Ecran bleu

Résolu
lioso -  
g3n-h@ckm@n Messages postés 14350 Statut Membre -
Bonjour,

Depuis quelque temps, j'ai un écran bleu qui apparaît me disant windows a rencontré un probleme etc... J'ai pas le temps de tout lire.
Pouvez vous m'aider.
Merçi d'avane de vos conseils

59 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Un écran bleu apparaît sur Windows 7 avec Internet Explorer 10 et un message indiquant que Windows a rencontré un problème, ce qui empêche de lire rapidement les détails de l’erreur.
Plusieurs conseils préconisent de lancer Windows Update et de rechercher une mise à jour, notamment pour des modules linguistiques liées à IE10 sur Windows 7.
D'autres proposent d’exécuter le programme en tant qu’administrateur, puis d’envisager la désinstallation de Norton ou la désinstallation/recherche de problèmes liés au pilote Nvidia.
En cas d’échec des premières mesures, la vérification de Norton ou des pilotes Nvidia peut être affinée par un outil de diagnostic et par une mise en veille prolongée pour observer si l’écran bleu réapparaît.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. g3n-h@ckm@n Messages postés 14350 Statut Membre 949
     
    salut

    Télécharge ici : Blue screen View
    Décompresse l'archive sur ton Bureau.
    Double clique sur le fichier BlueScreenView.exe pour le lancer. (Clic droit Executer en tant qu'administrateur sous Vista/Seven)

    A la fin du scan, , clique sur Edit puis Select All.
    Puis Go File et Save Selected Items.
    Sauve le rapport sous BSOD.txt.
    Ouvre BSOD.txt dans le Bloc-notes, copie son contenu et poste le dans ta réponse.
    0
  2. lioso
     
    Merçi de ta reponse rapide, mais je l'ai télécharger mais rien ne se passe.
    0
  3. g3n-h@ckm@n Messages postés 14350 Statut Membre 949
     
    bah faut l 'executer.....
    0
  4. lioso
     
    oui c'est ce que j'ai fait, mais rien, en bas il y a écrit 0 crashes
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. g3n-h@ckm@n Messages postés 14350 Statut Membre 949
     
    tu l'executes bien avec le clic droit "executer en tant qu'administrateur" ?
    0
  7. g3n-h@ckm@n Messages postés 14350 Statut Membre 949
     
    ▶ Télécharge : Gmer clique sur "Download EXE" et enregistre-le sur ton bureau

    Desactive toutes tes protections : https://forum.pcastuces.com/default.asp

    Pour XP => double clique sur gmer.exe
    Pour Vista et 7 => clique droit "executer en tant que...."

    ▶ clique sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.

    ▶ Les lignes rouges indiquent la presence d'un rootkit.

    Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)

    ensuite :

    fais bien attention que toutes les cases à droites soient cochées , puis clique sur scan

    j'attends donc deux rapports hébergés

    0
  8. lioso
     
    Toute les case cochées c'est aussi C:/, Q:/, D:/ ?
    C'est ça pour le 2éme rapport?
    0
  9. lioso
     
    Voici le 1er rapport

    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-07-23 18:53:59
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST500LM0 rev.2AR1 465,76GB
    Running: jqg03vm6.exe; Driver: C:\Users\lionel\AppData\Local\Temp\uwdirpog.sys

    ---- Kernel code sections - GMER 2.1 ----

    INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800031ee000 64 bytes [00, 00, 13, 0A, 49, 72, 70, ...]
    INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 626 fffff800031ee042 4 bytes [00, 00, 00, 00]

    ---- User code sections - GMER 2.1 ----

    .text C:\windows\system32\wininit.exe[704] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\windows\system32\services.exe[772] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\windows\system32\lsass.exe[780] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\windows\system32\winlogon.exe[852] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\windows\system32\svchost.exe[936] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\windows\system32\nvvsvc.exe[1020] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\windows\system32\svchost.exe[360] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\windows\System32\svchost.exe[560] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\windows\System32\svchost.exe[716] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\windows\system32\svchost.exe[536] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\windows\system32\svchost.exe[1044] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\windows\system32\AUDIODG.EXE[1112] C:\windows\System32\kernel32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\windows\system32\svchost.exe[1240] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\windows\System32\spoolsv.exe[1512] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\windows\system32\svchost.exe[1564] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1848] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076b8a30a 1 byte [62]
    .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1872] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1952] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076b8a30a 1 byte [62]
    .text C:\windows\system32\svchost.exe[1996] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2032] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe[1224] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076b8a30a 1 byte [62]
    .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2064] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076b8a30a 1 byte [62]
    .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2096] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076b8a30a 1 byte [62]
    .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2096] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075c71465 2 bytes [C7, 75]
    .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2096] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075c714bb 2 bytes [C7, 75]
    .text ... * 2
    .text C:\Program Files (x86)\SFR\Gestionnaire de Connexion\SFR.DashBoard.Service.exe[2232] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076b8a30a 1 byte [62]
    .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[2348] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\windows\system32\nvvsvc.exe[2360] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2716] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076b8a30a 1 byte [62]
    .text C:\windows\system32\svchost.exe[2780] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[2836] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076b8a30a 1 byte [62]
    .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[2936] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076b8a30a 1 byte [62]
    .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2288] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076b8a30a 1 byte [62]
    .text C:\windows\system32\taskhost.exe[2520] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe[2896] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076b8a30a 1 byte [62]
    .text C:\windows\system32\Dwm.exe[3180] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\windows\Explorer.EXE[3208] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\windows\system32\taskeng.exe[3484] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3572] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\Windows\System32\rundll32.exe[3580] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\Program Files\Elantech\ETDCtrl.exe[3588] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\Program Files (x86)\SFR\Kit\9props.exe[3600] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076b8a30a 1 byte [62]
    .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[3788] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076b8a30a 1 byte [62]
    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3964] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076b8a30a 1 byte [62]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3984] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076b8a30a 1 byte [62]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3984] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075c71465 2 bytes [C7, 75]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3984] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075c714bb 2 bytes [C7, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4040] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076b8a30a 1 byte [62]
    .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4040] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075c71465 2 bytes [C7, 75]
    .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4040] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075c714bb 2 bytes [C7, 75]
    .text ... * 2
    .text C:\windows\system32\taskeng.exe[3632] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4120] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076b8a30a 1 byte [62]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4120] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075c71465 2 bytes [C7, 75]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4120] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075c714bb 2 bytes [C7, 75]
    .text ... * 2
    .text C:\windows\system32\SearchIndexer.exe[4264] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4456] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076b8a30a 1 byte [62]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4456] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075c71465 2 bytes [C7, 75]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4456] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075c714bb 2 bytes [C7, 75]
    .text ... * 2
    .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4640] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\windows\system32\svchost.exe[4692] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\windows\system32\svchost.exe[4744] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4888] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076b8a30a 1 byte [62]
    .text C:\windows\System32\svchost.exe[4628] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5168] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\Program Files\Internet Explorer\iexplore.exe[6008] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776f3ae0 6 bytes {NOP ; JMP 0xffffffff88b1cc7c}
    .text C:\Program Files\Internet Explorer\iexplore.exe[6008] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776f7a90 6 bytes {NOP ; JMP 0xffffffff88b18914}
    .text C:\Program Files\Internet Explorer\iexplore.exe[6008] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077721490 6 bytes {NOP ; JMP 0xffffffff88aef684}
    .text C:\Program Files\Internet Explorer\iexplore.exe[6008] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777214f0 6 bytes {NOP ; JMP 0xffffffff88aef9dc}
    .text C:\Program Files\Internet Explorer\iexplore.exe[6008] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777215d0 6 bytes {NOP ; JMP 0xffffffff88af006c}
    .text C:\Program Files\Internet Explorer\iexplore.exe[6008] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077721810 6 bytes {NOP ; JMP 0xffffffff88aefa74}
    .text C:\Program Files\Internet Explorer\iexplore.exe[6008] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077722840 6 bytes {NOP ; JMP 0xffffffff88aef1b4}
    .text C:\Program Files\Internet Explorer\iexplore.exe[6008] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\Program Files\Internet Explorer\iexplore.exe[6008] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefdc56e00 6 bytes {NOP ; JMP 0xffffffff8001afac}
    .text C:\Program Files\Internet Explorer\iexplore.exe[6008] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefdc56f2c 6 bytes {NOP ; JMP 0xffffffff80019fa0}
    .text C:\Program Files\Internet Explorer\iexplore.exe[6008] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefdc57220 6 bytes {NOP ; JMP 0xffffffff8001a064}
    .text C:\Program Files\Internet Explorer\iexplore.exe[6008] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefdc5739c 6 bytes {NOP ; JMP 0xffffffff8001a2a0}
    .text C:\Program Files\Internet Explorer\iexplore.exe[6008] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefdc57538 6 bytes {NOP ; JMP 0xffffffff8001a4bc}
    .text C:\Program Files\Internet Explorer\iexplore.exe[6008] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdc575e8 6 bytes {NOP ; JMP 0xffffffff80018dbc}
    .text C:\Program Files\Internet Explorer\iexplore.exe[6008] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdc5790c 6 bytes {NOP ; JMP 0xffffffff80018e50}
    .text C:\Program Files\Internet Explorer\iexplore.exe[6008] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007fefdc57ab4 6 bytes {NOP ; JMP 0xffffffff80019060}
    .text C:\windows\system32\DllHost.exe[4512] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\windows\system32\DllHost.exe[4512] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefdc56e00 5 bytes JMP 000007ff7dc71dac
    .text C:\windows\system32\DllHost.exe[4512] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefdc56f2c 5 bytes JMP 000007ff7dc70ecc
    .text C:\windows\system32\DllHost.exe[4512] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefdc57220 5 bytes JMP 000007ff7dc71284
    .text C:\windows\system32\DllHost.exe[4512] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefdc5739c 5 bytes JMP 000007ff7dc7163c
    .text C:\windows\system32\DllHost.exe[4512] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefdc57538 5 bytes JMP 000007ff7dc719f4
    .text C:\windows\system32\DllHost.exe[4512] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdc575e8 5 bytes JMP 000007ff7dc703a4
    .text C:\windows\system32\DllHost.exe[4512] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdc5790c 5 bytes JMP 000007ff7dc7075c
    .text C:\windows\system32\DllHost.exe[4512] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007fefdc57ab4 5 bytes JMP 000007ff7dc70b14
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000778cfaa0 5 bytes JMP 0000000100030600
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000778cfb08 5 bytes JMP 00000001076400f7
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000778cfb38 5 bytes JMP 0000000100030804
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000778cfc30 5 bytes JMP 000000010764003a
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778cfc90 5 bytes JMP 0000000100030c0c
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778d0018 5 bytes JMP 0000000100030a08
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778d1900 5 bytes JMP 0000000100030e10
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000778ec45a 5 bytes JMP 00000001000301f8
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000778f1217 5 bytes JMP 00000001000303fc
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\KERNEL32.dll!CreateEventW + 19 0000000076b61851 4 bytes JMP 000000010764031c
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\KERNEL32.dll!VirtualAlloc 0000000076b61856 2 bytes {JMP 0xfffffffffffffffb}
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\KERNEL32.dll!CreateDirectoryW + 257 0000000076b64342 4 bytes JMP 00000001076403d2
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\KERNEL32.dll!VirtualProtect 0000000076b64347 2 bytes {JMP 0xfffffffffffffffb}
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\KERNEL32.dll!LoadLibraryA + 81 0000000076b64a10 4 bytes JMP 0000000107640488
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\KERNEL32.dll!HeapCreate 0000000076b64a15 2 bytes {JMP 0xfffffffffffffffb}
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\KERNEL32.dll!VirtualFreeEx + 19 0000000076b7d9c3 4 bytes JMP 00000001076401b0
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\KERNEL32.dll!WriteProcessMemory 0000000076b7d9c8 2 bytes {JMP 0xfffffffffffffffb}
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\KERNEL32.dll!ExpandEnvironmentStringsA + 92 0000000076b7eb7d 4 bytes JMP 0000000107640266
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\KERNEL32.dll!SetProcessDEPPolicy 0000000076b7eb82 2 bytes {JMP 0xfffffffffffffffb}
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076b8a30a 1 byte [62]
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000754f5181 5 bytes JMP 0000000100101014
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000754f5254 5 bytes JMP 0000000100100804
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754f53d5 5 bytes JMP 0000000100100a08
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754f54c2 5 bytes JMP 0000000100100c0c
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754f55e2 5 bytes JMP 0000000100100e10
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64\sechost.dll!CreateServiceA 00000000754f567c 5 bytes JMP 00000001001001f8
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64\sechost.dll!CreateServiceW 00000000754f589f 5 bytes JMP 00000001001003fc
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64\sechost.dll!DeleteService 00000000754f5a22 3 bytes JMP 0000000100100600
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\SysWOW64\sechost.dll!DeleteService + 4 00000000754f5a26 1 byte [8A]
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\user32.DLL!SetWinEventHook 000000007552ee09 5 bytes JMP 00000001001101f8
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\user32.DLL!UnhookWinEvent 0000000075533982 5 bytes JMP 00000001001103fc
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\user32.DLL!SetWindowsHookExW 0000000075537603 5 bytes JMP 0000000100110804
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\user32.DLL!SetWindowsHookExA 000000007553835c 5 bytes JMP 0000000100110600
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\user32.DLL!UnhookWindowsHookEx 000000007554f52b 5 bytes JMP 0000000100110a08
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\ole32.DLL!CoGetClassObject 00000000773854ad 2 bytes {JMP 0xfffffffffffffffb}
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\ole32.DLL!CoCreateInstance + 62 0000000077399d49 4 bytes JMP 00000001076405f8
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\ole32.DLL!CoCreateInstanceEx 0000000077399d4e 2 bytes {JMP 0xfffffffffffffffb}
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\WININET.dll!HttpOpenRequestW 00000000758483dd 5 bytes JMP 000000016af34062
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\WININET.dll!HttpOpenRequestA 0000000075913595 5 bytes JMP 000000016af33efe
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\urlmon.dll!URLOpenStreamA + 170 0000000075ba54d7 7 bytes JMP 000000010764096a
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\urlmon.dll!URLDownloadToCacheFileA + 331 0000000075ba5627 7 bytes JMP 0000000107640ad2
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\WS2_32.dll!closesocket 0000000075363918 5 bytes JMP 000000016a0991d9
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\WS2_32.dll!socket 0000000075363eb8 5 bytes JMP 000000016a09844e
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\WS2_32.dll!getaddrinfo 0000000075364296 5 bytes JMP 000000016a09860e
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\WS2_32.dll!recv 0000000075366b0e 5 bytes JMP 000000016a0994da
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\WS2_32.dll!connect 0000000075366bdd 5 bytes JMP 000000016a0984de
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\WS2_32.dll!send 0000000075366f01 5 bytes JMP 000000016a098ab2
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075c71465 2 bytes [C7, 75]
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2648] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075c714bb 2 bytes [C7, 75]
    .text ... * 2
    .text C:\windows\system32\igfxext.exe[4872] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\windows\system32\igfxext.exe[4872] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefdc56e00 5 bytes JMP 000007ff7dc71dac
    .text C:\windows\system32\igfxext.exe[4872] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefdc56f2c 5 bytes JMP 000007ff7dc70ecc
    .text C:\windows\system32\igfxext.exe[4872] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefdc57220 5 bytes JMP 000007ff7dc71284
    .text C:\windows\system32\igfxext.exe[4872] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefdc5739c 5 bytes JMP 000007ff7dc7163c
    .text C:\windows\system32\igfxext.exe[4872] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefdc57538 5 bytes JMP 000007ff7dc719f4
    .text C:\windows\system32\igfxext.exe[4872] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdc575e8 5 bytes JMP 000007ff7dc703a4
    .text C:\windows\system32\igfxext.exe[4872] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdc5790c 5 bytes JMP 000007ff7dc7075c
    .text C:\windows\system32\igfxext.exe[4872] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007fefdc57ab4 5 bytes JMP 000007ff7dc70b14
    .text C:\windows\system32\igfxsrvc.exe[5248] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776f3ae0 5 bytes JMP 000000010043075c
    .text C:\windows\system32\igfxsrvc.exe[5248] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776f7a90 5 bytes JMP 00000001004303a4
    .text C:\windows\system32\igfxsrvc.exe[5248] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077721490 5 bytes JMP 0000000100430b14
    .text C:\windows\system32\igfxsrvc.exe[5248] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777214f0 5 bytes JMP 0000000100430ecc
    .text C:\windows\system32\igfxsrvc.exe[5248] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777215d0 5 bytes JMP 000000010043163c
    .text C:\windows\system32\igfxsrvc.exe[5248] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077721810 5 bytes JMP 0000000100431284
    .text C:\windows\system32\igfxsrvc.exe[5248] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077722840 5 bytes JMP 00000001004319f4
    .text C:\windows\system32\igfxsrvc.exe[5248] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\windows\system32\igfxsrvc.exe[5248] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefdc56e00 5 bytes JMP 000007ff7dc71dac
    .text C:\windows\system32\igfxsrvc.exe[5248] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefdc56f2c 5 bytes JMP 000007ff7dc70ecc
    .text C:\windows\system32\igfxsrvc.exe[5248] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefdc57220 5 bytes JMP 000007ff7dc71284
    .text C:\windows\system32\igfxsrvc.exe[5248] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefdc5739c 5 bytes JMP 000007ff7dc7163c
    .text C:\windows\system32\igfxsrvc.exe[5248] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefdc57538 5 bytes JMP 000007ff7dc719f4
    .text C:\windows\system32\igfxsrvc.exe[5248] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdc575e8 5 bytes JMP 000007ff7dc703a4
    .text C:\windows\system32\igfxsrvc.exe[5248] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdc5790c 5 bytes JMP 000007ff7dc7075c
    .text C:\windows\system32\igfxsrvc.exe[5248] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007fefdc57ab4 5 bytes JMP 000007ff7dc70b14
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000778cfaa0 5 bytes JMP 0000000100030600
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000778cfb38 5 bytes JMP 0000000100030804
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778cfc90 5 bytes JMP 0000000100030c0c
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778d0018 5 bytes JMP 0000000100030a08
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778d1900 5 bytes JMP 0000000100030e10
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000778ec45a 5 bytes JMP 00000001000301f8
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000778f1217 5 bytes JMP 00000001000303fc
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076b8a30a 1 byte [62]
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000754f5181 5 bytes JMP 0000000100091014
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000754f5254 5 bytes JMP 0000000100090804
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754f53d5 5 bytes JMP 0000000100090a08
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754f54c2 5 bytes JMP 0000000100090c0c
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754f55e2 5 bytes JMP 0000000100090e10
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\SysWOW64\sechost.dll!CreateServiceA 00000000754f567c 5 bytes JMP 00000001000901f8
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\SysWOW64\sechost.dll!CreateServiceW 00000000754f589f 5 bytes JMP 00000001000903fc
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\SysWOW64\sechost.dll!DeleteService 00000000754f5a22 5 bytes JMP 0000000100090600
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007552ee09 5 bytes JMP 00000001000a01f8
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\syswow64\USER32.dll!UnhookWinEvent 0000000075533982 5 bytes JMP 00000001000a03fc
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075537603 5 bytes JMP 00000001000a0804
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007553835c 5 bytes JMP 00000001000a0600
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007554f52b 5 bytes JMP 00000001000a0a08
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075c71465 2 bytes [C7, 75]
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[1408] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075c714bb 2 bytes [C7, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000778cfaa0 5 bytes JMP 0000000100030600
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000778cfb38 5 bytes JMP 0000000100030804
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778cfc90 5 bytes JMP 0000000100030c0c
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778d0018 5 bytes JMP 0000000100030a08
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778d1900 5 bytes JMP 0000000100030e10
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000778ec45a 5 bytes JMP 00000001000301f8
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000778f1217 5 bytes JMP 00000001000303fc
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076b8a30a 1 byte [62]
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000754f5181 5 bytes JMP 0000000100091014
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000754f5254 5 bytes JMP 0000000100090804
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754f53d5 5 bytes JMP 0000000100090a08
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754f54c2 5 bytes JMP 0000000100090c0c
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754f55e2 5 bytes JMP 0000000100090e10
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\SysWOW64\sechost.dll!CreateServiceA 00000000754f567c 5 bytes JMP 00000001000901f8
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\SysWOW64\sechost.dll!CreateServiceW 00000000754f589f 5 bytes JMP 00000001000903fc
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\SysWOW64\sechost.dll!DeleteService 00000000754f5a22 5 bytes JMP 0000000100090600
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007552ee09 5 bytes JMP 00000001000a01f8
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\syswow64\USER32.dll!UnhookWinEvent 0000000075533982 5 bytes JMP 00000001000a03fc
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075537603 5 bytes JMP 00000001000a0804
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007553835c 5 bytes JMP 00000001000a0600
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007554f52b 5 bytes JMP 00000001000a0a08
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075c71465 2 bytes [C7, 75]
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[5256] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075c714bb 2 bytes [C7, 75]
    .text ... * 2
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2344] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776f3ae0 5 bytes JMP 000000010021075c
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2344] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776f7a90 5 bytes JMP 00000001002103a4
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2344] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077721490 5 bytes JMP 0000000100210b14
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2344] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777214f0 5 bytes JMP 0000000100210ecc
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2344] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777215d0 5 bytes JMP 000000010021163c
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2344] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077721810 5 bytes JMP 0000000100211284
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2344] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077722840 5 bytes JMP 00000001002119f4
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2344] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2344] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefdc56e00 5 bytes JMP 000007ff7dc71dac
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2344] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefdc56f2c 5 bytes JMP 000007ff7dc70ecc
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2344] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefdc57220 5 bytes JMP 000007ff7dc71284
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2344] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefdc5739c 5 bytes JMP 000007ff7dc7163c
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2344] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefdc57538 5 bytes JMP 000007ff7dc719f4
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2344] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdc575e8 5 bytes JMP 000007ff7dc703a4
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2344] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdc5790c 5 bytes JMP 000007ff7dc7075c
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2344] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007fefdc57ab4 5 bytes JMP 000007ff7dc70b14
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2396] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007750eecd 1 byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2396] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefdc56e00 5 bytes JMP 000007ff7dc71dac
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2396] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefdc56f2c 5 bytes JMP 000007ff7dc70ecc
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2396] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefdc57220 5 bytes JMP 000007ff7dc71284
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2396] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefdc5739c 5 bytes JMP 000007ff7dc7163c
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2396] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefdc57538 5 bytes JMP 000007ff7dc719f4
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2396] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdc575e8 5 bytes JMP 000007ff7dc703a4
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2396] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdc5790c 5 bytes JMP 000007ff7dc7075c
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2396] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007fefdc57ab4 5 bytes JMP 000007ff7dc70b14
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000778cfaa0 5 bytes JMP 0000000100030600
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000778cfb38 5 bytes JMP 0000000100030804
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778cfc90 5 bytes JMP 0000000100030c0c
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778d0018 5 bytes JMP 0000000100030a08
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778d1900 5 bytes JMP 0000000100030e10
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000778ec45a 5 bytes JMP 00000001000301f8
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000778f1217 5 bytes JMP 00000001000303fc
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076b8a30a 1 byte [62]
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000754f5181 5 bytes JMP 0000000100141014
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000754f5254 5 bytes JMP 0000000100140804
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754f53d5 5 bytes JMP 0000000100140a08
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754f54c2 5 bytes JMP 0000000100140c0c
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754f55e2 5 bytes JMP 0000000100140e10
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\SysWOW64\sechost.dll!CreateServiceA 00000000754f567c 5 bytes JMP 00000001001401f8
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\SysWOW64\sechost.dll!CreateServiceW 00000000754f589f 5 bytes JMP 00000001001403fc
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\SysWOW64\sechost.dll!DeleteService 00000000754f5a22 5 bytes JMP 0000000100140600
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007552ee09 5 bytes JMP 00000001001801f8
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\syswow64\USER32.dll!UnhookWinEvent 0000000075533982 5 bytes JMP 00000001001803fc
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075537603 5 bytes JMP 0000000100180804
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007553835c 5 bytes JMP 0000000100180600
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6368] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007554f52b 5 bytes JMP 0000000100180a08
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000778cfaa0 5 bytes JMP 0000000100030600
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000778cfb38 5 bytes JMP 0000000100030804
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778cfc90 5 bytes JMP 0000000100030c0c
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778d0018 5 bytes JMP 0000000100030a08
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778d1900 5 bytes JMP 0000000100030e10
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000778ec45a 5 bytes JMP 00000001000301f8
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000778f1217 5 bytes JMP 00000001000303fc
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076b8a30a 1 byte [62]
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000754f5181 5 bytes JMP 0000000100101014
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000754f5254 5 bytes JMP 0000000100100804
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754f53d5 5 bytes JMP 0000000100100a08
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754f54c2 5 bytes JMP 0000000100100c0c
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754f55e2 5 bytes JMP 0000000100100e10
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\SysWOW64\sechost.dll!CreateServiceA 00000000754f567c 5 bytes JMP 00000001001001f8
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\SysWOW64\sechost.dll!CreateServiceW 00000000754f589f 5 bytes JMP 00000001001003fc
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\SysWOW64\sechost.dll!DeleteService 00000000754f5a22 3 bytes JMP 0000000100100600
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\SysWOW64\sechost.dll!DeleteService + 4 00000000754f5a26 1 byte [8A]
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007552ee09 5 bytes JMP 00000001001101f8
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\syswow64\USER32.dll!UnhookWinEvent 0000000075533982 5 bytes JMP 00000001001103fc
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075537603 5 bytes JMP 0000000100110804
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007553835c 5 bytes JMP 0000000100110600
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6452] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007554f52b 5 bytes JMP 0000000100110a08
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000778cfaa0 5 bytes JMP 0000000100030600
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000778cfb38 5 bytes JMP 0000000100030804
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778cfc90 5 bytes JMP 0000000100030c0c
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778d0018 5 bytes JMP 0000000100030a08
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778d1900 5 bytes JMP 0000000100030e10
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000778ec45a 5 bytes JMP 00000001000301f8
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000778f1217 5 bytes JMP 00000001000303fc
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076b8a30a 1 byte [62]
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000754f5181 5 bytes JMP 0000000100101014
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000754f5254 5 bytes JMP 0000000100100804
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000754f53d5 5 bytes JMP 0000000100100a08
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000754f54c2 5 bytes JMP 0000000100100c0c
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000754f55e2 5 bytes JMP 0000000100100e10
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\SysWOW64\sechost.dll!CreateServiceA 00000000754f567c 5 bytes JMP 00000001001001f8
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\SysWOW64\sechost.dll!CreateServiceW 00000000754f589f 5 bytes JMP 00000001001003fc
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\SysWOW64\sechost.dll!DeleteService 00000000754f5a22 3 bytes JMP 0000000100100600
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\SysWOW64\sechost.dll!DeleteService + 4 00000000754f5a26 1 byte [8A]
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007552ee09 5 bytes JMP 00000001001101f8
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\syswow64\USER32.dll!UnhookWinEvent 0000000075533982 5 bytes JMP 00000001001103fc
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075537603 5 bytes JMP 0000000100110804
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007553835c 5 bytes JMP 0000000100110600
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6524] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007554f52b 5 bytes JMP 0000000100110a08
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6644] C:\windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000778cfaa0 5 bytes JMP 0000000100030600
    .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[6644] C:\windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000778cfb38 5 bytes JMP 0000000100030804
    .text C:\Program Fi
    0
  10. g3n-h@ckm@n Messages postés 14350 Statut Membre 949
     
    normal que t'aies des ecrans bleus

    Norton
    Avast

    va falloir en choisir un

    ==

    desinstalle spybot c'est de la crotte en barre
    0
  11. lioso
     
    de plus je pense qu 'il y a eu une misa à jour window et ddepuis lorsque je vais sur internet c'est tout en anglais, comment désinstaller cette mise à jour
    0
  12. g3n-h@ckm@n Messages postés 14350 Statut Membre 949
     
    une chose après l autre occupe toi de norton avec le lien que je t'ai mis au dessus
    0
  13. g3n-h@ckm@n Messages postés 14350 Statut Membre 949
     
    Télécharge ici :OTL

    enregistre le sur ton Bureau.

    si tu as XP => double clique
    si tu as Vista ou windows 7 / 8 => clic droit "executer en tant que...."


    sur OTL.exe pour le lancer.

    => Clique ici pour voir la Configuration

    ▶ Copie et colle le contenu de ce qui suit en gras dans la partie inférieure d'OTL "Personnalisation"

    HKCU\Software
    HKLM\Software
    HKCU\Software\Microsoft\Command Processor /s
    HKLM\Software\Microsoft\Command Processor /s
    %Homedrive%\*
    %Homedrive%\*.
    %Userprofile%\*
    %Userprofile%\*.
    %Allusersprofile%\*
    %Allusersprofile%\*.
    %LocalAppData%\*
    %LocalAppData%\*.
    %Userprofile%\Local Settings\Application Data\*
    %Userprofile%\Local Settings\Application Data\*.
    %programFiles%\*
    %programFiles%\*.
    %Systemroot%\Installer\*.
    %Systemroot%\Temp\*.exe /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\system32\*.in*
    %systemroot%\Tasks\*
    %systemroot%\Tasks\*.
    %systemroot%\system32\Tasks\*
    %systemroot%\system32\Tasks\*.
    %systemroot%\system32\drivers\*.sy* /lockedfiles
    %systemroot%\system32\config\*.exe /s
    %Systemroot%\ServiceProfiles\*.exe /s
    %systemroot%\system32\*.sys
    dir C:\ /S /A:L /C
    msconfig
    activex
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    volsnap.sys
    atapi.sys
    ndis.sys
    cdrom.sys
    i8042prt.sys
    iastor.sys
    tdx.sys
    netbt.sys
    afd.sys
    /md5stop
    netsvcs
    safebootminimal
    safebootnetwork
    CREATERESTOREPOINT


    ▶ Clic sur Analyse.

    A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

    Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\<Bureau ou Desktop>\OTL.txt)

    ▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)

    heberge OTL.txt et extra.txt sur https://www.cjoint.com/ et donne les liens
    0
  14. lioso
     
    voici les liens

    http://cjoint.com/?3GymYBrBwLa
    http://cjoint.com/?3Gym0gJIVj0
    0
  15. g3n-h@ckm@n Messages postés 14350 Statut Membre 949
     
    quelques adwares

    Télécharge et enregistre (lien direct) ADWCleaner sur ton bureau :

    attends que la fenetre de confirmation de telechargement arrive

    Lance le,(Pour vista/7/8 => clic droit "executer en tant qu'administrateur")

    clique sur suppression et poste C:\Adwcleaner[Sx].txt
    0
  16. lioso
     
    # AdwCleaner v2.306 - Rapport créé le 24/07/2013 à 20:27:25
    # Mis à jour le 19/07/2013 par Xplode
    # Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Nom d'utilisateur : lionel - LIONEL-PC
    # Mode de démarrage : Normal
    # Exécuté depuis : C:\Users\lionel\Downloads\AdwCleaner.exe
    # Option [Suppression]

    ***** [Services] *****

    ***** [Fichiers / Dossiers] *****

    Dossier Supprimé : C:\Program Files (x86)\Savings Wave
    Dossier Supprimé : C:\Users\lionel\AppData\Local\Bundled software uninstaller
    Dossier Supprimé : C:\windows\Installer\{118D6CE9-5F18-42F9-958A-14676A629FDE}
    Dossier Supprimé : C:\windows\SysWOW64\ARFC
    Dossier Supprimé : C:\windows\SysWOW64\jmdp

    ***** [Registre] *****

    Clé Supprimée : HKCU\Software\AppDataLow\Software\Savings Wave
    Clé Supprimée : HKCU\Software\AppDataLow\Software\XingHaoLyrics
    Clé Supprimée : HKCU\Software\BI
    Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}
    Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}
    Clé Supprimée : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
    Clé Supprimée : HKLM\Software\Classes\Installer\Features\9EC6D81181F59F2459A84176A626F9ED
    Clé Supprimée : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
    Clé Supprimée : HKLM\Software\Classes\Installer\Products\9EC6D81181F59F2459A84176A626F9ED
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Savings Wave

    ***** [Navigateurs] *****

    -\\ Internet Explorer v10.0.9200.16635

    [OK] Le registre ne contient aucune entrée illégitime.

    -\\ Chromium vnstall: 18002

    Fichier : C:\Users\lionel\AppData\Local\Chromium\User Data\Default\Preferences

    [OK] Le fichier ne contient aucune entrée illégitime.

    *************************

    AdwCleaner[R1].txt - [17568 octets] - [14/03/2013 21:56:14]
    AdwCleaner[R2].txt - [28504 octets] - [25/03/2013 00:27:41]
    AdwCleaner[R3].txt - [6558 octets] - [31/03/2013 21:29:38]
    AdwCleaner[R4].txt - [1253 octets] - [02/04/2013 21:25:22]
    AdwCleaner[S1].txt - [17530 octets] - [14/03/2013 21:56:59]
    AdwCleaner[S2].txt - [29820 octets] - [25/03/2013 00:29:03]
    AdwCleaner[S3].txt - [6568 octets] - [31/03/2013 21:30:11]
    AdwCleaner[S4].txt - [1316 octets] - [02/04/2013 21:25:55]
    AdwCleaner[S5].txt - [2772 octets] - [24/07/2013 20:27:25]

    ########## EOF - C:\AdwCleaner[S5].txt - [2832 octets] ##########
    0
  17. g3n-h@ckm@n Messages postés 14350 Statut Membre 949
     
    fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

    ▶ Télécharge ici :

    Malwarebytes

    ▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

    relance malwarebytes en suivant scrupuleusement ces consignes :

    ! Déconnecte toi et ferme toutes applications en cours !

    ▶ Lance Malwarebyte's .

    Fais un examen dit "Complet" .

    ▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
    ▶ à la fin tu cliques sur "résultat" .
    Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

    Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

    Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

    0
  • 1
  • 2
  • 3