Ecran bleu Résolu/Fermé

Question

Bonjour, 

Depuis quelque temps, j'ai un écran bleu qui apparaît me disant windows a rencontré un probleme etc... J'ai pas le temps de tout lire.
Pouvez vous m'aider.
Merçi d'avane de vos conseils


Configuration: Windows 7 / Internet Explorer 10.0

g3n-h@ckm@n · Answer

salut

 Télécharge ici : Blue screen View
Décompresse l'archive sur ton Bureau.
Double clique sur le fichier BlueScreenView.exe pour le lancer. (Clic droit Executer en tant qu'administrateur sous Vista/Seven)

A la fin du scan, , clique sur Edit puis Select All.
Puis Go File et Save Selected Items.
Sauve le rapport sous BSOD.txt.
Ouvre BSOD.txt dans le Bloc-notes, copie son contenu et poste le dans ta réponse.

lioso · Answer

Merçi de ta reponse rapide, mais je l'ai télécharger mais rien ne se passe.

g3n-h@ckm@n · Answer

bah faut l 'executer.....

lioso · Answer

oui c'est ce que j'ai fait, mais rien, en bas il y a écrit 0 crashes

g3n-h@ckm@n · Answer

tu l'executes bien avec le clic droit "executer en tant qu'administrateur" ?

lioso · Answer

oui mais rien ne se passe

g3n-h@ckm@n · Answer

&#9654 Télécharge : Gmer clique sur "Download EXE" et enregistre-le sur ton bureau

Desactive toutes tes protections : https://forum.pcastuces.com/default.asp

Pour XP => double clique sur gmer.exe
Pour Vista et 7 => clique droit "executer en tant que...."

&#9654 clique sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.

&#9654 Les lignes rouges indiquent la presence d'un rootkit.

Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)

ensuite :

fais bien attention que toutes les cases à droites soient cochées , puis clique sur scan 

j'attends donc deux rapports hébergés

lioso · Answer

Toute les case cochées c'est aussi C:/, Q:/, D:/  ?
C'est ça pour le 2éme rapport?

lioso · Answer

Voici le 1er rapport

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-23 18:53:59
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST500LM0 rev.2AR1 465,76GB
Running: jqg03vm6.exe; Driver: C:\Users\lionel\AppData\Local\Temp\uwdirpog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\windows\system32
toskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                                     fffff800031ee000 64 bytes [00, 00, 13, 0A, 49, 72, 70, ...]
INITKDBG  C:\windows\system32
toskrnl.exe!ExDeleteNPagedLookasideList + 626                                                                                     fffff800031ee042 4 bytes [00, 00, 00, 00]

---- User code sections - GMER 2.1 ----

.text     C:\windows\system32\wininit.exe[704] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                             000000007750eecd 1 byte [62]
.text     C:\windows\system32\services.exe[772] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                            000000007750eecd 1 byte [62]
.text     C:\windows\system32\lsass.exe[780] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                               000000007750eecd 1 byte [62]
.text     C:\windows\system32\winlogon.exe[852] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                            000000007750eecd 1 byte [62]
.text     C:\windows\system32\svchost.exe[936] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                             000000007750eecd 1 byte [62]
.text     C:\windows\system32
vvsvc.exe[1020] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                             000000007750eecd 1 byte [62]
.text     C:\windows\system32\svchost.exe[360] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                             000000007750eecd 1 byte [62]
.text     C:\windows\System32\svchost.exe[560] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                             000000007750eecd 1 byte [62]
.text     C:\windows\System32\svchost.exe[716] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                             000000007750eecd 1 byte [62]
.text     C:\windows\system32\svchost.exe[536] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                             000000007750eecd 1 byte [62]
.text     C:\windows\system32\svchost.exe[1044] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                            000000007750eecd 1 byte [62]
.text     C:\windows\system32\AUDIODG.EXE[1112] C:\windows\System32\kernel32.dll!GetBinaryTypeW + 189                                                            000000007750eecd 1 byte [62]
.text     C:\windows\system32\svchost.exe[1240] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                            000000007750eecd 1 byte [62]
.text     C:\windows\System32\spoolsv.exe[1512] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                            000000007750eecd 1 byte [62]
.text     C:\windows\system32\svchost.exe[1564] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                            000000007750eecd 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                               0000000076b8a30a 1 byte [62]
.text     C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1872] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                   000000007750eecd 1 byte [62]
.text     C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1952] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                       0000000076b8a30a 1 byte [62]
.text     C:\windows\system32\svchost.exe[1996] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                            000000007750eecd 1 byte [62]
.text     C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2032] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                     000000007750eecd 1 byte [62]
.text     C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe[1224] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112               0000000076b8a30a 1 byte [62]
.text     C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2064] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                0000000076b8a30a 1 byte [62]
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2096] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                             0000000076b8a30a 1 byte [62]
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2096] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69                           0000000075c71465 2 bytes [C7, 75]
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2096] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155                          0000000075c714bb 2 bytes [C7, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\SFR\Gestionnaire de Connexion\SFR.DashBoard.Service.exe[2232] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112             0000000076b8a30a 1 byte [62]
.text     C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[2348] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                   000000007750eecd 1 byte [62]
.text     C:\windows\system32
vvsvc.exe[2360] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                             000000007750eecd 1 byte [62]
.text     C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2716] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112              0000000076b8a30a 1 byte [62]
.text     C:\windows\system32\svchost.exe[2780] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                            000000007750eecd 1 byte [62]
.text     C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[2836] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                         0000000076b8a30a 1 byte [62]
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[2936] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                            0000000076b8a30a 1 byte [62]
.text     C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2288] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112             0000000076b8a30a 1 byte [62]
.text     C:\windows\system32	askhost.exe[2520] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                           000000007750eecd 1 byte [62]
.text     C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe[2896] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112               0000000076b8a30a 1 byte [62]
.text     C:\windows\system32\Dwm.exe[3180] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                000000007750eecd 1 byte [62]
.text     C:\windows\Explorer.EXE[3208] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                    000000007750eecd 1 byte [62]
.text     C:\windows\system32	askeng.exe[3484] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                            000000007750eecd 1 byte [62]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3572] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                            000000007750eecd 1 byte [62]
.text     C:\Windows\System32undll32.exe[3580] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                           000000007750eecd 1 byte [62]
.text     C:\Program Files\Elantech\ETDCtrl.exe[3588] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                      000000007750eecd 1 byte [62]
.text     C:\Program Files (x86)\SFR\Kit\9props.exe[3600] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                  0000000076b8a30a 1 byte [62]
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[3788] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                            0000000076b8a30a 1 byte [62]
.text     C:\Program Files\AVAST Software\Avast\AvastUI.exe[3964] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                          0000000076b8a30a 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3984] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                             0000000076b8a30a 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3984] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                           0000000075c71465 2 bytes [C7, 75]
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3984] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                          0000000075c714bb 2 bytes [C7, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4040] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                              0000000076b8a30a 1 byte [62]
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4040] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69                            0000000075c71465 2 bytes [C7, 75]
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4040] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155                           0000000075c714bb 2 bytes [C7, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\windows\system32	askeng.exe[3632] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                            000000007750eecd 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4120] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112     0000000076b8a30a 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4120] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075c71465 2 bytes [C7, 75]
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4120] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000075c714bb 2 bytes [C7, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\windows\system32\SearchIndexer.exe[4264] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                      000000007750eecd 1 byte [62]
.text     C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4456] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                        0000000076b8a30a 1 byte [62]
.text     C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4456] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                      0000000075c71465 2 bytes [C7, 75]
.text     C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4456] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                     0000000075c714bb 2 bytes [C7, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files\Elantech\ETDCtrlHelper.exe[4640] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007750eecd 1 byte [62]
.text     C:\windows\system32\svchost.exe[4692] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                            000000007750eecd 1 byte [62]
.text     C:\windows\system32\svchost.exe[4744] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                            000000007750eecd 1 byte [62]
.text     C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4888] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                    0000000076b8a30a 1 byte [62]
.text     C:\windows\System32\svchost.exe[4628] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                            000000007750eecd 1 byte [62]
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[5168] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                         000000007750eecd 1 byte [62]
.text     C:\Program Files\Internet Explorer\iexplore.exe[6008] C:\windows\SYSTEM32
tdll.dll!LdrUnloadDll                                                       00000000776f3ae0 6 bytes {NOP ; JMP 0xffffffff88b1cc7c}
.text     C:\Program Files\Internet Explorer\iexplore.exe[6008] C:\windows\SYSTEM32
tdll.dll!LdrLoadDll                                                         00000000776f7a90 6 bytes {NOP ; JMP 0xffffffff88b18914}
.text     C:\Program Files\Internet Explorer\iexplore.exe[6008] C:\windows\SYSTEM32
tdll.dll!NtAllocateVirtualMemory                                            0000000077721490 6 bytes {NOP ; JMP 0xffffffff88aef684}
.text     C:\Program Files\Internet Explorer\iexplore.exe[6008] C:\windows\SYSTEM32
tdll.dll!NtFreeVirtualMemory                                                00000000777214f0 6 bytes {NOP ; JMP 0xffffffff88aef9dc}
.text     C:\Program Files\Internet Explorer\iexplore.exe[6008] C:\windows\SYSTEM32
tdll.dll!NtTerminateProcess                                                 00000000777215d0 6 bytes {NOP ; JMP 0xffffffff88af006c}
.text     C:\Program Files\Internet Explorer\iexplore.exe[6008] C:\windows\SYSTEM32
tdll.dll!NtProtectVirtualMemory                                             0000000077721810 6 bytes {NOP ; JMP 0xffffffff88aefa74}
.text     C:\Program Files\Internet Explorer\iexplore.exe[6008] C:\windows\SYSTEM32
tdll.dll!NtSetContextThread                                                 0000000077722840 6 bytes {NOP ; JMP 0xffffffff88aef1b4}
.text     C:\Program Files\Internet Explorer\iexplore.exe[6008] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                            000000007750eecd 1 byte [62]
.text     C:\Program Files\Internet Explorer\iexplore.exe[6008] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                         000007fefdc56e00 6 bytes {NOP ; JMP 0xffffffff8001afac}
.text     C:\Program Files\Internet Explorer\iexplore.exe[6008] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                             000007fefdc56f2c 6 bytes {NOP ; JMP 0xffffffff80019fa0}
.text     C:\Program Files\Internet Explorer\iexplore.exe[6008] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                             000007fefdc57220 6 bytes {NOP ; JMP 0xffffffff8001a064}
.text     C:\Program Files\Internet Explorer\iexplore.exe[6008] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                            000007fefdc5739c 6 bytes {NOP ; JMP 0xffffffff8001a2a0}
.text     C:\Program Files\Internet Explorer\iexplore.exe[6008] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                            000007fefdc57538 6 bytes {NOP ; JMP 0xffffffff8001a4bc}
.text     C:\Program Files\Internet Explorer\iexplore.exe[6008] C:\windows\SYSTEM32\sechost.dll!CreateServiceA                                                   000007fefdc575e8 6 bytes {NOP ; JMP 0xffffffff80018dbc}
.text     C:\Program Files\Internet Explorer\iexplore.exe[6008] C:\windows\SYSTEM32\sechost.dll!CreateServiceW                                                   000007fefdc5790c 6 bytes {NOP ; JMP 0xffffffff80018e50}
.text     C:\Program Files\Internet Explorer\iexplore.exe[6008] C:\windows\SYSTEM32\sechost.dll!DeleteService                                                    000007fefdc57ab4 6 bytes {NOP ; JMP 0xffffffff80019060}
.text     C:\windows\system32\DllHost.exe[4512] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                            000000007750eecd 1 byte [62]
.text     C:\windows\system32\DllHost.exe[4512] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                         000007fefdc56e00 5 bytes JMP 000007ff7dc71dac
.text     C:\windows\system32\DllHost.exe[4512] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                             000007fefdc56f2c 5 bytes JMP 000007ff7dc70ecc
.text     C:\windows\system32\DllHost.exe[4512] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                             000007fefdc57220 5 bytes JMP 000007ff7dc71284
.text     C:\windows\system32\DllHost.exe[4512] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                            000007fefdc5739c 5 bytes JMP 000007ff7dc7163c
.text     C:\windows\system32\DllHost.exe[4512] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                            000007fefdc57538 5 bytes JMP 000007ff7dc719f4
.text     C:\windows\system32\DllHost.exe[4512] C:\windows\SYSTEM32\sechost.dll!CreateServiceA                                                                   000007fefdc575e8 5 bytes JMP 000007ff7dc703a4
.text     C:\windows\system32\DllHost.exe[4512] C:\windows\SYSTEM32\sechost.dll!CreateServiceW                                                                   000007fefdc5790c 5 bytes JMP 000007ff7dc7075c
.text     C:\windows\system32\DllHost.exe[4512] C:\windows\SYSTEM32\sechost.dll!DeleteService                                                                    000007fefdc57ab4 5 bytes JMP 000007ff7dc70b14
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64
tdll.dll!NtAllocateVirtualMemory                                      00000000778cfaa0 5 bytes JMP 0000000100030600
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64
tdll.dll!NtSetInformationProcess                                      00000000778cfb08 5 bytes JMP 00000001076400f7
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64
tdll.dll!NtFreeVirtualMemory                                          00000000778cfb38 5 bytes JMP 0000000100030804
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64
tdll.dll!NtMapViewOfSection                                           00000000778cfc30 5 bytes JMP 000000010764003a
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64
tdll.dll!NtTerminateProcess                                           00000000778cfc90 5 bytes JMP 0000000100030c0c
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64
tdll.dll!NtProtectVirtualMemory                                       00000000778d0018 5 bytes JMP 0000000100030a08
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64
tdll.dll!NtSetContextThread                                           00000000778d1900 5 bytes JMP 0000000100030e10
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64
tdll.dll!LdrLoadDll                                                   00000000778ec45a 5 bytes JMP 00000001000301f8
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64
tdll.dll!LdrUnloadDll                                                 00000000778f1217 5 bytes JMP 00000001000303fc
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\KERNEL32.dll!CreateEventW + 19                                         0000000076b61851 4 bytes JMP 000000010764031c
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\KERNEL32.dll!VirtualAlloc                                              0000000076b61856 2 bytes {JMP 0xfffffffffffffffb}
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\KERNEL32.dll!CreateDirectoryW + 257                                    0000000076b64342 4 bytes JMP 00000001076403d2
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\KERNEL32.dll!VirtualProtect                                            0000000076b64347 2 bytes {JMP 0xfffffffffffffffb}
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\KERNEL32.dll!LoadLibraryA + 81                                         0000000076b64a10 4 bytes JMP 0000000107640488
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\KERNEL32.dll!HeapCreate                                                0000000076b64a15 2 bytes {JMP 0xfffffffffffffffb}
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\KERNEL32.dll!VirtualFreeEx + 19                                        0000000076b7d9c3 4 bytes JMP 00000001076401b0
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\KERNEL32.dll!WriteProcessMemory                                        0000000076b7d9c8 2 bytes {JMP 0xfffffffffffffffb}
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\KERNEL32.dll!ExpandEnvironmentStringsA + 92                            0000000076b7eb7d 4 bytes JMP 0000000107640266
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\KERNEL32.dll!SetProcessDEPPolicy                                       0000000076b7eb82 2 bytes {JMP 0xfffffffffffffffb}
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                      0000000076b8a30a 1 byte [62]
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                   00000000754f5181 5 bytes JMP 0000000100101014
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                       00000000754f5254 5 bytes JMP 0000000100100804
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                       00000000754f53d5 5 bytes JMP 0000000100100a08
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                      00000000754f54c2 5 bytes JMP 0000000100100c0c
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                      00000000754f55e2 5 bytes JMP 0000000100100e10
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64\sechost.dll!CreateServiceA                                             00000000754f567c 5 bytes JMP 00000001001001f8
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64\sechost.dll!CreateServiceW                                             00000000754f589f 5 bytes JMP 00000001001003fc
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64\sechost.dll!DeleteService                                              00000000754f5a22 3 bytes JMP 0000000100100600
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64\sechost.dll!DeleteService + 4                                          00000000754f5a26 1 byte [8A]
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\user32.DLL!SetWinEventHook                                             000000007552ee09 5 bytes JMP 00000001001101f8
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\user32.DLL!UnhookWinEvent                                              0000000075533982 5 bytes JMP 00000001001103fc
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\user32.DLL!SetWindowsHookExW                                           0000000075537603 5 bytes JMP 0000000100110804
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\user32.DLL!SetWindowsHookExA                                           000000007553835c 5 bytes JMP 0000000100110600
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\user32.DLL!UnhookWindowsHookEx                                         000000007554f52b 5 bytes JMP 0000000100110a08
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\ole32.DLL!CoGetClassObject                                             00000000773854ad 2 bytes {JMP 0xfffffffffffffffb}
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\ole32.DLL!CoCreateInstance + 62                                        0000000077399d49 4 bytes JMP 00000001076405f8
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\ole32.DLL!CoCreateInstanceEx                                           0000000077399d4e 2 bytes {JMP 0xfffffffffffffffb}
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\WININET.dll!HttpOpenRequestW                                           00000000758483dd 5 bytes JMP 000000016af34062
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\WININET.dll!HttpOpenRequestA                                           0000000075913595 5 bytes JMP 000000016af33efe
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\urlmon.dll!URLOpenStreamA + 170                                        0000000075ba54d7 7 bytes JMP 000000010764096a
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\urlmon.dll!URLDownloadToCacheFileA + 331                               0000000075ba5627 7 bytes JMP 0000000107640ad2
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\WS2_32.dll!closesocket                                                 0000000075363918 5 bytes JMP 000000016a0991d9
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\WS2_32.dll!socket                                                      0000000075363eb8 5 bytes JMP 000000016a09844e
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\WS2_32.dll!getaddrinfo                                                 0000000075364296 5 bytes JMP 000000016a09860e
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\WS2_32.dll!recv                                                        0000000075366b0e 5 bytes JMP 000000016a0994da
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\WS2_32.dll!connect                                                     0000000075366bdd 5 bytes JMP 000000016a0984de
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\WS2_32.dll!send                                                        0000000075366f01 5 bytes JMP 000000016a098ab2
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    0000000075c71465 2 bytes [C7, 75]
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                   0000000075c714bb 2 bytes [C7, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\windows\system32\igfxext.exe[4872] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                            000000007750eecd 1 byte [62]
.text     C:\windows\system32\igfxext.exe[4872] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                         000007fefdc56e00 5 bytes JMP 000007ff7dc71dac
.text     C:\windows\system32\igfxext.exe[4872] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                             000007fefdc56f2c 5 bytes JMP 000007ff7dc70ecc
.text     C:\windows\system32\igfxext.exe[4872] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                             000007fefdc57220 5 bytes JMP 000007ff7dc71284
.text     C:\windows\system32\igfxext.exe[4872] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                            000007fefdc5739c 5 bytes JMP 000007ff7dc7163c
.text     C:\windows\system32\igfxext.exe[4872] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                            000007fefdc57538 5 bytes JMP 000007ff7dc719f4
.text     C:\windows\system32\igfxext.exe[4872] C:\windows\SYSTEM32\sechost.dll!CreateServiceA                                                                   000007fefdc575e8 5 bytes JMP 000007ff7dc703a4
.text     C:\windows\system32\igfxext.exe[4872] C:\windows\SYSTEM32\sechost.dll!CreateServiceW                                                                   000007fefdc5790c 5 bytes JMP 000007ff7dc7075c
.text     C:\windows\system32\igfxext.exe[4872] C:\windows\SYSTEM32\sechost.dll!DeleteService                                                                    000007fefdc57ab4 5 bytes JMP 000007ff7dc70b14
.text     C:\windows\system32\igfxsrvc.exe[5248] C:\windows\SYSTEM32
tdll.dll!LdrUnloadDll                                                                      00000000776f3ae0 5 bytes JMP 000000010043075c
.text     C:\windows\system32\igfxsrvc.exe[5248] C:\windows\SYSTEM32
tdll.dll!LdrLoadDll                                                                        00000000776f7a90 5 bytes JMP 00000001004303a4
.text     C:\windows\system32\igfxsrvc.exe[5248] C:\windows\SYSTEM32
tdll.dll!NtAllocateVirtualMemory                                                           0000000077721490 5 bytes JMP 0000000100430b14
.text     C:\windows\system32\igfxsrvc.exe[5248] C:\windows\SYSTEM32
tdll.dll!NtFreeVirtualMemory                                                               00000000777214f0 5 bytes JMP 0000000100430ecc
.text     C:\windows\system32\igfxsrvc.exe[5248] C:\windows\SYSTEM32
tdll.dll!NtTerminateProcess                                                                00000000777215d0 5 bytes JMP 000000010043163c
.text     C:\windows\system32\igfxsrvc.exe[5248] C:\windows\SYSTEM32
tdll.dll!NtProtectVirtualMemory                                                            0000000077721810 5 bytes JMP 0000000100431284
.text     C:\windows\system32\igfxsrvc.exe[5248] C:\windows\SYSTEM32
tdll.dll!NtSetContextThread                                                                0000000077722840 5 bytes JMP 00000001004319f4
.text     C:\windows\system32\igfxsrvc.exe[5248] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                           000000007750eecd 1 byte [62]
.text     C:\windows\system32\igfxsrvc.exe[5248] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                        000007fefdc56e00 5 bytes JMP 000007ff7dc71dac
.text     C:\windows\system32\igfxsrvc.exe[5248] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                            000007fefdc56f2c 5 bytes JMP 000007ff7dc70ecc
.text     C:\windows\system32\igfxsrvc.exe[5248] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                            000007fefdc57220 5 bytes JMP 000007ff7dc71284
.text     C:\windows\system32\igfxsrvc.exe[5248] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                           000007fefdc5739c 5 bytes JMP 000007ff7dc7163c
.text     C:\windows\system32\igfxsrvc.exe[5248] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                           000007fefdc57538 5 bytes JMP 000007ff7dc719f4
.text     C:\windows\system32\igfxsrvc.exe[5248] C:\windows\SYSTEM32\sechost.dll!CreateServiceA                                                                  000007fefdc575e8 5 bytes JMP 000007ff7dc703a4
.text     C:\windows\system32\igfxsrvc.exe[5248] C:\windows\SYSTEM32\sechost.dll!CreateServiceW                                                                  000007fefdc5790c 5 bytes JMP 000007ff7dc7075c
.text     C:\windows\system32\igfxsrvc.exe[5248] C:\windows\SYSTEM32\sechost.dll!DeleteService                                                                   000007fefdc57ab4 5 bytes JMP 000007ff7dc70b14
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\SysWOW64
tdll.dll!NtAllocateVirtualMemory                             00000000778cfaa0 5 bytes JMP 0000000100030600
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\SysWOW64
tdll.dll!NtFreeVirtualMemory                                 00000000778cfb38 5 bytes JMP 0000000100030804
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\SysWOW64
tdll.dll!NtTerminateProcess                                  00000000778cfc90 5 bytes JMP 0000000100030c0c
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\SysWOW64
tdll.dll!NtProtectVirtualMemory                              00000000778d0018 5 bytes JMP 0000000100030a08
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\SysWOW64
tdll.dll!NtSetContextThread                                  00000000778d1900 5 bytes JMP 0000000100030e10
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\SysWOW64
tdll.dll!LdrLoadDll                                          00000000778ec45a 5 bytes JMP 00000001000301f8
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\SysWOW64
tdll.dll!LdrUnloadDll                                        00000000778f1217 5 bytes JMP 00000001000303fc
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                             0000000076b8a30a 1 byte [62]
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                          00000000754f5181 5 bytes JMP 0000000100091014
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA                              00000000754f5254 5 bytes JMP 0000000100090804
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW                              00000000754f53d5 5 bytes JMP 0000000100090a08
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                             00000000754f54c2 5 bytes JMP 0000000100090c0c
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                             00000000754f55e2 5 bytes JMP 0000000100090e10
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\SysWOW64\sechost.dll!CreateServiceA                                    00000000754f567c 5 bytes JMP 00000001000901f8
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\SysWOW64\sechost.dll!CreateServiceW                                    00000000754f589f 5 bytes JMP 00000001000903fc
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\SysWOW64\sechost.dll!DeleteService                                     00000000754f5a22 5 bytes JMP 0000000100090600
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\syswow64\USER32.dll!SetWinEventHook                                    000000007552ee09 5 bytes JMP 00000001000a01f8
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\syswow64\USER32.dll!UnhookWinEvent                                     0000000075533982 5 bytes JMP 00000001000a03fc
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\syswow64\USER32.dll!SetWindowsHookExW                                  0000000075537603 5 bytes JMP 00000001000a0804
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\syswow64\USER32.dll!SetWindowsHookExA                                  000000007553835c 5 bytes JMP 00000001000a0600
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx                                000000007554f52b 5 bytes JMP 00000001000a0a08
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                           0000000075c71465 2 bytes [C7, 75]
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                          0000000075c714bb 2 bytes [C7, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\SysWOW64
tdll.dll!NtAllocateVirtualMemory                             00000000778cfaa0 5 bytes JMP 0000000100030600
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\SysWOW64
tdll.dll!NtFreeVirtualMemory                                 00000000778cfb38 5 bytes JMP 0000000100030804
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\SysWOW64
tdll.dll!NtTerminateProcess                                  00000000778cfc90 5 bytes JMP 0000000100030c0c
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\SysWOW64
tdll.dll!NtProtectVirtualMemory                              00000000778d0018 5 bytes JMP 0000000100030a08
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\SysWOW64
tdll.dll!NtSetContextThread                                  00000000778d1900 5 bytes JMP 0000000100030e10
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\SysWOW64
tdll.dll!LdrLoadDll                                          00000000778ec45a 5 bytes JMP 00000001000301f8
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\SysWOW64
tdll.dll!LdrUnloadDll                                        00000000778f1217 5 bytes JMP 00000001000303fc
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                             0000000076b8a30a 1 byte [62]
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                          00000000754f5181 5 bytes JMP 0000000100091014
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA                              00000000754f5254 5 bytes JMP 0000000100090804
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW                              00000000754f53d5 5 bytes JMP 0000000100090a08
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                             00000000754f54c2 5 bytes JMP 0000000100090c0c
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                             00000000754f55e2 5 bytes JMP 0000000100090e10
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\SysWOW64\sechost.dll!CreateServiceA                                    00000000754f567c 5 bytes JMP 00000001000901f8
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\SysWOW64\sechost.dll!CreateServiceW                                    00000000754f589f 5 bytes JMP 00000001000903fc
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\SysWOW64\sechost.dll!DeleteService                                     00000000754f5a22 5 bytes JMP 0000000100090600
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\syswow64\USER32.dll!SetWinEventHook                                    000000007552ee09 5 bytes JMP 00000001000a01f8
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\syswow64\USER32.dll!UnhookWinEvent                                     0000000075533982 5 bytes JMP 00000001000a03fc
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\syswow64\USER32.dll!SetWindowsHookExW                                  0000000075537603 5 bytes JMP 00000001000a0804
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\syswow64\USER32.dll!SetWindowsHookExA                                  000000007553835c 5 bytes JMP 00000001000a0600
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx                                000000007554f52b 5 bytes JMP 00000001000a0a08
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                           0000000075c71465 2 bytes [C7, 75]
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                          0000000075c714bb 2 bytes [C7, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2344] C:\windows\SYSTEM32
tdll.dll!LdrUnloadDll                               00000000776f3ae0 5 bytes JMP 000000010021075c
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2344] C:\windows\SYSTEM32
tdll.dll!LdrLoadDll                                 00000000776f7a90 5 bytes JMP 00000001002103a4
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2344] C:\windows\SYSTEM32
tdll.dll!NtAllocateVirtualMemory                    0000000077721490 5 bytes JMP 0000000100210b14
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2344] C:\windows\SYSTEM32
tdll.dll!NtFreeVirtualMemory                        00000000777214f0 5 bytes JMP 0000000100210ecc
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2344] C:\windows\SYSTEM32
tdll.dll!NtTerminateProcess                         00000000777215d0 5 bytes JMP 000000010021163c
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2344] C:\windows\SYSTEM32
tdll.dll!NtProtectVirtualMemory                     0000000077721810 5 bytes JMP 0000000100211284
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2344] C:\windows\SYSTEM32
tdll.dll!NtSetContextThread                         0000000077722840 5 bytes JMP 00000001002119f4
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2344] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                    000000007750eecd 1 byte [62]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2344] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                 000007fefdc56e00 5 bytes JMP 000007ff7dc71dac
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2344] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                     000007fefdc56f2c 5 bytes JMP 000007ff7dc70ecc
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2344] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                     000007fefdc57220 5 bytes JMP 000007ff7dc71284
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2344] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                    000007fefdc5739c 5 bytes JMP 000007ff7dc7163c
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2344] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                    000007fefdc57538 5 bytes JMP 000007ff7dc719f4
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2344] C:\windows\SYSTEM32\sechost.dll!CreateServiceA                           000007fefdc575e8 5 bytes JMP 000007ff7dc703a4
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2344] C:\windows\SYSTEM32\sechost.dll!CreateServiceW                           000007fefdc5790c 5 bytes JMP 000007ff7dc7075c
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2344] C:\windows\SYSTEM32\sechost.dll!DeleteService                            000007fefdc57ab4 5 bytes JMP 000007ff7dc70b14
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2396] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                   000000007750eecd 1 byte [62]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2396] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                000007fefdc56e00 5 bytes JMP 000007ff7dc71dac
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2396] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                    000007fefdc56f2c 5 bytes JMP 000007ff7dc70ecc
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2396] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                    000007fefdc57220 5 bytes JMP 000007ff7dc71284
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2396] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                   000007fefdc5739c 5 bytes JMP 000007ff7dc7163c
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2396] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                   000007fefdc57538 5 bytes JMP 000007ff7dc719f4
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2396] C:\windows\SYSTEM32\sechost.dll!CreateServiceA                          000007fefdc575e8 5 bytes JMP 000007ff7dc703a4
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2396] C:\windows\SYSTEM32\sechost.dll!CreateServiceW                          000007fefdc5790c 5 bytes JMP 000007ff7dc7075c
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2396] C:\windows\SYSTEM32\sechost.dll!DeleteService                           000007fefdc57ab4 5 bytes JMP 000007ff7dc70b14
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\SysWOW64
tdll.dll!NtAllocateVirtualMemory                       00000000778cfaa0 5 bytes JMP 0000000100030600
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\SysWOW64
tdll.dll!NtFreeVirtualMemory                           00000000778cfb38 5 bytes JMP 0000000100030804
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\SysWOW64
tdll.dll!NtTerminateProcess                            00000000778cfc90 5 bytes JMP 0000000100030c0c
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\SysWOW64
tdll.dll!NtProtectVirtualMemory                        00000000778d0018 5 bytes JMP 0000000100030a08
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\SysWOW64
tdll.dll!NtSetContextThread                            00000000778d1900 5 bytes JMP 0000000100030e10
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\SysWOW64
tdll.dll!LdrLoadDll                                    00000000778ec45a 5 bytes JMP 00000001000301f8
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\SysWOW64
tdll.dll!LdrUnloadDll                                  00000000778f1217 5 bytes JMP 00000001000303fc
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                       0000000076b8a30a 1 byte [62]
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                    00000000754f5181 5 bytes JMP 0000000100141014
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA                        00000000754f5254 5 bytes JMP 0000000100140804
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW                        00000000754f53d5 5 bytes JMP 0000000100140a08
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                       00000000754f54c2 5 bytes JMP 0000000100140c0c
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                       00000000754f55e2 5 bytes JMP 0000000100140e10
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\SysWOW64\sechost.dll!CreateServiceA                              00000000754f567c 5 bytes JMP 00000001001401f8
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\SysWOW64\sechost.dll!CreateServiceW                              00000000754f589f 5 bytes JMP 00000001001403fc
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\SysWOW64\sechost.dll!DeleteService                               00000000754f5a22 5 bytes JMP 0000000100140600
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\syswow64\USER32.dll!SetWinEventHook                              000000007552ee09 5 bytes JMP 00000001001801f8
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\syswow64\USER32.dll!UnhookWinEvent                               0000000075533982 5 bytes JMP 00000001001803fc
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\syswow64\USER32.dll!SetWindowsHookExW                            0000000075537603 5 bytes JMP 0000000100180804
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\syswow64\USER32.dll!SetWindowsHookExA                            000000007553835c 5 bytes JMP 0000000100180600
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx                          000000007554f52b 5 bytes JMP 0000000100180a08
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\SysWOW64
tdll.dll!NtAllocateVirtualMemory                       00000000778cfaa0 5 bytes JMP 0000000100030600
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\SysWOW64
tdll.dll!NtFreeVirtualMemory                           00000000778cfb38 5 bytes JMP 0000000100030804
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\SysWOW64
tdll.dll!NtTerminateProcess                            00000000778cfc90 5 bytes JMP 0000000100030c0c
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\SysWOW64
tdll.dll!NtProtectVirtualMemory                        00000000778d0018 5 bytes JMP 0000000100030a08
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\SysWOW64
tdll.dll!NtSetContextThread                            00000000778d1900 5 bytes JMP 0000000100030e10
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\SysWOW64
tdll.dll!LdrLoadDll                                    00000000778ec45a 5 bytes JMP 00000001000301f8
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\SysWOW64
tdll.dll!LdrUnloadDll                                  00000000778f1217 5 bytes JMP 00000001000303fc
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                       0000000076b8a30a 1 byte [62]
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                    00000000754f5181 5 bytes JMP 0000000100101014
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA                        00000000754f5254 5 bytes JMP 0000000100100804
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW                        00000000754f53d5 5 bytes JMP 0000000100100a08
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                       00000000754f54c2 5 bytes JMP 0000000100100c0c
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                       00000000754f55e2 5 bytes JMP 0000000100100e10
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\SysWOW64\sechost.dll!CreateServiceA                              00000000754f567c 5 bytes JMP 00000001001001f8
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\SysWOW64\sechost.dll!CreateServiceW                              00000000754f589f 5 bytes JMP 00000001001003fc
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\SysWOW64\sechost.dll!DeleteService                               00000000754f5a22 3 bytes JMP 0000000100100600
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\SysWOW64\sechost.dll!DeleteService + 4                           00000000754f5a26 1 byte [8A]
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\syswow64\USER32.dll!SetWinEventHook                              000000007552ee09 5 bytes JMP 00000001001101f8
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\syswow64\USER32.dll!UnhookWinEvent                               0000000075533982 5 bytes JMP 00000001001103fc
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\syswow64\USER32.dll!SetWindowsHookExW                            0000000075537603 5 bytes JMP 0000000100110804
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\syswow64\USER32.dll!SetWindowsHookExA                            000000007553835c 5 bytes JMP 0000000100110600
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx                          000000007554f52b 5 bytes JMP 0000000100110a08
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\SysWOW64
tdll.dll!NtAllocateVirtualMemory                       00000000778cfaa0 5 bytes JMP 0000000100030600
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\SysWOW64
tdll.dll!NtFreeVirtualMemory                           00000000778cfb38 5 bytes JMP 0000000100030804
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\SysWOW64
tdll.dll!NtTerminateProcess                            00000000778cfc90 5 bytes JMP 0000000100030c0c
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\SysWOW64
tdll.dll!NtProtectVirtualMemory                        00000000778d0018 5 bytes JMP 0000000100030a08
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\SysWOW64
tdll.dll!NtSetContextThread                            00000000778d1900 5 bytes JMP 0000000100030e10
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\SysWOW64
tdll.dll!LdrLoadDll                                    00000000778ec45a 5 bytes JMP 00000001000301f8
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\SysWOW64
tdll.dll!LdrUnloadDll                                  00000000778f1217 5 bytes JMP 00000001000303fc
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                       0000000076b8a30a 1 byte [62]
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                    00000000754f5181 5 bytes JMP 0000000100101014
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA                        00000000754f5254 5 bytes JMP 0000000100100804
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW                        00000000754f53d5 5 bytes JMP 0000000100100a08
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                       00000000754f54c2 5 bytes JMP 0000000100100c0c
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                       00000000754f55e2 5 bytes JMP 0000000100100e10
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\SysWOW64\sechost.dll!CreateServiceA                              00000000754f567c 5 bytes JMP 00000001001001f8
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\SysWOW64\sechost.dll!CreateServiceW                              00000000754f589f 5 bytes JMP 00000001001003fc
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\SysWOW64\sechost.dll!DeleteService                               00000000754f5a22 3 bytes JMP 0000000100100600
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\SysWOW64\sechost.dll!DeleteService + 4                           00000000754f5a26 1 byte [8A]
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\syswow64\USER32.dll!SetWinEventHook                              000000007552ee09 5 bytes JMP 00000001001101f8
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\syswow64\USER32.dll!UnhookWinEvent                               0000000075533982 5 bytes JMP 00000001001103fc
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\syswow64\USER32.dll!SetWindowsHookExW                            0000000075537603 5 bytes JMP 0000000100110804
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\syswow64\USER32.dll!SetWindowsHookExA                            000000007553835c 5 bytes JMP 0000000100110600
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx                          000000007554f52b 5 bytes JMP 0000000100110a08
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6644] C:\windows\SysWOW64
tdll.dll!NtAllocateVirtualMemory                       00000000778cfaa0 5 bytes JMP 0000000100030600
.text     C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6644] C:\windows\SysWOW64
tdll.dll!NtFreeVirtualMemory                           00000000778cfb38 5 bytes JMP 0000000100030804
.text     C:\Program Fi

g3n-h@ckm@n · Answer

normal que t'aies des ecrans bleus

Norton
Avast

va falloir en choisir un

==

desinstalle spybot c'est de la crotte en barre

lioso · Answer

ok mais comment désinstaller norton?

g3n-h@ckm@n · Answer

avec ca :

https://support.norton.com/sp/fr/fr/home/current/solutions/v60392881

lioso · Answer

de plus je pense qu 'il y a eu une misa à jour window et ddepuis lorsque je vais sur internet c'est tout en anglais, comment désinstaller cette mise à jour

g3n-h@ckm@n · Answer

une chose après l autre occupe toi de norton avec le lien que je t'ai mis au dessus

lioso · Answer

ca y est c'est fait

g3n-h@ckm@n · Answer

Télécharge ici :OTL

&#9654 enregistre le sur ton Bureau.

si tu as XP => double clique
si tu as Vista ou windows 7 / 8 => clic droit "executer en tant que...." 

sur OTL.exe pour le lancer.

&#9654 => Clique ici pour voir la Configuration

&#9654 Copie et colle le contenu de ce qui suit en gras dans la partie inférieure d'OTL "Personnalisation"

HKCU\Software
HKLM\Software
HKCU\Software\Microsoft\Command Processor /s
HKLM\Software\Microsoft\Command Processor /s
%Homedrive%\*
%Homedrive%\*.
%Userprofile%\*
%Userprofile%\*.
%Allusersprofile%\*
%Allusersprofile%\*.
%LocalAppData%\*
%LocalAppData%\*.
%Userprofile%\Local Settings\Application Data\*
%Userprofile%\Local Settings\Application Data\*.
%programFiles%\*
%programFiles%\*.
%Systemroot%\Installer\*.
%Systemroot%\Temp\*.exe /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\system32\*.in*
%systemroot%\Tasks\*
%systemroot%\Tasks\*.
%systemroot%\system32\Tasks\*
%systemroot%\system32\Tasks\*.
%systemroot%\system32\drivers\*.sy* /lockedfiles
%systemroot%\system32\config\*.exe /s
%Systemroot%\ServiceProfiles\*.exe /s
%systemroot%\system32\*.sys
dir C:\ /S /A:L /C
msconfig
activex
/md5start
explorer.exe
winlogon.exe
wininit.exe
volsnap.sys
atapi.sys
ndis.sys
cdrom.sys
i8042prt.sys
iastor.sys
tdx.sys
netbt.sys
afd.sys
/md5stop
netsvcs
safebootminimal
safebootnetwork
CREATERESTOREPOINT  

&#9654 Clic sur Analyse.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\<Bureau ou Desktop>\OTL.txt)

&#9654&#9654&#9654 NE LE POSTE PAS SUR LE FORUM (il est trop long)

heberge OTL.txt et extra.txt sur https://www.cjoint.com/ et donne les liens

lioso · Answer

voici les liens

http://cjoint.com/?3GymYBrBwLa
http://cjoint.com/?3Gym0gJIVj0

g3n-h@ckm@n · Answer

quelques adwares

Télécharge et enregistre (lien direct) ADWCleaner sur ton bureau :

attends que la fenetre de confirmation de telechargement arrive

Lance le,(Pour vista/7/8 => clic droit "executer en tant qu'administrateur")

clique sur suppression et poste C:\Adwcleaner[Sx].txt

lioso · Answer

# AdwCleaner v2.306 - Rapport créé le 24/07/2013 à 20:27:25
# Mis à jour le 19/07/2013 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : lionel - LIONEL-PC
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\lionel\Downloads\AdwCleaner.exe
# Option [Suppression]


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Program Files (x86)\Savings Wave
Dossier Supprimé : C:\Users\lionel\AppData\Local\Bundled software uninstaller
Dossier Supprimé : C:\windows\Installer\{118D6CE9-5F18-42F9-958A-14676A629FDE}
Dossier Supprimé : C:\windows\SysWOW64\ARFC
Dossier Supprimé : C:\windows\SysWOW64\jmdp

***** [Registre] *****

Clé Supprimée : HKCU\Software\AppDataLow\Software\Savings Wave
Clé Supprimée : HKCU\Software\AppDataLow\Software\XingHaoLyrics
Clé Supprimée : HKCU\Software\BI
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}
Clé Supprimée : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Clé Supprimée : HKLM\Software\Classes\Installer\Features\9EC6D81181F59F2459A84176A626F9ED
Clé Supprimée : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Clé Supprimée : HKLM\Software\Classes\Installer\Products\9EC6D81181F59F2459A84176A626F9ED
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Savings Wave

***** [Navigateurs] *****

-\ Internet Explorer v10.0.9200.16635

[OK] Le registre ne contient aucune entrée illégitime.

-\ Chromium vnstall: 18002

Fichier : C:\Users\lionel\AppData\Local\Chromium\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [17568 octets] - [14/03/2013 21:56:14]
AdwCleaner[R2].txt - [28504 octets] - [25/03/2013 00:27:41]
AdwCleaner[R3].txt - [6558 octets] - [31/03/2013 21:29:38]
AdwCleaner[R4].txt - [1253 octets] - [02/04/2013 21:25:22]
AdwCleaner[S1].txt - [17530 octets] - [14/03/2013 21:56:59]
AdwCleaner[S2].txt - [29820 octets] - [25/03/2013 00:29:03]
AdwCleaner[S3].txt - [6568 octets] - [31/03/2013 21:30:11]
AdwCleaner[S4].txt - [1316 octets] - [02/04/2013 21:25:55]
AdwCleaner[S5].txt - [2772 octets] - [24/07/2013 20:27:25]

########## EOF - C:\AdwCleaner[S5].txt - [2832 octets] ##########

g3n-h@ckm@n · Answer

fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.


&#9654 Télécharge ici :

Malwarebytes  

&#9654 Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

&#9654 Lance Malwarebyte's .

Fais un examen dit "Complet" .

&#9654 Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
&#9654 à la fin tu cliques sur "résultat" .
&#9654 Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

&#9654 Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


&#9654 Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

lioso · Answer

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2013.07.24.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
lionel :: LIONEL-PC [administrateur]

24/07/2013 20:52:23
mbam-log-2013-07-24 (20-52-23).txt

Type d'examen: Examen complet (C:\|D:\|E:\|F:\|Q:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 403907
Temps écoulé: 1 heure(s), 7 minute(s), 32 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)

g3n-h@ckm@n · Answer

bien des soucis persistent ?

lioso · Answer

non, juste la mise à jour window

g3n-h@ckm@n · Answer

^tu as pas souvenir de son nom ?

lioso · Answer

non mais maintenant j'ai ma barre d'outil en anglais

g3n-h@ckm@n · Answer

barre d'outils ?

lioso · Answer

enfin la ou il y a normalement fichier, favoris, aide etc...

g3n-h@ckm@n · Answer

le menu démarrer tu veux dire ?

lioso · Answer

non quand je vais sur internet, la barre où normalement on a fichier, edition, favori etc..

g3n-h@ckm@n · Answer

sur quel navigateur ?

lioso · Answer

bing

g3n-h@ckm@n · Answer

c'est pas un navigateur ca

lioso · Answer

internet explorer

g3n-h@ckm@n · Answer

demarrer /programmes/windows update regarde si tu as pas une mise à jour pour modules linguistiques pour internet explorer 10 sur windows 7

lioso · Answer

oui je l'ai

g3n-h@ckm@n · Answer

installe toutes les mises à jour prioritaires (elle doit en faire partie)

lioso · Answer

non ele est facultative

g3n-h@ckm@n · Answer

installe-la quand meme

lioso · Answer

ok c'est fait

g3n-h@ckm@n · Answer

redemarre et vois

lioso · Answer

nickel, merçi

g3n-h@ckm@n · Answer

je pense qu'on peut faire le menage si plus rien ne te gène ? lol !

lioso · Answer

oui avec plaisir

g3n-h@ckm@n · Answer

le ménage :

https://forums-fec.be/entraide/viewtopic.php?f=11&t=229

lioso · Answer

ok c'est bon

g3n-h@ckm@n · Answer

ok ben bonne route alors si tout est bon :)

lioso · Answer

merçi

lioso · Answer

Mauvaise nouvelle, j'ai toujours l'écran bleu, j'ai remarqué que mon portable planté quand il se met en veille.

g3n-h@ckm@n · Answer

desinstalle ta carte graphique

lioso · Answer

comment on fait deja

g3n-h@ckm@n · Answer

panneau de configuration , gestionnaire de peripherique , carte graphique , clic droit , desinstaller

lioso · Answer

j'en ai 2, je desinstalle les 2?

g3n-h@ckm@n · Answer

c'est quoi ?

lioso · Answer

intel(R) HD Graphics Family et NVIDIA GeForce GT 520MX

g3n-h@ckm@n · Answer

tu as eu une mise à jour recemment de ta carte nvidia ?

lioso · Answer

je sais pas.

g3n-h@ckm@n · Answer

comment ca tu sais pas ? tu ne sais pas ce qui se passe dans ton pc ??????

lioso · Answer

je sais pas, j'ai rien fait avec ma carte graphique je pense

g3n-h@ckm@n · Answer

desinstalle nvidia tu reinstalleras au pire

essaie de laisser ton pc partir en veille ensuite voir si l'ecran bleu est toujours là

Ecran bleu

59 réponses

Discussions similaires