Malwarebytes trouve un Trojan.

[Thanos]

pas grave! poste le quand tu peux

[nividig]

Voila, pour se qui est d'avast, le scan est finis et il n'a rien trouvé.

 

Pour Info : Temps écoulé : 1:10:52

Fichiers testés : 164617

Dossiers testés : 13832

Volume de données testées : 174,3 GO

Fichiers infectés : 0

 

Je poursuis @+

[nividig]

Voila le rapport demandé :

 

"0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name: Sys6925.Config Collection.sys

Submission date: 2010-09-24 22:22:37 (UTC)

Current status: finished

Result: 0/ 43 (0.0%)

VT Community

 

not reviewed

Safety score: -

Compact

Print results

Antivirus Version Last Update Result

AhnLab-V3 2010.09.25.00 2010.09.24 -

AntiVir 7.10.12.30 2010.09.24 -

Antiy-AVL 2.0.3.7 2010.09.24 -

Authentium 5.2.0.5 2010.09.24 -

Avast 4.8.1351.0 2010.09.24 -

Avast5 5.0.594.0 2010.09.24 -

AVG 9.0.0.851 2010.09.24 -

BitDefender 7.2 2010.09.24 -

CAT-QuickHeal 11.00 2010.09.24 -

ClamAV 0.96.2.0-git 2010.09.24 -

Comodo 6189 2010.09.24 -

DrWeb 5.0.2.03300 2010.09.24 -

Emsisoft 5.0.0.37 2010.09.24 -

eSafe 7.0.17.0 2010.09.21 -

eTrust-Vet 36.1.7874 2010.09.24 -

F-Prot 4.6.2.117 2010.09.24 -

F-Secure 9.0.15370.0 2010.09.24 -

Fortinet 4.1.143.0 2010.09.24 -

GData 21 2010.09.24 -

Ikarus T3.1.1.88.0 2010.09.24 -

Jiangmin 13.0.900 2010.09.21 -

K7AntiVirus 9.63.2600 2010.09.24 -

Kaspersky 7.0.0.125 2010.09.24 -

McAfee 5.400.0.1158 2010.09.25 -

McAfee-GW-Edition 2010.1C 2010.09.24 -

Microsoft 1.6201 2010.09.24 -

NOD32 5477 2010.09.24 -

Norman 6.06.06 2010.09.24 -

nProtect 2010-09-24.02 2010.09.24 -

Panda 10.0.2.7 2010.09.24 -

PCTools 7.0.3.5 2010.09.24 -

Prevx 3.0 2010.09.25 -

Rising 22.66.00.07 2010.09.21 -

Sophos 4.58.0 2010.09.24 -

Sunbelt 6924 2010.09.24 -

SUPERAntiSpyware 4.40.0.1006 2010.09.25 -

Symantec 20101.1.1.7 2010.09.24 -

TheHacker 6.7.0.0.030 2010.09.24 -

TrendMicro 9.120.0.1004 2010.09.24 -

TrendMicro-HouseCall 9.120.0.1004 2010.09.24 -

VBA32 3.12.14.1 2010.09.24 -

ViRobot 2010.9.24.4059 2010.09.24 -

VirusBuster 12.65.25.0 2010.09.24 -

Additional informationShow all

MD5 : 7419cc5cfcf5664ad9ffb5bb0e31a422

SHA1 : 21b363662189a62541ef55472489ba08cf862b5a

SHA256: 3f4dc2b21e587f0f3053e7639b047223ad8e8b54e7d983b9e5d853296d5cfc5d

VT Community

This file has never been reviewed by any VT Community member. Be the first one to comment on it!

VirusTotal Team "

 

 

@°

[Thanos]

salut

 

Ok je vais te demander un dernier scan pour terminer =>

 

Désactive l'antivirus le temps de faire le scan.

(n'oublie pas de le réactiver après ca).

 

Télécharge GMER Rootkit Scanner

 

• Clique sur le bouton "Download EXE"
  
• Sauvegarde-le sur ton Bureau.
  
• Colle et sauvegarde ces instructions dans un fichier texte ou imprime-les, car tu devras fermer le navigateur.
  
• Ferme les fenêtres de navigateur ouvertes et tout autre programme ouvert car le scan peut faire planter le pc.
  
• Lance le fichier téléchargé (le nom comporte 8 chiffres/lettres aléatoires) par double clic ;
  
• Si l'outil te lance un warning d'activité de rootkit et te demande de faire un scan ; clique "NO"
  
  
• Clique maintenant sur le bouton et patiente (cela peut prendre 10 minutes ou +)
  
• Lorsque l'analyse sera terminée, clique sur le bouton (au bas à droite)
  
• Nomme le fichier"Ark.txt" et sauvegarde-le sur le Bureau
  
• Copie/colle le contenu de ce rapport dans ta réponse.

[nividig]

Bonsoir Thanos,

 

et encore merci pour ton aide !

 

Voici le rapport de GMER :

 

 

 

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover

Rootkit scan 2010-09-26 19:44:01

Windows 5.1.2600 Service Pack 3

Running: bn3qwnj5.exe; Driver: C:\DOCUME~1\LEBERR~1\LOCALS~1\Temp\kwtdrfoc.sys

 

 

---- System - GMER 1.0.15 ----

 

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xEDB0DCF0]

SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateFile [0xEDCC9868]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xEDB0DBAC]

SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcess [0xEDCC8E90]

SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcessEx [0xEDCC8D9C]

SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateThread [0xEDCC93FC]

SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteFile [0xEDCCA210]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xEDB0E160]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xEDB0E08A]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xEDB0D782]

SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwLoadDriver [0xF236501C]

SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwMapViewOfSection [0xF2365168]

SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenFile [0xEDCC9B54]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xEDB0DC86]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xEDB0D6C2]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xEDB0D726]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xEDB0DDA6]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xEDB0E22E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xEDB0DD66]

SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwResumeThread [0xEDCC94EC]

SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetInformationFile [0xEDCC9E8C]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xEDB0DEE6]

SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xB93056D0]

SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwWriteFile [0xEDCC9DE0]

 

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xEDB1A9D2]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

 

---- Kernel code sections - GMER 1.0.15 ----

 

PAGE ntkrnlpa.exe!NtCreateSection 805A075C 7 Bytes JMP EDB1A9D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1CE0 5 Bytes JMP EDB165D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

PAGE ntkrnlpa.exe!ObInsertObject 805B8B58 5 Bytes JMP EDB17FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xEF240360, 0x372FAD, 0xE8000020]

init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xEEEFD870]

? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys Le fichier spécifié est introuvable. !

 

---- User code sections - GMER 1.0.15 ----

 

.text C:\WINDOWS\system32\spoolsv.exe[240] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\spoolsv.exe[240] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\spoolsv.exe[240] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\spoolsv.exe[240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\spoolsv.exe[240] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\spoolsv.exe[240] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\spoolsv.exe[240] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\spoolsv.exe[240] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\spoolsv.exe[240] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\spoolsv.exe[240] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\spoolsv.exe[240] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\spoolsv.exe[240] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\spoolsv.exe[240] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\spoolsv.exe[240] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\spoolsv.exe[240] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720

.text C:\WINDOWS\system32\spoolsv.exe[240] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4

.text C:\WINDOWS\system32\spoolsv.exe[240] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838

.text C:\WINDOWS\system32\spoolsv.exe[240] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] WININET.dll!InternetConnectA 404BB0D2 5 Bytes JMP 00130F54

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] WININET.dll!InternetConnectW 404BC2C0 5 Bytes JMP 00130FE0

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] WININET.dll!InternetOpenA 404C3081 5 Bytes JMP 00130D24

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] WININET.dll!InternetOpenW 404C36B1 5 Bytes JMP 00130DB0

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] WININET.dll!InternetOpenUrlA 404C6F5A 5 Bytes JMP 00130E3C

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] WININET.dll!InternetOpenUrlW 40508439 5 Bytes JMP 00130EC8

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] ws2_32.dll!socket 719F4211 5 Bytes JMP 001308C4

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] ws2_32.dll!bind 719F4480 5 Bytes JMP 00130838

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] ws2_32.dll!connect 719F4A07 5 Bytes JMP 00130950

.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[476] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8

.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[476] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090

.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[476] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694

.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[476] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0

.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[476] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234

.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[476] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004

.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[476] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C

.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[476] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0

.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[476] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C

.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[476] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8

.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[476] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C

.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[476] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 00130464

.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[476] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608

.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[476] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC

.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[476] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720

.text C:\WINDOWS\system32\nvsvc32.exe[704] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8

.text C:\WINDOWS\system32\nvsvc32.exe[704] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090

.text C:\WINDOWS\system32\nvsvc32.exe[704] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694

.text C:\WINDOWS\system32\nvsvc32.exe[704] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0

.text C:\WINDOWS\system32\nvsvc32.exe[704] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234

.text C:\WINDOWS\system32\nvsvc32.exe[704] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004

.text C:\WINDOWS\system32\nvsvc32.exe[704] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C

.text C:\WINDOWS\system32\nvsvc32.exe[704] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0

.text C:\WINDOWS\system32\nvsvc32.exe[704] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C

.text C:\WINDOWS\system32\nvsvc32.exe[704] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8

.text C:\WINDOWS\system32\nvsvc32.exe[704] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C

.text C:\WINDOWS\system32\nvsvc32.exe[704] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464

.text C:\WINDOWS\system32\nvsvc32.exe[704] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608

.text C:\WINDOWS\system32\nvsvc32.exe[704] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC

.text C:\WINDOWS\system32\nvsvc32.exe[704] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720

.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8

.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090

.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694

.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0

.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234

.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004

.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C

.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0

.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C

.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8

.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C

.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464

.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608

.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000707AC

.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00070720

.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] WS2_32.dll!socket 719F4211 5 Bytes JMP 000708C4

.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] WS2_32.dll!bind 719F4480 5 Bytes JMP 00070838

.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00070950

.text C:\WINDOWS\Explorer.EXE[864] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8

.text C:\WINDOWS\Explorer.EXE[864] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090

.text C:\WINDOWS\Explorer.EXE[864] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694

.text C:\WINDOWS\Explorer.EXE[864] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0

.text C:\WINDOWS\Explorer.EXE[864] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234

.text C:\WINDOWS\Explorer.EXE[864] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004

.text C:\WINDOWS\Explorer.EXE[864] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C

.text C:\WINDOWS\Explorer.EXE[864] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0

.text C:\WINDOWS\Explorer.EXE[864] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C

.text C:\WINDOWS\Explorer.EXE[864] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8

.text C:\WINDOWS\Explorer.EXE[864] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C

.text C:\WINDOWS\Explorer.EXE[864] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464

.text C:\WINDOWS\Explorer.EXE[864] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608

.text C:\WINDOWS\Explorer.EXE[864] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC

.text C:\WINDOWS\Explorer.EXE[864] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720

.text C:\WINDOWS\Explorer.EXE[864] WININET.dll!InternetConnectA 404BB0D2 5 Bytes JMP 00080F54

.text C:\WINDOWS\Explorer.EXE[864] WININET.dll!InternetConnectW 404BC2C0 5 Bytes JMP 00080FE0

.text C:\WINDOWS\Explorer.EXE[864] WININET.dll!InternetOpenA 404C3081 5 Bytes JMP 00080D24

.text C:\WINDOWS\Explorer.EXE[864] WININET.dll!InternetOpenW 404C36B1 5 Bytes JMP 00080DB0

.text C:\WINDOWS\Explorer.EXE[864] WININET.dll!InternetOpenUrlA 404C6F5A 5 Bytes JMP 00080E3C

.text C:\WINDOWS\Explorer.EXE[864] WININET.dll!InternetOpenUrlW 40508439 5 Bytes JMP 00080EC8

.text C:\WINDOWS\Explorer.EXE[864] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4

.text C:\WINDOWS\Explorer.EXE[864] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838

.text C:\WINDOWS\Explorer.EXE[864] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950

.text C:\WINDOWS\system32\csrss.exe[928] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001601A8

.text C:\WINDOWS\system32\csrss.exe[928] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00160090

.text C:\WINDOWS\system32\csrss.exe[928] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00160694

.text C:\WINDOWS\system32\csrss.exe[928] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001602C0

.text C:\WINDOWS\system32\csrss.exe[928] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00160234

.text C:\WINDOWS\system32\csrss.exe[928] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00160004

.text C:\WINDOWS\system32\csrss.exe[928] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0016011C

.text C:\WINDOWS\system32\csrss.exe[928] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001604F0

.text C:\WINDOWS\system32\csrss.exe[928] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0016057C

.text C:\WINDOWS\system32\csrss.exe[928] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001603D8

.text C:\WINDOWS\system32\csrss.exe[928] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0016034C

.text C:\WINDOWS\system32\csrss.exe[928] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 00160464

.text C:\WINDOWS\system32\csrss.exe[928] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00160608

.text C:\WINDOWS\system32\csrss.exe[928] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001607AC

.text C:\WINDOWS\system32\csrss.exe[928] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00160720

.text C:\WINDOWS\system32\winlogon.exe[952] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8

.text C:\WINDOWS\system32\winlogon.exe[952] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090

.text C:\WINDOWS\system32\winlogon.exe[952] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694

.text C:\WINDOWS\system32\winlogon.exe[952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0

.text C:\WINDOWS\system32\winlogon.exe[952] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234

.text C:\WINDOWS\system32\winlogon.exe[952] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004

.text C:\WINDOWS\system32\winlogon.exe[952] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C

.text C:\WINDOWS\system32\winlogon.exe[952] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0

.text C:\WINDOWS\system32\winlogon.exe[952] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C

.text C:\WINDOWS\system32\winlogon.exe[952] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8

.text C:\WINDOWS\system32\winlogon.exe[952] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C

.text C:\WINDOWS\system32\winlogon.exe[952] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464

.text C:\WINDOWS\system32\winlogon.exe[952] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608

.text C:\WINDOWS\system32\winlogon.exe[952] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000707AC

.text C:\WINDOWS\system32\winlogon.exe[952] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00070720

.text C:\WINDOWS\system32\winlogon.exe[952] WS2_32.dll!socket 719F4211 5 Bytes JMP 000708C4

.text C:\WINDOWS\system32\winlogon.exe[952] WS2_32.dll!bind 719F4480 5 Bytes JMP 00070838

.text C:\WINDOWS\system32\winlogon.exe[952] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00070950

.text C:\WINDOWS\system32\services.exe[996] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\services.exe[996] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\services.exe[996] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\services.exe[996] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\services.exe[996] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\services.exe[996] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\services.exe[996] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\services.exe[996] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\services.exe[996] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\services.exe[996] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\services.exe[996] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\services.exe[996] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\services.exe[996] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\services.exe[996] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\services.exe[996] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720

.text C:\WINDOWS\system32\lsass.exe[1008] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\lsass.exe[1008] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\lsass.exe[1008] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\lsass.exe[1008] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\lsass.exe[1008] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\lsass.exe[1008] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\lsass.exe[1008] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\lsass.exe[1008] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\lsass.exe[1008] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\lsass.exe[1008] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\lsass.exe[1008] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\lsass.exe[1008] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\lsass.exe[1008] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\lsass.exe[1008] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\lsass.exe[1008] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720

.text C:\WINDOWS\system32\lsass.exe[1008] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4

.text C:\WINDOWS\system32\lsass.exe[1008] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838

.text C:\WINDOWS\system32\lsass.exe[1008] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000301A8

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00030090

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00030694

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000302C0

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00030234

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00030004

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0003011C

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000304F0

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0003057C

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000303D8

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0003034C

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00030464

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00030608

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000307AC

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00030720

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] WININET.dll!InternetConnectA 404BB0D2 5 Bytes JMP 00030F54

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] WININET.dll!InternetConnectW 404BC2C0 5 Bytes JMP 00030FE0

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] WININET.dll!InternetOpenA 404C3081 5 Bytes JMP 00030D24

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] WININET.dll!InternetOpenW 404C36B1 5 Bytes JMP 00030DB0

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] WININET.dll!InternetOpenUrlA 404C6F5A 5 Bytes JMP 00030E3C

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] WININET.dll!InternetOpenUrlW 40508439 5 Bytes JMP 00030EC8

.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720

.text C:\WINDOWS\system32\svchost.exe[1184] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4

.text C:\WINDOWS\system32\svchost.exe[1184] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838

.text C:\WINDOWS\system32\svchost.exe[1184] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950

.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720

.text C:\WINDOWS\system32\svchost.exe[1256] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4

.text C:\WINDOWS\system32\svchost.exe[1256] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838

.text C:\WINDOWS\system32\svchost.exe[1256] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950

.text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8

.text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090

.text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694

.text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0

.text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234

.text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004

.text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C

.text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0

.text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C

.text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8

.text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C

.text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464

.text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608

.text C:\WINDOWS\System32\svchost.exe[1312] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC

.text C:\WINDOWS\System32\svchost.exe[1312] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720

.text C:\WINDOWS\system32\netdde.exe[1356] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\netdde.exe[1356] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\netdde.exe[1356] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\netdde.exe[1356] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\netdde.exe[1356] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\netdde.exe[1356] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\netdde.exe[1356] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\netdde.exe[1356] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\netdde.exe[1356] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\netdde.exe[1356] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\netdde.exe[1356] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\netdde.exe[1356] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\netdde.exe[1356] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\netdde.exe[1356] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\netdde.exe[1356] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720

.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8

.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090

.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694

.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0

.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234

.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004

.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C

.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0

.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C

.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8

.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C

.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464

.text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608

.text C:\WINDOWS\System32\svchost.exe[1380] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC

.text C:\WINDOWS\System32\svchost.exe[1380] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720

.text C:\WINDOWS\System32\svchost.exe[1380] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4

.text C:\WINDOWS\System32\svchost.exe[1380] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838

.text C:\WINDOWS\System32\svchost.exe[1380] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950

.text C:\WINDOWS\System32\svchost.exe[1380] WININET.dll!InternetConnectA 404BB0D2 5 Bytes JMP 00080F54

.text C:\WINDOWS\System32\svchost.exe[1380] WININET.dll!InternetConnectW 404BC2C0 5 Bytes JMP 00080FE0

.text C:\WINDOWS\System32\svchost.exe[1380] WININET.dll!InternetOpenA 404C3081 5 Bytes JMP 00080D24

.text C:\WINDOWS\System32\svchost.exe[1380] WININET.dll!InternetOpenW 404C36B1 5 Bytes JMP 00080DB0

.text C:\WINDOWS\System32\svchost.exe[1380] WININET.dll!InternetOpenUrlA 404C6F5A 5 Bytes JMP 00080E3C

.text C:\WINDOWS\System32\svchost.exe[1380] WININET.dll!InternetOpenUrlW 40508439 5 Bytes JMP 00080EC8

.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1400] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8

.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1400] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090

.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1400] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694

.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0

.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234

.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1400] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004

.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1400] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C

.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1400] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0

.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1400] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C

.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1400] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8

.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1400] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C

.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1400] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464

.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1400] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608

.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1400] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000707AC

.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1400] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00070720

.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8

.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090

.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694

.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0

.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234

.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004

.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C

.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0

.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C

.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8

.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C

.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464

.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608

.text C:\WINDOWS\System32\svchost.exe[1552] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC

.text C:\WINDOWS\System32\svchost.exe[1552] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720

.text C:\WINDOWS\System32\svchost.exe[1552] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4

.text C:\WINDOWS\System32\svchost.exe[1552] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838

.text C:\WINDOWS\System32\svchost.exe[1552] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00130950

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] WININET.dll!InternetConnectA 404BB0D2 5 Bytes JMP 00130F54

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] WININET.dll!InternetConnectW 404BC2C0 5 Bytes JMP 00130FE0

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] WININET.dll!InternetOpenA 404C3081 5 Bytes JMP 00130D24

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] WININET.dll!InternetOpenW 404C36B1 5 Bytes JMP 00130DB0

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] WININET.dll!InternetOpenUrlA 404C6F5A 5 Bytes JMP 00130E3C

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] WININET.dll!InternetOpenUrlW 40508439 5 Bytes JMP 00130EC8

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838

.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00130950

.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8

.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090

.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694

.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0

.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234

.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004

.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C

.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0

.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C

.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8

.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C

.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464

.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608

.text C:\WINDOWS\System32\svchost.exe[1672] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC

.text C:\WINDOWS\System32\svchost.exe[1672] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720

.text C:\WINDOWS\System32\svchost.exe[1672] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4

.text C:\WINDOWS\System32\svchost.exe[1672] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838

.text C:\WINDOWS\System32\svchost.exe[1672] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950

.text C:\Program Files\Java\jre6\bin\jqs.exe[1724] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8

.text C:\Program Files\Java\jre6\bin\jqs.exe[1724] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090

.text C:\Program Files\Java\jre6\bin\jqs.exe[1724] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694

.text C:\Program Files\Java\jre6\bin\jqs.exe[1724] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0

.text C:\Program Files\Java\jre6\bin\jqs.exe[1724] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234

.text C:\Program Files\Java\jre6\bin\jqs.exe[1724] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004

.text C:\Program Files\Java\jre6\bin\jqs.exe[1724] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C

.text C:\Program Files\Java\jre6\bin\jqs.exe[1724] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0

.text C:\Program Files\Java\jre6\bin\jqs.exe[1724] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C

.text C:\Program Files\Java\jre6\bin\jqs.exe[1724] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8

.text C:\Program Files\Java\jre6\bin\jqs.exe[1724] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C

.text C:\Program Files\Java\jre6\bin\jqs.exe[1724] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464

.text C:\Program Files\Java\jre6\bin\jqs.exe[1724] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608

.text C:\Program Files\Java\jre6\bin\jqs.exe[1724] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4

.text C:\Program Files\Java\jre6\bin\jqs.exe[1724] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838

.text C:\Program Files\Java\jre6\bin\jqs.exe[1724] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00130950

.text C:\Program Files\Java\jre6\bin\jqs.exe[1724] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC

.text C:\Program Files\Java\jre6\bin\jqs.exe[1724] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720

.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[1808] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8

.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[1808] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090

.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[1808] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694

.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[1808] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0

.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[1808] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234

.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[1808] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004

.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[1808] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C

.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[1808] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0

.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[1808] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C

.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[1808] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8

.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[1808] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C

.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[1808] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 00130464

.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[1808] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608

.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[1808] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC

.text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[1808] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00130950

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] wininet.dll!InternetConnectA 404BB0D2 5 Bytes JMP 00130F54

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] wininet.dll!InternetConnectW 404BC2C0 5 Bytes JMP 00130FE0

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] wininet.dll!InternetOpenA 404C3081 5 Bytes JMP 00130D24

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] wininet.dll!InternetOpenW 404C36B1 5 Bytes JMP 00130DB0

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] wininet.dll!InternetOpenUrlA 404C6F5A 5 Bytes JMP 00130E3C

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] wininet.dll!InternetOpenUrlW 40508439 5 Bytes JMP 00130EC8

.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2060] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8

.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2060] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090

.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2060] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694

.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2060] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0

.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2060] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234

.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2060] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004

.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2060] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C

.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2060] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0

.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2060] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C

.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2060] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8

.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2060] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C

.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2060] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464

.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2060] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608

.text C:\WINDOWS\system32\wdfmgr.exe[2092] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8

.text C:\WINDOWS\system32\wdfmgr.exe[2092] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090

.text C:\WINDOWS\system32\wdfmgr.exe[2092] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694

.text C:\WINDOWS\system32\wdfmgr.exe[2092] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0

.text C:\WINDOWS\system32\wdfmgr.exe[2092] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234

.text C:\WINDOWS\system32\wdfmgr.exe[2092] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004

.text C:\WINDOWS\system32\wdfmgr.exe[2092] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C

.text C:\WINDOWS\system32\wdfmgr.exe[2092] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0

.text C:\WINDOWS\system32\wdfmgr.exe[2092] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C

.text C:\WINDOWS\system32\wdfmgr.exe[2092] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8

.text C:\WINDOWS\system32\wdfmgr.exe[2092] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C

.text C:\WINDOWS\system32\wdfmgr.exe[2092] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464

.text C:\WINDOWS\system32\wdfmgr.exe[2092] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608

.text C:\WINDOWS\system32\wdfmgr.exe[2092] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000707AC

.text C:\WINDOWS\system32\wdfmgr.exe[2092] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00070720

.text C:\Program Files\UPHClean\uphclean.exe[2148] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8

.text C:\Program Files\UPHClean\uphclean.exe[2148] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090

.text C:\Program Files\UPHClean\uphclean.exe[2148] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694

.text C:\Program Files\UPHClean\uphclean.exe[2148] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0

.text C:\Program Files\UPHClean\uphclean.exe[2148] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234

.text C:\Program Files\UPHClean\uphclean.exe[2148] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004

.text C:\Program Files\UPHClean\uphclean.exe[2148] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C

.text C:\Program Files\UPHClean\uphclean.exe[2148] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0

.text C:\Program Files\UPHClean\uphclean.exe[2148] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C

.text C:\Program Files\UPHClean\uphclean.exe[2148] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8

.text C:\Program Files\UPHClean\uphclean.exe[2148] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C

.text C:\Program Files\UPHClean\uphclean.exe[2148] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464

.text C:\Program Files\UPHClean\uphclean.exe[2148] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608

.text C:\WINDOWS\System32\dmadmin.exe[2188] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8

.text C:\WINDOWS\System32\dmadmin.exe[2188] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090

.text C:\WINDOWS\System32\dmadmin.exe[2188] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694

.text C:\WINDOWS\System32\dmadmin.exe[2188] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0

.text C:\WINDOWS\System32\dmadmin.exe[2188] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234

.text C:\WINDOWS\System32\dmadmin.exe[2188] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004

.text C:\WINDOWS\System32\dmadmin.exe[2188] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C

.text C:\WINDOWS\System32\dmadmin.exe[2188] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0

.text C:\WINDOWS\System32\dmadmin.exe[2188] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C

.text C:\WINDOWS\System32\dmadmin.exe[2188] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8

.text C:\WINDOWS\System32\dmadmin.exe[2188] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C

.text C:\WINDOWS\System32\dmadmin.exe[2188] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464

.text C:\WINDOWS\System32\dmadmin.exe[2188] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608

.text C:\WINDOWS\System32\dmadmin.exe[2188] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000707AC

.text C:\WINDOWS\System32\dmadmin.exe[2188] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00070720

.text C:\WINDOWS\system32\wuauclt.exe[2476] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8

.text C:\WINDOWS\system32\wuauclt.exe[2476] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090

.text C:\WINDOWS\system32\wuauclt.exe[2476] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694

.text C:\WINDOWS\system32\wuauclt.exe[2476] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0

.text C:\WINDOWS\system32\wuauclt.exe[2476] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234

.text C:\WINDOWS\system32\wuauclt.exe[2476] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004

.text C:\WINDOWS\system32\wuauclt.exe[2476] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C

.text C:\WINDOWS\system32\wuauclt.exe[2476] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0

.text C:\WINDOWS\system32\wuauclt.exe[2476] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C

.text C:\WINDOWS\system32\wuauclt.exe[2476] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8

.text C:\WINDOWS\system32\wuauclt.exe[2476] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C

.text C:\WINDOWS\system32\wuauclt.exe[2476] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464

.text C:\WINDOWS\system32\wuauclt.exe[2476] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608

.text C:\WINDOWS\system32\wuauclt.exe[2476] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC

.text C:\WINDOWS\system32\wuauclt.exe[2476] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720

.text C:\WINDOWS\system32\wuauclt.exe[2476] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4

.text C:\WINDOWS\system32\wuauclt.exe[2476] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838

.text C:\WINDOWS\system32\wuauclt.exe[2476] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2584] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2584] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2584] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2584] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2584] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2584] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2584] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2584] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2584] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2584] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2584] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2584] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2584] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2584] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC

.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2584] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720

.text C:\WINDOWS\System32\alg.exe[3252] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8

.text C:\WINDOWS\System32\alg.exe[3252] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090

.text C:\WINDOWS\System32\alg.exe[3252] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694

.text C:\WINDOWS\System32\alg.exe[3252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0

.text C:\WINDOWS\System32\alg.exe[3252] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234

.text C:\WINDOWS\System32\alg.exe[3252] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004

.text C:\WINDOWS\System32\alg.exe[3252] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C

.text C:\WINDOWS\System32\alg.exe[3252] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0

.text C:\WINDOWS\System32\alg.exe[3252] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C

.text C:\WINDOWS\System32\alg.exe[3252] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8

.text C:\WINDOWS\System32\alg.exe[3252] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C

.text C:\WINDOWS\System32\alg.exe[3252] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464

.text C:\WINDOWS\System32\alg.exe[3252] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608

.text C:\WINDOWS\System32\alg.exe[3252] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC

.text C:\WINDOWS\System32\alg.exe[3252] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720

.text C:\WINDOWS\System32\alg.exe[3252] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4

.text C:\WINDOWS\System32\alg.exe[3252] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838

.text C:\WINDOWS\System32\alg.exe[3252] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950

.text C:\Documents and Settings\Le berre\Bureau\bn3qwnj5.exe[3816] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8

.text C:\Documents and Settings\Le berre\Bureau\bn3qwnj5.exe[3816] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090

.text C:\Documents and Settings\Le berre\Bureau\bn3qwnj5.exe[3816] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694

.text C:\Documents and Settings\Le berre\Bureau\bn3qwnj5.exe[3816] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0

.text C:\Documents and Settings\Le berre\Bureau\bn3qwnj5.exe[3816] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234

.text C:\Documents and Settings\Le berre\Bureau\bn3qwnj5.exe[3816] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004

.text C:\Documents and Settings\Le berre\Bureau\bn3qwnj5.exe[3816] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C

.text C:\Documents and Settings\Le berre\Bureau\bn3qwnj5.exe[3816] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0

.text C:\Documents and Settings\Le berre\Bureau\bn3qwnj5.exe[3816] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C

.text C:\Documents and Settings\Le berre\Bureau\bn3qwnj5.exe[3816] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8

.text C:\Documents and Settings\Le berre\Bureau\bn3qwnj5.exe[3816] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C

.text C:\Documents and Settings\Le berre\Bureau\bn3qwnj5.exe[3816] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464

.text C:\Documents and Settings\Le berre\Bureau\bn3qwnj5.exe[3816] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608

.text C:\Documents and Settings\Le berre\Bureau\bn3qwnj5.exe[3816] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC

.text C:\Documents and Settings\Le berre\Bureau\bn3qwnj5.exe[3816] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720

.text C:\WINDOWS\system32\wscntfy.exe[3952] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8

.text C:\WINDOWS\system32\wscntfy.exe[3952] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090

.text C:\WINDOWS\system32\wscntfy.exe[3952] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694

.text C:\WINDOWS\system32\wscntfy.exe[3952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0

.text C:\WINDOWS\system32\wscntfy.exe[3952] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234

.text C:\WINDOWS\system32\wscntfy.exe[3952] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004

.text C:\WINDOWS\system32\wscntfy.exe[3952] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C

.text C:\WINDOWS\system32\wscntfy.exe[3952] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0

.text C:\WINDOWS\system32\wscntfy.exe[3952] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C

.text C:\WINDOWS\system32\wscntfy.exe[3952] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8

.text C:\WINDOWS\system32\wscntfy.exe[3952] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C

.text C:\WINDOWS\system32\wscntfy.exe[3952] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464

.text C:\WINDOWS\system32\wscntfy.exe[3952] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608

.text C:\WINDOWS\system32\wscntfy.exe[3952] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000707AC

.text C:\WINDOWS\system32\wscntfy.exe[3952] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00070720

 

---- User IAT/EAT - GMER 1.0.15 ----

 

IAT C:\WINDOWS\system32\services.exe[996] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002

IAT C:\WINDOWS\system32\services.exe[996] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000

 

---- Devices - GMER 1.0.15 ----

 

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

 

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)

AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

 

---- EOF - GMER 1.0.15 ----

 

 

@+

[Thanos]

salut,

 

Ok rien de mauvais non plus

 

Une petite remarque:

 

- La page d'accueil de ton navigateur...

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Télécharger eMule, aide, optimisation et forum de support.

Juste à titre d'info pour ne pas tomber dans le piège =>

 

Ce qui suit n'est pas pour faire la morale, mais vise plutôt à te faire prendre conscience des risques liés à l'utilisation des cracks/Keygen/serials et des logiciels P2P!! Pour t'en convaincre, lis ces topics très clairs:

 

*Article de Malekal concernant les cracks => Malekal's forum • Le danger des cracks ! : Sécurité : Prévention, virus & arnaques et dangers d'Internet

*Article de Ogu sur les fausses idées concernant le peer to peer => (clique sur le lien).

 

Les infections véhiculées pas le peer to peer sont une menace réelle!! par exemple le vers Worm.Win32_Sumom-A qui est un ver de messagerie instantanée et de réseaux peer-to-peer,se met dans le dossier incoming/Shared afin d'être expédié à toutes les personnes qui partagent tes téléchargements...=> VirusTraQ - Informations Virus - Worm.Win32_Sumom-A

Maintenant que tu sais, c'est à toi de voir

 

A des fins d'analyse de virus/malwares, nous téléchargeons de nombreux cracks: il se trouve que ce sont quasiment tous des malwares. Aussi fais attention car rien n'est vraiment gratuit sur la toile!

 

* Nettoyage des outils téléchargés =>

 

- Tu peux supprimer le fichier RSIT.exe sur le Bureau ainsi que le dossier C:\rsit

- Tu peux supprimer GMER.exe sur le Bureau.

 

 

* Les mises à jour importantes =>

 

Mozilla Firefox (3.5.11) sur ton pc. La dernière en date est la 3.6.10.

Télécharge et installe vite la dernière depuis le site de l'éditeur >> Navigateur Web Firefox | Plus rapide, plus sécurisé et plus personnalisable | Mozilla Europe

Internet Explorer 7 sur ton pc. Pour faire la mise à jour (importante) vers la version 8, soit tu passes par Windows Update, soit par le site de Microsoft >> http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=fr

 

- Il faut bien garder ton système et les logiciels à jour pour éviter les vulnérabilités.

Tu peux utiliser ce programme qui aide à faire le point sur les logiciels qui ont besoin d'une mise à jour >>PSI de Secunia<<

 

- JavaRa peut t'y aider pour Java : http://raproducts.org/

 

* Les sauvegardes =>

 

- Je te conseille vivement de faire des sauvegardes régulières des données qui ont de l'importance pour toi. Lorsqu'on y pense, il est souvent trop tard! Une grosse infection ou un plantage de la machine peuvent rendre les données irrécupérables... Aussi, afin d'éviter ce gros désagrément, il faut prendre l'habitude de faire des sauvegardes régulières. Pour celà je te conseille le logiciel gratuit >>Cobian Backup 8<<

Ce tutoriel montre comment l'utiliser >>

Sauvegardez vos données avec Cobian Backup 8 - Tutorial - Articles : Astuces-Internet

 

- Tu peux aussi faire une sauvegarde du disque entier (image) pour pouvoir retrouver rapidement ton système en cas de souci.

CloneGenius peut t'y aider => CloneGenius - Le blog de libellules.ch

 

Tu peux aussi faire ces sauvegardes manuellement si tu préfères

 

* Quelques conseils =>

 

- Tu as installé un parefeu à la place de celui qui est intégré à Windows XP: c'est très bien car celui ci est une passoire

 

- Le pc est protégé par Avast... Je ne saurais que te conseiller de désinstaller avast et d'installer Antivir afin de protéger ton pc au mieux.

 

Si tu décides d'installer Antivir procède ainsi >

 

-Télécharge Antivir sur le bureau, mais ne le lance pas encore!

 

- Désinstalle Avast et redémarre le pc.

 

- Installe Antivir.

 

- Mets Antivir à jour et fais un scan du pc avec Antivir comme ceci >>

 

Branche tous les supports amovibles que tu possèdes avant de faire ce scan (clé usb/disque dur externe etc)

 

Double-clique sur son icône près de l'horloge: cela ouvre l'interface principale.

Clique ensuite sur "Contrôler syst." à droite de "Dernier contrôle syst. intégral".

/!\\ Cela peut être long.

Sauvegarde le rapport en fin de parcours (bouton "Rapport").

 

Si Antivir détecte des fichiers infectés, mets les en quarantaine: choisis "Déplacer en quarantaine" dans la liste des actions.

Tu peux automatiser ce type d'action en cochant la case Appliquer la sélection à toutes les détections.

Cela permet de ne pas rester à la surveiller.

 

- Des conseils pour sécuriser ton pc au mieux et comprendre les dangers liés à l'utilisation de l'internet dans les deux lien ci-dessous. Je t'invite à prendre le temps de bien lire tout cela, de t'informer, d'essayer... Pour trouver quels sont les softs qui te conviennent le mieux.

 

Malekal_Morte : Accueil malekal.com

Ipl_001 : IT Portal

Falkra : Prévention : comment éviter bien des infections : Discussions, prévention, protection

 

Windows Update parfaitement à jour (catégorie critique, Services Pack et Services Release )

- pare-feu bien paramétré- antivirus bien paramétré et mis à jour régulièrement(quotidiennement s'il le faut) avec un scan complet régulier.

- IMPORTANT :une attitude prudente vis à vis de la navigation (pas de sites douteux:cracks, warez, etc) et vis à vis de la messagerie (fichiers joints aux messages doivent être scanné avant d'être ouvert ainsi que les fichiers téléchargés dont la provenance n'est pas sûre!!)

- une attitude vigilante (être l'affût de fonctionnements inhabituels de ton système)

- nettoyage hebdomadaire du système (suppression des fichiers inutiles avec ATF cleaner, défragmentation du disque dur régulière)

- scan hebdomadaire antispyware

[nividig]

Bonsoir Thanos,

 

je te remercie pour ces précieux conseils;

 

Je vais désinstaller Avast et re-installer Antivir.

 

Pour ce qui est de la mule, elle ne tourne qu’épisodiquement avec mes filles ....!

 

je te souhaite une bonne soirée et une bonne continuation sur ce Forum. Sans doute A +

[Thanos]

de rien nividig: bon surf @ toi

A bientot sur les forums de sans malwares!