesquels...
par exemple, quand je suis dans l'ajout/supression de pgms :
- AutoDWG DWG to PDF converter
- Bonjour
- connexion facile à internet
- Dwg2img
applications que je n'utilise pas et que je n'arrive pas à supprimer...
ensuite si je regard sur c:, j'ai toute une série de dossiers realtifs à des applis que j'utilise pas et que je peux pas toujours supprimer ...
- AutoDWG DWG to PDF converter
- Bonjour
- connexion facile à internet
- Dwg2img
applications que je n'utilise pas et que je n'arrive pas à supprimer...
ensuite si je regard sur c:, j'ai toute une série de dossiers realtifs à des applis que j'utilise pas et que je peux pas toujours supprimer ...
sinon tu sais d'ou pourrait provenir mon problème au démarrage, une demi heure avant de pouvoir utiliser le pc, alors qu'il a démarré
faut les virer en mode sans echec avec le logiciel revo uninstaller en mode avancé et tout supprimer sans redemarrer
https://www.clubic.com/telecharger-fiche39528-revouninstaller.html
https://www.clubic.com/telecharger-fiche39528-revouninstaller.html
oui j'ai le logiciel JKDefrag
sinon le PC s'allume, tous mes icones apparaissent, le wi fi se connecte, l'anti virus aussi... mais je ne peux lancer aucune application, j'ai le sablier de la souris qui tourne surtout quand je passe la souris sur la barre des taches en bas...et l'heure s'arrete de tourner... d'un coup l'heure revient à l'heure si je puis dire, et c bon je peux disposer de tout...
sinon excuse moi mais pour le big probleme à l'origine de tout ca (windows recovery), dois je comprendre qu'il n'y a plus de problème ?
que me conseille tu comme anti virus, anti spyware ? faut il d'autres applis ?
sinon le PC s'allume, tous mes icones apparaissent, le wi fi se connecte, l'anti virus aussi... mais je ne peux lancer aucune application, j'ai le sablier de la souris qui tourne surtout quand je passe la souris sur la barre des taches en bas...et l'heure s'arrete de tourner... d'un coup l'heure revient à l'heure si je puis dire, et c bon je peux disposer de tout...
sinon excuse moi mais pour le big probleme à l'origine de tout ca (windows recovery), dois je comprendre qu'il n'y a plus de problème ?
que me conseille tu comme anti virus, anti spyware ? faut il d'autres applis ?
desinstalle avast5 avec ca :
https://www.avast.com/fr-fr/uninstall-utility
et installe Avast 6 version complete gratuite
https://www.clubic.com/telecharger-fiche11113-avast-antivirus-gratuit.html
https://www.avast.com/fr-fr/uninstall-utility
et installe Avast 6 version complete gratuite
https://www.clubic.com/telecharger-fiche11113-avast-antivirus-gratuit.html
ok mais veux tu que je le fasse maintenant ?? car sinon il faut que je redémarre 2 fois , et ca veut dire 2 fois une demi heure...donc si c pas urgent je préfère focaliser le reste et faire ce changement d'avast avec plus de temps merci pour les infos et les liens...
1- windows recovery :
suite à ce dernier message
"ma foi je vois alcool soft actif moi
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
la sandbox d'avast est bien desactivée ? "
je ne sais pas si tu en as fini avec windows recovery, et je ne vois pas s'il reste des problèmes, à priori non...j'ai l'impression d'avoir tout récupéré...
2- démarrage PC :
toujours mon problème de délai d'1/2 h
3- install new antivirus, et suppression d'appli dont je ne me sers plus mais qui nécessite des redémarrages, je vais suivre les instructions que tu m'as donné plus haut
suite à ce dernier message
"ma foi je vois alcool soft actif moi
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
la sandbox d'avast est bien desactivée ? "
je ne sais pas si tu en as fini avec windows recovery, et je ne vois pas s'il reste des problèmes, à priori non...j'ai l'impression d'avoir tout récupéré...
2- démarrage PC :
toujours mon problème de délai d'1/2 h
3- install new antivirus, et suppression d'appli dont je ne me sers plus mais qui nécessite des redémarrages, je vais suivre les instructions que tu m'as donné plus haut
