Sujet Précédent Sujet Suivant

Navilog effectué

Godzilla -  
!^^![ME] Messages postés 4767 Statut Contributeur -
Bonjour, aprés avoir lu les "au secours" d'autres internaut, moi aussi j'ai de super graves problèmes la liste serait hyper longue si je devais énumérer tous les problèmes que j'ai accumulés, j'ai donc exécuté le navilog comme conseillé voici le bloc note.
Sinon j'aurais voulu savoir si ce n'est pas plus simpl pour moi de réinstaller XP, mais vais-je perdre mes logiciels installés, mes fichiers photos et musicaux, je me sers de ce pc portable pour une émission de radio avec Jazler j'ai peur de tout perdre, la solution serait que je mette tout sur un disque dur externe mais est il possible de faire autrement, mes fichiers vont-ils disparaitre comment les sauvegarder? Merci pour votre réponse...

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 30.10.2007 à 19h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180

*** Recherche Programmes installés ***

*** Recherche dossiers dans C:\WINDOWS ***

*** Recherche dossiers dans C:\Program Files ***

*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***

*** Recherche dossiers dans C:\Documents and Settings\Christophe Droit\Application Data ***

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun fichier trouvé dans :

- C:\WINDOWS\system32
- C:\DOCUME~1\CHRIST~1\LOCALS~1\APPLIC~1

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

Fichiers trouvés :

dsusxq.exe trouvé !
dsusxq.dat trouvé !
dsusxq_nav.dat trouvé !
dsusxq_navps.dat trouvé !

* Recherche dans C:\DOCUME~1\CHRIST~1\LOCALS~1\APPLIC~1 *

*** Recherche fichiers ***

C:\WINDOWS\pack.epk trouvé !

*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

2)Recherche Heuristique :

C:\WINDOWS\system32\dsusxq.dat trouvé !
C:\WINDOWS\system32\dsusxq_nav.dat trouvé !

3)Recherche Certificats :

Certificat Egroup trouvé !

*** Analyse terminée le 01/11/2007 à 17:56:56,10 ***

74 réponses

Précédent
Réponse 61 / 74
g!rly Messages postés 18462 Statut Contributeur 406
 
oui stp et post le rapport ici
0
Réponse 62 / 74
godzilla82 Messages postés 139 Statut Membre
 
Ok :

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-11-03 00:02:01
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.13 ----

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwClose
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcess
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcessEx
SSDT F7C3DA14 ZwCreateThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteValueKey
SSDT \SystemRoot\system32\drivers\khips.sys ZwLoadDriver
SSDT \SystemRoot\system32\drivers\khips.sys ZwMapViewOfSection
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenKey
SSDT F7C3DA00 ZwOpenProcess
SSDT F7C3DA05 ZwOpenThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwResumeThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetInformationFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetValueKey
SSDT F7C3DA0F ZwTerminateProcess
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwWriteFile
SSDT F7C3DA0A ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.13 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C4E 80503932 2 Bytes [ AE, AA ]
PAGENDSM NDIS.sys!NdisMIndicateStatus F7258A5F 6 Bytes JMP AAAE4C5E \SystemRoot\system32\drivers\fwdrv.sys

---- User code sections - GMER 1.0.13 ----

.text C:\WINDOWS\Explorer.EXE[148] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[148] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[148] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[148] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[148] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[148] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[148] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[148] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[148] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[148] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[148] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[148] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[148] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[148] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[148] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[148] WININET.dll!InternetConnectA 77AB44DB 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[148] WININET.dll!InternetOpenA 77AB6D2A 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[148] WININET.dll!InternetOpenUrlA 77AB6FDD 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[148] WININET.dll!InternetConnectW 77AC5D4C 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[148] WININET.dll!InternetOpenW 77AC6CF3 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[148] WININET.dll!InternetOpenUrlW 77AC7304 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[148] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[148] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[148] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[476] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[476] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[476] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[476] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[476] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[476] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[476] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[476] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[476] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[476] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[476] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[476] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[476] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[476] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[476] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[476] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[476] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[476] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[524] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[524] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[524] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[524] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[524] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[524] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[524] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[524] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[524] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[524] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[524] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[524] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[524] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[524] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[524] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[524] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[524] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[524] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[688] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[688] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[688] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[688] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[688] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[688] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[688] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[688] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[688] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[688] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[688] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[688] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[688] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[688] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[688] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\o2flash.exe[724] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\o2flash.exe[724] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\o2flash.exe[724] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\o2flash.exe[724] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\o2flash.exe[724] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\o2flash.exe[724] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\o2flash.exe[724] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\o2flash.exe[724] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\o2flash.exe[724] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\o2flash.exe[724] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\o2flash.exe[724] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\o2flash.exe[724] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\o2flash.exe[724] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\o2flash.exe[724] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\o2flash.exe[724] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\csrss.exe[792] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[792] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[792] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[792] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[792] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[792] KERNEL32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[792] KERNEL32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[792] KERNEL32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[792] KERNEL32.dll!CreateThread 7C81082F 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[792] KERNEL32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[792] KERNEL32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[792] KERNEL32.dll!WinExec 7C86114D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[792] KERNEL32.dll!SetThreadContext 7C862849 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[792] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[792] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[820] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[820] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[820] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[820] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[820] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[820] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[820] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[820] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[820] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[820] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[820] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[820] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[820] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[820] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[820] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[820] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[820] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[820] WS2_32.dll!connect 719F406A 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[868] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[868] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\services.exe[868] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\services.exe[868] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\services.exe[868] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[996] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[996] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[996] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[996] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[996] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[996] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00030004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[996] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0003011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[996] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[996] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0003057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[996] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[996] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0003034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[996] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00030464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[996] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00030608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[996] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[996] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00030720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[996] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[996] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00030838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[996] WS2_32.dll!connect 719F406A 5 Bytes JMP 00030950
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[996] WININET.dll!InternetConnectA 77AB44DB 5 Bytes JMP 00030F54
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[996] WININET.dll!InternetOpenA 77AB6D2A 5 Bytes JMP 00030D24
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[996] WININET.dll!InternetOpenUrlA 77AB6FDD 5 Bytes JMP 00030E3C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[996] WININET.dll!InternetConnectW 77AC5D4C 5 Bytes JMP 00030FE0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[996] WININET.dll!InternetOpenW 77AC6CF3 5 Bytes JMP 00030DB0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[996] WININET.dll!InternetOpenUrlW 77AC7304 5 Bytes JMP 00030EC8
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1036] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1036] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1036] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\Program Files\WinRAR\WinRAR.exe[1068] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\WinRAR\WinRAR.exe[1068] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\WinRAR\WinRAR.exe[1068] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\WinRAR\WinRAR.exe[1068] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\WinRAR\WinRAR.exe[1068] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\WinRAR\WinRAR.exe[1068] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\WinRAR\WinRAR.exe[1068] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\WinRAR\WinRAR.exe[1068] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\WinRAR\WinRAR.exe[1068] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\WinRAR\WinRAR.exe[1068] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\WinRAR\WinRAR.exe[1068] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\WinRAR\WinRAR.exe[1068] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\WinRAR\WinRAR.exe[1068] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\WinRAR\WinRAR.exe[1068] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC
.text C:\Program Files\WinRAR\WinRAR.exe[1068] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720
.text C:\Program Files\WinRAR\WinRAR.exe[1068] WININET.dll!InternetConnectA 77AB44DB 5 Bytes JMP 00130F54
.text C:\Program Files\WinRAR\WinRAR.exe[1068] WININET.dll!InternetOpenA 77AB6D2A 5 Bytes JMP 00130D24
.text C:\Program Files\WinRAR\WinRAR.exe[1068] WININET.dll!InternetOpenUrlA 77AB6FDD 5 Bytes JMP 00130E3C
.text C:\Program Files\WinRAR\WinRAR.exe[1068] WININET.dll!InternetConnectW 77AC5D4C 5 Bytes JMP 00130FE0
.text C:\Program Files\WinRAR\WinRAR.exe[1068] WININET.dll!InternetOpenW 77AC6CF3 5 Bytes JMP 00130DB0
.text C:\Program Files\WinRAR\WinRAR.exe[1068] WININET.dll!InternetOpenUrlW 77AC7304 5 Bytes JMP 00130EC8
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1128] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1128] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1128] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1128] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1128] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\igfxpers.exe[1140] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\igfxpers.exe[1140] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\igfxpers.exe[1140] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\igfxpers.exe[1140] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\igfxpers.exe[1140] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\igfxpers.exe[1140] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\igfxpers.exe[1140] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\igfxpers.exe[1140] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\igfxpers.exe[1140] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\igfxpers.exe[1140] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\igfxpers.exe[1140] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\igfxpers.exe[1140] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\igfxpers.exe[1140] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\igfxpers.exe[1140] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\igfxpers.exe[1140] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1232] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1232] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1232] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1232] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1232] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1232] WININET.dll!InternetConnectA 77AB44DB 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[1232] WININET.dll!InternetOpenA 77AB6D2A 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[1232] WININET.dll!InternetOpenUrlA 77AB6FDD 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[1232] WININET.dll!InternetConnectW 77AC5D4C 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[1232] WININET.dll!InternetOpenW 77AC6CF3 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[1232] WININET.dll!InternetOpenUrlW 77AC7304 5 Bytes JMP 00080EC8
.text C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe[1324] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe[1324] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe[1324] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe[1324] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe[1324] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe[1324] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe[1324] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe[1324] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe[1324] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe[1324] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe[1324] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe[1324] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe[1324] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe[1324] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC
.text C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe[1324] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720
.text C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe[1324] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe[1324] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe[1324] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1388] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1388] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1388] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1388] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1388] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\hkcmd.exe[1456] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\hkcmd.exe[1456] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\hkcmd.exe[1456] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\hkcmd.exe[1456] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\hkcmd.exe[1456] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\hkcmd.exe[1456] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\hkcmd.exe[1456] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\hkcmd.exe[1456] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\hkcmd.exe[1456] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\hkcmd.exe[1456] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\hkcmd.exe[1456] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\hkcmd.exe[1456] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\hkcmd.exe[1456] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\hkcmd.exe[1456] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\hkcmd.exe[1456] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1492] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1492] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1492] WININET.dll!InternetConnectA 77AB44DB 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[1492] WININET.dll!InternetOpenA 77AB6D2A 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[1492] WININET.dll!InternetOpenUrlA 77AB6FDD 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[1492] WININET.dll!InternetConnectW 77AC5D4C 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[1492] WININET.dll!InternetOpenW 77AC6CF3 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[1492] WININET.dll!InternetOpenUrlW 77AC7304 5 Bytes JMP 00080EC8
.text C:\WINDOWS\RTHDCPL.EXE[1628] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\RTHDCPL.EXE[1628] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\RTHDCPL.EXE[1628] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\RTHDCPL.EXE[1628] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\RTHDCPL.EXE[1628] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\RTHDCPL.EXE[1628] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\WINDOWS\RTHDCPL.EXE[1628] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\WINDOWS\RTHDCPL.EXE[1628] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\WINDOWS\RTHDCPL.EXE[1628] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\WINDOWS\RTHDCPL.EXE[1628] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\WINDOWS\RTHDCPL.EXE[1628] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\WINDOWS\RTHDCPL.EXE[1628] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\WINDOWS\RTHDCPL.EXE[1628] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\WINDOWS\RTHDCPL.EXE[1628] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC
.text C:\WINDOWS\RTHDCPL.EXE[1628] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\spoolsv.exe[1796] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[1796] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[1796] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[1796] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[1796] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[1796] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[1796] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[1796] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[1796] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[1796] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[1796] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[1796] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[1796] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[1796] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\spoolsv.exe[1796] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[1796] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[1796] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[1796] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1804] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1804] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1804] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1804] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1804] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1804] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1804] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1804] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1804] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1804] kernel32.dll!CreateProcessInternalW
0
Réponse 63 / 74
godzilla82 Messages postés 139 Statut Membre
 
G!rly? j'vais me coucher, demain tennis à 9h j'ai peur de ne pas me lever, encore un grand merci pour tout ce que tu as fait ainsi qu'aux autres membres de CCM, bonne nuit à tous, à demain...Godzill@
0
Réponse 64 / 74
godzilla82 Messages postés 139 Statut Membre
 
Bonsoir à tous et à toutes, bonsoir g!rly! un coucou à tous de Verdun sur Garonne prés de Toulouse...
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 65 / 74
g!rly Messages postés 18462 Statut Contributeur 406
 
bonsoir d´helsinki,

bon ca me parait ok.

comment va tu, et surtout comment va ton pc?

Bonne soirée

@´+
0
Réponse 66 / 74
godzilla82 Messages postés 139 Statut Membre
 
suis en pleine forme because trois heure tennis ce matin j'ai mal partout...

Bon mon p'tit PC m'a laissé écrire mon bouquin cet aprés midi, Antivirus, Firewall et anti spyware sont trés efficace je n'ai plus d'ennui, il me reste encore le proble de MAJ windows qui ne s'installe pas même en les supprimants et en téléchargent de nouvelle, nothing Update ne veut rien savoir, mon son windows aussi introuvable pourtant j'ai fouillé tous les sons sont remplacés par un bip horrible, mais cela ne m'empêche pas de bosser et d'écouter mes albums d'Anathema...Sinon me conseillerais-tu de créer un point de resto??
0
Réponse 67 / 74
g!rly Messages postés 18462 Statut Contributeur 406
 
bonsoir,

oui le tennis ca fais du bien ;-)

pour les mises a jour as tu un message d´erreure quand tu tente de les faire?

pour régler les sons de windows

1. Dans le menu Démarrer, cliquez sur "Panneau de configuration".
2. Double-cliquez sur l'icône "Sons et périphériques audio" et allez sur le point "Sons".
3. Cherchez les sons que vous souhaitez modifier et cliquez sur l'événement à modifier.
4. Dans la liste "Evènements", cliquez sur le son à associer à l'événement ou optez pour "Parcourir…" pour choisir vos propres sons en format "wav".

Cliquez sur "Aucun" si vous ne souhaitez associer aucun son à cet événement.

Dès que vous aurez confirmé vos choix avec "Ok"
0
Réponse 68 / 74
godzilla82 Messages postés 139 Statut Membre
 
Et bien quand je suis informé que des MAJ sont dispo, je lance Update et une fois quelles sont téléchargées (64 au total), la fénêtre me précise que certaines MAJ n'ont pas pu être installées, ce qui m'étonne un peu c'est que le tout fait 0 octets...

Pour les sons j'ai déjà effectué cette manip. eh! t'as de la neige? c'est pas kool ici il fait 18° en journée...
0
Réponse 69 / 74
g!rly Messages postés 18462 Statut Contributeur 406
 
depuis quand ne peux tu plus faire les mises a jour?

oui quelques flocons sont tombés ce matin,
0
Réponse 70 / 74
godzilla82 Messages postés 139 Statut Membre
 
Je ne peux plus faire les MAJ depuis à peu prés un mois....

Désolé pour la reponse tardive je dînais...
0
Réponse 71 / 74
g!rly Messages postés 18462 Statut Contributeur 406
 
salut godzilla,

voici une liste de possiblités :

http://perso.orange.fr/doc.jm/WU5-FAQ.htm

@+
0
Réponse 72 / 74
godzilla82 Messages postés 139 Statut Membre
 
Bonjour G!rly, merci pour ton doc, je m'en occupe et je te tiens au courant...@ plus tard.
0
Réponse 73 / 74
g!rly Messages postés 18462 Statut Contributeur 406
 
ok tres bien...
0
Réponse 74 / 74
g!rly Messages postés 18462 Statut Contributeur 406
 
--
mouvement de non entraide a suivre très prochainement...
0
!^^![ME] Messages postés 4767 Statut Contributeur 395
 
??
0

Discussions similaires

demande de facturation sur application gratuite app store
maiiiiilys -
Emma -

24 réponses
mappage noms de compte
jean38 -
Eddymo -

17 réponses
Problème appel android [Résolu]
Acer123 -
boumbh -

2 réponses
Erreur mappage...?
Snowmann -
Snowmann -

2 réponses
PROBLEME MAPPAGE
HINGUESS -
Ridjal974 -

5 réponses