Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

(Résolu) Besoin sérieusement d'aide: virus !!!

lauzoe

Par lauzoe
dans Analyses et éradication malwares

 Partager

Messages recommandés

lauzoe Member

lauzoe

Posté(e)
  • Auteur
Posté(e)

Bonsoir Bruce Lee

 

et encore merci pour ton aide

Ce qui est assez surprenant , depuis que j'ai fait une restauration systeme , aucun virus n'est apparu même lors de ma connection internet ?! je ne sais pas si ca signifie que j'en suis quitte ...

Bref ...

Voici le rapport:

 

05/03/07 20:14:06 [info]: BlackLight Engine 1.0.61 initialized

05/03/07 20:14:06 [info]: OS: 5.1 build 2600 (Service Pack 2)

05/03/07 20:14:07 [Note]: 7019 4

05/03/07 20:14:07 [Note]: 7005 0

05/03/07 20:14:16 [Note]: 7006 0

05/03/07 20:14:16 [Note]: 7011 1344

05/03/07 20:14:16 [Note]: 7026 0

05/03/07 20:14:16 [Note]: 7026 0

05/03/07 20:14:28 [Note]: FSRAW library version 1.7.1021

05/03/07 20:20:41 [Note]: 2000 1012

 

 

Bonne soirée et merci

J'attends de tes nouvelles

 

Laurence

bruce lee Devil Member !

bruce lee

Posté(e)
Posté(e) (modifié)

re,

 

Si durant la procédure ci-dessous, il y a des étapes que tu n'as pas reussi a faire, merci de continuer la procédure jusqu'au bout et de les signaler dans ta prochaine reponse.

 

Je te conseille d'enregistrer la page web compléte sous Internet Explorer comme ceci :

 

* Clique sur Fichier/Enregistrer sous Dans Type, choisis : Archive web (fichier seul (*.mht) / Enregistre la sur le bureau,comme cela tu retrouvera la mise en forme ou imprime cette réponse. Une partie de la désinfection se déroulera en mode sans échec.

 

 

1/Télécharge puis installe http://www.ewido.net/en/download

Une fois AVG AS lancé, clique sur Mise à jour

Ferme le programme.

 

 

Télécharge SDFix(créé par AndyManchesta) et sauvegarde le sur ton Bureau.

 

 

 

2/Démarre en mode sans échec http://www.sosordi.net/Faq/Faq.2.html

 

 

3/ Relance AVG AS puis choisis l'onglet Analyse

Puis l'onglet Paramètres

Sous la question Comment réagir ?, clique sur Actions recommandées et choisis Quarantaine

Reclique sur l'onglet Analyse puis réalise une Analyse complète du système

 

Si un fichier infecté est détecté en fin d'analyse

Clique sur Appliquer toutes les actions

 

Clique sur Enregistrer le rapport puis sur Enregistrer le rapport sous

Enregistre ce fichier texte sur ton bureau

 

 

4/Déroule la liste des instructions ci-dessous :

  • En mode sans échec, fais un clic droit sur le fichier SDFix.zip et choisis extraire tout,
  • Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le script.
  • Il va supprimer les services de certains trojans, effectuera aussi quelques réparations du Registre et il te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Enfin, ouvre le dossier de SDFix sur ton Bureau et copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

5/Poste le rapport d'AVG Anti spyware 7.5.

 

6/Télécharge gmer : http://www.gmer.net/gmer.zip

Déconnecte toi d'internet si possible et ferme tous les programmes.

Décompresse le fichier zip et double-clic sur gmer.exe

IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

Clic sur l'onglet "rootkit" et clic sur Scan

Lorsque le scan est terminé, clic sur "copy"

 

Ouvre le bloc-note et clic sur le Menu Edition / Coller

Le rapport doit alors apparaître.

Enregistre le fichier sur ton bureau et copie/colle le contenu ici.

 

- Télécharge DiagHelp.zip http://www.malekal.com/download/DiagHelp.zip sur ton bureau

- Ne le lance pas tout de suite; fais un clic droit sur le fichier et choisis "extraire tout"

- Un nouveau dossier chercher va être créé DiagHelp

- Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)

- Une fenêtre va s'ouvrir, choisis l'option 2

- L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande

- Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :

-- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout

-- A nouveau menu Edition / copier

-- Dans un nouveau message ici, faire un clic droit / coller

 

Bon courage, et si tu as la moindre question n'hésite surtout pas :P

 

@+

Modifié par bruce lee
lauzoe Member

lauzoe

Posté(e)
  • Auteur
Posté(e)

bonjour

Voilà le rapport

 

 

SDFix: Version 1.82

 

Run by lolo - sam. 05/05/2007 - 7:54:49,46

 

Microsoft Windows XP [version 5.1.2600]

 

Running From: C:\DOCUME~1\lolo\Bureau\SDFix

 

Safe Mode:

Checking Services:

 

 

 

 

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Restoring Missing Security Center Service

Restoring Missing SharedAccess Service

 

Rebooting...

 

Normal Mode:

Checking Files:

 

Below files will be copied to Backups folder then removed:

 

C:\WINDOWS\system32\o - Deleted

 

 

 

Removing Temp Files

 

ADS Check:

 

Checking if ADS is attached to system32 Folder

C:\WINDOWS\system32

No streams found.

 

Checking if ADS is attached to svchost.exe

C:\WINDOWS\system32\svchost.exe

No streams found.

 

 

 

Final Check:

 

Remaining Services:

------------------

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"

"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"

"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

 

 

Remaining Files:

---------------

 

Backups Folder: - C:\DOCUME~1\lolo\Bureau\SDFix\backups\backups.zip

 

Checking For Files with Hidden Attributes:

 

C:\Laurence\Discography - Robbie Williams - 7 Albums\Robbie Williams - Live At Live8 London 2005 Mp3.192Kbps Mp3-Es\Robbie.Williams.-.Live.at.Live8.London.MP3.192kbps.www.MP3-Es.com\desktop.ini

C:\Program Files\Fichiers communs\Adobe\ESD\DLMCleanup.exe

C:\WINDOWS\system32\Tools\All.exe

C:\WINDOWS\system32\Tools\Change.exe

C:\WINDOWS\system32\Tools\CheckPath.exe

C:\WINDOWS\system32\Tools\Counter.exe

C:\WINDOWS\system32\Tools\DelFolders.exe

C:\WINDOWS\system32\Tools\DirectSetup.exe

C:\WINDOWS\system32\Tools\RegClean.exe

C:\WINDOWS\system32\Tools\Regexe.exe

C:\WINDOWS\system32\Tools\RunRegexe.exe

C:\WINDOWS\system32\KGyGaAvL.sys

C:\Documents and Settings\lolo\Application Data\Microsoft\ModŠles\~WRL3627.tmp

C:\Documents and Settings\lolo\Application Data\Microsoft\Word\~WRL0003.tmp

C:\Documents and Settings\lolo\Application Data\Microsoft\Word\~WRL0656.tmp

C:\Documents and Settings\lolo\Application Data\Microsoft\Word\~WRL0660.tmp

C:\Documents and Settings\lolo\Application Data\Microsoft\Word\~WRL0849.tmp

C:\Documents and Settings\lolo\Application Data\Microsoft\Word\~WRL0975.tmp

C:\Documents and Settings\lolo\Application Data\Microsoft\Word\~WRL1567.tmp

C:\Documents and Settings\lolo\Application Data\Microsoft\Word\~WRL1698.tmp

C:\Documents and Settings\lolo\Application Data\Microsoft\Word\~WRL2272.tmp

C:\Documents and Settings\lolo\Application Data\Microsoft\Word\~WRL2527.tmp

C:\Documents and Settings\lolo\Application Data\Microsoft\Word\~WRL3019.tmp

C:\Documents and Settings\lolo\Application Data\Microsoft\Word\~WRL3626.tmp

C:\Documents and Settings\lolo\Application Data\Microsoft\Word\~WRL3898.tmp

C:\Documents and Settings\lolo\Mes documents\~WRL0946.tmp

C:\Documents and Settings\lolo\Mes documents\~WRL2048.tmp

 

Finished

 

 

J'attends le suite de tes instructions

Encore merci

Laurence

Malekal_morte Godlike Member

Malekal_morte

Posté(e)
Posté(e)

Salut,

 

Tu n'as fait qu'une partie des instructions.

Regarde la procédure.

Tu dois faire un scan avec Gmer suivi d'un scan avec DiagHelp !

lauzoe Member

lauzoe

Posté(e)
  • Auteur
Posté(e)
Salut,

 

Tu n'as fait qu'une partie des instructions.

Regarde la procédure.

Tu dois faire un scan avec Gmer suivi d'un scan avec DiagHelp !

 

 

oups ... !!!

 

Je pensais avoir fait comme précisé ...

c'est quoi Gmer et Diaghelp ??!!!

 

Merci de me repréciser ce quoi je dois faire car je suis perdue !!!

Bonne soirée et merci

Laurence

lauzoe Member

lauzoe

Posté(e)
  • Auteur
Posté(e)

:outch: je n'avais pas vu étapes 5 et 6 !!!!

 

Voici rapport gmer

 

GMER 1.0.12.12244 - http://www.gmer.net

Rootkit scan 2007-05-06 21:21:52

Windows 5.1.2600 Service Pack 2

 

 

---- System - GMER 1.0.12 ----

 

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwClose

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateFile

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateKey

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcess

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcessEx

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateThread

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteFile

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteKey

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteValueKey

SSDT \SystemRoot\system32\drivers\khips.sys ZwLoadDriver

SSDT \SystemRoot\system32\drivers\khips.sys ZwMapViewOfSection

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenFile

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenKey

SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwResumeThread

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetInformationFile

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetValueKey

SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwWriteFile

 

---- Kernel code sections - GMER 1.0.12 ----

 

? C:\WINDOWS\System32\DRIVERS\update.sys

 

---- User code sections - GMER 1.0.12 ----

 

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[224] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[224] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[224] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[224] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[224] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[224] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[224] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[224] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[224] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[224] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[224] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[224] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[224] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[224] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[224] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720

.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\svchost.exe[508] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\svchost.exe[508] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720

.text C:\WINDOWS\system32\csrss.exe[552] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8

.text C:\WINDOWS\system32\csrss.exe[552] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090

.text C:\WINDOWS\system32\csrss.exe[552] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694

.text C:\WINDOWS\system32\csrss.exe[552] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0

.text C:\WINDOWS\system32\csrss.exe[552] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234

.text C:\WINDOWS\system32\csrss.exe[552] KERNEL32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00160004

.text C:\WINDOWS\system32\csrss.exe[552] KERNEL32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0016011C

.text C:\WINDOWS\system32\csrss.exe[552] KERNEL32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001604F0

.text C:\WINDOWS\system32\csrss.exe[552] KERNEL32.dll!CreateThread 7C81082F 5 Bytes JMP 0016057C

.text C:\WINDOWS\system32\csrss.exe[552] KERNEL32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001603D8

.text C:\WINDOWS\system32\csrss.exe[552] KERNEL32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0016034C

.text C:\WINDOWS\system32\csrss.exe[552] KERNEL32.dll!WinExec 7C86114D 5 Bytes JMP 00160464

.text C:\WINDOWS\system32\csrss.exe[552] KERNEL32.dll!SetThreadContext 7C862849 5 Bytes JMP 00160608

.text C:\WINDOWS\system32\csrss.exe[552] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001607AC

.text C:\WINDOWS\system32\csrss.exe[552] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00160720

.text C:\WINDOWS\system32\winlogon.exe[576] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8

.text C:\WINDOWS\system32\winlogon.exe[576] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090

.text C:\WINDOWS\system32\winlogon.exe[576] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694

.text C:\WINDOWS\system32\winlogon.exe[576] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0

.text C:\WINDOWS\system32\winlogon.exe[576] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234

.text C:\WINDOWS\system32\winlogon.exe[576] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00070004

.text C:\WINDOWS\system32\winlogon.exe[576] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0007011C

.text C:\WINDOWS\system32\winlogon.exe[576] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000704F0

.text C:\WINDOWS\system32\winlogon.exe[576] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0007057C

.text C:\WINDOWS\system32\winlogon.exe[576] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000703D8

.text C:\WINDOWS\system32\winlogon.exe[576] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0007034C

.text C:\WINDOWS\system32\winlogon.exe[576] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00070464

.text C:\WINDOWS\system32\winlogon.exe[576] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00070608

.text C:\WINDOWS\system32\winlogon.exe[576] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000707AC

.text C:\WINDOWS\system32\winlogon.exe[576] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00070720

.text C:\WINDOWS\system32\winlogon.exe[576] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000708C4

.text C:\WINDOWS\system32\winlogon.exe[576] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00070838

.text C:\WINDOWS\system32\winlogon.exe[576] WS2_32.dll!connect 719F406A 5 Bytes JMP 00070950

.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\services.exe[620] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\services.exe[620] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720

.text C:\WINDOWS\system32\services.exe[620] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text C:\WINDOWS\system32\services.exe[620] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text C:\WINDOWS\system32\services.exe[620] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\lsass.exe[632] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\lsass.exe[632] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720

.text C:\WINDOWS\system32\lsass.exe[632] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text C:\WINDOWS\system32\lsass.exe[632] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text C:\WINDOWS\system32\lsass.exe[632] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\svchost.exe[780] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\svchost.exe[780] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720

.text C:\WINDOWS\system32\svchost.exe[780] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text C:\WINDOWS\system32\svchost.exe[780] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text C:\WINDOWS\system32\svchost.exe[780] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\svchost.exe[892] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\svchost.exe[892] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720

.text C:\WINDOWS\system32\svchost.exe[892] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text C:\WINDOWS\system32\svchost.exe[892] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text C:\WINDOWS\system32\svchost.exe[892] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text C:\WINDOWS\system32\svchost.exe[892] WININET.dll!InternetOpenW 77AAAF65 5 Bytes JMP 00080DB0

.text C:\WINDOWS\system32\svchost.exe[892] WININET.dll!InternetConnectA 77AB30F3 5 Bytes JMP 00080F54

.text C:\WINDOWS\system32\svchost.exe[892] WININET.dll!InternetOpenA 77AB58EA 5 Bytes JMP 00080D24

.text C:\WINDOWS\system32\svchost.exe[892] WININET.dll!InternetOpenUrlA 77AB5B9D 5 Bytes JMP 00080E3C

.text C:\WINDOWS\system32\svchost.exe[892] WININET.dll!InternetConnectW 77ABEE30 5 Bytes JMP 00080FE0

.text C:\WINDOWS\system32\svchost.exe[892] WININET.dll!InternetOpenUrlW 77AC5B82 5 Bytes JMP 00080EC8

.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720

.text C:\WINDOWS\system32\svchost.exe[964] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text C:\WINDOWS\system32\svchost.exe[964] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text C:\WINDOWS\system32\svchost.exe[964] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text C:\WINDOWS\explorer.exe[1236] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text C:\WINDOWS\explorer.exe[1236] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text C:\WINDOWS\explorer.exe[1236] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text C:\WINDOWS\explorer.exe[1236] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text C:\WINDOWS\explorer.exe[1236] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text C:\WINDOWS\explorer.exe[1236] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004

.text C:\WINDOWS\explorer.exe[1236] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C

.text C:\WINDOWS\explorer.exe[1236] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0

.text C:\WINDOWS\explorer.exe[1236] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C

.text C:\WINDOWS\explorer.exe[1236] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8

.text C:\WINDOWS\explorer.exe[1236] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C

.text C:\WINDOWS\explorer.exe[1236] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464

.text C:\WINDOWS\explorer.exe[1236] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608

.text C:\WINDOWS\explorer.exe[1236] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC

.text C:\WINDOWS\explorer.exe[1236] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720

.text C:\WINDOWS\explorer.exe[1236] WININET.dll!InternetOpenW 77AAAF65 5 Bytes JMP 00080DB0

.text C:\WINDOWS\explorer.exe[1236] WININET.dll!InternetConnectA 77AB30F3 5 Bytes JMP 00080F54

.text C:\WINDOWS\explorer.exe[1236] WININET.dll!InternetOpenA 77AB58EA 5 Bytes JMP 00080D24

.text C:\WINDOWS\explorer.exe[1236] WININET.dll!InternetOpenUrlA 77AB5B9D 5 Bytes JMP 00080E3C

.text C:\WINDOWS\explorer.exe[1236] WININET.dll!InternetConnectW 77ABEE30 5 Bytes JMP 00080FE0

.text C:\WINDOWS\explorer.exe[1236] WININET.dll!InternetOpenUrlW 77AC5B82 5 Bytes JMP 00080EC8

.text C:\WINDOWS\explorer.exe[1236] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text C:\WINDOWS\explorer.exe[1236] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text C:\WINDOWS\explorer.exe[1236] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1300] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1300] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1300] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1300] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1300] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1300] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1300] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1300] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1300] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1300] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1300] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1300] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1300] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1300] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1300] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1300] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1300] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1300] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text C:\WINDOWS\dragdiag.exe[1432] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\WINDOWS\dragdiag.exe[1432] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\WINDOWS\dragdiag.exe[1432] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\WINDOWS\dragdiag.exe[1432] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\WINDOWS\dragdiag.exe[1432] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\WINDOWS\dragdiag.exe[1432] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004

.text C:\WINDOWS\dragdiag.exe[1432] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C

.text C:\WINDOWS\dragdiag.exe[1432] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0

.text C:\WINDOWS\dragdiag.exe[1432] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C

.text C:\WINDOWS\dragdiag.exe[1432] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8

.text C:\WINDOWS\dragdiag.exe[1432] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C

.text C:\WINDOWS\dragdiag.exe[1432] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464

.text C:\WINDOWS\dragdiag.exe[1432] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608

.text C:\WINDOWS\dragdiag.exe[1432] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC

.text C:\WINDOWS\dragdiag.exe[1432] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1448] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1448] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1448] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1448] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1448] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1448] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1448] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1448] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1448] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1448] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1448] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1448] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1448] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1448] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1448] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1448] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1448] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1448] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text C:\WINDOWS\system32\spoolsv.exe[1908] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\spoolsv.exe[1908] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\spoolsv.exe[1908] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\spoolsv.exe[1908] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\spoolsv.exe[1908] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\spoolsv.exe[1908] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\spoolsv.exe[1908] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\spoolsv.exe[1908] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\spoolsv.exe[1908] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\spoolsv.exe[1908] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\spoolsv.exe[1908] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\spoolsv.exe[1908] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\spoolsv.exe[1908] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\spoolsv.exe[1908] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\spoolsv.exe[1908] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720

.text C:\WINDOWS\system32\spoolsv.exe[1908] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text C:\WINDOWS\system32\spoolsv.exe[1908] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text C:\WINDOWS\system32\spoolsv.exe[1908] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2264] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2264] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2264] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2264] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2264] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2264] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004

.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2264] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C

.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2264] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0

.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2264] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C

.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2264] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8

.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2264] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C

.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2264] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464

.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2264] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608

.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2264] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC

.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2264] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720

.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2264] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2264] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2264] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2340] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2340] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2340] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2340] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2340] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2340] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2340] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2340] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2340] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2340] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2340] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2340] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2340] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2340] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2340] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2340] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2340] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2340] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720

.text C:\Program Files\Internet Explorer\iexplore.exe[2512] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\Internet Explorer\iexplore.exe[2512] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\Internet Explorer\iexplore.exe[2512] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\Internet Explorer\iexplore.exe[2512] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\Internet Explorer\iexplore.exe[2512] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\Internet Explorer\iexplore.exe[2512] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004

.text C:\Program Files\Internet Explorer\iexplore.exe[2512] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C

.text C:\Program Files\Internet Explorer\iexplore.exe[2512] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0

.text C:\Program Files\Internet Explorer\iexplore.exe[2512] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C

.text C:\Program Files\Internet Explorer\iexplore.exe[2512] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8

.text C:\Program Files\Internet Explorer\iexplore.exe[2512] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C

.text C:\Program Files\Internet Explorer\iexplore.exe[2512] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464

.text C:\Program Files\Internet Explorer\iexplore.exe[2512] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608

.text C:\Program Files\Internet Explorer\iexplore.exe[2512] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC

.text C:\Program Files\Internet Explorer\iexplore.exe[2512] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720

.text C:\Program Files\Internet Explorer\iexplore.exe[2512] WININET.dll!InternetOpenW 77AAAF65 5 Bytes JMP 00130DB0

.text C:\Program Files\Internet Explorer\iexplore.exe[2512] WININET.dll!InternetConnectA 77AB30F3 5 Bytes JMP 00130F54

.text C:\Program Files\Internet Explorer\iexplore.exe[2512] WININET.dll!InternetOpenA 77AB58EA 5 Bytes JMP 00130D24

.text C:\Program Files\Internet Explorer\iexplore.exe[2512] WININET.dll!InternetOpenUrlA 77AB5B9D 5 Bytes JMP 00130E3C

.text C:\Program Files\Internet Explorer\iexplore.exe[2512] WININET.dll!InternetConnectW 77ABEE30 5 Bytes JMP 00130FE0

.text C:\Program Files\Internet Explorer\iexplore.exe[2512] WININET.dll!InternetOpenUrlW 77AC5B82 5 Bytes JMP 00130EC8

.text C:\Program Files\Internet Explorer\iexplore.exe[2512] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text C:\Program Files\Internet Explorer\iexplore.exe[2512] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text C:\Program Files\Internet Explorer\iexplore.exe[2512] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[2896] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[2896] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[2896] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[2896] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[2896] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[2896] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[2896] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[2896] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[2896] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[2896] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[2896] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[2896] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[2896] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[2896] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[2896] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[2896] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[2896] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[2896] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text C:\Documents and Settings\lolo\Bureau\gmer\gmer.exe[2936] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Documents and Settings\lolo\Bureau\gmer\gmer.exe[2936] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Documents and Settings\lolo\Bureau\gmer\gmer.exe[2936] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Documents and Settings\lolo\Bureau\gmer\gmer.exe[2936] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Documents and Settings\lolo\Bureau\gmer\gmer.exe[2936] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Documents and Settings\lolo\Bureau\gmer\gmer.exe[2936] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004

.text C:\Documents and Settings\lolo\Bureau\gmer\gmer.exe[2936] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C

.text C:\Documents and Settings\lolo\Bureau\gmer\gmer.exe[2936] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0

.text C:\Documents and Settings\lolo\Bureau\gmer\gmer.exe[2936] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C

.text C:\Documents and Settings\lolo\Bureau\gmer\gmer.exe[2936] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8

.text C:\Documents and Settings\lolo\Bureau\gmer\gmer.exe[2936] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C

.text C:\Documents and Settings\lolo\Bureau\gmer\gmer.exe[2936] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464

.text C:\Documents and Settings\lolo\Bureau\gmer\gmer.exe[2936] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608

.text C:\Documents and Settings\lolo\Bureau\gmer\gmer.exe[2936] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC

.text C:\Documents and Settings\lolo\Bureau\gmer\gmer.exe[2936] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720

 

---- Files - GMER 1.0.12 ----

 

ADS C:\Documents and Settings\lolo\Local Settings\Application Data\Microsoft\Messenger\lau_zoe_9@hotmail.com\SharingMetadata\limsokhong@hotmail.com\DFSR\Staging\CS{93CDCAE8-8366-76BF-3DD0-CD3E8C5109C7}1\10-{93CDCAE8-8366-76BF-3DD0-CD3E8C5109C7}-v1-{0CEEF84B-F632-4254-8DCD-742B51CD70B8}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

 

---- EOF - GMER 1.0.12 ----

 

 

Je continue la suite ...

lauzoe Member

lauzoe

Posté(e)
  • Auteur
Posté(e)

Voici rapport diag help

 

FPort v2.0 - TCP/IP Process to Port Mapper

Copyright 2000 by Foundstone, Inc.

http://www.foundstone.com

 

Pid Process Port Proto Path

840 -> 135 TCP

4 System -> 445 TCP

2296 ashMaiSv -> 12025 TCP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

2296 ashMaiSv -> 12110 TCP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

2296 ashMaiSv -> 12119 TCP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

2296 ashMaiSv -> 12143 TCP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

2340 ashWebSv -> 12080 TCP C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

944 kpf4gui -> 1026 TCP C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

944 kpf4gui -> 1028 TCP C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

2264 kpf4gui -> 1031 TCP C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

2264 kpf4gui -> 1034 TCP C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

304 kpf4ss -> 1030 TCP C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

304 kpf4ss -> 1036 TCP C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

304 kpf4ss -> 44334 TCP C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

304 kpf4ss -> 44501 TCP C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

892 svchost -> 139 TCP C:\WINDOWS\System32\svchost.exe

 

840 -> 445 UDP

4 System -> 500 UDP

2296 ashMaiSv -> 123 UDP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

2296 ashMaiSv -> 1900 UDP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

2296 ashMaiSv -> 4347 UDP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

2340 ashWebSv -> 1025 UDP C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

944 kpf4gui -> 1027 UDP C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

2264 kpf4gui -> 1029 UDP C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

2264 kpf4gui -> 123 UDP C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

944 kpf4gui -> 1279 UDP C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

2264 kpf4gui -> 137 UDP C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

944 kpf4gui -> 4500 UDP C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

304 kpf4ss -> 1033 UDP C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

304 kpf4ss -> 1035 UDP C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

304 kpf4ss -> 138 UDP C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

304 kpf4ss -> 44334 UDP C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

892 svchost -> 1038 UDP C:\WINDOWS\System32\svchost.exe

 

 

 

PsList 1.26 - Process Information Lister

Copyright © 1999-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

Process information for ORDILOLO:

 

Name Pid Pri Thd Hnd VM WS Priv

Idle 0 0 1 0 0 16 0

System 4 8 67 1513 1912 36 0

smss 484 11 3 21 3836 40 172

csrss 552 13 13 566 26988 1724 1788

winlogon 576 13 19 494 54516 644 7252

services 620 9 16 298 38172 1196 2052

guard 224 8 8 71 62028 10568 26612

kpf4ss 304 8 19 426 137956 2640 7944

kpf4gui 944 8 5 80 38828 736 2124

kpf4gui 2264 8 6 87 39940 1540 2320

svchost 508 8 8 144 42684 1772 3188

svchost 780 8 19 214 64440 752 3072

hpoevm08 248 8 9 133 34456 612 1252

hposts08 2896 8 4 138 48116 1008 3172

iexplore 2512 8 17 650 175004 20484 26680

svchost 840 8 9 314 37652 1036 1816

svchost 892 8 70 1568 109808 3308 15804

wuauclt 2088 8 4 159 45568 180 5668

svchost 964 8 6 84 29920 484 1332

svchost 1048 8 15 203 38140 740 1816

aswUpdSv 1164 8 3 28 16740 44 464

ashServ 1300 13 24 270 98416 8512 15224

spoolsv 1908 8 10 134 53704 168 9520

ashMaiSv 2296 8 8 96 62356 336 3260

ashWebSv 2340 8 18 123 78704 4508 9936

HPZipm12 2440 8 2 55 16488 76 744

alg 2688 8 4 82 32032 168 1032

lsass 632 9 20 354 41396 1088 3740

explorer 1236 8 17 591 414572 15924 24976

cmd 1244 8 1 21 13900 1732 1504

pslist 3376 13 2 72 17796 1696 760

rundll32 1412 8 1 162 35596 860 2672

dragdiag 1432 8 1 18 26120 776 576

jusched 1440 8 1 24 18480 36 512

ashDisp 1448 8 9 94 47892 832 3744

SweetIM 1464 8 5 149 41536 316 1848

avgas 1472 8 15 140 105156 812 35272

GoogleToolbarNotifier 1480 8 8 216 51488 1096 3012

hpohmr08 1712 8 5 173 37940 620 3236

hpotdd01 1720 8 3 75 36720 200 1228

quicklnk 1768 8 1 21 27548 280 688

MediaDico12 1572 8 1 107 32844 404 1976

RAC12 1600 8 2 24 23652 148 1244

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

explorer.exe pid: 1236

Command line: C:\WINDOWS\Explorer.EXE

 

Base Size Version Path

0x77ef0000 0x47000 5.01.2600.2818 C:\WINDOWS\system32\GDI32.dll

0x77d10000 0x90000 5.01.2600.2622 C:\WINDOWS\system32\USER32.dll

0x77f40000 0x76000 6.00.2900.2781 C:\WINDOWS\system32\SHLWAPI.dll

0x7c9d0000 0x823000 6.00.2900.2763 C:\WINDOWS\system32\SHELL32.dll

0x774a0000 0x13d000 5.01.2600.2726 C:\WINDOWS\system32\ole32.dll

0x75f10000 0xfd000 6.00.2900.2802 C:\WINDOWS\system32\BROWSEUI.dll

0x77720000 0x16e000 6.00.2900.2805 C:\WINDOWS\system32\SHDOCVW.dll

0x77aa0000 0xa7000 6.00.2900.2781 C:\WINDOWS\system32\WININET.dll

0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL

0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

0x4c5a0000 0x18000 9.00.0000.3250 C:\PROGRA~1\WINDOW~3\wmpband.dll

0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL

0x76920000 0x8000 5.01.2600.2751 C:\WINDOWS\system32\LINKINFO.dll

0x77170000 0x9e000 6.00.2900.2790 C:\WINDOWS\system32\urlmon.dll

0x745e0000 0x2c6000 3.01.4000.2435 C:\WINDOWS\system32\msi.dll

0x0ffd0000 0x28000 5.01.2600.2161 C:\WINDOWS\system32\rsaenh.dll

0x00c80000 0x34000 1.00.0000.0000 C:\WINDOWS\RACHook12.DLL

0x00cd0000 0x7000 2.00.0000.0008 C:\Program Files\Macrogaming\SweetIM\mgAdaptersProxy.dll

0x72c60000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\msacm32.drv

0x00e10000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

0x025b0000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll

0x026f0000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll

0x7d7b0000 0x20a000 9.00.0000.3250 C:\WINDOWS\system32\wmvcore.dll

0x4b410000 0x29000 9.00.0000.3250 C:\WINDOWS\system32\wmidx.dll

0x59d10000 0x3c000 9.00.0000.3250 C:\WINDOWS\system32\WMASF.DLL

0x02770000 0x4f000 9.00.0000.3250 C:\WINDOWS\system32\DRMClien.DLL

0x05000000 0x220000 1.02.0002.2288 C:\Program Files\Fichiers communs\Ahead\Lib\AdvrCntr.dll

0x73a80000 0x15000 5.01.2600.2709 C:\WINDOWS\system32\mscms.dll

0x053a0000 0x8a000 1.09.0000.0305 C:\WINDOWS\System32\l3codeca.acm

0x585f0000 0x4d000 8.00.0000.4487 C:\WINDOWS\system32\msaud32.acm

0x10000000 0x13000 7.05.0000.0047 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll

0x01140000 0x2b000 C:\Program Files\WinRAR\rarext.dll

0x01200000 0x20000 7.05.0000.0049 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll

0x64f00000 0x12000 4.07.0985.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll

0x01c50000 0x68000 C:\PROGRA~1\A2FREE~1\A2CONT~1.DLL

0x5a500000 0x2f000 8.00.0787.0000 C:\Program Files\MSN Messenger\fsshext.8.0.0787.00.dll

0x78130000 0x9b000 8.00.50727.0091 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\MSVCR80.dll

0x01cc0000 0xe000 7.00.0007.0142 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll

0x02f30000 0xbb000 1.03.0000.0012 C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

0x32520000 0x12000 10.00.2609.0000 C:\Program Files\Microsoft Office\Office10\msohev.dll

0x60980000 0x7000 3.01.4000.1823 C:\WINDOWS\system32\MSISIP.DLL

0x74e10000 0x10000 5.06.0000.8820 C:\WINDOWS\System32\wshext.dll

0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL

0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL

0x59000000 0xe000 5.06.0000.6626 C:\WINDOWS\System32\wshFR.DLL

0x365a0000 0x15000 10.00.2625.0000 C:\PROGRA~1\MICROS~2\Office10\MCPS.DLL

0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.DLL

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

iexplore.exe pid: 2512

Command line: "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

 

Base Size Version Path

0x77d10000 0x90000 5.01.2600.2622 C:\WINDOWS\system32\USER32.dll

0x77ef0000 0x47000 5.01.2600.2818 C:\WINDOWS\system32\GDI32.dll

0x77f40000 0x76000 6.00.2900.2781 C:\WINDOWS\system32\SHLWAPI.dll

0x77720000 0x16e000 6.00.2900.2805 C:\WINDOWS\system32\SHDOCVW.dll

0x774a0000 0x13d000 5.01.2600.2726 C:\WINDOWS\system32\ole32.dll

0x77aa0000 0xa7000 6.00.2900.2781 C:\WINDOWS\system32\WININET.dll

0x7c9d0000 0x823000 6.00.2900.2763 C:\WINDOWS\system32\SHELL32.dll

0x10000000 0x7000 2.00.0000.0008 C:\Program Files\Macrogaming\SweetIM\mgAdaptersProxy.dll

0x75f10000 0xfd000 6.00.2900.2802 C:\WINDOWS\system32\BROWSEUI.dll

0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL

0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

0x77170000 0x9e000 6.00.2900.2790 C:\WINDOWS\system32\urlmon.dll

0x01050000 0x387000 4.00.1601.4978 c:\program files\google\googletoolbar2.dll

0x745e0000 0x2c6000 3.01.4000.2435 C:\WINDOWS\system32\msi.dll

0x748f0000 0x130000 8.50.2162.0000 C:\WINDOWS\System32\msxml3.dll

0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL

0x01db0000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll

0x01d70000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll

0x01ef0000 0xe000 7.00.0007.0142 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll

0x01f10000 0x8e000 3.00.0000.0021 C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

0x02750000 0xbb000 1.03.0000.0012 C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

0x29500000 0x51000 4.00.0248.0001 C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

0x0ffd0000 0x28000 5.01.2600.2161 C:\WINDOWS\system32\rsaenh.dll

0x27500000 0xc9000 4.00.0248.0001 C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\msidcrl40.dll

0x7d4c0000 0x2e6000 6.00.2900.2802 C:\WINDOWS\System32\mshtml.dll

0x03360000 0x27000 3.10.0349.0000 C:\WINDOWS\System32\msls31.dll

0x32520000 0x12000 10.00.2609.0000 C:\Program Files\Microsoft Office\Office10\msohev.dll

0x75be0000 0x6e000 5.06.0000.8820 C:\WINDOWS\System32\jscript.dll

0x672b0000 0x40000 6.00.2900.2781 C:\WINDOWS\System32\iepeers.dll

0x5e680000 0xc000 6.00.2900.2781 C:\WINDOWS\System32\pngfilt.dll

0x03dd0000 0x34000 1.00.0000.0000 C:\WINDOWS\RACHook12.DLL

0x761c0000 0x71000 6.00.2900.2781 C:\WINDOWS\System32\mshtmled.dll

0x04380000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

0x72c60000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\msacm32.drv

0x30000000 0x222000 8.00.0022.0000 C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx

0x6c270000 0x36000 6.03.2900.2781 C:\WINDOWS\System32\dxtrans.dll

0x602f0000 0x12000 6.00.2600.0000 C:\WINDOWS\system32\msratelc.dll

0x60600000 0x4a000 2.140.0000.0000 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpzntp07.dll

0x025a0000 0x33000 0.03.0000.0000 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpz2ku07.dll

0x6d120000 0xb000 5.06.0000.6626 C:\WINDOWS\System32\dispex.dll

0x72a70000 0x18000 6.00.2600.0000 C:\WINDOWS\system32\plugin.ocx

0x76920000 0x8000 5.01.2600.2751 C:\WINDOWS\system32\LINKINFO.dll

0x506a0000 0x74000 5.08.0000.2469 C:\WINDOWS\System32\wuapi.dll

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

winlogon.exe pid: 576

Command line: winlogon.exe

 

Base Size Version Path

0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe

0x77680000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll

0x77d10000 0x90000 5.01.2600.2622 C:\WINDOWS\system32\USER32.dll

0x77ef0000 0x47000 5.01.2600.2818 C:\WINDOWS\system32\GDI32.dll

0x7c9d0000 0x823000 6.00.2900.2763 C:\WINDOWS\system32\SHELL32.dll

0x77f40000 0x76000 6.00.2900.2781 C:\WINDOWS\system32\SHLWAPI.dll

0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll

0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll

0x774a0000 0x13d000 5.01.2600.2726 C:\WINDOWS\system32\ole32.dll

0x0ffd0000 0x28000 5.01.2600.2161 C:\WINDOWS\system32\rsaenh.dll

0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL

0x72c60000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\msacm32.drv

0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

services.exe pid: 620

Command line: C:\WINDOWS\system32\services.exe

 

Base Size Version Path

0x77d10000 0x90000 5.01.2600.2622 C:\WINDOWS\system32\USER32.dll

0x77ef0000 0x47000 5.01.2600.2818 C:\WINDOWS\system32\GDI32.dll

0x77680000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll

0x7dbc0000 0x21000 5.01.2600.2744 C:\WINDOWS\system32\umpnpmgr.dll

0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll

0x774a0000 0x13d000 5.01.2600.2726 C:\WINDOWS\system32\ole32.dll

0x7c9d0000 0x823000 6.00.2900.2763 C:\WINDOWS\system32\SHELL32.dll

0x77f40000 0x76000 6.00.2900.2781 C:\WINDOWS\system32\SHLWAPI.dll

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est B8DE-9313

 

Répertoire de C:\Program Files

 

04/05/2007 20:49 <REP> .

04/05/2007 20:49 <REP> ..

23/05/2005 22:31 <REP> a2 Free

30/05/2005 21:08 <REP> Adobe

19/05/2005 18:24 <REP> Ahead

08/09/2005 21:55 <REP> Alcatel

25/09/2006 22:24 <REP> Alcohol Soft

17/11/2005 22:01 <REP> Alwil Software

02/05/2007 14:00 <REP> AntiVir PersonalEdition Classic

22/10/2005 21:10 <REP> Anuman Interactive

19/05/2005 18:16 <REP> C-Media 3D Audio

20/09/2006 21:15 <REP> denouvel

19/05/2005 18:12 <REP> directx

19/05/2005 19:03 <REP> DivX

01/02/2007 22:00 <REP> Druide

06/05/2007 20:15 <REP> eMule

24/04/2006 20:37 <REP> Fichiers communs

28/01/2007 20:58 <REP> Google

04/05/2007 20:49 <REP> Grisoft

24/04/2006 20:44 <REP> Hewlett-Packard

24/04/2006 20:27 <REP> HP

19/09/2006 18:31 <REP> Internet Explorer

10/10/2005 19:14 <REP> Java

17/11/2005 22:07 <REP> Kerio

30/05/2005 20:56 <REP> LeechFTP

10/04/2007 21:42 <REP> Macrogaming

09/08/2006 17:53 <REP> Messenger

02/09/2005 22:47 <REP> Micro Application

23/05/2005 19:43 <REP> microsoft frontpage

12/01/2006 21:12 <REP> Microsoft Office

23/05/2005 19:47 <REP> Microsoft Visual Studio

21/09/2006 21:40 <REP> Mindscape

29/08/2005 20:30 <REP> Movie Maker

18/05/2005 22:57 <REP> MSN

18/05/2005 22:56 <REP> MSN Gaming Zone

21/06/2006 20:59 <REP> MSN Messenger

29/08/2005 20:24 <REP> NetMeeting

19/09/2006 18:31 <REP> Outlook Express

14/08/2006 16:26 <REP> Philips

22/05/2005 15:26 <REP> PhotoWise

19/05/2005 16:44 <REP> PowerQuest

08/09/2005 22:39 <REP> Services en ligne

19/05/2005 18:11 <REP> SiS Compatible VGA V2.12

19/05/2005 18:19 <REP> SiSLan

20/05/2006 19:18 <REP> Skype

23/05/2005 22:33 <REP> Spybot - Search & Destroy

08/09/2005 22:02 <REP> support.com

19/05/2005 16:38 <REP> wincmd

19/02/2006 17:00 <REP> Windows Media Player

29/08/2005 20:24 <REP> Windows NT

19/05/2005 18:22 <REP> WinRAR

18/05/2005 23:02 <REP> xerox

19/05/2005 19:03 <REP> XviD

0 fichier(s) 0 octets

53 Rép(s) 11.528.708.096 octets libres

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Disney Interactive\la petite sirene\Impression Magique La Petite Sirene.exe

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Jeux\123 Free Solitaire\123FreeSolitaire.exe

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Jeux\123 Free Solitaire\UNWISE.EXE

C:\Documents and Settings\lolo\Application Data\Microsoft\Installer\{333BECA0-DED8-4139-A516-8D9E44E22669}\ARPPRODUCTICON.exe

C:\Documents and Settings\lolo\Application Data\Microsoft\Installer\{333BECA0-DED8-4139-A516-8D9E44E22669}\NewShortcut2_8315396A5EA1419DBEC4978284BDF556.exe

C:\Documents and Settings\lolo\Application Data\Microsoft\Installer\{333BECA0-DED8-4139-A516-8D9E44E22669}\NewShortcut3_8315396A5EA1419DBEC4978284BDF556.exe

C:\Documents and Settings\lolo\Application Data\Microsoft\Installer\{F6D63A65-BD23-46F3-B9A3-87F442423481}\ARPPRODUCTICON.exe

C:\Documents and Settings\lolo\Bureau\avgas-setup-7.5.0.50.exe

C:\Documents and Settings\lolo\Bureau\combofix.exe

C:\Documents and Settings\lolo\Bureau\fsbl.exe

C:\Documents and Settings\lolo\Bureau\SDFix.exe

C:\Documents and Settings\lolo\Bureau\DiagHelp\DiagHelp\catchme.exe

C:\Documents and Settings\lolo\Bureau\DiagHelp\DiagHelp\diff.exe

C:\Documents and Settings\lolo\Bureau\DiagHelp\DiagHelp\dumphive.exe

C:\Documents and Settings\lolo\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe

C:\Documents and Settings\lolo\Bureau\DiagHelp\DiagHelp\Fport.exe

C:\Documents and Settings\lolo\Bureau\DiagHelp\DiagHelp\grep.exe

C:\Documents and Settings\lolo\Bureau\DiagHelp\DiagHelp\LFiles.exe

C:\Documents and Settings\lolo\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe

C:\Documents and Settings\lolo\Bureau\DiagHelp\DiagHelp\pslist.exe

C:\Documents and Settings\lolo\Bureau\DiagHelp\DiagHelp\streams.exe

C:\Documents and Settings\lolo\Bureau\DiagHelp\DiagHelp\swreg.exe

C:\Documents and Settings\lolo\Bureau\gmer\gmer.exe

C:\Documents and Settings\lolo\Bureau\SDFix\Catchme.exe

C:\Documents and Settings\lolo\Bureau\SDFix\apps\cliptext.exe

C:\Documents and Settings\lolo\Bureau\SDFix\apps\download.exe

C:\Documents and Settings\lolo\Bureau\SDFix\apps\LS.exe

C:\Documents and Settings\lolo\Bureau\SDFix\apps\MD5File.exe

C:\Documents and Settings\lolo\Bureau\SDFix\apps\MoveEx.exe

C:\Documents and Settings\lolo\Bureau\SDFix\apps\Process.exe

C:\Documents and Settings\lolo\Bureau\SDFix\apps\RegDACL.exe

C:\Documents and Settings\lolo\Bureau\SDFix\apps\RestartIt!.exe

C:\Documents and Settings\lolo\Bureau\SDFix\apps\sc.exe

C:\Documents and Settings\lolo\Bureau\SDFix\apps\SF.exe

C:\Documents and Settings\lolo\Bureau\SDFix\apps\shutdown.exe

C:\Documents and Settings\lolo\Bureau\SDFix\apps\swreg.exe

C:\Documents and Settings\lolo\Bureau\SDFix\apps\swsc.exe

C:\Documents and Settings\lolo\Bureau\SDFix\apps\unzip.exe

C:\Documents and Settings\lolo\Bureau\SDFix\apps\zip.exe

C:\Documents and Settings\lolo\Bureau\SDFix\apps\Replace\W2K.exe

C:\Documents and Settings\lolo\Bureau\SDFix\apps\Replace\XP.exe

C:\Documents and Settings\lolo\Bureau\SDFix\backups\attrib.exe

C:\Documents and Settings\lolo\Bureau\SDFix\backups\find.exe

C:\Documents and Settings\lolo\Bureau\SDFix\backups\findstr.exe

C:\Documents and Settings\lolo\Bureau\SDFix\backups\regedit.exe

C:\Documents and Settings\lolo\Bureau\SDFix\SDFix\Catchme.exe

C:\Documents and Settings\lolo\Bureau\SDFix\SDFix\apps\cliptext.exe

C:\Documents and Settings\lolo\Bureau\SDFix\SDFix\apps\download.exe

C:\Documents and Settings\lolo\Bureau\SDFix\SDFix\apps\LS.exe

C:\Documents and Settings\lolo\Bureau\SDFix\SDFix\apps\MD5File.exe

C:\Documents and Settings\lolo\Bureau\SDFix\SDFix\apps\MoveEx.exe

C:\Documents and Settings\lolo\Bureau\SDFix\SDFix\apps\Process.exe

C:\Documents and Settings\lolo\Bureau\SDFix\SDFix\apps\RegDACL.exe

C:\Documents and Settings\lolo\Bureau\SDFix\SDFix\apps\RestartIt!.exe

C:\Documents and Settings\lolo\Bureau\SDFix\SDFix\apps\sc.exe

C:\Documents and Settings\lolo\Bureau\SDFix\SDFix\apps\SF.exe

C:\Documents and Settings\lolo\Bureau\SDFix\SDFix\apps\shutdown.exe

C:\Documents and Settings\lolo\Bureau\SDFix\SDFix\apps\swreg.exe

C:\Documents and Settings\lolo\Bureau\SDFix\SDFix\apps\swsc.exe

C:\Documents and Settings\lolo\Bureau\SDFix\SDFix\apps\unzip.exe

C:\Documents and Settings\lolo\Bureau\SDFix\SDFix\apps\zip.exe

C:\Documents and Settings\lolo\Bureau\SDFix\SDFix\apps\Replace\W2K.exe

C:\Documents and Settings\lolo\Bureau\SDFix\SDFix\apps\Replace\XP.exe

 

 

J'espère que j'ai fait tout comme il se devait

J'attends la suite des instructions et encore merci

Bonne soirée

 

Laurence

lauzoe Member

lauzoe

Posté(e)
  • Auteur
Posté(e)

Bonsoir

 

Je me permets ce petit message dans l'espoir qu'on ne m'oublie pas ...

Et surtout qu'on me dise ce que je dois faire maintenant !!!!

 

Merci et bonne soirée

 

Laurence

bruce lee Devil Member !

bruce lee

Posté(e)
Posté(e)

Re,

 

Je ne t'oublie pas :P

 

Fais un scan en ligne avec http://webscanner.kaspersky.fr/kavwebscan.html

 

dans la nouvelle fenetre qui s'affiche clique sur J'accepte

 

On va te demander de télécharger un ou deux contôle active x, accepte . Laisse le faire les mises à jour puis quand il aura finit clique sur Suivant

 

Dans le menu Choisissez la cible de l'analyse , sélectionne Poste de travail .

Le scan va commencer.Poste le rapport qui sera généré stp.

 

Si il y a un problème, assure toi que les contrôles active x soient bien configurés dans les options internet comme

 

décrit sur ce lien=> http://www.inoculer.com/activex.php3

 

NOTE: le scan est a faire avec Internet Explorer

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...