Internet défectueux - Page 2

Précédent
  • 1
  • 2
Réponse 21 / 27
adc15
 
c'est en train de scanner.
c'est vrai qu'il ya des trucs bizarres dans icesword, mon antivirus a détecté une tentative du logiciel d'enregistrer les frappes de touches, ainsi que de créer un fichier caché ds le dossier drivers...
0
Réponse 22 / 27
g!rly Messages postés 18462 Statut Contributeur 407
 
c´est normal ;)
0
Réponse 23 / 27
adc15
 
ah bon je préfère ça!!

voila le log de gmer (très long!!)

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-08-27 20:19:56
Windows 6.0.6000

---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x8E618D50]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwAlpcConnectPort [0x8E619B38]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwAlpcCreatePort [0x8E61917C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwConnectPort [0x8E618346]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateFile [0x8E618964]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreatePort [0x8E6180A8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSection [0x8E6187D6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x8E618F36]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateThread [0x8E617C78]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwDuplicateObject [0x8E617B2A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwLoadDriver [0x8E6197D8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenFile [0x8E618B74]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenProcess [0x8E61784A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenSection [0x8E61867A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenThread [0x8E6179D2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x8E6181BE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSecureConnectPort [0x8E6195B6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSetSystemInformation [0x8E619978]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwShutdownSystem [0x8E618508]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSystemDebugControl [0x8E61856E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwTerminateProcess [0x8E617F72]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwTerminateThread [0x8E617E40]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateThreadEx [0x8E619282]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateUserProcess [0x8E619D82]

INT 0x51 ? 87381F00
INT 0x52 ? 87381F00
INT 0x72 ? 87381F00
INT 0x72 ? 87381F00
INT 0x82 ? 8592BBF8
INT 0x92 ? 84F98BF8
INT 0xA2 ? 84F98BF8
INT 0xB3 ? 87381F00

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 3DC 824808C8 6 Bytes [ 36, 8F, 61, 8E, 78, 7C ]
.text ntkrnlpa.exe!ZwCallbackReturn + 5B0 82480A9C 2 Bytes [ 4A, 78 ]
.text ntkrnlpa.exe!ZwCallbackReturn + 5CC 82480AB8 2 Bytes [ D2, 79 ]
.text ntkrnlpa.exe!ZwCallbackReturn + 7F0 82480CDC 2 Bytes [ 72, 7F ]
? System32\Drivers\spvs.sys Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload 8DA42FEB 5 Bytes JMP 873814E0
.text agr9spqt.SYS 8ED74000 22 Bytes [ 1A, 72, 7A, 82, 04, 71, 7A, ... ]
.text agr9spqt.SYS 8ED74017 74 Bytes [ 00, 99, 07, 48, 80, A4, 05, ... ]
.text agr9spqt.SYS 8ED74062 84 Bytes [ 48, 82, 40, 68, 45, 82, 8C, ... ]
.text agr9spqt.SYS 8ED740B7 22 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text agr9spqt.SYS 8ED740CE 80 Bytes [ 00, 00, 26, 00, 00, 00, E0, ... ]
.text ...
? System32\Drivers\IsDrv120.sys Le fichier spécifié est introuvable. !

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[360] ntdll.dll!LdrUnloadDll 772FBF0A 7 Bytes JMP 10004F90 c:\windows\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[360] ntdll.dll!NtClose 7731F354 5 Bytes JMP 10005060 c:\windows\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[360] kernel32.dll!SetUnhandledExceptionFilter 763AD187 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[360] GDI32.dll!BitBlt 76FC6AB7 5 Bytes JMP 10001860 c:\windows\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[360] GDI32.dll!CreateDCA 76FCBCD9 2 Bytes JMP 10001230 c:\windows\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[360] GDI32.dll!CreateDCA + 3 76FCBCDC 2 Bytes [ 03, 99 ]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[360] GDI32.dll!CreateDCW 76FCBE99 2 Bytes JMP 100013C0 c:\windows\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[360] GDI32.dll!CreateDCW + 3 76FCBE9C 2 Bytes [ 03, 99 ]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[360] USER32.dll!mouse_event 770194EF 5 Bytes JMP 100016D0 c:\windows\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[360] USER32.dll!EndTask 77064A52 5 Bytes JMP 10004C30 c:\windows\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[360] USER32.dll!keybd_event 7706FE80 5 Bytes JMP 10001550 c:\windows\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[360] ole32.dll!CoGetClassObject 76074E56 5 Bytes JMP 10004AD0 c:\windows\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[360] ole32.dll!CoCreateInstanceEx 760ADDD2 5 Bytes JMP 10004960 c:\windows\system32\guard32.dll
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[560] ntdll.dll!LdrUnloadDll 772FBF0A 7 Bytes JMP 10004F90 c:\windows\system32\guard32.dll
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[560] ntdll.dll!NtClose 7731F354 5 Bytes JMP 10005060 c:\windows\system32\guard32.dll
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[560] GDI32.dll!BitBlt 76FC6AB7 5 Bytes JMP 10001860 c:\windows\system32\guard32.dll
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[560] GDI32.dll!CreateDCA 76FCBCD9 2 Bytes JMP 10001230 c:\windows\system32\guard32.dll
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[560] GDI32.dll!CreateDCA + 3 76FCBCDC 2 Bytes [ 03, 99 ]
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[560] GDI32.dll!CreateDCW 76FCBE99 2 Bytes JMP 100013C0 c:\windows\system32\guard32.dll
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[560] GDI32.dll!CreateDCW + 3 76FCBE9C 2 Bytes [ 03, 99 ]
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[560] USER32.dll!mouse_event 770194EF 5 Bytes JMP 100016D0 c:\windows\system32\guard32.dll
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[560] USER32.dll!EndTask 77064A52 5 Bytes JMP 10004C30 c:\windows\system32\guard32.dll
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[560] USER32.dll!keybd_event 7706FE80 5 Bytes JMP 10001550 c:\windows\system32\guard32.dll
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[560] ole32.dll!CoGetClassObject 76074E56 5 Bytes JMP 10004AD0 c:\windows\system32\guard32.dll
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[560] ole32.dll!CoCreateInstanceEx 760ADDD2 5 Bytes JMP 10004960 c:\windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[736] ntdll.dll!LdrUnloadDll 772FBF0A 7 Bytes JMP 10004F90 c:\windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[736] ntdll.dll!NtClose 7731F354 5 Bytes JMP 10005060 c:\windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[736] USER32.dll!mouse_event 770194EF 5 Bytes JMP 100016D0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[736] USER32.dll!EndTask 77064A52 5 Bytes JMP 10004C30 c:\windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[736] USER32.dll!keybd_event 7706FE80 5 Bytes JMP 10001550 c:\windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[736] GDI32.dll!BitBlt 76FC6AB7 5 Bytes JMP 10001860 c:\windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[736] GDI32.dll!CreateDCA 76FCBCD9 2 Bytes JMP 10001230 c:\windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[736] GDI32.dll!CreateDCA + 3 76FCBCDC 2 Bytes [ 03, 99 ]
.text C:\Windows\system32\wininit.exe[736] GDI32.dll!CreateDCW 76FCBE99 2 Bytes JMP 100013C0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[736] GDI32.dll!CreateDCW + 3 76FCBE9C 2 Bytes [ 03, 99 ]
.text C:\Windows\system32\wininit.exe[736] ole32.dll!CoGetClassObject 76074E56 5 Bytes JMP 10004AD0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[736] ole32.dll!CoCreateInstanceEx 760ADDD2 5 Bytes JMP 10004960 c:\windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[784] ntdll.dll!LdrUnloadDll 772FBF0A 7 Bytes JMP 10004F90 c:\windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[784] ntdll.dll!NtClose 7731F354 5 Bytes JMP 10005060 c:\windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[784] USER32.dll!mouse_event 770194EF 5 Bytes JMP 100016D0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[784] USER32.dll!EndTask 77064A52 5 Bytes JMP 10004C30 c:\windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[784] USER32.dll!keybd_event 7706FE80 5 Bytes JMP 10001550 c:\windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[784] GDI32.dll!BitBlt 76FC6AB7 5 Bytes JMP 10001860 c:\windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[784] GDI32.dll!CreateDCA 76FCBCD9 2 Bytes JMP 10001230 c:\windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[784] GDI32.dll!CreateDCA + 3 76FCBCDC 2 Bytes [ 03, 99 ]
.text C:\Windows\system32\services.exe[784] GDI32.dll!CreateDCW 76FCBE99 2 Bytes JMP 100013C0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[784] GDI32.dll!CreateDCW + 3 76FCBE9C 2 Bytes [ 03, 99 ]
.text C:\Windows\system32\services.exe[784] ole32.dll!CoGetClassObject 76074E56 5 Bytes JMP 10004AD0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[784] ole32.dll!CoCreateInstanceEx 760ADDD2 5 Bytes JMP 10004960 c:\windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[796] ntdll.dll!LdrUnloadDll 772FBF0A 7 Bytes JMP 10004F90 c:\windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[796] ntdll.dll!NtClose 7731F354 5 Bytes JMP 10005060 c:\windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[796] USER32.dll!mouse_event 770194EF 5 Bytes JMP 100016D0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[796] USER32.dll!EndTask 77064A52 5 Bytes JMP 10004C30 c:\windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[796] USER32.dll!keybd_event 7706FE80 5 Bytes JMP 10001550 c:\windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[796] GDI32.dll!BitBlt 76FC6AB7 5 Bytes JMP 10001860 c:\windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[796] GDI32.dll!CreateDCA 76FCBCD9 2 Bytes JMP 10001230 c:\windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[796] GDI32.dll!CreateDCA + 3 76FCBCDC 2 Bytes [ 03, 99 ]
.text C:\Windows\system32\lsass.exe[796] GDI32.dll!CreateDCW 76FCBE99 2 Bytes JMP 100013C0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[796] GDI32.dll!CreateDCW + 3 76FCBE9C 2 Bytes [ 03, 99 ]
.text C:\Windows\system32\lsass.exe[796] ole32.dll!CoGetClassObject 76074E56 5 Bytes JMP 10004AD0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[796] ole32.dll!CoCreateInstanceEx 760ADDD2 5 Bytes JMP 10004960 c:\windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[804] ntdll.dll!LdrUnloadDll 772FBF0A 7 Bytes JMP 10004F90 c:\windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[804] ntdll.dll!NtClose 7731F354 5 Bytes JMP 10005060 c:\windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[804] USER32.dll!mouse_event 770194EF 5 Bytes JMP 100016D0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[804] USER32.dll!EndTask 77064A52 5 Bytes JMP 10004C30 c:\windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[804] USER32.dll!keybd_event 7706FE80 5 Bytes JMP 10001550 c:\windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[804] GDI32.dll!BitBlt 76FC6AB7 5 Bytes JMP 10001860 c:\windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[804] GDI32.dll!CreateDCA 76FCBCD9 2 Bytes JMP 10001230 c:\windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[804] GDI32.dll!CreateDCA + 3 76FCBCDC 2 Bytes [ 03, 99 ]
.text C:\Windows\system32\lsm.exe[804] GDI32.dll!CreateDCW 76FCBE99 2 Bytes JMP 100013C0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[804] GDI32.dll!CreateDCW + 3 76FCBE9C 2 Bytes [ 03, 99 ]
.text C:\Windows\system32\lsm.exe[804] ole32.dll!CoGetClassObject 76074E56 5 Bytes JMP 10004AD0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[804] ole32.dll!CoCreateInstanceEx 760ADDD2 5 Bytes JMP 10004960 c:\windows\system32\guard32.dll
.text D:\Azureus\Azureus.exe[852] ntdll.dll!LdrUnloadDll 772FBF0A 7 Bytes JMP 10004F90 c:\windows\system32\guard32.dll
.text D:\Azureus\Azureus.exe[852] ntdll.dll!NtClose 7731F354 5 Bytes JMP 10005060 c:\windows\system32\guard32.dll
.text D:\Azureus\Azureus.exe[852] GDI32.dll!BitBlt 76FC6AB7 5 Bytes JMP 10001860 c:\windows\system32\guard32.dll
.text D:\Azureus\Azureus.exe[852] GDI32.dll!CreateDCA 76FCBCD9 2 Bytes JMP 10001230 c:\windows\system32\guard32.dll
.text D:\Azureus\Azureus.exe[852] GDI32.dll!CreateDCA + 3 76FCBCDC 2 Bytes [ 03, 99 ]
.text D:\Azureus\Azureus.exe[852] GDI32.dll!CreateDCW 76FCBE99 2 Bytes JMP 100013C0 c:\windows\system32\guard32.dll
.text D:\Azureus\Azureus.exe[852] GDI32.dll!CreateDCW + 3 76FCBE9C 2 Bytes [ 03, 99 ]
.text D:\Azureus\Azureus.exe[852] USER32.dll!mouse_event 770194EF 5 Bytes JMP 100016D0 c:\windows\system32\guard32.dll
.text D:\Azureus\Azureus.exe[852] USER32.dll!EndTask 77064A52 5 Bytes JMP 10004C30 c:\windows\system32\guard32.dll
.text D:\Azureus\Azureus.exe[852] USER32.dll!keybd_event 7706FE80 5 Bytes JMP 10001550 c:\windows\system32\guard32.dll
.text D:\Azureus\Azureus.exe[852] ole32.dll!CoGetClassObject 76074E56 5 Bytes JMP 10004AD0 c:\windows\system32\guard32.dll
.text D:\Azureus\Azureus.exe[852] ole32.dll!CoCreateInstanceEx 760ADDD2 5 Bytes JMP 10004960 c:\windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[888] ntdll.dll!LdrUnloadDll 772FBF0A 7 Bytes JMP 10004F90 c:\windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[888] ntdll.dll!NtClose 7731F354 5 Bytes JMP 10005060 c:\windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[888] USER32.dll!mouse_event 770194EF 5 Bytes JMP 100016D0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[888] USER32.dll!EndTask 77064A52 5 Bytes JMP 10004C30 c:\windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[888] USER32.dll!keybd_event 7706FE80 5 Bytes JMP 10001550 c:\windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[888] GDI32.dll!BitBlt 76FC6AB7 5 Bytes JMP 10001860 c:\windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[888] GDI32.dll!CreateDCA 76FCBCD9 2 Bytes JMP 10001230 c:\windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[888] GDI32.dll!CreateDCA + 3 76FCBCDC 2 Bytes [ 03, 99 ]
.text C:\Windows\system32\winlogon.exe[888] GDI32.dll!CreateDCW 76FCBE99 2 Bytes JMP 100013C0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[888] GDI32.dll!CreateDCW + 3 76FCBE9C 2 Bytes [ 03, 99 ]
.text C:\Windows\system32\winlogon.exe[888] ole32.dll!CoGetClassObject 76074E56 5 Bytes JMP 10004AD0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[888] ole32.dll!CoCreateInstanceEx 760ADDD2 5 Bytes JMP 10004960 c:\windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[988] ntdll.dll!LdrUnloadDll 772FBF0A 7 Bytes JMP 10004F90 c:\windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[988] ntdll.dll!NtClose 7731F354 5 Bytes JMP 10005060 c:\windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[988] GDI32.dll!BitBlt 76FC6AB7 5 Bytes JMP 10001860 c:\windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[988] GDI32.dll!CreateDCA 76FCBCD9 2 Bytes JMP 10001230 c:\windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[988] GDI32.dll!CreateDCA + 3 76FCBCDC 2 Bytes [ 03, 99 ]
.text C:\Windows\system32\Dwm.exe[988] GDI32.dll!CreateDCW 76FCBE99 2 Bytes JMP 100013C0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[988] GDI32.dll!CreateDCW + 3 76FCBE9C 2 Bytes [ 03, 99 ]
.text C:\Windows\system32\Dwm.exe[988] USER32.dll!mouse_event 770194EF 5 Bytes JMP 100016D0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[988] USER32.dll!EndTask 77064A52 5 Bytes JMP 10004C30 c:\windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[988] USER32.dll!keybd_event 7706FE80 5 Bytes JMP 10001550 c:\windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[988] ole32.dll!CoGetClassObject 76074E56 5 Bytes JMP 10004AD0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[988] ole32.dll!CoCreateInstanceEx 760ADDD2 5 Bytes JMP 10004960 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[996] ntdll.dll!LdrUnloadDll 772FBF0A 7 Bytes JMP 10004F90 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[996] ntdll.dll!NtClose 7731F354 5 Bytes JMP 10005060 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[996] USER32.dll!mouse_event 770194EF 5 Bytes JMP 100016D0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[996] USER32.dll!EndTask 77064A52 5 Bytes JMP 10004C30 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[996] USER32.dll!keybd_event 7706FE80 5 Bytes JMP 10001550 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[996] GDI32.dll!BitBlt 76FC6AB7 5 Bytes JMP 10001860 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[996] GDI32.dll!CreateDCA 76FCBCD9 2 Bytes JMP 10001230 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[996] GDI32.dll!CreateDCA + 3 76FCBCDC 2 Bytes [ 03, 99 ]
.text C:\Windows\system32\svchost.exe[996] GDI32.dll!CreateDCW 76FCBE99 2 Bytes JMP 100013C0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[996] GDI32.dll!CreateDCW + 3 76FCBE9C 2 Bytes [ 03, 99 ]
.text C:\Windows\system32\svchost.exe[996] ole32.dll!CoGetClassObject 76074E56 5 Bytes JMP 10004AD0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[996] ole32.dll!CoCreateInstanceEx 760ADDD2 5 Bytes JMP 10004960 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1052] ntdll.dll!LdrUnloadDll 772FBF0A 7 Bytes JMP 10004F90 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1052] ntdll.dll!NtClose 7731F354 5 Bytes JMP 10005060 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1052] USER32.dll!mouse_event 770194EF 5 Bytes JMP 100016D0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1052] USER32.dll!EndTask 77064A52 5 Bytes JMP 10004C30 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1052] USER32.dll!keybd_event 7706FE80 5 Bytes JMP 10001550 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1052] GDI32.dll!BitBlt 76FC6AB7 5 Bytes JMP 10001860 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1052] GDI32.dll!CreateDCA 76FCBCD9 2 Bytes JMP 10001230 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1052] GDI32.dll!CreateDCA + 3 76FCBCDC 2 Bytes [ 03, 99 ]
.text C:\Windows\system32\svchost.exe[1052] GDI32.dll!CreateDCW 76FCBE99 2 Bytes JMP 100013C0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1052] GDI32.dll!CreateDCW + 3 76FCBE9C 2 Bytes [ 03, 99 ]
.text C:\Windows\system32\svchost.exe[1052] ole32.dll!CoGetClassObject 76074E56 5 Bytes JMP 10004AD0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1052] ole32.dll!CoCreateInstanceEx 760ADDD2 5 Bytes JMP 10004960 c:\windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1140] ntdll.dll!LdrUnloadDll 772FBF0A 7 Bytes JMP 10004F90 c:\windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1140] ntdll.dll!NtClose 7731F354 5 Bytes JMP 10005060 c:\windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1140] USER32.dll!mouse_event 770194EF 5 Bytes JMP 100016D0 c:\windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1140] USER32.dll!EndTask 77064A52 5 Bytes JMP 10004C30 c:\windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1140] USER32.dll!keybd_event 7706FE80 5 Bytes JMP 10001550 c:\windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1140] GDI32.dll!BitBlt 76FC6AB7 5 Bytes JMP 10001860 c:\windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1140] GDI32.dll!CreateDCA 76FCBCD9 2 Bytes JMP 10001230 c:\windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1140] GDI32.dll!CreateDCA + 3 76FCBCDC 2 Bytes [ 03, 99 ]
.text C:\Windows\System32\svchost.exe[1140] GDI32.dll!CreateDCW 76FCBE99 2 Bytes JMP 100013C0 c:\windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1140] GDI32.dll!CreateDCW + 3 76FCBE9C 2 Bytes [ 03, 99 ]
.text C:\Windows\System32\svchost.exe[1140] ole32.dll!CoGetClassObject 76074E56 5 Bytes JMP 10004AD0 c:\windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1140] ole32.dll!CoCreateInstanceEx 760ADDD2 5 Bytes JMP 10004960 c:\windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1168] ntdll.dll!LdrUnloadDll 772FBF0A 7 Bytes JMP 10004F90 c:\windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1168] ntdll.dll!NtClose 7731F354 5 Bytes JMP 10005060 c:\windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1168] USER32.dll!mouse_event 770194EF 5 Bytes JMP 100016D0 c:\windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1168] USER32.dll!EndTask 77064A52 5 Bytes JMP 10004C30 c:\windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1168] USER32.dll!keybd_event 7706FE80 5 Bytes JMP 10001550 c:\windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1168] GDI32.dll!BitBlt 76FC6AB7 5 Bytes JMP 10001860 c:\windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1168] GDI32.dll!CreateDCA 76FCBCD9 2 Bytes JMP 10001230 c:\windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1168] GDI32.dll!CreateDCA + 3 76FCBCDC 2 Bytes [ 03, 99 ]
.text C:\Windows\System32\svchost.exe[1168] GDI32.dll!CreateDCW 76FCBE99 2 Bytes JMP 100013C0 c:\windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1168] GDI32.dll!CreateDCW + 3 76FCBE9C 2 Bytes [ 03, 99 ]
.text C:\Windows\System32\svchost.exe[1168] ole32.dll!CoGetClassObject 76074E56 5 Bytes JMP 10004AD0 c:\windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1168] ole32.dll!CoCreateInstanceEx 760ADDD2 5 Bytes JMP 10004960 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1180] ntdll.dll!LdrUnloadDll 772FBF0A 7 Bytes JMP 10004F90 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1180] ntdll.dll!NtClose 7731F354 5 Bytes JMP 10005060 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1180] USER32.dll!mouse_event 770194EF 5 Bytes JMP 100016D0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1180] USER32.dll!EndTask 77064A52 5 Bytes JMP 10004C30 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1180] USER32.dll!keybd_event 7706FE80 5 Bytes JMP 10001550 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1180] GDI32.dll!BitBlt 76FC6AB7 5 Bytes JMP 10001860 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1180] GDI32.dll!CreateDCA 76FCBCD9 2 Bytes JMP 10001230 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1180] GDI32.dll!CreateDCA + 3 76FCBCDC 2 Bytes [ 03, 99 ]
.text C:\Windows\system32\svchost.exe[1180] GDI32.dll!CreateDCW 76FCBE99 2 Bytes JMP 100013C0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1180] GDI32.dll!CreateDCW + 3 76FCBE9C 2 Bytes [ 03, 99 ]
.text C:\Windows\system32\svchost.exe[1180] ole32.dll!CoGetClassObject 76074E56 5 Bytes JMP 10004AD0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1180] ole32.dll!CoCreateInstanceEx 760ADDD2 5 Bytes JMP 10004960 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!LdrUnloadDll 772FBF0A 7 Bytes JMP 10004F90 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtClose 7731F354 5 Bytes JMP 10005060 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1320] USER32.dll!mouse_event 770194EF 5 Bytes JMP 100016D0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1320] USER32.dll!EndTask 77064A52 5 Bytes JMP 10004C30 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1320] USER32.dll!keybd_event 7706FE80 5 Bytes JMP 10001550 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1320] GDI32.dll!BitBlt 76FC6AB7 5 Bytes JMP 10001860 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1320] GDI32.dll!CreateDCA 76FCBCD9 2 Bytes JMP 10001230 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1320] GDI32.dll!CreateDCA + 3 76FCBCDC 2 Bytes [ 03, 99 ]
.text C:\Windows\system32\svchost.exe[1320] GDI32.dll!CreateDCW 76FCBE99 2 Bytes JMP 100013C0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1320] GDI32.dll!CreateDCW + 3 76FCBE9C 2 Bytes [ 03, 99 ]
.text C:\Windows\system32\svchost.exe[1320] ole32.dll!CoGetClassObject 76074E56 5 Bytes JMP 10004AD0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1320] ole32.dll!CoCreateInstanceEx 760ADDD2 5 Bytes JMP 10004960 c:\windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[1416] ntdll.dll!LdrUnloadDll 772FBF0A 7 Bytes JMP 10004F90 c:\windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[1416] ntdll.dll!NtClose 7731F354 5 Bytes JMP 10005060 c:\windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[1416] GDI32.dll!BitBlt 76FC6AB7 5 Bytes JMP 10001860 c:\windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[1416] GDI32.dll!CreateDCA 76FCBCD9 2 Bytes JMP 10001230 c:\windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[1416] GDI32.dll!CreateDCA + 3 76FCBCDC 2 Bytes [ 03, 99 ]
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[1416] GDI32.dll!CreateDCW 76FCBE99 2 Bytes JMP 100013C0 c:\windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[1416] GDI32.dll!CreateDCW + 3 76FCBE9C 2 Bytes [ 03, 99 ]
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[1416] USER32.dll!mouse_event 770194EF 5 Bytes JMP 100016D0 c:\windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[1416] USER32.dll!EndTask 77064A52 5 Bytes JMP 10004C30 c:\windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[1416] USER32.dll!keybd_event 7706FE80 5 Bytes JMP 10001550 c:\windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[1416] ole32.dll!CoGetClassObject 76074E56 5 Bytes JMP 10004AD0 c:\windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[1416] ole32.dll!CoCreateInstanceEx 760ADDD2 5 Bytes JMP 10004960 c:\windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[1468] ntdll.dll!LdrUnloadDll 772FBF0A 7 Bytes JMP 10004F90 c:\windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[1468] ntdll.dll!NtClose 7731F354 5 Bytes JMP 10005060 c:\windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[1468] GDI32.dll!BitBlt 76FC6AB7 5 Bytes JMP 10001860 c:\windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[1468] GDI32.dll!CreateDCA 76FCBCD9 2 Bytes JMP 10001230 c:\windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[1468] GDI32.dll!CreateDCA + 3 76FCBCDC 2 Bytes [ 03, 99 ]
.text C:\Windows\Explorer.EXE[1468] GDI32.dll!CreateDCW 76FCBE99 2 Bytes JMP 100013C0 c:\windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[1468] GDI32.dll!CreateDCW + 3 76FCBE9C 2 Bytes [ 03, 99 ]
.text C:\Windows\Explorer.EXE[1468] USER32.dll!mouse_event 770194EF 5 Bytes JMP 100016D0 c:\windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[1468] USER32.dll!EndTask 77064A52 5 Bytes JMP 10004C30 c:\windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[1468] USER32.dll!keybd_event 7706FE80 5 Bytes JMP 10001550 c:\windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[1468] ole32.dll!CoGetClassObject 76074E56 5 Bytes JMP 10004AD0 c:\windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[1468] ole32.dll!CoCreateInstanceEx 760ADDD2 5 Bytes JMP 10004960 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1480] ntdll.dll!LdrUnloadDll 772FBF0A 7 Bytes JMP 10004F90 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1480] ntdll.dll!NtClose 7731F354 5 Bytes JMP 10005060 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1480] USER32.dll!mouse_event 770194EF 5 Bytes JMP 100016D0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1480] USER32.dll!EndTask 77064A52 5 Bytes JMP 10004C30 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1480] USER32.dll!keybd_event 7706FE80 5 Bytes JMP 10001550 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1480] GDI32.dll!BitBlt 76FC6AB7 5 Bytes JMP 10001860 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1480] GDI32.dll!CreateDCA 76FCBCD9 2 Bytes JMP 10001230 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1480] GDI32.dll!CreateDCA + 3 76FCBCDC 2 Bytes [ 03, 99 ]
.text C:\Windows\system32\svchost.exe[1480] GDI32.dll!CreateDCW 76FCBE99 2 Bytes JMP 100013C0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1480] GDI32.dll!CreateDCW + 3 76FCBE9C 2 Bytes [ 03, 99 ]
.text C:\Windows\system32\svchost.exe[1480] ole32.dll!CoGetClassObject 76074E56 5 Bytes JMP 10004AD0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1480] ole32.dll!CoCreateInstanceEx 760ADDD2 5 Bytes JMP 10004960 c:\windows\system32\guard32.dll
.text C:\Windows\system32\SearchProtocolHost.exe[1520] ntdll.dll!LdrUnloadDll 772FBF0A 7 Bytes JMP 10004F90 c:\windows\system32\guard32.dll
.text C:\Windows\system32\SearchProtocolHost.exe[1520] ntdll.dll!NtClose 7731F354 5 Bytes JMP 10005060 c:\windows\system32\guard32.dll
.text C:\Windows\system32\SearchProtocolHost.exe[1520] USER32.dll!mouse_event 770194EF 5 Bytes JMP 100016D0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\SearchProtocolHost.exe[1520] USER32.dll!EndTask 77064A52 5 Bytes JMP 10004C30 c:\windows\system32\guard32.dll
.text C:\Windows\system32\SearchProtocolHost.exe[1520] USER32.dll!keybd_event 7706FE80 5 Bytes JMP 10001550 c:\windows\system32\guard32.dll
.text C:\Windows\system32\SearchProtocolHost.exe[1520] GDI32.dll!BitBlt 76FC6AB7 5 Bytes JMP 10001860 c:\windows\system32\guard32.dll
.text C:\Windows\system32\SearchProtocolHost.exe[1520] GDI32.dll!CreateDCA 76FCBCD9 2 Bytes JMP 10001230 c:\windows\system32\guard32.dll
.text C:\Windows\system32\SearchProtocolHost.exe[1520] GDI32.dll!CreateDCA + 3 76FCBCDC 2 Bytes [ 03, 99 ]
.text C:\Windows\system32\SearchProtocolHost.exe[1520] GDI32.dll!CreateDCW 76FCBE99 2 Bytes JMP 100013C0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\SearchProtocolHost.exe[1520] GDI32.dll!CreateDCW + 3 76FCBE9C 2 Bytes [ 03, 99 ]
.text C:\Windows\system32\SearchProtocolHost.exe[1520] ole32.dll!CoGetClassObject 76074E56 5 Bytes JMP 10004AD0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\SearchProtocolHost.exe[1520] ole32.dll!CoCreateInstanceEx 760ADDD2 5 Bytes JMP 10004960 c:\windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[1720] ntdll.dll!LdrUnloadDll 772FBF0A 7 Bytes JMP 10004F90 c:\windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[1720] ntdll.dll!NtClose 7731F354 5 Bytes JMP 10005060 c:\windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[1720] USER32.dll!mouse_event 770194EF 5 Bytes JMP 100016D0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[1720] USER32.dll!EndTask 77064A52 5 Bytes JMP 10004C30 c:\windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[1720] USER32.dll!keybd_event 7706FE80 5 Bytes JMP 10001550 c:\windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[1720] GDI32.dll!BitBlt 76FC6AB7 5 Bytes JMP 10001860 c:\windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[1720] GDI32.dll!CreateDCA 76FCBCD9 2 Bytes JMP 10001230 c:\windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[1720] GDI32.dll!CreateDCA + 3 76FCBCDC 2 Bytes [ 03, 99 ]
.text C:\Windows\system32\taskeng.exe[1720] GDI32.dll!CreateDCW 76FCBE99 2 Bytes JMP 100013C0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[1720] GDI32.dll!CreateDCW + 3 76FCBE9C 2 Bytes [ 03, 99 ]
.text C:\Windows\system32\taskeng.exe[1720] ole32.dll!CoGetClassObject 76074E56 5 Bytes JMP 10004AD0 c:\windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[1720] ole32.dll!CoCreateInstanceEx 760ADDD2 5 Bytes JMP 10004960 c:\windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1800] ntdll.dll!LdrUnloadDll 772FBF0A 7 Bytes JMP 10004F90 c:\windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1800] ntdll.dll!NtClose 7731F354 5 Bytes JMP 10005060 c:\windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1800] USER32.dll!mouse_event 770194EF 5 Bytes JMP 100016D0 c:\windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1800] USER32.dll!EndTask 77064A52 5 Bytes JMP 10004C30 c:\windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1800] USER32.dll!keybd_event 7706FE80 5 Bytes JMP 10001550 c:\windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1800] GDI32.dll!BitBlt 76FC6AB7 5 Bytes JMP 10001860 c:\windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1800] GDI32.dll!CreateDCA 76FCBCD9 2 Bytes JMP 10001230 c:\windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1800] GDI32.dll!CreateDCA + 3 76FCBCDC 2 Bytes [ 03, 99 ]
.text C:\Windows\System32\spoolsv.exe[1800] GDI32.dll!CreateDCW 76FCBE99 2 Bytes JMP 100013C0 c:\windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1800] GDI32.dll!CreateDCW + 3 76FCBE9C 2 Bytes [ 03, 99 ]
.text C:\Windows\System32\spoolsv.exe[180
0
Réponse 24 / 27
g!rly Messages postés 18462 Statut Contributeur 407
 
re;

il n´a rien detecté d´infectieux ?!

@+
0
adc15
 
l'installation du sp1 n'a rien changé non plus!!
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 27
adc15
 
up!!
0
Réponse 26 / 27
g!rly Messages postés 18462 Statut Contributeur 407
 
bah on va ou avec ton vista ?
0
Réponse 27 / 27
adc15
 
ca veut dire quoi ça??
0
Précédent
  • 1
  • 2

Discussions similaires

FOTOSE (allemagne)
lix -
Yves -

13 réponses
Formaté mais pas de connexion Internet ?
VissErale -
VissErale -

4 réponses
ATTENTION : escroquerie à la carte bleue !!
dvrg -
dvrg -

80 réponses