Sujet Précédent Sujet Suivant

Analyse G-Mer

pierrebzh Messages postés 129 Statut Membre -  
pierrebzh Messages postés 129 Statut Membre -
Bonjour,
je ne comprends rien à ce résultat d'analyse Gmer. qq un peut il m'aider ?

GMER 1.0.14.14205 - http://www.gmer.net
Rootkit scan 2008-04-13 22:48:52
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwClose [0xB82E3F80]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateFile [0xB82E3552]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateKey [0xB82DF882]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateProcess [0xB82E2A1A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateProcessEx [0xB82E2910]
SSDT F7AA0704 ZwCreateThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwDeleteFile [0xB82E4034]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwDeleteKey [0xB82DFD54]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwDeleteValueKey [0xB82DFE70]
SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software) ZwLoadDriver [0xB80F9F64]
SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software) ZwMapViewOfSection [0xB80FA24A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwOpenFile [0xB82E3906]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwOpenKey [0xB82DFB78]
SSDT F7AA06F0 ZwOpenProcess
SSDT F7AA06F5 ZwOpenThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwResumeThread [0xB82E30DC]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwSetInformationFile [0xB82E3CE0]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwSetValueKey [0xB82E0038]
SSDT F7AA06FF ZwTerminateProcess
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwWriteFile [0xB82E3BB2]
SSDT F7AA06FA ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.14 ----

PAGENDSM NDIS.sys!NdisMIndicateStatus F7974A5F 6 Bytes JMP B82D7C5E \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
? C:\WINDOWS\system32\6F.tmp Le fichier spécifié est introuvable. !
? C:\WINDOWS\system32\Drivers\PROCEXP111.SYS Le fichier spécifié est introuvable. !

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\ehome\ehtray.exe[272] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\ehome\ehtray.exe[272] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\ehome\ehtray.exe[272] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\ehome\ehtray.exe[272] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\ehome\ehtray.exe[272] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\ehome\ehtray.exe[272] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text C:\WINDOWS\ehome\ehtray.exe[272] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text C:\WINDOWS\ehome\ehtray.exe[272] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text C:\WINDOWS\ehome\ehtray.exe[272] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text C:\WINDOWS\ehome\ehtray.exe[272] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text C:\WINDOWS\ehome\ehtray.exe[272] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text C:\WINDOWS\ehome\ehtray.exe[272] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text C:\WINDOWS\ehome\ehtray.exe[272] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00070608
.text C:\WINDOWS\ehome\ehtray.exe[272] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000707AC
.text C:\WINDOWS\ehome\ehtray.exe[272] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00070720
.text C:\WINDOWS\ehome\ehtray.exe[272] WININET.dll!InternetConnectA 4409498A 5 Bytes JMP 00070F54
.text C:\WINDOWS\ehome\ehtray.exe[272] WININET.dll!InternetConnectW 44095B78 5 Bytes JMP 00070FE0
.text C:\WINDOWS\ehome\ehtray.exe[272] WININET.dll!InternetOpenA 4409C851 5 Bytes JMP 00070D24
.text C:\WINDOWS\ehome\ehtray.exe[272] WININET.dll!InternetOpenW 4409CE81 5 Bytes JMP 00070DB0
.text C:\WINDOWS\ehome\ehtray.exe[272] WININET.dll!InternetOpenUrlA 440A0BAA 5 Bytes JMP 00070E3C
.text C:\WINDOWS\ehome\ehtray.exe[272] WININET.dll!InternetOpenUrlW 440EAE09 5 Bytes JMP 00070EC8
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[384] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[384] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[384] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[384] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[384] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[384] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[384] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[384] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[384] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[384] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[384] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[384] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[384] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[384] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[384] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[384] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[384] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[384] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[388] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[388] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[388] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[388] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[388] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[388] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[388] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[388] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[388] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[388] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[388] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[388] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[388] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[388] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[388] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[396] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[396] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[396] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[396] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[396] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[396] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[396] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[396] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[396] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[396] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[396] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[396] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[396] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[396] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[396] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[408] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[408] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[408] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[408] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[408] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[408] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[408] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[408] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[408] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[408] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[408] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[408] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[408] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[408] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[408] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\eHome\ehmsas.exe[456] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\eHome\ehmsas.exe[456] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\eHome\ehmsas.exe[456] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\eHome\ehmsas.exe[456] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\eHome\ehmsas.exe[456] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\eHome\ehmsas.exe[456] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text C:\WINDOWS\eHome\ehmsas.exe[456] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text C:\WINDOWS\eHome\ehmsas.exe[456] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text C:\WINDOWS\eHome\ehmsas.exe[456] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text C:\WINDOWS\eHome\ehmsas.exe[456] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text C:\WINDOWS\eHome\ehmsas.exe[456] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text C:\WINDOWS\eHome\ehmsas.exe[456] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text C:\WINDOWS\eHome\ehmsas.exe[456] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00070608
.text C:\WINDOWS\eHome\ehmsas.exe[456] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000707AC
.text C:\WINDOWS\eHome\ehmsas.exe[456] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\spoolsv.exe[476] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[476] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[476] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[476] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[476] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[476] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[476] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[476] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[476] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[476] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[476] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[476] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[476] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[476] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\spoolsv.exe[476] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[476] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[476] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[476] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[540] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[540] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[540] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[540] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[540] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[540] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[540] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[540] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[540] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[540] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[540] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[540] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[540] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[540] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[540] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[616] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[616] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[616] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[616] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[616] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[616] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[616] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[616] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[616] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[616] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[616] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[616] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[616] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[616] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[616] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[616] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[616] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[616] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[624] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[624] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[624] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[624] WININET.dll!InternetConnectA 4409498A 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[624] WININET.dll!InternetConnectW 44095B78 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[624] WININET.dll!InternetOpenA 4409C851 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[624] WININET.dll!InternetOpenW 4409CE81 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[624] WININET.dll!InternetOpenUrlA 440A0BAA 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[624] WININET.dll!InternetOpenUrlW 440EAE09 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[624] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[624] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[624] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[748] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[748] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[748] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[748] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[748] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[748] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[748] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[748] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[748] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[748] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[748] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[748] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[748] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[748] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[748] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[748] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[748] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[748] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[796] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[796] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[796] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[796] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[796] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[796] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[796] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[796] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[796] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[796] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[796] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[796] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[796] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[796] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[796] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\a-squared Free\a2service.exe[800] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\a-squared Free\a2service.exe[800] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\a-squared Free\a2service.exe[800] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\a-squared Free\a2service.exe[800] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\a-squared Free\a2service.exe[800] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\a-squared Free\a2service.exe[800] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\a-squared Free\a2service.exe[800] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\a-squared Free\a2service.exe[800] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\a-squared Free\a2service.exe[800] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\a-squared Free\a2service.exe[800] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\a-squared Free\a2service.exe[800] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\a-squared Free\a2service.exe[800] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\a-squared Free\a2service.exe[800] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\a-squared Free\a2service.exe[800] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\a-squared Free\a2service.exe[800] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[820] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[820] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[820] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[820] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[820] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[820] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[820] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[820] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[820] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[820] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[820] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[820] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[820] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[820] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[820] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[820] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[820] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[820] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[820] WININET.dll!InternetConnectA 4409498A 5 Bytes JMP 00130F54
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[820] WININET.dll!InternetConnectW 44095B78 5 Bytes JMP 00130FE0
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[820] WININET.dll!InternetOpenA 4409C851 5 Bytes JMP 00130D24
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[820] WININET.dll!InternetOpenW 4409CE81 5 Bytes JMP 00130DB0
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[820] WININET.dll!InternetOpenUrlA 440A0BAA 5 Bytes JMP 00130E3C
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[820] WININET.dll!InternetOpenUrlW 440EAE09 5 Bytes JMP 00130EC8
.text C:\WINDOWS\system32\ctfmon.exe[852] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\ctfmon.exe[852] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\ctfmon.exe[852] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\ctfmon.exe[852] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\ctfmon.exe[852] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\ctfmon.exe[852] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\ctfmon.exe[852] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\ctfmon.exe[852] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\ctfmon.exe[852] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\ctfmon.exe[852] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\ctfmon.exe[852] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\ctfmon.exe[852] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\ctfmon.exe[852] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\ctfmon.exe[852] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\ctfmon.exe[852] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[896] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[896] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[896] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[896] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[896] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[896] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[896] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[896] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[896] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[896] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[896] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[896] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[896] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[896] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00070608
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[896] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000707AC
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[896] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00070720
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[896] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000708C4
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[896] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00070838
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[896] WS2_32.dll!connect 719F406A 5 Bytes JMP 00070950
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[896] WININET.dll!InternetConnectA 4409498A 5 Bytes JMP 00070F54
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[896] WININET.dll!InternetConnectW 44095B78 5 Bytes JMP 00070FE0
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[896] WININET.dll!InternetOpenA 4409C851 5 Bytes JMP 00070D24
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[896] WININET.dll!InternetOpenW 4409CE81 5 Bytes JMP 00070DB0
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[896] WININET.dll!InternetOpenUrlA 440A0BAA 5 Bytes JMP 00070E3C
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[896] WININET.dll!InternetOpenUrlW 440EAE09 5 Bytes JMP 00070EC8
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[964] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[964] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[964] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[964] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[964] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[964] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[964] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[964] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[964] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[964] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[964] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[964] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[964] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[964] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[964] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[964] WININET.dll!InternetConnectA 4409498A 5 Bytes JMP 00130F54
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[964] WININET.dll!InternetConnectW 44095B78 5 Bytes JMP 00130FE0
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[964] WININET.dll!InternetOpenA 4409C851 5 Bytes JMP 00130D24
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[964] WININET.dll!InternetOpenW 4409CE81 5 Bytes JMP 00130DB0
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[964] WININET.dll!InternetOpenUrlA 440A0BAA 5 Bytes JMP 00130E3C
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[964] WININET.dll!InternetOpenUrlW 440EAE09 5 Bytes JMP 00130EC8
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[964] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[964] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[964] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1024] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1024] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1024] kernel32.dll!WriteProcessMemory
A voir également:

3 réponses

Réponse 1 / 3
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt,

Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
0
pierrebzh Messages postés 129 Statut Membre 1
 
Merci pour ta réponse jlpjlp. Tu as déjà répondu à l'un de mes précédents messages et je t'en suis reconnaissant. J'avais d'ailleurs téléchragé ce logiciel par ce lien et il s'est avéré que le fichier "process.exe" contenait un virus d'après l'antivirus "Dr Web" donc je n'ose plus trop l'utiliser lol


Mon ordinateur est lent, je n'en puis plus. J'ai tout essayé:

1) Analyse antivirus avec avast, antivir, symantec, panda, kaspersky, bitdefender, secuser, trendmicro, navilog
2) Nettoyage de disque avec ccleaner, défragmentation
3) Analyse antispyware spybot, adaware, asquared, AVG antispyware
4) Restaurations systèmes, analyse de disque
5) Suppression de programmes inutiles
6) Hijackthis
7) Résinstallation de canal IDE

Maintenant je commence à me demander si le formatage/résinstallation de mon système ne résoudrait pas le problème.

Aidez moi ! Merci d'avance.
0
Réponse 2 / 3
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
désactive tes protections et lance navilog svp
0
pierrebzh Messages postés 129 Statut Membre 1
 
Search Navipromo version 3.5.3 commencé le 14/04/2008 à 13:57:16,64

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Pierre Trevilly"

Mise à jour le 09.04.2008 à 20h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




*** Recherche dossiers dans "C:\Documents and Settings\Pierre Trevilly\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\Pierre Trevilly\locals~1\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\Pierre Trevilly\menudm~1\progra~1" ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\Pierre Trevilly\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *



*** Recherche fichiers ***




*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :


* Dans "C:\Documents and Settings\Pierre Trevilly\locals~1\applic~1" :


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 14/04/2008 à 14:01:43,56 ***
0
Réponse 3 / 3
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok aucun rootkit dans ton ordi!
0
pierrebzh Messages postés 129 Statut Membre 1
 
merci bien pour ta réponse
0

Discussions similaires

Google Chrome "  Échec de l'analyse antivirus "
jmpower -
RBmoon -

18 réponses
Huawei P8 Lite "nouveau tag ajouté"
ArianeKathleen -
Mn -

25 réponses
A quoi sert ce boitier ?
regis5492 -
brupala -

7 réponses
Nouveau tag ajouté - Utilité
Eerfers -
madmyke -

1 réponse
" Échec de l'analyse antivirus " la solution.
bazfile -
bazfile -

0 réponse