Le PC se bloque de façon aléatoire

Thanos · le 4 février 2008

salut

J'ai bien l'impression que ton problème est du à ton pare-feu > Kério!

Quelle version de ce programme utilises tu ? est ce la 4.5.916 ?

Regarde dans l'Observateur d'événement > dans le Panneau de droite, sélectionne Applications > repère si il y a une erreur (croix rouge) qui concerne Kério.

Pour accéder à l'Observateur d'événement, passe par le menu Démarrer > Exécuter puis tape : eventvwr et valide.

Dis moi ce que tu vois le cas échéant.

Modifié le 4 février 2008 par charles ingals

Syrius · le 4 février 2008

La version de Kerio est une ancienne version gratuite de sunbelt Kerio personal 4

Dans l'observateur d'événement, il n'y a pas de croix rouge erreur concernant Kerio.

Les croix rouge erreur qui reviennent régulièrement concerne l'application Hang

Modifié le 4 février 2008 par Syrius

Thanos · le 4 février 2008

re!

Un rapport supplémentaire que j'aimerai que tu posts stp >

Télécharge gmer : http://www.gmer.net/gmer.zip

Déconnecte toi d'internet si possible et ferme tous les programmes.

Décompresse le fichier zip et double-clic sur gmer.exe

Clic sur l'onglet "rootkit" et clic sur Scan

Lorsque le scan est terminé, clic sur "copy"

Ouvre le bloc-note et clic sur le Menu Edition / Coller

Le rapport doit alors apparaître.

Enregistre le fichier sur ton bureau et copie/colle le contenu ici.

Syrius · le 5 février 2008

Bonjour,

Voici le rapport de gmer.exe que tu demandais :

GMER 1.0.14.14116 - http://www.gmer.net

Rootkit scan 2008-02-05 22:29:38

Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwClose [0xB723A110]

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateFile [0xB7239920]

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateKey [0xB7235EE0]

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcess [0xB7238F20]

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcessEx [0xB7238D90]

SSDT BAF9460C ZwCreateThread

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteFile [0xB723A190]

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteKey [0xB7236320]

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteValueKey [0xB72363C0]

SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Kerio Host Intrusion Prevention Driver/Sunbelt Software) ZwLoadDriver [0xB70889A0]

SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Kerio Host Intrusion Prevention Driver/Sunbelt Software) ZwMapViewOfSection [0xB7088B30]

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwOpenFile [0xB7239BF0]

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwOpenKey [0xB7236140]

SSDT BAF945F8 ZwOpenProcess

SSDT BAF945FD ZwOpenThread

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwResumeThread [0xB7239510]

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwSetInformationFile [0xB7239F00]

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwSetValueKey [0xB72364D0]

SSDT BAF94607 ZwTerminateProcess

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwWriteFile [0xB7239E50]

SSDT BAF94602 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.14 ----

PAGENDSM NDIS.sys!NdisMIndicateStatus BA5C4A5F 6 Bytes JMP B722DED0 \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\nvsvc32.exe[284] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\WINDOWS\system32\nvsvc32.exe[284] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\WINDOWS\system32\nvsvc32.exe[284] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\WINDOWS\system32\nvsvc32.exe[284] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\WINDOWS\system32\nvsvc32.exe[284] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\WINDOWS\system32\nvsvc32.exe[284] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\WINDOWS\system32\nvsvc32.exe[284] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\WINDOWS\system32\nvsvc32.exe[284] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\WINDOWS\system32\nvsvc32.exe[284] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\WINDOWS\system32\nvsvc32.exe[284] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\WINDOWS\system32\nvsvc32.exe[284] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\WINDOWS\system32\nvsvc32.exe[284] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\WINDOWS\system32\nvsvc32.exe[284] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608

.text C:\WINDOWS\system32\nvsvc32.exe[284] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC

.text C:\WINDOWS\system32\nvsvc32.exe[284] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720

.text C:\WINDOWS\system32\nvsvc32.exe[284] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text C:\WINDOWS\system32\nvsvc32.exe[284] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text C:\WINDOWS\system32\nvsvc32.exe[284] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text C:\WINDOWS\system32\RUNDLL32.EXE[572] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\RUNDLL32.EXE[572] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\RUNDLL32.EXE[572] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\RUNDLL32.EXE[572] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\RUNDLL32.EXE[572] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\RUNDLL32.EXE[572] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\RUNDLL32.EXE[572] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\RUNDLL32.EXE[572] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\RUNDLL32.EXE[572] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\RUNDLL32.EXE[572] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\RUNDLL32.EXE[572] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\RUNDLL32.EXE[572] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\RUNDLL32.EXE[572] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\RUNDLL32.EXE[572] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\RUNDLL32.EXE[572] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720

.text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608

.text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC

.text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720

.text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text C:\WINDOWS\system32\svchost.exe[648] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\svchost.exe[648] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\svchost.exe[648] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\svchost.exe[648] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\svchost.exe[648] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\svchost.exe[648] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\svchost.exe[648] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\svchost.exe[648] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\svchost.exe[648] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\svchost.exe[648] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\svchost.exe[648] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\svchost.exe[648] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\svchost.exe[648] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\svchost.exe[648] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\svchost.exe[648] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720

.text C:\WINDOWS\system32\svchost.exe[648] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text C:\WINDOWS\system32\svchost.exe[648] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text C:\WINDOWS\system32\svchost.exe[648] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text C:\apps\ABoard\ABoard.exe[688] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\apps\ABoard\ABoard.exe[688] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\apps\ABoard\ABoard.exe[688] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\apps\ABoard\ABoard.exe[688] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\apps\ABoard\ABoard.exe[688] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\apps\ABoard\ABoard.exe[688] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\apps\ABoard\ABoard.exe[688] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\apps\ABoard\ABoard.exe[688] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\apps\ABoard\ABoard.exe[688] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\apps\ABoard\ABoard.exe[688] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\apps\ABoard\ABoard.exe[688] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\apps\ABoard\ABoard.exe[688] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\apps\ABoard\ABoard.exe[688] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608

.text C:\apps\ABoard\ABoard.exe[688] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC

.text C:\apps\ABoard\ABoard.exe[688] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720

.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720

.text C:\WINDOWS\system32\csrss.exe[796] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8

.text C:\WINDOWS\system32\csrss.exe[796] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090

.text C:\WINDOWS\system32\csrss.exe[796] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694

.text C:\WINDOWS\system32\csrss.exe[796] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0

.text C:\WINDOWS\system32\csrss.exe[796] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234

.text C:\WINDOWS\system32\csrss.exe[796] KERNEL32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00160004

.text C:\WINDOWS\system32\csrss.exe[796] KERNEL32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0016011C

.text C:\WINDOWS\system32\csrss.exe[796] KERNEL32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001604F0

.text C:\WINDOWS\system32\csrss.exe[796] KERNEL32.dll!CreateThread 7C810637 5 Bytes JMP 0016057C

.text C:\WINDOWS\system32\csrss.exe[796] KERNEL32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001603D8

.text C:\WINDOWS\system32\csrss.exe[796] KERNEL32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0016034C

.text C:\WINDOWS\system32\csrss.exe[796] KERNEL32.dll!WinExec 7C86136D 5 Bytes JMP 00160464

.text C:\WINDOWS\system32\csrss.exe[796] KERNEL32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00160608

.text C:\WINDOWS\system32\csrss.exe[796] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001607AC

.text C:\WINDOWS\system32\csrss.exe[796] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00160720

.text C:\WINDOWS\system32\winlogon.exe[824] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8

.text C:\WINDOWS\system32\winlogon.exe[824] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090

.text C:\WINDOWS\system32\winlogon.exe[824] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694

.text C:\WINDOWS\system32\winlogon.exe[824] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0

.text C:\WINDOWS\system32\winlogon.exe[824] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234

.text C:\WINDOWS\system32\winlogon.exe[824] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004

.text C:\WINDOWS\system32\winlogon.exe[824] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C

.text C:\WINDOWS\system32\winlogon.exe[824] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0

.text C:\WINDOWS\system32\winlogon.exe[824] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C

.text C:\WINDOWS\system32\winlogon.exe[824] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8

.text C:\WINDOWS\system32\winlogon.exe[824] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C

.text C:\WINDOWS\system32\winlogon.exe[824] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464

.text C:\WINDOWS\system32\winlogon.exe[824] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00070608

.text C:\WINDOWS\system32\winlogon.exe[824] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000707AC

.text C:\WINDOWS\system32\winlogon.exe[824] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00070720

.text C:\WINDOWS\system32\winlogon.exe[824] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000708C4

.text C:\WINDOWS\system32\winlogon.exe[824] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00070838

.text C:\WINDOWS\system32\winlogon.exe[824] WS2_32.dll!connect 719F406A 5 Bytes JMP 00070950

.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\services.exe[868] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\services.exe[868] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720

.text C:\WINDOWS\system32\services.exe[868] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text C:\WINDOWS\system32\services.exe[868] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text C:\WINDOWS\system32\services.exe[868] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\lsass.exe[880] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\lsass.exe[880] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720

.text C:\WINDOWS\system32\lsass.exe[880] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text C:\WINDOWS\system32\lsass.exe[880] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text C:\WINDOWS\system32\lsass.exe[880] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe[1016] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe[1016] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe[1016] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe[1016] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe[1016] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe[1016] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe[1016] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe[1016] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe[1016] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe[1016] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe[1016] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe[1016] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe[1016] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608

.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720

.text C:\WINDOWS\system32\svchost.exe[1048] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text C:\WINDOWS\system32\svchost.exe[1048] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text C:\WINDOWS\system32\svchost.exe[1048] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720

.text C:\WINDOWS\system32\svchost.exe[1096] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text C:\WINDOWS\system32\svchost.exe[1096] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text C:\WINDOWS\system32\svchost.exe[1096] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe[1140] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe[1140] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe[1140] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe[1140] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe[1140] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe[1140] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe[1140] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe[1140] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe[1140] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe[1140] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe[1140] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe[1140] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe[1140] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608

.text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe[1140] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC

.text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe[1140] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720

.text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004

.text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C

.text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0

.text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C

.text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8

.text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C

.text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464

.text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608

.text C:\WINDOWS\System32\svchost.exe[1184] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC

.text C:\WINDOWS\System32\svchost.exe[1184] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720

.text C:\WINDOWS\System32\svchost.exe[1184] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text C:\WINDOWS\System32\svchost.exe[1184] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text C:\WINDOWS\System32\svchost.exe[1184] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text C:\WINDOWS\System32\svchost.exe[1184] WININET.dll!InternetConnectA 440949F2 5 Bytes JMP 00080F54

.text C:\WINDOWS\System32\svchost.exe[1184] WININET.dll!InternetConnectW 44095BE0 5 Bytes JMP 00080FE0

.text C:\WINDOWS\System32\svchost.exe[1184] WININET.dll!InternetOpenA 4409C8A1 5 Bytes JMP 00080D24

.text C:\WINDOWS\System32\svchost.exe[1184] WININET.dll!InternetOpenW 4409CED1 5 Bytes JMP 00080DB0

.text C:\WINDOWS\System32\svchost.exe[1184] WININET.dll!InternetOpenUrlA 440A0BFA 5 Bytes JMP 00080E3C

.text C:\WINDOWS\System32\svchost.exe[1184] WININET.dll!InternetOpenUrlW 440EAC51 5 Bytes JMP 00080EC8

.text C:\WINDOWS\eHome\ehmsas.exe[1228] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8

.text C:\WINDOWS\eHome\ehmsas.exe[1228] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090

.text C:\WINDOWS\eHome\ehmsas.exe[1228] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694

.text C:\WINDOWS\eHome\ehmsas.exe[1228] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0

.text C:\WINDOWS\eHome\ehmsas.exe[1228] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234

.text C:\WINDOWS\eHome\ehmsas.exe[1228] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004

.text C:\WINDOWS\eHome\ehmsas.exe[1228] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C

.text C:\WINDOWS\eHome\ehmsas.exe[1228] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0

.text C:\WINDOWS\eHome\ehmsas.exe[1228] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C

.text C:\WINDOWS\eHome\ehmsas.exe[1228] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8

.text C:\WINDOWS\eHome\ehmsas.exe[1228] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C

.text C:\WINDOWS\eHome\ehmsas.exe[1228] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464

.text C:\WINDOWS\eHome\ehmsas.exe[1228] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00070608

.text C:\WINDOWS\eHome\ehmsas.exe[1228] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000707AC

.text C:\WINDOWS\eHome\ehmsas.exe[1228] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00070720

.text C:\apps\ABoard\AOSD.exe[1244] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\apps\ABoard\AOSD.exe[1244] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\apps\ABoard\AOSD.exe[1244] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\apps\ABoard\AOSD.exe[1244] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\apps\ABoard\AOSD.exe[1244] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\apps\ABoard\AOSD.exe[1244] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\apps\ABoard\AOSD.exe[1244] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\apps\ABoard\AOSD.exe[1244] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\apps\ABoard\AOSD.exe[1244] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\apps\ABoard\AOSD.exe[1244] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\apps\ABoard\AOSD.exe[1244] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\apps\ABoard\AOSD.exe[1244] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\apps\ABoard\AOSD.exe[1244] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608

.text C:\apps\ABoard\AOSD.exe[1244] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC

.text C:\apps\ABoard\AOSD.exe[1244] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720

.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608

.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC

.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720

.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] ws2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] ws2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] ws2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text C:\WINDOWS\ehome\mcrdsvc.exe[1300] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8

.text C:\WINDOWS\ehome\mcrdsvc.exe[1300] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090

.text C:\WINDOWS\ehome\mcrdsvc.exe[1300] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694

.text C:\WINDOWS\ehome\mcrdsvc.exe[1300] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0

.text C:\WINDOWS\ehome\mcrdsvc.exe[1300] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234

.text C:\WINDOWS\ehome\mcrdsvc.exe[1300] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004

.text C:\WINDOWS\ehome\mcrdsvc.exe[1300] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C

.text C:\WINDOWS\ehome\mcrdsvc.exe[1300] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0

.text C:\WINDOWS\ehome\mcrdsvc.exe[1300] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C

.text C:\WINDOWS\ehome\mcrdsvc.exe[1300] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8

.text C:\WINDOWS\ehome\mcrdsvc.exe[1300] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C

.text C:\WINDOWS\ehome\mcrdsvc.exe[1300] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464

.text C:\WINDOWS\ehome\mcrdsvc.exe[1300] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00070608

.text C:\WINDOWS\ehome\mcrdsvc.exe[1300] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000707AC

.text C:\WINDOWS\ehome\mcrdsvc.exe[1300] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00070720

.text C:\WINDOWS\ehome\mcrdsvc.exe[1300] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000708C4

.text C:\WINDOWS\ehome\mcrdsvc.exe[1300] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00070838

.text C:\WINDOWS\ehome\mcrdsvc.exe[1300] WS2_32.dll!connect 719F406A 5 Bytes JMP 00070950

.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720

.text C:\WINDOWS\system32\svchost.exe[1320] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text C:\WINDOWS\system32\svchost.exe[1320] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text C:\WINDOWS\system32\svchost.exe[1320] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720

.text C:\WINDOWS\system32\svchost.exe[1372] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text C:\WINDOWS\system32\svchost.exe[1372] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text C:\WINDOWS\system32\svchost.exe[1372] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text C:\WINDOWS\system32\svchost.exe[1372] WININET.dll!InternetConnectA 440949F2 5 Bytes JMP 00080F54

.text C:\WINDOWS\system32\svchost.exe[1372] WININET.dll!InternetConnectW 44095BE0 5 Bytes JMP 00080FE0

.text C:\WINDOWS\system32\svchost.exe[1372] WININET.dll!InternetOpenA 4409C8A1 5 Bytes JMP 00080D24

.text C:\WINDOWS\system32\svchost.exe[1372] WININET.dll!InternetOpenW 4409CED1 5 Bytes JMP 00080DB0

.text C:\WINDOWS\system32\svchost.exe[1372] WININET.dll!InternetOpenUrlA 440A0BFA 5 Bytes JMP 00080E3C

.text C:\WINDOWS\system32\svchost.exe[1372] WININET.dll!InternetOpenUrlW 440EAC51 5 Bytes JMP 00080EC8

.text C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe[1436] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe[1436] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe[1436] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe[1436] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe[1436] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe[1436] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe[1436] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe[1436] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe[1436] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe[1436] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe[1436] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe[1436] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe[1436] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608

.text C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe[1436] user32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC

.text C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe[1436] user32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720

.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608

.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC

.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720

.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] WININET.dll!InternetConnectA 440949F2 5 Bytes JMP 00130F54

.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] WININET.dll!InternetConnectW 44095BE0 5 Bytes JMP 00130FE0

.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] WININET.dll!InternetOpenA 4409C8A1 5 Bytes JMP 00130D24

.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] WININET.dll!InternetOpenW 4409CED1 5 Bytes JMP 00130DB0

.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] WININET.dll!InternetOpenUrlA 440A0BFA 5 Bytes JMP 00130E3C

.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] WININET.dll!InternetOpenUrlW 440EAC51 5 Bytes JMP 00130EC8

.text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\spoolsv.exe[1604] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\spoolsv.exe[1604] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720

.text C:\WINDOWS\system32\spoolsv.exe[1604] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text C:\WINDOWS\system32\spoolsv.exe[1604] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text C:\WINDOWS\system32\spoolsv.exe[1604] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text C:\Program Files\a-squared Free\a2service.exe[1852] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\a-squared Free\a2service.exe[1852] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\a-squared Free\a2service.exe[1852] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\a-squared Free\a2service.exe[1852] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\a-squared Free\a2service.exe[1852] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\a-squared Free\a2service.exe[1852] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Program Files\a-squared Free\a2service.exe[1852] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Program Files\a-squared Free\a2service.exe[1852] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Program Files\a-squared Free\a2service.exe[1852] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Program Files\a-squared Free\a2service.exe[1852] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Program Files\a-squared Free\a2service.exe[1852] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Program Files\a-squared Free\a2service.exe[1852] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Program Files\a-squared Free\a2service.exe[1852] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608

.text C:\Program Files\a-squared Free\a2service.exe[1852] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC

.text C:\Program Files\a-squared Free\a2service.exe[1852] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text C:\WINDOWS\eHome\ehRecvr.exe[1928] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8

.text C:\WINDOWS\eHome\ehRecvr.exe[1928] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090

.text C:\WINDOWS\eHome\ehRecvr.exe[1928] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694

.text C:\WINDOWS\eHome\ehRecvr.exe[1928] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0

.text C:\WINDOWS\eHome\ehRecvr.exe[1928] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234

.text C:\WINDOWS\eHome\ehRecvr.exe[1928] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004

.text C:\WINDOWS\eHome\ehRecvr.exe[1928] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C

.text C:\WINDOWS\eHome\ehRecvr.exe[1928] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0

.text C:\WINDOWS\eHome\ehRecvr.exe[1928] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C

.text C:\WINDOWS\eHome\ehRecvr.exe[1928] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8

.text C:\WINDOWS\eHome\ehRecvr.exe[1928] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C

.text C:\WINDOWS\eHome\ehRecvr.exe[1928] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464

.text C:\WINDOWS\eHome\ehRecvr.exe[1928] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00070608

.text C:\WINDOWS\eHome\ehRecvr.exe[1928] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000707AC

.text C:\WINDOWS\eHome\ehRecvr.exe[1928] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00070720

.text C:\WINDOWS\eHome\ehRecvr.exe[1928] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000708C4

.text C:\WINDOWS\eHome\ehRecvr.exe[1928] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00070838

.text C:\WINDOWS\eHome\ehRecvr.exe[1928] WS2_32.dll!connect 719F406A 5 Bytes JMP 00070950

.text C:\WINDOWS\eHome\ehSched.exe[1956] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8

.text C:\WINDOWS\eHome\ehSched.exe[1956] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090

.text C:\WINDOWS\eHome\ehSched.exe[1956] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694

.text C:\WINDOWS\eHome\ehSched.exe[1956] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0

.text C:\WINDOWS\eHome\ehSched.exe[1956] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234

.text C:\WINDOWS\eHome\ehSched.exe[1956] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004

.text C:\WINDOWS\eHome\ehSched.exe[1956] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C

.text C:\WINDOWS\eHome\ehSched.exe[1956] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0

.text C:\WINDOWS\eHome\ehSched.exe[1956] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C

.text C:\WINDOWS\eHome\ehSched.exe[1956] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8

.text C:\WINDOWS\eHome\ehSched.exe[1956] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C

.text C:\WINDOWS\eHome\ehSched.exe[1956] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464

.text C:\WINDOWS\eHome\ehSched.exe[1956] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00070608

.text C:\WINDOWS\eHome\ehSched.exe[1956] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000707AC

.text C:\WINDOWS\eHome\ehSched.exe[1956] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00070720

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00030004

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0003011C

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000304F0

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0003057C

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000303D8

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0003034C

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00030464

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00030608

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000307AC

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00030720

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000308C4

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00030838

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] WS2_32.dll!connect 719F406A 5 Bytes JMP 00030950

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] WININET.dll!InternetConnectA 440949F2 5 Bytes JMP 00030F54

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] WININET.dll!InternetConnectW 44095BE0 5 Bytes JMP 00030FE0

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] WININET.dll!InternetOpenA 4409C8A1 5 Bytes JMP 00030D24

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] WININET.dll!InternetOpenW 4409CED1 5 Bytes JMP 00030DB0

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] WININET.dll!InternetOpenUrlA 440A0BFA 5 Bytes JMP 00030E3C

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] WININET.dll!InternetOpenUrlW 440EAC51 5 Bytes JMP 00030EC8

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2092] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2092] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2092] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2092] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2092] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2092] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2092] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2092] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2092] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2092] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2092] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2092] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2092] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2092] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2092] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720

.text D:\Documents and Settings\Didier\Bureau\gmer.exe[2220] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text D:\Documents and Settings\Didier\Bureau\gmer.exe[2220] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text D:\Documents and Settings\Didier\Bureau\gmer.exe[2220] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text D:\Documents and Settings\Didier\Bureau\gmer.exe[2220] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text D:\Documents and Settings\Didier\Bureau\gmer.exe[2220] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text D:\Documents and Settings\Didier\Bureau\gmer.exe[2220] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text D:\Documents and Settings\Didier\Bureau\gmer.exe[2220] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text D:\Documents and Settings\Didier\Bureau\gmer.exe[2220] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text D:\Documents and Settings\Didier\Bureau\gmer.exe[2220] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text D:\Documents and Settings\Didier\Bureau\gmer.exe[2220] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608

.text D:\Documents and Settings\Didier\Bureau\gmer.exe[2220] USER32.DLL!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC

.text D:\Documents and Settings\Didier\Bureau\gmer.exe[2220] USER32.DLL!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720

.text C:\Apps\Softex\OmniPass\Omniserv.exe[2260] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Apps\Softex\OmniPass\Omniserv.exe[2260] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Apps\Softex\OmniPass\Omniserv.exe[2260] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Apps\Softex\OmniPass\Omniserv.exe[2260] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Apps\Softex\OmniPass\Omniserv.exe[2260] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Apps\Softex\OmniPass\Omniserv.exe[2260] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Apps\Softex\OmniPass\Omniserv.exe[2260] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Apps\Softex\OmniPass\Omniserv.exe[2260] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Apps\Softex\OmniPass\Omniserv.exe[2260] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Apps\Softex\OmniPass\Omniserv.exe[2260] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Apps\Softex\OmniPass\Omniserv.exe[2260] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Apps\Softex\OmniPass\Omniserv.exe[2260] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Apps\Softex\OmniPass\Omniserv.exe[2260] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608

.text C:\Apps\Softex\OmniPass\Omniserv.exe[2260] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC

.text C:\Apps\Softex\OmniPass\Omniserv.exe[2260] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720

.text C:\WINDOWS\system32\dllhost.exe[2272] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\dllhost.exe[2272] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\dllhost.exe[2272] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\dllhost.exe[2272] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\dllhost.exe[2272] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\dllhost.exe[2272] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\dllhost.exe[2272] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\dllhost.exe[2272] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\dllhost.exe[2272] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\dllhost.exe[2272] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\dllhost.exe[2272] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\dllhost.exe[2272] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\dllhost.exe[2272] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\dllhost.exe[2272] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\dllhost.exe[2272] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720

.text C:\WINDOWS\system32\dllhost.exe[2272] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text C:\WINDOWS\system32\dllhost.exe[2272] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text C:\WINDOWS\system32\dllhost.exe[2272] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text C:\WINDOWS\System32\alg.exe[2428] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text C:\WINDOWS\System32\alg.exe[2428] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text C:\WINDOWS\System32\alg.exe[2428] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text C:\WINDOWS\System32\alg.exe[2428] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text C:\WINDOWS\System32\alg.exe[2428] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text C:\WINDOWS\System32\alg.exe[2428] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004

.text C:\WINDOWS\System32\alg.exe[2428] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C

.text C:\WINDOWS\System32\alg.exe[2428] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0

.text C:\WINDOWS\System32\alg.exe[2428] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C

.text C:\WINDOWS\System32\alg.exe[2428] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8

.text C:\WINDOWS\System32\alg.exe[2428] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C

.text C:\WINDOWS\System32\alg.exe[2428] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464

.text C:\WINDOWS\System32\alg.exe[2428] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608

.text C:\WINDOWS\System32\alg.exe[2428] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC

.text C:\WINDOWS\System32\alg.exe[2428] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720

.text C:\WINDOWS\System32\alg.exe[2428] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text C:\WINDOWS\System32\alg.exe[2428] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text C:\WINDOWS\System32\alg.exe[2428] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608

.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC

.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720

.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] WININET.dll!InternetConnectA 440949F2 5 Bytes JMP 00130F54

.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] WININET.dll!InternetConnectW 44095BE0 5 Bytes JMP 00130FE0

.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] WININET.dll!InternetOpenA 4409C8A1 5 Bytes JMP 00130D24

.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] WININET.dll!InternetOpenW 4409CED1 5 Bytes JMP 00130DB0

.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] WININET.dll!InternetOpenUrlA 440A0BFA 5 Bytes JMP 00130E3C

.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] WININET.dll!InternetOpenUrlW 440EAC51 5 Bytes JMP 00130EC8

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2604] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2604] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2604] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2604] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2604] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2604] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2604] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2604] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2604] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2604] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2604] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2604] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2604] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2604] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2604] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720

.text C:\Program Files\Mozilla Firefox\firefox.exe[2624] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\Mozilla Firefox\firefox.exe[2624] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\Mozilla Firefox\firefox.exe[2624] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\Mozilla Firefox\firefox.exe[2624] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\Mozilla Firefox\firefox.exe[2624] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\Mozilla Firefox\firefox.exe[2624] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Program Files\Mozilla Firefox\firefox.exe[2624] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Program Files\Mozilla Firefox\firefox.exe[2624] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Program Files\Mozilla Firefox\firefox.exe[2624] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Program Files\Mozilla Firefox\firefox.exe[2624] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Program Files\Mozilla Firefox\firefox.exe[2624] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Program Files\Mozilla Firefox\firefox.exe[2624] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Program Files\Mozilla Firefox\firefox.exe[2624] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608

.text C:\Program Files\Mozilla Firefox\firefox.exe[2624] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text C:\Program Files\Mozilla Firefox\firefox.exe[2624] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text C:\Program Files\Mozilla Firefox\firefox.exe[2624] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text C:\Program Files\Mozilla Firefox\firefox.exe[2624] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC

.text C:\Program Files\Mozilla Firefox\firefox.exe[2624] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720

.text C:\Program Files\Mozilla Firefox\firefox.exe[2624] WININET.dll!InternetConnectA 440949F2 5 Bytes JMP 00130F54

.text C:\Program Files\Mozilla Firefox\firefox.exe[2624] WININET.dll!InternetConnectW 44095BE0 5 Bytes JMP 00130FE0

.text C:\Program Files\Mozilla Firefox\firefox.exe[2624] WININET.dll!InternetOpenA 4409C8A1 5 Bytes JMP 00130D24

.text C:\Program Files\Mozilla Firefox\firefox.exe[2624] WININET.dll!InternetOpenW 4409CED1 5 Bytes JMP 00130DB0

.text C:\Program Files\Mozilla Firefox\firefox.exe[2624] WININET.dll!InternetOpenUrlA 440A0BFA 5 Bytes JMP 00130E3C

.text C:\Program Files\Mozilla Firefox\firefox.exe[2624] WININET.dll!InternetOpenUrlW 440EAC51 5 Bytes JMP 00130EC8

.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[2656] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[2656] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[2656] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[2656] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[2656] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[2656] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[2656] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[2656] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[2656] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[2656] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[2656] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[2656] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[2656] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608

.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[2656] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC

.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[2656] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720

.text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608

.text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC

.text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720

.text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] WININET.dll!InternetConnectA 440949F2 5 Bytes JMP 00130F54

.text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] WININET.dll!InternetConnectW 44095BE0 5 Bytes JMP 00130FE0

.text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] WININET.dll!InternetOpenA 4409C8A1 5 Bytes JMP 00130D24

.text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] WININET.dll!InternetOpenW 4409CED1 5 Bytes JMP 00130DB0

.text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] WININET.dll!InternetOpenUrlA 440A0BFA 5 Bytes JMP 00130E3C

.text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] WININET.dll!InternetOpenUrlW 440EAC51 5 Bytes JMP 00130EC8

.text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] ws2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] ws2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] ws2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2952] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2952] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2952] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2952] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2952] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2952] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2952] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2952] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2952] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2952] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2952] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2952] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2952] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2952] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2952] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720

.text C:\APPS\SMP\SmpSys.exe[2988] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\APPS\SMP\SmpSys.exe[2988] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\APPS\SMP\SmpSys.exe[2988] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\APPS\SMP\SmpSys.exe[2988] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\APPS\SMP\SmpSys.exe[2988] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\APPS\SMP\SmpSys.exe[2988] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\APPS\SMP\SmpSys.exe[2988] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\APPS\SMP\SmpSys.exe[2988] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\APPS\SMP\SmpSys.exe[2988] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\APPS\SMP\SmpSys.exe[2988] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\APPS\SMP\SmpSys.exe[2988] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\APPS\SMP\SmpSys.exe[2988] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\APPS\SMP\SmpSys.exe[2988] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608

.text C:\APPS\SMP\SmpSys.exe[2988] user32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC

.text C:\APPS\SMP\SmpSys.exe[2988] user32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720

.text C:\WINDOWS\system32\ctfmon.exe[2996] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\ctfmon.exe[2996] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\ctfmon.exe[2996] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\ctfmon.exe[2996] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\ctfmon.exe[2996] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\ctfmon.exe[2996] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\ctfmon.exe[2996] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\ctfmon.exe[2996] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\ctfmon.exe[2996] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\ctfmon.exe[2996] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\ctfmon.exe[2996] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\ctfmon.exe[2996] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\ctfmon.exe[2996] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\ctfmon.exe[2996] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\ctfmon.exe[2996] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720

.text C:\Program Files\MSN Messenger\usnsvc.exe[3404] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8

.text C:\Program Files\MSN Messenger\usnsvc.exe[3404] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090

.text C:\Program Files\MSN Messenger\usnsvc.exe[3404] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694

.text C:\Program Files\MSN Messenger\usnsvc.exe[3404] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0

.text C:\Program Files\MSN Messenger\usnsvc.exe[3404] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234

.text C:\Program Files\MSN Messenger\usnsvc.exe[3404] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004

.text C:\Program Files\MSN Messenger\usnsvc.exe[3404] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C

.text C:\Program Files\MSN Messenger\usnsvc.exe[3404] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0

.text C:\Program Files\MSN Messenger\usnsvc.exe[3404] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C

.text C:\Program Files\MSN Messenger\usnsvc.exe[3404] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8

.text C:\Program Files\MSN Messenger\usnsvc.exe[3404] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C

.text C:\Program Files\MSN Messenger\usnsvc.exe[3404] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464

.text C:\Program Files\MSN Messenger\usnsvc.exe[3404] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00070608

.text C:\Program Files\MSN Messenger\usnsvc.exe[3404] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000707AC

.text C:\Program Files\MSN Messenger\usnsvc.exe[3404] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00070720

.text C:\WINDOWS\Explorer.EXE[3472] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text C:\WINDOWS\Explorer.EXE[3472] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text C:\WINDOWS\Explorer.EXE[3472] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text C:\WINDOWS\Explorer.EXE[3472] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text C:\WINDOWS\Explorer.EXE[3472] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text C:\WINDOWS\Explorer.EXE[3472] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004

.text C:\WINDOWS\Explorer.EXE[3472] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C

.text C:\WINDOWS\Explorer.EXE[3472] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0

.text C:\WINDOWS\Explorer.EXE[3472] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C

.text C:\WINDOWS\Explorer.EXE[3472] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 037A4780 C:\Apps\Softex\OmniPass\opfolderext.dll (OpFolderExt/Softex Inc.)

.text C:\WINDOWS\Explorer.EXE[3472] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8

.text C:\WINDOWS\Explorer.EXE[3472] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C

.text C:\WINDOWS\Explorer.EXE[3472] kernel32.dll!DeleteFileW 7C831F31 5 Bytes JMP 037A4DF0 C:\Apps\Softex\OmniPass\opfolderext.dll (OpFolderExt/Softex Inc.)

.text C:\WINDOWS\Explorer.EXE[3472] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464

.text C:\WINDOWS\Explorer.EXE[3472] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608

.text C:\WINDOWS\Explorer.EXE[3472] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC

.text C:\WINDOWS\Explorer.EXE[3472] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720

.text C:\WINDOWS\Explorer.EXE[3472] WININET.dll!InternetConnectA 440949F2 5 Bytes JMP 00080F54

.text C:\WINDOWS\Explorer.EXE[3472] WININET.dll!InternetConnectW 44095BE0 5 Bytes JMP 00080FE0

.text C:\WINDOWS\Explorer.EXE[3472] WININET.dll!InternetOpenA 4409C8A1 5 Bytes JMP 00080D24

.text C:\WINDOWS\Explorer.EXE[3472] WININET.dll!InternetOpenW 4409CED1 5 Bytes JMP 00080DB0

.text C:\WINDOWS\Explorer.EXE[3472] WININET.dll!InternetOpenUrlA 440A0BFA 5 Bytes JMP 00080E3C

.text C:\WINDOWS\Explorer.EXE[3472] WININET.dll!InternetOpenUrlW 440EAC51 5 Bytes JMP 00080EC8

.text C:\WINDOWS\Explorer.EXE[3472] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text C:\WINDOWS\Explorer.EXE[3472] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text C:\WINDOWS\Explorer.EXE[3472] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text C:\WINDOWS\ehome\ehtray.exe[4020] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8

.text C:\WINDOWS\ehome\ehtray.exe[4020] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090

.text C:\WINDOWS\ehome\ehtray.exe[4020] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694

.text C:\WINDOWS\ehome\ehtray.exe[4020] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0

.text C:\WINDOWS\ehome\ehtray.exe[4020] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234

.text C:\WINDOWS\ehome\ehtray.exe[4020] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004

.text C:\WINDOWS\ehome\ehtray.exe[4020] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C

.text C:\WINDOWS\ehome\ehtray.exe[4020] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0

.text C:\WINDOWS\ehome\ehtray.exe[4020] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C

.text C:\WINDOWS\ehome\ehtray.exe[4020] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8

.text C:\WINDOWS\ehome\ehtray.exe[4020] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C

.text C:\WINDOWS\ehome\ehtray.exe[4020] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464

.text C:\WINDOWS\ehome\ehtray.exe[4020] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00070608

.text C:\WINDOWS\ehome\ehtray.exe[4020] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000707AC

.text C:\WINDOWS\ehome\ehtray.exe[4020] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00070720

.text C:\WINDOWS\ehome\ehtray.exe[4020] WININET.dll!InternetConnectA 440949F2 5 Bytes JMP 00070F54

.text C:\WINDOWS\ehome\ehtray.exe[4020] WININET.dll!InternetConnectW 44095BE0 5 Bytes JMP 00070FE0

.text C:\WINDOWS\ehome\ehtray.exe[4020] WININET.dll!InternetOpenA 4409C8A1 5 Bytes JMP 00070D24

.text C:\WINDOWS\ehome\ehtray.exe[4020] WININET.dll!InternetOpenW 4409CED1 5 Bytes JMP 00070DB0

.text C:\WINDOWS\ehome\ehtray.exe[4020] WININET.dll!InternetOpenUrlA 440A0BFA 5 Bytes JMP 00070E3C

.text C:\WINDOWS\ehome\ehtray.exe[4020] WININET.dll!InternetOpenUrlW 440EAC51 5 Bytes JMP 00070EC8

.text C:\WINDOWS\RTHDCPL.EXE[4040] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\WINDOWS\RTHDCPL.EXE[4040] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\WINDOWS\RTHDCPL.EXE[4040] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\WINDOWS\RTHDCPL.EXE[4040] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\WINDOWS\RTHDCPL.EXE[4040] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\WINDOWS\RTHDCPL.EXE[4040] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004

.text C:\WINDOWS\RTHDCPL.EXE[4040] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C

.text C:\WINDOWS\RTHDCPL.EXE[4040] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

.text C:\WINDOWS\RTHDCPL.EXE[4040] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C

.text C:\WINDOWS\RTHDCPL.EXE[4040] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8

.text C:\WINDOWS\RTHDCPL.EXE[4040] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C

.text C:\WINDOWS\RTHDCPL.EXE[4040] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464

.text C:\WINDOWS\RTHDCPL.EXE[4040] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608

.text C:\WINDOWS\RTHDCPL.EXE[4040] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC

.text C:\WINDOWS\RTHDCPL.EXE[4040] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [b722DCE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [b722DD00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [b722DD90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [b722DDC0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [b722DD90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [b722DD00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [b722DCE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClCloseCall] [b722E680] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClMakeCall] [b722E580] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCoDeleteVc] [b722E4C0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCoCreateVc] [b722E360] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [b722DCE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [b722DD00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClOpenAddressFamily] [b722EBB0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClCloseAddressFamily] [b722EE70] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCoSendPackets] [b722E210] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [b722DDC0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [b722DD90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [b722DD90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [b722DDC0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [b722DCE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [b722DD00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (Noyau et système NT/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (Noyau et système NT/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (Noyau et système NT/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (Noyau et système NT/Microsoft Corporation)

Device \FileSystem\Fastfat \Fat AE885C8A

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.14 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{537FC553-3B1B-E6D1-7BC8-2AF5C15343DC}

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{537FC553-3B1B-E6D1-7BC8-2AF5C15343DC}@dbmcchdedodldehpociepmppgnbamldepgknbmed 0x69 0x61 0x62 0x6F ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{537FC553-3B1B-E6D1-7BC8-2AF5C15343DC}@cbcbaebiljjdchkoeijkdcehhbpoebelancmln 0x69 0x61 0x62 0x6F ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{537FC553-3B1B-E6D1-7BC8-2AF5C15343DC}@iamcchdedodldehpoc 0x61 0x61 0x00 0x00

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{537FC553-3B1B-E6D1-7BC8-2AF5C15343DC}@hacbaebiljjdchko 0x61 0x61 0x00 0x00

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{537FC553-3B1B-E6D1-7BC8-2AF5C15343DC}@iaibknhhcihlfcmikh 0x61 0x61 0x00 0x00

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DF741945-D094-BB23-8FD1-8E777B2B48DB}

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DF741945-D094-BB23-8FD1-8E777B2B48DB}@dbjgjdipdcanijiekicgfgibepcdgknljobcohba 0x69 0x61 0x65 0x66 ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DF741945-D094-BB23-8FD1-8E777B2B48DB}@cbphpoajccbdmankehajiekphgdncepbegphhk 0x69 0x61 0x65 0x66 ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DF741945-D094-BB23-8FD1-8E777B2B48DB}@iajgjdipdcanijieki 0x61 0x61 0x00 0x00

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DF741945-D094-BB23-8FD1-8E777B2B48DB}@haphpoajccbdmank 0x61 0x61 0x00 0x00

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DF741945-D094-BB23-8FD1-8E777B2B48DB}@iangjgfplmeghpbobl 0x61 0x61 0x00 0x00

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DF741945-D094-BB23-8FD1-8E777B2B48DB}@abngjhocioniagoancdklidojckhjfkadj 0x61 0x61 0x00 0x00

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DF741945-D094-BB23-8FD1-8E777B2B48DB}@maogohmdhgaffjkokmebgigdkk 0x61 0x61 0x00 0x00

---- EOF - GMER 1.0.14 ----

Syrius · le 11 février 2008

Bonjour,

Maintenant, qu'est ce que je dois faire ?

Merci

Thanos · le 11 février 2008

salut

Désolé de n'avoir pas vu ta réponse Syrius Est ce que tu peux me poster une nouveau rapport hijackthis pour voir où ton pc en est ? Le rapport GMER que tu as posté ne montre rien d'alarmant.

Toujours ces problèmes de blocages ?

Syrius · le 13 février 2008

Bonjour,

Et bien oui, les problèmes sont toujours existants et de façon très aléatoires. Je vais être parfois quelques jours sans avoir de blocage de l'affichage, et tout à coup, le pc va se bloquer 3 fois en une heure.

Voici le rapport hijackthis, comme tu me l'as demandé :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:50:42, on 13/02/08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

C:\Apps\Softex\OmniPass\Omniserv.exe

C:\WINDOWS\system32\dllhost.exe

C:\Apps\Softex\OmniPass\OPXPApp.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe

C:\apps\ABoard\ABoard.exe

C:\apps\ABoard\AOSD.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\APPS\SMP\SmpSys.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ogame.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe

O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe

O4 - HKLM\..\Run: [bOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT

O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE /P24 "EPSON Stylus Photo RX500" /O5 "LPT1:" /M "Stylus Photo RX500"

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [Magnify] Magnify.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [Magnify] Magnify.exe (User 'Default user')

O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{435896F1-AD13-400F-B035-076B42D0386A}: NameServer = 212.27.54.252,212.27.53.252

O17 - HKLM\System\CS1\Services\Tcpip\..\{435896F1-AD13-400F-B035-076B42D0386A}: NameServer = 212.27.54.252,212.27.53.252

O17 - HKLM\System\CS2\Services\Tcpip\..\{435896F1-AD13-400F-B035-076B42D0386A}: NameServer = 212.27.54.252,212.27.53.252

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--

End of file - 10723 bytes

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Voici également un nouveau rapport Kapersky :

-------------------------------------------------------------------------------

KASPERSKY ON-LINE SCANNER REPORT

Wednesday, February 13, 2008 3:36:20 PM

Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky On-line Scanner version : 5.0.83.0

Dernière mise à jour de la base antivirus Kaspersky : 13/02/2008

Enregistrements dans la base antivirus Kaspersky : 521357

-------------------------------------------------------------------------------

Paramètres d'analyse:

Analyser avec la base antivirus suivante: standard

Analyser les archives: vrai

Analyser les bases de messagerie: vrai

Cible de l'analyse - Poste de travail:

C:\

D:\

E:\

F:\

G:\

H:\

I:\

K:\

Statistiques de l'analyse:

Total d'objets analysés: 95097

Nombre de virus trouvés: 1

Nombre d'objets infectés: 2 / 0

Nombre d'objets suspects: 0

Durée de l'analyse: 00:44:45

Nom de l'objet infecté / Nom du virus / Dernière action

C:\APPS\Softex\OmniPass\btype0.dat L'objet est verrouillé ignoré

C:\APPS\Softex\OmniPass\btype256.dat L'objet est verrouillé ignoré

C:\APPS\Softex\OmniPass\btype259.dat L'objet est verrouillé ignoré

C:\APPS\Softex\OmniPass\btype3.dat L'objet est verrouillé ignoré

C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log L'objet est verrouillé ignoré

C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx L'objet est verrouillé ignoré

C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log L'objet est verrouillé ignoré

C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx L'objet est verrouillé ignoré

C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log L'objet est verrouillé ignoré

C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx L'objet est verrouillé ignoré

C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log L'objet est verrouillé ignoré

C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx L'objet est verrouillé ignoré

C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log L'objet est verrouillé ignoré

C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx L'objet est verrouillé ignoré

C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log L'objet est verrouillé ignoré

C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx L'objet est verrouillé ignoré

C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log L'objet est verrouillé ignoré

C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx L'objet est verrouillé ignoré

C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log L'objet est verrouillé ignoré

C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx L'objet est verrouillé ignoré

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP358\A0289170.EXE/300.exe Infecté : Trojan-Spy.Win32.Delf.wh ignoré

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP358\A0289170.EXE SetupSpecialist: infecté - 1 ignoré

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP372\change.log L'objet est verrouillé ignoré

C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{21EF7AE2-FC12-4F50-9C0A-E84D18B54C25}.crmlog L'objet est verrouillé ignoré

C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré

C:\WINDOWS\SoftwareDistribution\EventCache\{E69F3770-C482-4C5A-9A16-5B6A8E0F7073}.bin L'objet est verrouillé ignoré

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré

C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré

C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré

C:\WINDOWS\system32\CatRoot2\edbtmp.log L'objet est verrouillé ignoré

C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\Media Ce.evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré

C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré

C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré

C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré

D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré

D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré

D:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\TempSBE\MSDVRMM_2893563813_5636096_12791 L'objet est verrouillé ignoré

D:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\TempSBE\MSDVRMM_2893563813_6160384_13490 L'objet est verrouillé ignoré

D:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\TempSBE\SBE1.tmp L'objet est verrouillé ignoré

D:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\TempSBE\SBE2.tmp L'objet est verrouillé ignoré

D:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\{AAA9E10E-C53E-494B-8BD0-A2FFB3DDA8FB}.TmpSBE L'objet est verrouillé ignoré

D:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\{FB904071-CFFE-4B87-9A42-9A5EBE27AEAB}.TmpSBE L'objet est verrouillé ignoré

D:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp L'objet est verrouillé ignoré

D:\Documents and Settings\All Users\DRM\drmstore.hds L'objet est verrouillé ignoré

D:\Documents and Settings\Didier\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml L'objet est verrouillé ignoré

D:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\cert8.db L'objet est verrouillé ignoré

D:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\formhistory.dat L'objet est verrouillé ignoré

D:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\GoogleToolbarData\googlesafebrowsing.db L'objet est verrouillé ignoré

D:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\history.dat L'objet est verrouillé ignoré

D:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\key3.db L'objet est verrouillé ignoré

D:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\parent.lock L'objet est verrouillé ignoré

D:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\search.sqlite L'objet est verrouillé ignoré

D:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\urlclassifier2.sqlite L'objet est verrouillé ignoré

D:\Documents and Settings\Didier\Cookies\index.dat L'objet est verrouillé ignoré

D:\Documents and Settings\Didier\Local Settings\Application Data\Identities\{43A12959-B81D-4924-93B9-84F5FBD412F4}\Microsoft\Outlook Express\Boîte de réception.dbx L'objet est verrouillé ignoré

D:\Documents and Settings\Didier\Local Settings\Application Data\Identities\{43A12959-B81D-4924-93B9-84F5FBD412F4}\Microsoft\Outlook Express\Folders.dbx L'objet est verrouillé ignoré

D:\Documents and Settings\Didier\Local Settings\Application Data\Identities\{43A12959-B81D-4924-93B9-84F5FBD412F4}\Microsoft\Outlook Express\Offline.dbx L'objet est verrouillé ignoré

D:\Documents and Settings\Didier\Local Settings\Application Data\Identities\{43A12959-B81D-4924-93B9-84F5FBD412F4}\Microsoft\Outlook Express\Pop3uidl.dbx L'objet est verrouillé ignoré

D:\Documents and Settings\Didier\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

D:\Documents and Settings\Didier\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

D:\Documents and Settings\Didier\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré

D:\Documents and Settings\Didier\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré

D:\Documents and Settings\Didier\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré

D:\Documents and Settings\Didier\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré

D:\Documents and Settings\Didier\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

D:\Documents and Settings\Didier\Local Settings\Historique\History.IE5\MSHist012008021320080214\index.dat L'objet est verrouillé ignoré

D:\Documents and Settings\Didier\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré

D:\Documents and Settings\Didier\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

D:\Documents and Settings\Didier\NTUSER.DAT L'objet est verrouillé ignoré

D:\Documents and Settings\Didier\ntuser.dat.LOG L'objet est verrouillé ignoré

D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

D:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat L'objet est verrouillé ignoré

D:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat L'objet est verrouillé ignoré

D:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat L'objet est verrouillé ignoré

D:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré

D:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré

D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

D:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré

D:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré

D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré

D:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP372\change.log L'objet est verrouillé ignoré

Analyse terminée.

Modifié le 13 février 2008 par Syrius

Thanos · le 13 février 2008

salut

Pas évident de déterminer la cause de ces plantages... ca peut être un conflit entre des logiciels, un problème avec Kério (on en parle parfois sur les forums) etc...

On va désactiver certains services inutiles pour voir si ca change quelque chose >

Clique sur Démarrer > Executer et tu tapes : services.msc puis valide avec le bouton OK.

Cherche le service suivant > NVIDIA Display Driver Service et double-clique dessus.

Dans le champs "Status du service" sélectionne "arrêté"

Dans le champs "Type de démarrage" sélectionne"désactivé" puis "Appliquer" puis"ok"

Fais pareil avec AOL Connectivity Service

Met ces deux services en manuel et pas en automatique >

a-squared Free Service

Ad-Aware 2007 Service

Tu est bien chez Free et pas chez AOL ? si c'est le cas, tu peux passer par le Panneau de Configuration > Ajouter/Supprimer des Programmes et désinstaller AOL

Redémarre le pc et dis moi si ca change quelque chose.

On peut tenter une petite optimisation pour voir si ca rêgle le problème: dis moi ce que tu en pense.

On va éliminer les outils téléchargés >

Passe par le Menu Démarrer>Exécuter et colle ceci > ComboFix /u valide en cliquant sur OK (un message doit t'avertir que ComboFix est bien éliminé).

Tu peux aussi éliminer Gmer.exe et son dossier

@++

Connexion

Pas encore inscrit ?

Le PC se bloque de façon aléatoire

Messages recommandés

Thanos

Syrius

Thanos

Syrius

Syrius

Thanos

Syrius

Thanos

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer