virus alert

Thanos · le 17 octobre 2008

salut

1°) Le PC est relancé antivir MAJ toujours impossible Kerio (version d'essai) me dit qu'il y a une nouvelle version voulez vous mettre à jour et tout comme antivir rien.

Question bête: est ce que ta connexion fonctionne correctement sur le pc ?

2°)au redemarage 2 fenêtres apparaissent :[Protection des fichiers windows.] des fichiers necessaires au fonctionnement windows ont été remplacés par des fichiers d'une version non reconnu..etc.

Il va falloir faire une vérification des fichiers système comme ceci (le cd de Windows te sera demandé) >>

Passe par Démarrer > Exécuter > tape cmd > Tape sur la touche [Entrée] .

Une fenêtre noire s'ouvre: copie/colle ceci >> sfc /scannow puis tape sur la touche [Entrée].

C'est détaillé ici avec captures d'écran sous la rubrique Autre procédure de réparation de Windows XP et XP Home >> http://assiste.com.free.fr/p/comment/comme...fc_scannow.html

Par ailleurs on va faire un petit scan rapide de ton pc avec ce programme >>

Télécharge gmer : http://www.gmer.net/gmer.zip

Déconnecte toi d'internet si possible et ferme tous les programmes.

Décompresse le fichier zip et double-clique sur gmer.exe

clique sur l'onglet "rootkit" et clique sur Scan

Lorsque le scan est terminé, clique sur "copy"

Ouvre le bloc-note et clique sur le Menu Edition / Coller

Le rapport doit alors apparaître.

Enregistre le fichier sur ton bureau et copie/colle le contenu ici.

@+

Modifié le 17 octobre 2008 par Thanos

vieuxrusé · le 18 octobre 2008

oups! :nuts3: Salut Thanos il y eu comme un loupé voilà le rapport demandé je continue pour la suite avec le cd installation puis je te tiens au courant mais de toute façon ça commence à sentir bon. Bonne journée à toi et toute l'équipe.

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-10-18 09:10:49

Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) ZwClose [0xEE7991A5]

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) ZwCreateFile [0xEE7989CC]

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) ZwCreateKey [0xEE7950B0]

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) ZwCreateProcess [0xEE798013]

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) ZwCreateProcessEx [0xEE797E90]

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) ZwCreateThread [0xEE79854A]

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) ZwDeleteFile [0xEE799225]

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) ZwDeleteKey [0xEE7954E1]

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) ZwDeleteValueKey [0xEE795574]

SSDT spho.sys ZwEnumerateKey [0xF772CCA2]

SSDT spho.sys ZwEnumerateValueKey [0xF772D030]

SSDT \SystemRoot\system32\drivers\khips.sys ZwLoadDriver [0xEE6118B0]

SSDT \SystemRoot\system32\drivers\khips.sys ZwMapViewOfSection [0xEE611A20]

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) ZwOpenFile [0xEE798C97]

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) ZwOpenKey [0xEE795307]

SSDT spho.sys ZwQueryKey [0xF772D108]

SSDT spho.sys ZwQueryValueKey [0xF772CF88]

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) ZwResumeThread [0xEE7985D6]

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) ZwSetInformationFile [0xEE798F99]

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) ZwSetValueKey [0xEE79567D]

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) ZwWriteFile [0xEE798EF6]

INT 0x62 ? 86759BF8

INT 0x63 ? 86505F00

INT 0x82 ? 86759BF8

INT 0x83 ? 867C8BF8

INT 0x94 ? 86505F00

INT 0xA4 ? 86505F00

INT 0xB4 ? 86505F00

---- Kernel code sections - GMER 1.0.14 ----

? spho.sys Le fichier spécifié est introuvable. !

PAGENDSM NDIS.sys!NdisMIndicateStatus F7558A5F 6 Bytes JMP EE78D35C \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software)

.text USBPORT.SYS!DllUnload F6A937AE 5 Bytes JMP 865054E0

.text a3k9jsji.SYS F10BB384 1 Byte [ 20 ]

.text a3k9jsji.SYS F10BB386 35 Bytes [ 00, 68, 00, 00, 00, 00, 00, ... ]

.text a3k9jsji.SYS F10BB3AA 24 Bytes [ 00, 00, 20, 00, 00, E0, 00, ... ]

.text a3k9jsji.SYS F10BB3C4 3 Bytes [ 00, 00, 00 ]

.text a3k9jsji.SYS F10BB3C9 1 Byte [ 00 ]

.text ...

---- User code sections - GMER 1.0.14 ----

.text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004

.text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C

.text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0

.text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C

.text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8

.text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C

.text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464

.text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608

.text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC

.text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720

.text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] WININET.dll!InternetOpenW 77AAAF69 5 Bytes JMP 00130DB0

.text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] WININET.dll!InternetConnectA 77AB34A9 5 Bytes JMP 00130F54

.text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] WININET.dll!InternetOpenA 77AB592A 5 Bytes JMP 00130D24

.text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] WININET.dll!InternetOpenUrlA 77AB5BF6 5 Bytes JMP 00130E3C

.text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] WININET.dll!InternetConnectW 77ABEE70 5 Bytes JMP 00130FE0

.text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] WININET.dll!InternetOpenUrlW 77AC5BC2 5 Bytes JMP 00130EC8

.text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004

.text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C

.text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0

.text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C

.text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8

.text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C

.text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464

.text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608

.text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC

.text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720

.text C:\Program Files\DAEMON Tools Lite\daemon.exe[256] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\DAEMON Tools Lite\daemon.exe[256] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\DAEMON Tools Lite\daemon.exe[256] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\DAEMON Tools Lite\daemon.exe[256] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\DAEMON Tools Lite\daemon.exe[256] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\DAEMON Tools Lite\daemon.exe[256] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004

.text C:\Program Files\DAEMON Tools Lite\daemon.exe[256] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C

.text C:\Program Files\DAEMON Tools Lite\daemon.exe[256] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0

.text C:\Program Files\DAEMON Tools Lite\daemon.exe[256] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C

.text C:\Program Files\DAEMON Tools Lite\daemon.exe[256] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8

.text C:\Program Files\DAEMON Tools Lite\daemon.exe[256] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C

.text C:\Program Files\DAEMON Tools Lite\daemon.exe[256] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464

.text C:\Program Files\DAEMON Tools Lite\daemon.exe[256] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608

.text C:\Program Files\DAEMON Tools Lite\daemon.exe[256] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC

.text C:\Program Files\DAEMON Tools Lite\daemon.exe[256] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720

.text C:\Program Files\TomTom HOME 2\HOMERunner.exe[308] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\TomTom HOME 2\HOMERunner.exe[308] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\TomTom HOME 2\HOMERunner.exe[308] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\TomTom HOME 2\HOMERunner.exe[308] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\TomTom HOME 2\HOMERunner.exe[308] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\TomTom HOME 2\HOMERunner.exe[308] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004

.text C:\Program Files\TomTom HOME 2\HOMERunner.exe[308] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C

.text C:\Program Files\TomTom HOME 2\HOMERunner.exe[308] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0

.text C:\Program Files\TomTom HOME 2\HOMERunner.exe[308] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C

.text C:\Program Files\TomTom HOME 2\HOMERunner.exe[308] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8

.text C:\Program Files\TomTom HOME 2\HOMERunner.exe[308] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C

.text C:\Program Files\TomTom HOME 2\HOMERunner.exe[308] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464

.text C:\Program Files\TomTom HOME 2\HOMERunner.exe[308] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608

.text C:\Program Files\TomTom HOME 2\HOMERunner.exe[308] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC

.text C:\Program Files\TomTom HOME 2\HOMERunner.exe[308] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720

.text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004

.text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C

.text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0

.text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C

.text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8

.text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C

.text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464

.text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608

.text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC

.text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720

.text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] WININET.dll!InternetOpenW 77AAAF69 5 Bytes JMP 00130DB0

.text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] WININET.dll!InternetConnectA 77AB34A9 5 Bytes JMP 00130F54

.text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] WININET.dll!InternetOpenA 77AB592A 5 Bytes JMP 00130D24

.text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] WININET.dll!InternetOpenUrlA 77AB5BF6 5 Bytes JMP 00130E3C

.text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] WININET.dll!InternetConnectW 77ABEE70 5 Bytes JMP 00130FE0

.text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] WININET.dll!InternetOpenUrlW 77AC5BC2 5 Bytes JMP 00130EC8

.text E:\WINDOWS\system32\nvsvc32.exe[532] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text E:\WINDOWS\system32\nvsvc32.exe[532] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text E:\WINDOWS\system32\nvsvc32.exe[532] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text E:\WINDOWS\system32\nvsvc32.exe[532] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text E:\WINDOWS\system32\nvsvc32.exe[532] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text E:\WINDOWS\system32\nvsvc32.exe[532] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004

.text E:\WINDOWS\system32\nvsvc32.exe[532] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C

.text E:\WINDOWS\system32\nvsvc32.exe[532] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0

.text E:\WINDOWS\system32\nvsvc32.exe[532] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C

.text E:\WINDOWS\system32\nvsvc32.exe[532] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8

.text E:\WINDOWS\system32\nvsvc32.exe[532] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C

.text E:\WINDOWS\system32\nvsvc32.exe[532] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464

.text E:\WINDOWS\system32\nvsvc32.exe[532] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608

.text E:\WINDOWS\system32\nvsvc32.exe[532] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC

.text E:\WINDOWS\system32\nvsvc32.exe[532] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720

.text E:\WINDOWS\system32\nvsvc32.exe[532] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text E:\WINDOWS\system32\nvsvc32.exe[532] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text E:\WINDOWS\system32\nvsvc32.exe[532] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text E:\WINDOWS\system32\oodag.exe[580] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text E:\WINDOWS\system32\oodag.exe[580] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text E:\WINDOWS\system32\oodag.exe[580] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text E:\WINDOWS\system32\oodag.exe[580] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text E:\WINDOWS\system32\oodag.exe[580] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text E:\WINDOWS\system32\oodag.exe[580] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004

.text E:\WINDOWS\system32\oodag.exe[580] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C

.text E:\WINDOWS\system32\oodag.exe[580] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0

.text E:\WINDOWS\system32\oodag.exe[580] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C

.text E:\WINDOWS\system32\oodag.exe[580] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8

.text E:\WINDOWS\system32\oodag.exe[580] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C

.text E:\WINDOWS\system32\oodag.exe[580] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464

.text E:\WINDOWS\system32\oodag.exe[580] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608

.text E:\WINDOWS\system32\oodag.exe[580] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text E:\WINDOWS\system32\oodag.exe[580] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text E:\WINDOWS\system32\oodag.exe[580] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text E:\WINDOWS\system32\oodag.exe[580] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC

.text E:\WINDOWS\system32\oodag.exe[580] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720

.text E:\WINDOWS\system32\csrss.exe[716] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8

.text E:\WINDOWS\system32\csrss.exe[716] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090

.text E:\WINDOWS\system32\csrss.exe[716] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694

.text E:\WINDOWS\system32\csrss.exe[716] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0

.text E:\WINDOWS\system32\csrss.exe[716] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234

.text E:\WINDOWS\system32\csrss.exe[716] KERNEL32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00160004

.text E:\WINDOWS\system32\csrss.exe[716] KERNEL32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0016011C

.text E:\WINDOWS\system32\csrss.exe[716] KERNEL32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001604F0

.text E:\WINDOWS\system32\csrss.exe[716] KERNEL32.dll!CreateThread 7C81082F 5 Bytes JMP 0016057C

.text E:\WINDOWS\system32\csrss.exe[716] KERNEL32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001603D8

.text E:\WINDOWS\system32\csrss.exe[716] KERNEL32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0016034C

.text E:\WINDOWS\system32\csrss.exe[716] KERNEL32.dll!WinExec 7C86114D 5 Bytes JMP 00160464

.text E:\WINDOWS\system32\csrss.exe[716] KERNEL32.dll!SetThreadContext 7C862849 5 Bytes JMP 00160608

.text E:\WINDOWS\system32\csrss.exe[716] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001607AC

.text E:\WINDOWS\system32\csrss.exe[716] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00160720

.text E:\WINDOWS\system32\winlogon.exe[740] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8

.text E:\WINDOWS\system32\winlogon.exe[740] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090

.text E:\WINDOWS\system32\winlogon.exe[740] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694

.text E:\WINDOWS\system32\winlogon.exe[740] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0

.text E:\WINDOWS\system32\winlogon.exe[740] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234

.text E:\WINDOWS\system32\winlogon.exe[740] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00070004

.text E:\WINDOWS\system32\winlogon.exe[740] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0007011C

.text E:\WINDOWS\system32\winlogon.exe[740] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000704F0

.text E:\WINDOWS\system32\winlogon.exe[740] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0007057C

.text E:\WINDOWS\system32\winlogon.exe[740] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000703D8

.text E:\WINDOWS\system32\winlogon.exe[740] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0007034C

.text E:\WINDOWS\system32\winlogon.exe[740] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00070464

.text E:\WINDOWS\system32\winlogon.exe[740] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00070608

.text E:\WINDOWS\system32\winlogon.exe[740] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 000707AC

.text E:\WINDOWS\system32\winlogon.exe[740] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00070720

.text E:\WINDOWS\system32\winlogon.exe[740] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000708C4

.text E:\WINDOWS\system32\winlogon.exe[740] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00070838

.text E:\WINDOWS\system32\winlogon.exe[740] WS2_32.dll!connect 719F406A 5 Bytes JMP 00070950

.text E:\WINDOWS\system32\services.exe[784] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text E:\WINDOWS\system32\services.exe[784] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text E:\WINDOWS\system32\services.exe[784] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text E:\WINDOWS\system32\services.exe[784] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text E:\WINDOWS\system32\services.exe[784] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text E:\WINDOWS\system32\services.exe[784] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004

.text E:\WINDOWS\system32\services.exe[784] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C

.text E:\WINDOWS\system32\services.exe[784] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0

.text E:\WINDOWS\system32\services.exe[784] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C

.text E:\WINDOWS\system32\services.exe[784] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8

.text E:\WINDOWS\system32\services.exe[784] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C

.text E:\WINDOWS\system32\services.exe[784] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464

.text E:\WINDOWS\system32\services.exe[784] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608

.text E:\WINDOWS\system32\services.exe[784] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 000807AC

.text E:\WINDOWS\system32\services.exe[784] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00080720

.text E:\WINDOWS\system32\services.exe[784] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text E:\WINDOWS\system32\services.exe[784] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text E:\WINDOWS\system32\services.exe[784] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text E:\WINDOWS\system32\lsass.exe[796] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text E:\WINDOWS\system32\lsass.exe[796] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text E:\WINDOWS\system32\lsass.exe[796] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text E:\WINDOWS\system32\lsass.exe[796] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text E:\WINDOWS\system32\lsass.exe[796] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text E:\WINDOWS\system32\lsass.exe[796] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004

.text E:\WINDOWS\system32\lsass.exe[796] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C

.text E:\WINDOWS\system32\lsass.exe[796] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0

.text E:\WINDOWS\system32\lsass.exe[796] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C

.text E:\WINDOWS\system32\lsass.exe[796] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8

.text E:\WINDOWS\system32\lsass.exe[796] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C

.text E:\WINDOWS\system32\lsass.exe[796] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464

.text E:\WINDOWS\system32\lsass.exe[796] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608

.text E:\WINDOWS\system32\lsass.exe[796] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 000807AC

.text E:\WINDOWS\system32\lsass.exe[796] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00080720

.text E:\WINDOWS\system32\lsass.exe[796] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text E:\WINDOWS\system32\lsass.exe[796] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text E:\WINDOWS\system32\lsass.exe[796] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text E:\WINDOWS\system32\svchost.exe[952] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text E:\WINDOWS\system32\svchost.exe[952] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text E:\WINDOWS\system32\svchost.exe[952] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text E:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text E:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text E:\WINDOWS\system32\svchost.exe[952] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004

.text E:\WINDOWS\system32\svchost.exe[952] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C

.text E:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0

.text E:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C

.text E:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8

.text E:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C

.text E:\WINDOWS\system32\svchost.exe[952] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464

.text E:\WINDOWS\system32\svchost.exe[952] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608

.text E:\WINDOWS\system32\svchost.exe[952] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 000807AC

.text E:\WINDOWS\system32\svchost.exe[952] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00080720

.text E:\WINDOWS\system32\svchost.exe[952] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text E:\WINDOWS\system32\svchost.exe[952] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text E:\WINDOWS\system32\svchost.exe[952] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text E:\WINDOWS\system32\svchost.exe[996] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text E:\WINDOWS\system32\svchost.exe[996] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text E:\WINDOWS\system32\svchost.exe[996] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text E:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text E:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text E:\WINDOWS\system32\svchost.exe[996] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004

.text E:\WINDOWS\system32\svchost.exe[996] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C

.text E:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0

.text E:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C

.text E:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8

.text E:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C

.text E:\WINDOWS\system32\svchost.exe[996] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464

.text E:\WINDOWS\system32\svchost.exe[996] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608

.text E:\WINDOWS\system32\svchost.exe[996] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 000807AC

.text E:\WINDOWS\system32\svchost.exe[996] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00080720

.text E:\WINDOWS\system32\svchost.exe[996] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text E:\WINDOWS\system32\svchost.exe[996] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text E:\WINDOWS\system32\svchost.exe[996] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text E:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text E:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text E:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text E:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text E:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text E:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004

.text E:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C

.text E:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0

.text E:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C

.text E:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8

.text E:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C

.text E:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464

.text E:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608

.text E:\WINDOWS\System32\svchost.exe[1088] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 000807AC

.text E:\WINDOWS\System32\svchost.exe[1088] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00080720

.text E:\WINDOWS\System32\svchost.exe[1088] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text E:\WINDOWS\System32\svchost.exe[1088] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text E:\WINDOWS\System32\svchost.exe[1088] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text E:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetOpenW 77AAAF69 5 Bytes JMP 00080DB0

.text E:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetConnectA 77AB34A9 5 Bytes JMP 00080F54

.text E:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetOpenA 77AB592A 5 Bytes JMP 00080D24

.text E:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetOpenUrlA 77AB5BF6 5 Bytes JMP 00080E3C

.text E:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetConnectW 77ABEE70 5 Bytes JMP 00080FE0

.text E:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetOpenUrlW 77AC5BC2 5 Bytes JMP 00080EC8

.text E:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text E:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text E:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text E:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text E:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text E:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004

.text E:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C

.text E:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0

.text E:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C

.text E:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8

.text E:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C

.text E:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464

.text E:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608

.text E:\WINDOWS\system32\svchost.exe[1144] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 000807AC

.text E:\WINDOWS\system32\svchost.exe[1144] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00080720

.text E:\WINDOWS\system32\svchost.exe[1144] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text E:\WINDOWS\system32\svchost.exe[1144] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text E:\WINDOWS\system32\svchost.exe[1144] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text E:\WINDOWS\system32\wdfmgr.exe[1184] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8

.text E:\WINDOWS\system32\wdfmgr.exe[1184] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090

.text E:\WINDOWS\system32\wdfmgr.exe[1184] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694

.text E:\WINDOWS\system32\wdfmgr.exe[1184] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0

.text E:\WINDOWS\system32\wdfmgr.exe[1184] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234

.text E:\WINDOWS\system32\wdfmgr.exe[1184] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00070004

.text E:\WINDOWS\system32\wdfmgr.exe[1184] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0007011C

.text E:\WINDOWS\system32\wdfmgr.exe[1184] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000704F0

.text E:\WINDOWS\system32\wdfmgr.exe[1184] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0007057C

.text E:\WINDOWS\system32\wdfmgr.exe[1184] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000703D8

.text E:\WINDOWS\system32\wdfmgr.exe[1184] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0007034C

.text E:\WINDOWS\system32\wdfmgr.exe[1184] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00070464

.text E:\WINDOWS\system32\wdfmgr.exe[1184] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00070608

.text E:\WINDOWS\system32\wdfmgr.exe[1184] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 000707AC

.text E:\WINDOWS\system32\wdfmgr.exe[1184] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00070720

.text E:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text E:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text E:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text E:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text E:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text E:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004

.text E:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C

.text E:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0

.text E:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C

.text E:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8

.text E:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C

.text E:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464

.text E:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608

.text E:\WINDOWS\system32\svchost.exe[1216] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 000807AC

.text E:\WINDOWS\system32\svchost.exe[1216] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00080720

.text E:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text E:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text E:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text E:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetOpenW 77AAAF69 5 Bytes JMP 00080DB0

.text E:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetConnectA 77AB34A9 5 Bytes JMP 00080F54

.text E:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetOpenA 77AB592A 5 Bytes JMP 00080D24

.text E:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetOpenUrlA 77AB5BF6 5 Bytes JMP 00080E3C

.text E:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetConnectW 77ABEE70 5 Bytes JMP 00080FE0

.text E:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetOpenUrlW 77AC5BC2 5 Bytes JMP 00080EC8

.text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004

.text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C

.text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0

.text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C

.text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8

.text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C

.text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464

.text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608

.text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC

.text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720

.text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text E:\WINDOWS\system32\spoolsv.exe[1488] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text E:\WINDOWS\system32\spoolsv.exe[1488] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text E:\WINDOWS\system32\spoolsv.exe[1488] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text E:\WINDOWS\system32\spoolsv.exe[1488] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text E:\WINDOWS\system32\spoolsv.exe[1488] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text E:\WINDOWS\system32\spoolsv.exe[1488] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004

.text E:\WINDOWS\system32\spoolsv.exe[1488] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C

.text E:\WINDOWS\system32\spoolsv.exe[1488] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0

.text E:\WINDOWS\system32\spoolsv.exe[1488] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C

.text E:\WINDOWS\system32\spoolsv.exe[1488] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8

.text E:\WINDOWS\system32\spoolsv.exe[1488] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C

.text E:\WINDOWS\system32\spoolsv.exe[1488] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464

.text E:\WINDOWS\system32\spoolsv.exe[1488] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608

.text E:\WINDOWS\system32\spoolsv.exe[1488] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 000807AC

.text E:\WINDOWS\system32\spoolsv.exe[1488] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00080720

.text E:\WINDOWS\system32\spoolsv.exe[1488] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text E:\WINDOWS\system32\spoolsv.exe[1488] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text E:\WINDOWS\system32\spoolsv.exe[1488] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text E:\WINDOWS\Explorer.EXE[1680] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text E:\WINDOWS\Explorer.EXE[1680] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text E:\WINDOWS\Explorer.EXE[1680] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text E:\WINDOWS\Explorer.EXE[1680] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text E:\WINDOWS\Explorer.EXE[1680] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text E:\WINDOWS\Explorer.EXE[1680] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004

.text E:\WINDOWS\Explorer.EXE[1680] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C

.text E:\WINDOWS\Explorer.EXE[1680] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0

.text E:\WINDOWS\Explorer.EXE[1680] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C

.text E:\WINDOWS\Explorer.EXE[1680] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8

.text E:\WINDOWS\Explorer.EXE[1680] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C

.text E:\WINDOWS\Explorer.EXE[1680] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464

.text E:\WINDOWS\Explorer.EXE[1680] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608

.text E:\WINDOWS\Explorer.EXE[1680] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 000807AC

.text E:\WINDOWS\Explorer.EXE[1680] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00080720

.text E:\WINDOWS\Explorer.EXE[1680] WININET.dll!InternetOpenW 77AAAF69 5 Bytes JMP 00080DB0

.text E:\WINDOWS\Explorer.EXE[1680] WININET.dll!InternetConnectA 77AB34A9 5 Bytes JMP 00080F54

.text E:\WINDOWS\Explorer.EXE[1680] WININET.dll!InternetOpenA 77AB592A 5 Bytes JMP 00080D24

.text E:\WINDOWS\Explorer.EXE[1680] WININET.dll!InternetOpenUrlA 77AB5BF6 5 Bytes JMP 00080E3C

.text E:\WINDOWS\Explorer.EXE[1680] WININET.dll!InternetConnectW 77ABEE70 5 Bytes JMP 00080FE0

.text E:\WINDOWS\Explorer.EXE[1680] WININET.dll!InternetOpenUrlW 77AC5BC2 5 Bytes JMP 00080EC8

.text E:\WINDOWS\Explorer.EXE[1680] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text E:\WINDOWS\Explorer.EXE[1680] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text E:\WINDOWS\Explorer.EXE[1680] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text c:\Program Files\a-squared Free\a2service.exe[1776] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text c:\Program Files\a-squared Free\a2service.exe[1776] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text c:\Program Files\a-squared Free\a2service.exe[1776] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text c:\Program Files\a-squared Free\a2service.exe[1776] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text c:\Program Files\a-squared Free\a2service.exe[1776] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text c:\Program Files\a-squared Free\a2service.exe[1776] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004

.text c:\Program Files\a-squared Free\a2service.exe[1776] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C

.text c:\Program Files\a-squared Free\a2service.exe[1776] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0

.text c:\Program Files\a-squared Free\a2service.exe[1776] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C

.text c:\Program Files\a-squared Free\a2service.exe[1776] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8

.text c:\Program Files\a-squared Free\a2service.exe[1776] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C

.text c:\Program Files\a-squared Free\a2service.exe[1776] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464

.text c:\Program Files\a-squared Free\a2service.exe[1776] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608

.text c:\Program Files\a-squared Free\a2service.exe[1776] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC

.text c:\Program Files\a-squared Free\a2service.exe[1776] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720

.text E:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text E:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text E:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text E:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text E:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text E:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004

.text E:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C

.text E:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0

.text E:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C

.text E:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8

.text E:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C

.text E:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464

.text E:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608

.text E:\WINDOWS\system32\svchost.exe[1820] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 000807AC

.text E:\WINDOWS\system32\svchost.exe[1820] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00080720

.text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004

.text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C

.text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0

.text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C

.text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8

.text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C

.text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464

.text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608

.text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC

.text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720

.text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004

.text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C

.text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0

.text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C

.text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8

.text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C

.text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464

.text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608

.text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC

.text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720

.text c:\Program Files\CDBurnerXP\NMSAccessU.exe[1920] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text c:\Program Files\CDBurnerXP\NMSAccessU.exe[1920] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text c:\Program Files\CDBurnerXP\NMSAccessU.exe[1920] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text c:\Program Files\CDBurnerXP\NMSAccessU.exe[1920] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text c:\Program Files\CDBurnerXP\NMSAccessU.exe[1920] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text c:\Program Files\CDBurnerXP\NMSAccessU.exe[1920] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004

.text c:\Program Files\CDBurnerXP\NMSAccessU.exe[1920] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C

.text c:\Program Files\CDBurnerXP\NMSAccessU.exe[1920] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0

.text c:\Program Files\CDBurnerXP\NMSAccessU.exe[1920] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C

.text c:\Program Files\CDBurnerXP\NMSAccessU.exe[1920] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8

.text c:\Program Files\CDBurnerXP\NMSAccessU.exe[1920] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C

.text c:\Program Files\CDBurnerXP\NMSAccessU.exe[1920] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464

.text c:\Program Files\CDBurnerXP\NMSAccessU.exe[1920] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608

.text c:\Program Files\CDBurnerXP\NMSAccessU.exe[1920] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC

.text c:\Program Files\CDBurnerXP\NMSAccessU.exe[1920] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00030004

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0003011C

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000304F0

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0003057C

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000303D8

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0003034C

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00030464

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00030608

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000308C4

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00030838

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] WS2_32.dll!connect 719F406A 5 Bytes JMP 00030950

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 000307AC

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00030720

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] WININET.dll!InternetOpenW 77AAAF69 5 Bytes JMP 00030DB0

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] WININET.dll!InternetConnectA 77AB34A9 5 Bytes JMP 00030F54

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] WININET.dll!InternetOpenA 77AB592A 5 Bytes JMP 00030D24

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] WININET.dll!InternetOpenUrlA 77AB5BF6 5 Bytes JMP 00030E3C

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] WININET.dll!InternetConnectW 77ABEE70 5 Bytes JMP 00030FE0

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] WININET.dll!InternetOpenUrlW 77AC5BC2 5 Bytes JMP 00030EC8

.text E:\WINDOWS\system32\RUNDLL32.EXE[2028] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text E:\WINDOWS\system32\RUNDLL32.EXE[2028] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text E:\WINDOWS\system32\RUNDLL32.EXE[2028] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text E:\WINDOWS\system32\RUNDLL32.EXE[2028] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text E:\WINDOWS\system32\RUNDLL32.EXE[2028] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text E:\WINDOWS\system32\RUNDLL32.EXE[2028] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004

.text E:\WINDOWS\system32\RUNDLL32.EXE[2028] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C

.text E:\WINDOWS\system32\RUNDLL32.EXE[2028] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0

.text E:\WINDOWS\system32\RUNDLL32.EXE[2028] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C

.text E:\WINDOWS\system32\RUNDLL32.EXE[2028] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8

.text E:\WINDOWS\system32\RUNDLL32.EXE[2028] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C

.text E:\WINDOWS\system32\RUNDLL32.EXE[2028] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464

.text E:\WINDOWS\system32\RUNDLL32.EXE[2028] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608

.text E:\WINDOWS\system32\RUNDLL32.EXE[2028] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 000807AC

.text E:\WINDOWS\system32\RUNDLL32.EXE[2028] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00080720

.text E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe[2036] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe[2036] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe[2036] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe[2036] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe[2036] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe[2036] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004

.text E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe[2036] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C

.text E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe[2036] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0

.text E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe[2036] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C

.text E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe[2036] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8

.text E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe[2036] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C

.text E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe[2036] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464

.text E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe[2036] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608

.text E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe[2036] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC

.text E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe[2036] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720

.text C:\Program Files\Spamihilator\spamihilator.exe[2044] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\Spamihilator\spamihilator.exe[2044] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\Spamihilator\spamihilator.exe[2044] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\Spamihilator\spamihilator.exe[2044] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\Spamihilator\spamihilator.exe[2044] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\Spamihilator\spamihilator.exe[2044] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004

.text C:\Program Files\Spamihilator\spamihilator.exe[2044] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C

.text C:\Program Files\Spamihilator\spamihilator.exe[2044] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0

.text C:\Program Files\Spamihilator\spamihilator.exe[2044] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C

.text C:\Program Files\Spamihilator\spamihilator.exe[2044] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8

.text C:\Program Files\Spamihilator\spamihilator.exe[2044] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C

.text C:\Program Files\Spamihilator\spamihilator.exe[2044] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464

.text C:\Program Files\Spamihilator\spamihilator.exe[2044] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608

.text C:\Program Files\Spamihilator\spamihilator.exe[2044] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC

.text C:\Program Files\Spamihilator\spamihilator.exe[2044] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720

.text C:\Program Files\Spamihilator\spamihilator.exe[2044] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text C:\Program Files\Spamihilator\spamihilator.exe[2044] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text C:\Program Files\Spamihilator\spamihilator.exe[2044] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text E:\WINDOWS\System32\alg.exe[2236] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text E:\WINDOWS\System32\alg.exe[2236] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text E:\WINDOWS\System32\alg.exe[2236] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text E:\WINDOWS\System32\alg.exe[2236] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text E:\WINDOWS\System32\alg.exe[2236] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text E:\WINDOWS\System32\alg.exe[2236] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004

.text E:\WINDOWS\System32\alg.exe[2236] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C

.text E:\WINDOWS\System32\alg.exe[2236] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0

.text E:\WINDOWS\System32\alg.exe[2236] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C

.text E:\WINDOWS\System32\alg.exe[2236] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8

.text E:\WINDOWS\System32\alg.exe[2236] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C

.text E:\WINDOWS\System32\alg.exe[2236] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464

.text E:\WINDOWS\System32\alg.exe[2236] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608

.text E:\WINDOWS\System32\alg.exe[2236] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 000807AC

.text E:\WINDOWS\System32\alg.exe[2236] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00080720

.text E:\WINDOWS\System32\alg.exe[2236] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4

.text E:\WINDOWS\System32\alg.exe[2236] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838

.text E:\WINDOWS\System32\alg.exe[2236] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text C:\mesdocuments\rapporthijack\gmer.exe[2360] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text C:\mesdocuments\rapporthijack\gmer.exe[2360] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text C:\mesdocuments\rapporthijack\gmer.exe[2360] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text C:\mesdocuments\rapporthijack\gmer.exe[2360] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004

.text C:\mesdocuments\rapporthijack\gmer.exe[2360] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C

.text C:\mesdocuments\rapporthijack\gmer.exe[2360] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0

.text C:\mesdocuments\rapporthijack\gmer.exe[2360] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C

.text C:\mesdocuments\rapporthijack\gmer.exe[2360] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8

.text C:\mesdocuments\rapporthijack\gmer.exe[2360] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C

.text C:\mesdocuments\rapporthijack\gmer.exe[2360] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608

.text C:\mesdocuments\rapporthijack\gmer.exe[2360] USER32.DLL!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC

.text C:\mesdocuments\rapporthijack\gmer.exe[2360] USER32.DLL!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720

.text E:\WINDOWS\system32\wuauclt.exe[3012] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8

.text E:\WINDOWS\system32\wuauclt.exe[3012] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090

.text E:\WINDOWS\system32\wuauclt.exe[3012] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694

.text E:\WINDOWS\system32\wuauclt.exe[3012] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0

.text E:\WINDOWS\system32\wuauclt.exe[3012] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234

.text E:\WINDOWS\system32\wuauclt.exe[3012] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004

.text E:\WINDOWS\system32\wuauclt.exe[3012] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C

.text E:\WINDOWS\system32\wuauclt.exe[3012] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0

.text E:\WINDOWS\system32\wuauclt.exe[3012] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C

.text E:\WINDOWS\system32\wuauclt.exe[3012] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8

.text E:\WINDOWS\system32\wuauclt.exe[3012] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C

.text E:\WINDOWS\system32\wuauclt.exe[3012] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464

.text E:\WINDOWS\system32\wuauclt.exe[3012] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608

.text E:\WINDOWS\system32\wuauclt.exe[3012] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 000807AC

.text E:\WINDOWS\system32\wuauclt.exe[3012] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00080720

.text E:\Program Files\Mozilla Firefox\firefox.exe[3488] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8

.text E:\Program Files\Mozilla Firefox\firefox.exe[3488] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090

.text E:\Program Files\Mozilla Firefox\firefox.exe[3488] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

.text E:\Program Files\Mozilla Firefox\firefox.exe[3488] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0

.text E:\Program Files\Mozilla Firefox\firefox.exe[3488] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234

.text E:\Program Files\Mozilla Firefox\firefox.exe[3488] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004

.text E:\Program Files\Mozilla Firefox\firefox.exe[3488] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C

.text E:\Program Files\Mozilla Firefox\firefox.exe[3488] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0

.text E:\Program Files\Mozilla Firefox\firefox.exe[3488] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C

.text E:\Program Files\Mozilla Firefox\firefox.exe[3488] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8

.text E:\Program Files\Mozilla Firefox\firefox.exe[3488] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C

.text E:\Program Files\Mozilla Firefox\firefox.exe[3488] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464

.text E:\Program Files\Mozilla Firefox\firefox.exe[3488] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608

.text E:\Program Files\Mozilla Firefox\firefox.exe[3488] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4

.text E:\Program Files\Mozilla Firefox\firefox.exe[3488] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838

.text E:\Program Files\Mozilla Firefox\firefox.exe[3488] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950

.text E:\Program Files\Mozilla Firefox\firefox.exe[3488] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC

.text E:\Program Files\Mozilla Firefox\firefox.exe[3488] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720

.text E:\Program Files\Mozilla Firefox\firefox.exe[3488] WININET.dll!InternetOpenW 77AAAF69 5 Bytes JMP 00130DB0

.text E:\Program Files\Mozilla Firefox\firefox.exe[3488] WININET.dll!InternetConnectA 77AB34A9 5 Bytes JMP 00130F54

.text E:\Program Files\Mozilla Firefox\firefox.exe[3488] WININET.dll!InternetOpenA 77AB592A 5 Bytes JMP 00130D24

.text E:\Program Files\Mozilla Firefox\firefox.exe[3488] WININET.dll!InternetOpenUrlA 77AB5BF6 5 Bytes JMP 00130E3C

.text E:\Program Files\Mozilla Firefox\firefox.exe[3488] WININET.dll!InternetConnectW 77ABEE70 5 Bytes JMP 00130FE0

.text E:\Program Files\Mozilla Firefox\firefox.exe[3488] WININET.dll!InternetOpenUrlW 77AC5BC2 5 Bytes JMP 00130EC8

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 867C82D8

IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F773FC4C] spho.sys

IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F773FCA0] spho.sys

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F770F040] spho.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F770F13C] spho.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F770F0BE] spho.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F770F7FC] spho.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F770F6D2] spho.sys

IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 865055E0

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!RtlInitUnicodeString] 9252D2DB

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!swprintf] [804FC5C0] \WINDOWS\system32\ntoskrnl.exe (Noyau et système NT/Microsoft Corporation)

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KeSetEvent] 8E44C8C9

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoCreateSymbolicLink] A475EBF6

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoGetConfigurationInformation] AA7EE6FF

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] B863F1E4

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!MmFreeMappingAddress] B668FCED

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 0CB1670A

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 02BA6A03

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!MmUnmapIoSpace] 10A77D18

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 1EAC7011

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IofCompleteRequest] 349D532E

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 3A965E27

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IofCallDriver] 288B493C

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 26804435

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 7CE90F42

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoConnectInterrupt] 72E2024B

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoDetachDevice] 60FF1550

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KeWaitForSingleObject] 6EF41859

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KeInitializeEvent] 44C53B66

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 4ACE366F

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!RtlInitAnsiString] 58D32174

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 56D82C7D

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoQueueWorkItem] 377A0CA1

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!MmMapIoSpace] 397101A8

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 2B6C16B3

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoReportDetectedDevice] 25671BBA

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoReportResourceForDetection] 0F563885

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 015D358C

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!NlsMbCodePageTag] 13402297

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!PoRequestPowerIrp] 1D4B2F9E

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 472264E9

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 492969E0

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!sprintf] 5B347EFB

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 553F73F2

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!ObfDereferenceObject] 7F0E50CD

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 71055DC4

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 63184ADF

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!ZwClose] 6D1347D6

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] D7CADC31

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] D9C1D138

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] CBDCC623

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!PoStartNextPowerIrp] C5D7CB2A

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!PoCallDriver] EFE6E815

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoCreateDevice] E1EDE51C

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] F3F0F207

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!RtlQueryRegistryValues] FDFBFF0E

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!ZwOpenKey] A792B479

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!RtlFreeUnicodeString] A999B970

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoStartTimer] BB84AE6B

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KeInitializeTimer] B58FA362

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoInitializeTimer] 9FBE805D

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KeInitializeDpc] 91B58D54

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KeInitializeSpinLock] 83A89A4F

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoInitializeIrp] 8DA39746

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!ZwCreateKey] 00000063

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 0000007C

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 00000077

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!ZwSetValueKey] 0000007B

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KeInsertQueueDpc] 000000F2

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 0000006B

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoStartPacket] 0000006F

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 000000C5

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 00000030

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoFreeMdl] 00000001

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!MmUnlockPages] 00000067

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 0000002B

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 000000FE

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 000000D7

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 000000AB

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KeSynchronizeExecution] 00000076

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoStartNextPacket] 000000CA

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KeBugCheckEx] 00000082

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 000000C9

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KeSetTimer] 0000007D

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KeCancelTimer] 000000FA

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!_allmul] 00000059

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000047

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!_except_handler3] 000000F0

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!PoSetPowerState] 000000AD

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 000000D4

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 000000A2

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!_aulldiv] 000000AF

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!strstr] 0000009C

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!_strupr] 000000A4

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KeQuerySystemTime] 00000072

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 000000C0

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KeTickCount] 000000B7

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 000000FD

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoDeleteDevice] 00000093

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 00000026

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoAllocateWorkItem] 00000036

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoAllocateIrp] 0000003F

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoAllocateMdl] 000000F7

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 000000CC

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!MmLockPagableDataSection] 00000034

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 000000A5

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 000000E5

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!ExFreePoolWithTag] 000000F1

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoFreeIrp] 00000071

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoFreeWorkItem] 000000D8

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!InitSafeBootMode] 00000031

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!RtlCompareMemory] 00000015

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 00000004

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!memmove] 000000C7

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!MmHighestUserAddress] 00000023

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[HAL.dll!KfAcquireSpinLock] 0A64D90F

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[HAL.dll!READ_PORT_UCHAR] 046FD406

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[HAL.dll!KeGetCurrentIrql] 1672C31D

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[HAL.dll!KfRaiseIrql] 1879CE14

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[HAL.dll!KfLowerIrql] 3248ED2B

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[HAL.dll!HalGetInterruptVector] 3C43E022

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[HAL.dll!HalTranslateBusAddress] 2E5EF739

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[HAL.dll!KeStallExecutionProcessor] 2055FA30

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[HAL.dll!KfReleaseSpinLock] EC01B79A

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] E20ABA93

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[HAL.dll!READ_PORT_USHORT] F017AD88

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] FE1CA081

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[HAL.dll!WRITE_PORT_UCHAR] D42D83BE

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[WMILIB.SYS!WmiSystemControl] C83B99AC

IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[WMILIB.SYS!WmiCompleteRequest] C63094A5

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F771F048] spho.sys

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [EE78D1B0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software)

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [EE78D1CB] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software)

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [EE78D24F] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software)

IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [EE78D272] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software)

IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [EE78D24F] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software)

IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [EE78D1CB] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software)

IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [EE78D1B0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software)

IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [EE78D24F] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software)

IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [EE78D272] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software)

IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [EE78D1B0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software)

IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [EE78D1CB] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software)

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 867571F8

AttachedDevice \FileSystem\Ntfs \Ntfs avgntmgr.sys (Antivir H+BEDV Datentechnik GmbH File Filter Driver Manager (XP/2003)/H+BEDV Datentechnik GmbH)

Device \FileSystem\Fastfat \FatCdrom 858A6500

Device \FileSystem\Udfs \UdfsCdRom 865C7500

Device \FileSystem\Udfs \UdfsDisk 865C7500

AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Sunbelt Software)

AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (Noyau et système NT/Microsoft Corporation)

Device \Driver\usbuhci \Device\USBPDO-0 865011F8

Device \Driver\dmio \Device\DmControl\DmIoDaemon 867C61F8

Device \Driver\dmio \Device\DmControl\DmConfig 867C61F8

Device \Driver\dmio \Device\DmControl\DmPnP 867C61F8

Device \Driver\dmio \Device\DmControl\DmInfo 867C61F8

Device \Driver\usbuhci \Device\USBPDO-1 865011F8

Device \Driver\usbehci \Device\USBPDO-2 864EA1F8

Device \Driver\usbuhci \Device\USBPDO-3 865011F8

Device \Driver\PCI_PNP9756 \Device\00000047 spho.sys

Device \Driver\usbuhci \Device\USBPDO-4 865011F8

AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys (Sunbelt Software)

AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (Noyau et système NT/Microsoft Corporation)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8675A1F8

Device \Driver\USBSTOR \Device\00000071 863E0500

Device \Driver\Ftdisk \Device\HarddiskVolume2 8675A1F8

Device \Driver\Cdrom \Device\CdRom0 864DC1F8

Device \Driver\Cdrom \Device\CdRom1 864DC1F8

Device \Driver\atapi \Device\Ide\IdePort0 867591F8

Device \Driver\atapi \Device\Ide\IdePort1 867591F8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 867591F8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 867591F8

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 867591F8

Device \Driver\USBSTOR \Device\00000073 863E0500

Device \Driver\NetBT \Device\NetBt_Wins_Export 863DF500

Device \Driver\NetBT \Device\NetbiosSmb 863DF500

AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys (Sunbelt Software)

AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (Noyau et système NT/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys (Sunbelt Software)

AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (Noyau et système NT/Microsoft Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 865011F8

Device \Driver\sptd \Device\904464756 spho.sys

Device \Driver\usbuhci \Device\USBFDO-1 865011F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 863CE500

Device \Driver\usbehci \Device\USBFDO-2 864EA1F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector 863CE500

Device \Driver\usbuhci \Device\USBFDO-3 865011F8

Device \Driver\usbuhci \Device\USBFDO-4 865011F8

Device \Driver\Ftdisk \Device\FtControl 8675A1F8

Device \Driver\a3k9jsji \Device\Scsi\a3k9jsji1 86540500

Device \Driver\a3k9jsji \Device\Scsi\a3k9jsji1Port3Path0Target0Lun0 86540500

Device \Driver\aic78xx \Device\Scsi\aic78xx1 867C51F8

Device \FileSystem\Fastfat \Fat 858A6500

AttachedDevice \FileSystem\Fastfat \Fat avgntmgr.sys (Antivir H+BEDV Datentechnik GmbH File Filter Driver Manager (XP/2003)/H+BEDV Datentechnik GmbH)

Device \FileSystem\Cdfs \Cdfs 856C6500

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 c:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3C 0x62 0xD5 0xCC ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x44 0xD1 0xC7 0xDA ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC9 0x26 0x01 0x4C ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 c:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3C 0x62 0xD5 0xCC ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x44 0xD1 0xC7 0xDA ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC9 0x26 0x01 0x4C ...

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Macromedia\Dreamweaver 8\Configuration\Behaviors\Events\4.0 et ultÃ\x2026Â\xbdrieurs.htm 2

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 81DD39FE5F3B3F80E4C325EDDE9C95B9EA510222DBF737BBB215D6E7477152A16E77F144B64C8CB3

8D37EA7BDB11875C783EA8E1FC08F4DED53E0A8215023F616EA30D13E8EF43520ED691B8C24B8D8A8

4C7A59CB14E3DD2AB56644EDBFEDDAA05FA637C5F83E6E6E34DB5F4CA4EC01DA54FF4FD1793D76080

14E1F34295C4D0572814C56BB905722D5BB6B30AF0BCDE15C9D665AD741340C6BFC55052C69419B26

A8069BF172AE92ED5362A7E5E2015AFC050E7DC5DBE2095BA13737AE76D408415CF147276E834CF24

9C43089410F07450A74BEB16AFA3A47494238D21F4F3DE8EEB278006D9AC9C43949E6AE6329D0BAAE

A0C09FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BEC

C74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5C8EDD5E5BE2F6E667A6A0AC4980AC7

93304F0971F8A917233AD17EBBD942BDA574A510E6384224722A0E6D21160EDC6972AD7F563D65093

F73CE204D697E372C3FC1E180BECBACFCBB11AE523310CB8D3519D9B2B0DF31AC7EFE4061586C0DC7

DF88095C3E5D1C30133B226A4E008A0031EEF1C5921405E4015DC51F48C654E88CCE7D2C26F8C5153

1B726BA3E327CB5D89027F771B3CE860490D3C18E5B9AC50DCCA94E21AD45F33301D0753C074BC7E6

40BC2B09833780DFE3E90C2E46B94A1619F8D210ED6857711FE3

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.14 ----

vieuxrusé · le 18 octobre 2008

Thanos me revoilà quand même .J'ai procédé au point 1 avec le CD d'installation puis relancé le PC et il a ré effectué la même chose. je l'ai de nouveau relancé en enlevant le CD et rebelote avec les deux fenêtre une me demandant d'insérer le CD service pack2 et l'autre avec une barre d'avancement de l'installation .

2) en ce qui concerne l'antivirus j'ai peut-être trouvé la solution il m'indique à un moment que la license a expiré j'ai fait une désinstallation je fait un nettoyage avec ccleaner je télécharge une version récente puis je te tiens au courant.

a +

Vieuxrusé

vieuxrusé · le 18 octobre 2008

antivir ça n'a pas fonctionné voici ce que je trouve dans une une des fenêtre:

The #PRODUCTNAME Notifier was not able to gain access to the Internet. This is probably prevented by a

Firewall. It is imperative that the #PRODUCTNAME Notifier has access to the Internet, in order to

get information of the #PRODUCTNAME Personal Edition in future. Information which is provided in the

PRODUCTNAME Notifier can contain important innovations regarding current viruses or indications for the

security of your PC. Please release the application #PRODUCTNAME Notifier in your firewall settings, if you

want to obtain these information.

If you do not want to receive these information, you can turn off the #PRODUCTNAME Notifier on every new

information through the check mark "deactivate Notifier for this message.

puis une autre ou il est ecrit :Invalid user agent string

et puis quoi encore ..

Thanos · le 18 octobre 2008

salut

Désolé pour l'attente (je suis au boulot, c'est la pause ^^)

J'ai besoin que tu fasses analyser un fichier en ligne stp (c'est très rapide) >>

Rends toi sur ce lien : Virus Total

Clique sur le bouton Parcourir...
Une fenêtre va s'ouvrir: copie/colle ceci à droite du champs "Nom du Fichier" >>

E:\WINDOWS\System32\Drivers\a3k9jsji.SYS
Clique ensuite sur le bouton Ouvrir en bas de page à droite.
Clique sur Envoyer le fichier, et si VirusTotal dit que le fichier a déjà été analysé, clique sur le bouton Reanalyse le fichier maintenant.
Laisse le site travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. Dans ce cas, il te faudra patienter sans réactualiser la page.
Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté (en haut à gauche)
Une nouvelle fenêtre de ton navigateur va apparaître
Clique alors sur cette image :
Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
Enfin colle le résultat dans ta prochaine réponse.
NB :Il est important de me communiquer le résultat de toute l'analyse quel qu'il soit.

Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, auquel cas il faudra leur faire ignorer les alertes.

Je te lirai en rentrant

Modifié le 18 octobre 2008 par Thanos

vieuxrusé · le 18 octobre 2008

en ce qui concerne antivir même le firewall désactivé ou enlevé ça ne marche pas

vieuxrusé · le 18 octobre 2008

salut

Désolé pour l'attente (je suis au boulot, c'est la pause ^^)

J'ai besoin que tu fasses analyser un fichier en ligne stp (c'est très rapide) >>

Rends toi sur ce lien : Virus Total

Clique sur le bouton Parcourir...

Une fenêtre va s'ouvrir: copie/colle ceci à droite du champs "Nom du Fichier" >>

E:\WINDOWS\System32\Drivers\a3k9jsji.SYS

Clique ensuite sur le bouton Ouvrir en bas de page à droite.

Clique sur Envoyer le fichier, et si VirusTotal dit que le fichier a déjà été analysé, clique sur le bouton Reanalyse le fichier maintenant.

Laisse le site travailler tant que "Situation actuelle : en cours d'analyse" est affiché.

Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. Dans ce cas, il te faudra patienter sans réactualiser la page.

Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté (en haut à gauche)

Une nouvelle fenêtre de ton navigateur va apparaître

Clique alors sur cette image :

Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier

Enfin colle le résultat dans ta prochaine réponse.
NB :Il est important de me communiquer le résultat de toute l'analyse quel qu'il soit.

Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, auquel cas il faudra leur faire ignorer les alertes.

Je te lirai en rentrant

Je ne me suis pas inquiété .

Le fichier indiqué n'existe pas... J'ai même effectué une recherche , mais rien.

ad'taleur ou à demain en attendant je désinstalle kerio puis antivir et procède a d'autres essais

vieuxrusé · le 18 octobre 2008

Bonsoir le travailleur. J'ai une bonne nouvelle après les opérations précédemment cité j'ai telechager avira version 8 et des bananes.Et voilà la surprise installation nickel mise à jour également.

Je passe à la seconde phase le firewall je vais essayé Jetico (qui est gratuit) même si vous dites que (long, fastidieux mais efficace )

il ne reste plus que c'est message de départ.

Ad'taleur Vieuxrusé

Thanos · le 18 octobre 2008

salut

Ouf! content qu'Antivir fonctionne correctement

Pour ce qui est de Jetico, c'est un bon choix Quand tu auras le temps, lis ce tutoriel qui te détaillera son fonctionnement >> Tuto de Odsen => http://benoit.aun.free.fr/securite-facile-php/jetico.php

Une petite recherche rapide à faire dans la base de registre à l'aide de ce programme stp vieuxrusé, car ce driver me semble louche >>

Télécharge RegSearch.exe (Registry Search de Bobbi Flekman)

dézippe dans un répertoire dédié tel que C:\Program Files
double clique sur RegSearch.exe
copie colle les entrées en bleu dans les lignes de la zone de recherche:
(n'entre qu'un seul élément par ligne!)

a3k9jsji
a3k9jsji.SYS
spho.sys
rien dans la ligne "Enter string to exclude from results" et clique sur "OK".
après recherche, le bloc-notes ouvre une fenêtre "RegSearch.txt" avec toutes les instances trouvées
le fichier est en outre sauvegardé dans le même répertoire que celui de RegSearch
copie-colle le contenu de la fenêtre dans un post, ici
ferme le bloc-notes et ferme RegSearch par Cancel
Si la manipulation ne marche pas, entre les éléments un par un.

vieuxrusé · le 18 octobre 2008

et voilà

Windows Registry Editor Version 5.00

; Version: 2.0.5.0

; Results at 18/10/2008 22:30:57 for strings:

; 'a3k9jsji'

; 'a3k9jsji.sys'

; 'spho.sys'

; Strings excluded from search:

; (None)

; Search in:

; Registry Keys Registry Values Registry Data

; HKEY_LOCAL_MACHINE HKEY_USERS

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU]

"000"="a3k9jsji.SYS"

; End Of The Log...

Connexion

Pas encore inscrit ?

virus alert

Messages recommandés

Thanos

vieuxrusé

vieuxrusé

vieuxrusé

Thanos

vieuxrusé

vieuxrusé

vieuxrusé

Thanos

vieuxrusé

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer