Virus? Merci pour votre aide
Fermé
batarsité
-
5 mars 2007 à 18:30
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 - 16 juin 2007 à 13:26
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 - 16 juin 2007 à 13:26
A voir également:
- Virus? Merci pour votre aide
- Svchost.exe virus - Guide
- Vérificateur de lien virus - Guide
- Produkey virus ✓ - Forum Windows 10
- Faux message virus iphone - Forum iPhone
- Bluestacks virus ✓ - Forum Logiciels
171 réponses
Re :-)
En dirait que j'ai parlé trop vite!!! :-(
Je viens de redémarrer mon pc, et quelle mauvaise surprise, l'icône d'Antivir (carré rouge, parapluie blanc) a disparue, elle était pourtant présente avant! L'icône "centre de sécurité de Windows" indique que la protection antivirus est périmée!
Je suis désespéré! :-(
Re :-)
En dirait que j'ai parlé trop vite!!! :-(
Je viens de redémarrer mon pc, et quelle mauvaise surprise, l'icône d'Antivir (carré rouge, parapluie blanc) a disparue, elle était pourtant présente avant! L'icône "centre de sécurité de Windows" indique que la protection antivirus est périmée!
Je suis désespéré! :-(
Re :-)
plouf plouf
Messages postés
4561
Date d'inscription
mercredi 19 avril 2006
Statut
Contributeur
Dernière intervention
20 décembre 2019
801
16 avril 2007 à 19:10
16 avril 2007 à 19:10
Coucou ,
Je vois que ça ne va pas mieux , désolée pour toi , mais Quentin devrait arriver de te "sauver" de ce mauvais pas avec antivir , il le connait sur le bout de doigts , je pense :-)
Quand tu as eu l'écran bleu , tu arrives à te souvenir qu'est ce qu'il y'avait d'écrit !?
Allez courage , tu tiens presque le bon bout , faut y croire lol ;-)
Bonne soirée à vous 2;-)
Bisous
Je vois que ça ne va pas mieux , désolée pour toi , mais Quentin devrait arriver de te "sauver" de ce mauvais pas avec antivir , il le connait sur le bout de doigts , je pense :-)
Quand tu as eu l'écran bleu , tu arrives à te souvenir qu'est ce qu'il y'avait d'écrit !?
Allez courage , tu tiens presque le bon bout , faut y croire lol ;-)
Bonne soirée à vous 2;-)
Bisous
Regis59
Messages postés
21143
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 320
16 avril 2007 à 21:11
16 avril 2007 à 21:11
Saloute,
J'ai la vague impression qu'un rootkit rode....ai je bon flair?
Télécharge gmer : http://www2.gmer.net/gmer.zip
Déconnecte toi d'internet si possible et ferme tous les programmes.
Décompresse le fichier zip et double-clic sur gmer.exe
IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
Clic sur l'onglet "rootkit" et clic sur Scan
Lorsque le scan est terminé, clic sur "copy"
Ouvre le bloc-note et clic sur le Menu Edition / Coller
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et copie/colle le contenu ici.
J'ai la vague impression qu'un rootkit rode....ai je bon flair?
Télécharge gmer : http://www2.gmer.net/gmer.zip
Déconnecte toi d'internet si possible et ferme tous les programmes.
Décompresse le fichier zip et double-clic sur gmer.exe
IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
Clic sur l'onglet "rootkit" et clic sur Scan
Lorsque le scan est terminé, clic sur "copy"
Ouvre le bloc-note et clic sur le Menu Edition / Coller
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et copie/colle le contenu ici.
Coucou,
Je viens de télécharger GMER, et j'ai effectué les étapes.
Mais j'ai un petit problème (pour ne pas changer), quand le scan est terminé je clique sur copy, et là un message s'affiche où est écrit:
Text was copied to the clipboard
Paste the output into your favorite édition (ie notepad) useing Ctrl+V keys
Donc, je ne sais comment reporter le rapport :-(
Allez courage , tu tiens presque le bon bout , faut y croire lol ;-)
On va essayer!! :-(
Bisous
Je constate que ça fonctionne bien entre vous 2 ;-) (allez j'arrête, lol)
Grand Grand Merci à vous!
Bonne Journée, A+, Peace
Je viens de télécharger GMER, et j'ai effectué les étapes.
Mais j'ai un petit problème (pour ne pas changer), quand le scan est terminé je clique sur copy, et là un message s'affiche où est écrit:
Text was copied to the clipboard
Paste the output into your favorite édition (ie notepad) useing Ctrl+V keys
Donc, je ne sais comment reporter le rapport :-(
Allez courage , tu tiens presque le bon bout , faut y croire lol ;-)
On va essayer!! :-(
Bisous
Je constate que ça fonctionne bien entre vous 2 ;-) (allez j'arrête, lol)
Grand Grand Merci à vous!
Bonne Journée, A+, Peace
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
plouf plouf
Messages postés
4561
Date d'inscription
mercredi 19 avril 2006
Statut
Contributeur
Dernière intervention
20 décembre 2019
801
17 avril 2007 à 16:59
17 avril 2007 à 16:59
Coucou ,
Je constate que ça fonctionne bien entre vous 2 ;-)
ah bon !? :-o)) Parce qu il est vrai , qu'entre toi et moa , c est coment dire : la "guere" c'est ca !? lol
T es gentil(le) ca fait plaisir lol
C est vrai que dans l'ensemble ..quentin et toi et moi on s'entend , plutôt bien .., un gentil compagnon de forum ;-) il m'aide pas mal , et parfois il me fait sourire..d'ailleurs puisque tu as lancé , le lancé , le sujet , j'en profite , pour le remercier , encore une fois , publiquement , pour tout .
Quant à toi , batarsité ..ça m'a toujour , fais "bizarre" d écrire ca lol mais comme on ne connait pas ...ton prénom ..y a pas trop le choix lol tu m a l air d avoir pas mal , d humour aussi , d'ailleurs , il me semble , te l'avoir déja , dit , C'est sympa et ça change , de ceux qui ne disent meme pas "bonjour" lol
Par contre pour le soft que tu viens de lancé et qui bloque , je ne peux malheureusement , pas t'aider car pour le moment , je ne le connais pas , désolée.
Par contre tu peux toujours pas nous donner le message , d'erreur , de ton écran bleu !?
Allez Courage
Bisous
Je constate que ça fonctionne bien entre vous 2 ;-)
ah bon !? :-o)) Parce qu il est vrai , qu'entre toi et moa , c est coment dire : la "guere" c'est ca !? lol
T es gentil(le) ca fait plaisir lol
C est vrai que dans l'ensemble ..quentin et toi et moi on s'entend , plutôt bien .., un gentil compagnon de forum ;-) il m'aide pas mal , et parfois il me fait sourire..d'ailleurs puisque tu as lancé , le lancé , le sujet , j'en profite , pour le remercier , encore une fois , publiquement , pour tout .
Quant à toi , batarsité ..ça m'a toujour , fais "bizarre" d écrire ca lol mais comme on ne connait pas ...ton prénom ..y a pas trop le choix lol tu m a l air d avoir pas mal , d humour aussi , d'ailleurs , il me semble , te l'avoir déja , dit , C'est sympa et ça change , de ceux qui ne disent meme pas "bonjour" lol
Par contre pour le soft que tu viens de lancé et qui bloque , je ne peux malheureusement , pas t'aider car pour le moment , je ne le connais pas , désolée.
Par contre tu peux toujours pas nous donner le message , d'erreur , de ton écran bleu !?
Allez Courage
Bisous
Regis59
Messages postés
21143
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 320
17 avril 2007 à 17:39
17 avril 2007 à 17:39
Yop,
lol Ouais le courant passe bien, on t inviteras aux fiancialles ! lol
C'est simple, tu parles pas anglais? lol
Text was copied to the clipboard
Paste the output into your favorite édition (ie notepad) useing Ctrl+V keys
Le texte a été copié et utilise ctlr + v pour le coller quelque part.
lol Ouais le courant passe bien, on t inviteras aux fiancialles ! lol
C'est simple, tu parles pas anglais? lol
Text was copied to the clipboard
Paste the output into your favorite édition (ie notepad) useing Ctrl+V keys
Le texte a été copié et utilise ctlr + v pour le coller quelque part.
plouf plouf
Messages postés
4561
Date d'inscription
mercredi 19 avril 2006
Statut
Contributeur
Dernière intervention
20 décembre 2019
801
17 avril 2007 à 19:33
17 avril 2007 à 19:33
Coucou
Text was copied to the clipboard
Paste the output into your favorite édition (ie notepad) useing Ctrl+V keys
Pour ma part ne connaissant pas antivir j'ai préféré te laisser cette partie:-)
mais des que j ai le temps j'y regarderais promis !
<gras>on t inviteras aux fiancialles !
XDD c est quoi ca , suis pas au courand moa d abord , j ai failli en avaler ma TB mdrr
merci pour ce brin d'humour , j'ai bien souri;-)
lol la pole K , facon machin..t'a oublié lol c est plus important lol
Bref batarsité , tu t'en sors !?
Bonne nuit à vous 2 et bisous
a+
Text was copied to the clipboard
Paste the output into your favorite édition (ie notepad) useing Ctrl+V keys
Pour ma part ne connaissant pas antivir j'ai préféré te laisser cette partie:-)
mais des que j ai le temps j'y regarderais promis !
<gras>on t inviteras aux fiancialles !
XDD c est quoi ca , suis pas au courand moa d abord , j ai failli en avaler ma TB mdrr
merci pour ce brin d'humour , j'ai bien souri;-)
lol la pole K , facon machin..t'a oublié lol c est plus important lol
Bref batarsité , tu t'en sors !?
Bonne nuit à vous 2 et bisous
a+
Salut, comment vous allez?
C'est simple, tu parles pas anglais? lol
Vite faite, lol!
Voici le rapport: (par contre peut-on ce fier à ce rapport, s'il y a vraiment un rootkit qui rode?)
GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-04-18 16:41:27
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwClose
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcess
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcessEx
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteValueKey
SSDT \SystemRoot\system32\drivers\khips.sys ZwLoadDriver
SSDT \SystemRoot\system32\drivers\khips.sys ZwMapViewOfSection
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwResumeThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetInformationFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetValueKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwWriteFile
---- Kernel code sections - GMER 1.0.12 ----
PAGENDSM NDIS.sys!NdisMIndicateStatus F83B5A5F 6 Bytes JMP EB964ED0 \SystemRoot\system32\drivers\fwdrv.sys
? C:\WINDOWS\System32\DRIVERS\update.sys
---- User code sections - GMER 1.0.12 ----
.text C:\WINDOWS\system32\ati2evxx.exe[164] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\ati2evxx.exe[164] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\ati2evxx.exe[164] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\ati2evxx.exe[164] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\ati2evxx.exe[164] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\ati2evxx.exe[164] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\ati2evxx.exe[164] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\ati2evxx.exe[164] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\ati2evxx.exe[164] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\ati2evxx.exe[164] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\ati2evxx.exe[164] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\ati2evxx.exe[164] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\ati2evxx.exe[164] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\ati2evxx.exe[164] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\ati2evxx.exe[164] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\explorer.exe[312] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\explorer.exe[312] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\explorer.exe[312] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\explorer.exe[312] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\explorer.exe[312] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\explorer.exe[312] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\explorer.exe[312] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\explorer.exe[312] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\explorer.exe[312] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\explorer.exe[312] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\explorer.exe[312] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\explorer.exe[312] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\explorer.exe[312] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\explorer.exe[312] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\explorer.exe[312] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\explorer.exe[312] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00080F54
.text C:\WINDOWS\explorer.exe[312] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00080FE0
.text C:\WINDOWS\explorer.exe[312] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00080D24
.text C:\WINDOWS\explorer.exe[312] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00080DB0
.text C:\WINDOWS\explorer.exe[312] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00080E3C
.text C:\WINDOWS\explorer.exe[312] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00080EC8
.text C:\WINDOWS\explorer.exe[312] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\explorer.exe[312] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\explorer.exe[312] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00130F54
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00130FE0
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00130D24
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00130DB0
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00130E3C
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00130EC8
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\alg.exe[556] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\alg.exe[556] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\alg.exe[556] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\alg.exe[556] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\alg.exe[556] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\alg.exe[556] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\alg.exe[556] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\alg.exe[556] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\alg.exe[556] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\alg.exe[556] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\alg.exe[556] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\alg.exe[556] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\alg.exe[556] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\alg.exe[556] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\alg.exe[556] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\alg.exe[556] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\alg.exe[556] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\alg.exe[556] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateThread 7C810637 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!WinExec 7C86136D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[608] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[608] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[636] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[636] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[636] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[636] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[636] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[636] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[636] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[636] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[636] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[636] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[636] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[636] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[636] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[636] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[636] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[636] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[636] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[636] WS2_32.dll!connect 719F406A 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[680] kern
C'est simple, tu parles pas anglais? lol
Vite faite, lol!
Voici le rapport: (par contre peut-on ce fier à ce rapport, s'il y a vraiment un rootkit qui rode?)
GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-04-18 16:41:27
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwClose
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcess
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcessEx
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteValueKey
SSDT \SystemRoot\system32\drivers\khips.sys ZwLoadDriver
SSDT \SystemRoot\system32\drivers\khips.sys ZwMapViewOfSection
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwResumeThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetInformationFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetValueKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwWriteFile
---- Kernel code sections - GMER 1.0.12 ----
PAGENDSM NDIS.sys!NdisMIndicateStatus F83B5A5F 6 Bytes JMP EB964ED0 \SystemRoot\system32\drivers\fwdrv.sys
? C:\WINDOWS\System32\DRIVERS\update.sys
---- User code sections - GMER 1.0.12 ----
.text C:\WINDOWS\system32\ati2evxx.exe[164] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\ati2evxx.exe[164] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\ati2evxx.exe[164] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\ati2evxx.exe[164] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\ati2evxx.exe[164] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\ati2evxx.exe[164] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\ati2evxx.exe[164] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\ati2evxx.exe[164] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\ati2evxx.exe[164] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\ati2evxx.exe[164] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\ati2evxx.exe[164] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\ati2evxx.exe[164] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\ati2evxx.exe[164] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\ati2evxx.exe[164] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\ati2evxx.exe[164] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\explorer.exe[312] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\explorer.exe[312] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\explorer.exe[312] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\explorer.exe[312] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\explorer.exe[312] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\explorer.exe[312] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\explorer.exe[312] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\explorer.exe[312] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\explorer.exe[312] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\explorer.exe[312] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\explorer.exe[312] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\explorer.exe[312] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\explorer.exe[312] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\explorer.exe[312] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\explorer.exe[312] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\explorer.exe[312] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00080F54
.text C:\WINDOWS\explorer.exe[312] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00080FE0
.text C:\WINDOWS\explorer.exe[312] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00080D24
.text C:\WINDOWS\explorer.exe[312] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00080DB0
.text C:\WINDOWS\explorer.exe[312] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00080E3C
.text C:\WINDOWS\explorer.exe[312] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00080EC8
.text C:\WINDOWS\explorer.exe[312] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\explorer.exe[312] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\explorer.exe[312] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text C:\Program Files\Wanadoo\EspaceWanadoo.exe[432] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00130F54
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00130FE0
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00130D24
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00130DB0
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00130E3C
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00130EC8
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[472] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\alg.exe[556] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\alg.exe[556] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\alg.exe[556] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\alg.exe[556] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\alg.exe[556] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\alg.exe[556] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\alg.exe[556] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\alg.exe[556] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\alg.exe[556] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\alg.exe[556] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\alg.exe[556] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\alg.exe[556] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\alg.exe[556] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\alg.exe[556] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\alg.exe[556] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\alg.exe[556] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\alg.exe[556] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\alg.exe[556] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateThread 7C810637 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!WinExec 7C86136D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[608] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[608] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[636] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[636] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[636] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[636] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[636] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[636] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[636] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[636] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[636] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[636] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[636] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[636] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[636] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[636] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[636] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[636] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[636] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[636] WS2_32.dll!connect 719F406A 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[680] kern
Regis59
Messages postés
21143
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 320
18 avril 2007 à 18:35
18 avril 2007 à 18:35
Je ne sais pas :(
Tu peux refaire?
Tu peux refaire?
plouf plouf
Messages postés
4561
Date d'inscription
mercredi 19 avril 2006
Statut
Contributeur
Dernière intervention
20 décembre 2019
801
18 avril 2007 à 18:41
18 avril 2007 à 18:41
Bonsoir ,
C'est simple, tu parles pas anglais? lol
Vite faite,
sauf que moi , je ne mettais pas arrêté/antivir
a+
Plouf Plouf
C'est simple, tu parles pas anglais? lol
Vite faite,
sauf que moi , je ne mettais pas arrêté/antivir
a+
Plouf Plouf
Salut Salut, comment ça va??
Bon bein, je vais reprendre!
Voici le rapport: (par contre peut-on ce fier à ce rapport, s'il y a vraiment un rootkit qui rode?)
GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-04-19 15:03:23
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwClose
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcess
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcessEx
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteValueKey
SSDT \SystemRoot\system32\drivers\khips.sys ZwLoadDriver
SSDT \SystemRoot\system32\drivers\khips.sys ZwMapViewOfSection
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwResumeThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetInformationFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetValueKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwWriteFile
---- Kernel code sections - GMER 1.0.12 ----
PAGENDSM NDIS.sys!NdisMIndicateStatus F83B5A5F 6 Bytes JMP F8274ED0 \SystemRoot\system32\drivers\fwdrv.sys
? C:\WINDOWS\System32\DRIVERS\update.sys
---- User code sections - GMER 1.0.12 ----
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateThread 7C810637 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!WinExec 7C86136D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[608] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[608] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[632] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[632] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[632] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[632] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[632] WS2_32.dll!connect 719F406A 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[676] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[676] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\services.exe[676] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\services.exe[676] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\services.exe[676] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[688] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\lsass.exe[688] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[688] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[688] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[688] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\ati2evxx.exe[856] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\ati2evxx.exe[856] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\ati2evxx.exe[856] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\ati2evxx.exe[856] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\ati2evxx.exe[856] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\ati2evxx.exe[856] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\ati2evxx.exe[856] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\ati2evxx.exe[856] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\ati2evxx.exe[856] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\ati2evxx.exe[856] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\ati2evxx.exe[856] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\ati2evxx.exe[856] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\ati2evxx.exe[856] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\ati2evxx.exe[856] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\ati2evxx.exe[856] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[872] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[872] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[872] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[872] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[872] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[932] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[932] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[932] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[932] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[932] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[972] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[972] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[972] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[972] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[972] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[972] WININET.dll!InternetOpenA
Bon bein, je vais reprendre!
Voici le rapport: (par contre peut-on ce fier à ce rapport, s'il y a vraiment un rootkit qui rode?)
GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-04-19 15:03:23
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwClose
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcess
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcessEx
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteValueKey
SSDT \SystemRoot\system32\drivers\khips.sys ZwLoadDriver
SSDT \SystemRoot\system32\drivers\khips.sys ZwMapViewOfSection
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwResumeThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetInformationFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetValueKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwWriteFile
---- Kernel code sections - GMER 1.0.12 ----
PAGENDSM NDIS.sys!NdisMIndicateStatus F83B5A5F 6 Bytes JMP F8274ED0 \SystemRoot\system32\drivers\fwdrv.sys
? C:\WINDOWS\System32\DRIVERS\update.sys
---- User code sections - GMER 1.0.12 ----
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateThread 7C810637 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!WinExec 7C86136D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[608] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[608] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[632] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[632] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[632] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[632] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[632] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[632] WS2_32.dll!connect 719F406A 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[676] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[676] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\services.exe[676] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\services.exe[676] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\services.exe[676] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[688] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\lsass.exe[688] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[688] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[688] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[688] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\ati2evxx.exe[856] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\ati2evxx.exe[856] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\ati2evxx.exe[856] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\ati2evxx.exe[856] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\ati2evxx.exe[856] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\ati2evxx.exe[856] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\ati2evxx.exe[856] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\ati2evxx.exe[856] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\ati2evxx.exe[856] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\ati2evxx.exe[856] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\ati2evxx.exe[856] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\ati2evxx.exe[856] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\ati2evxx.exe[856] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\ati2evxx.exe[856] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\ati2evxx.exe[856] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[872] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[872] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[872] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[872] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[872] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[932] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[932] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[932] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[932] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[932] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[972] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[972] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[972] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[972] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[972] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[972] WININET.dll!InternetOpenA
.text C:\WINDOWS\system32\svchost.exe[1160] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[1160] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[1160] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\spoolsv.exe[1280] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[1280] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[1280] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[1280] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[1280] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[1280] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[1280] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[1280] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[1280] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[1280] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[1280] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[1280] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[1280] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[1280] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\spoolsv.exe[1280] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[1280] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[1280] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[1280] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\gearsec.exe[1432] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\gearsec.exe[1432] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\gearsec.exe[1432] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\gearsec.exe[1432] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\gearsec.exe[1432] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\gearsec.exe[1432] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\gearsec.exe[1432] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\gearsec.exe[1432] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\gearsec.exe[1432] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\gearsec.exe[1432] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\gearsec.exe[1432] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\gearsec.exe[1432] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\gearsec.exe[1432] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\gearsec.exe[1432] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\gearsec.exe[1432] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00030004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0003011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0003057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0003034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00030464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00030608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00030720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00030838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] WS2_32.dll!connect 719F406A 5 Bytes JMP 00030950
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00030F54
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00030FE0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00030D24
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00030DB0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00030E3C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00030EC8
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[1480] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[1480] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[1480] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[1480] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[1480] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[1480] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[1480] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[1480] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[1480] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[1480] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[1480] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[1480] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[1480] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[1480] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[1480] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\explorer.exe[1600] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\explorer.exe[1600] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\explorer.exe[1600] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\explorer.exe[1600] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\explorer.exe[1600] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\explorer.exe[1600] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\explorer.exe[1600] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\explorer.exe[1600] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\explorer.exe[1600] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\explorer.exe[1600] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\explorer.exe[1600] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\explorer.exe[1600] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\explorer.exe[1600] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\explorer.exe[1600] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\explorer.exe[1600] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\explorer.exe[1600] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00080F54
.text C:\WINDOWS\explorer.exe[1600] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00080FE0
.text C:\WINDOWS\explorer.exe[1600] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00080D24
.text C:\WINDOWS\explorer.exe[1600] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00080DB0
.text C:\WINDOWS\explorer.exe[1600] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00080E3C
.text C:\WINDOWS\explorer.exe[1600] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00080EC8
.text C:\WINDOWS\explorer.exe[1600] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\explorer.exe[1600] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\explorer.exe[1600] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1624] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1624] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1624] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1624] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1624] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1624] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1624] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1624] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1624] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1624] kernel32.dll!CreateProcessInternalW
.text C:\WINDOWS\system32\svchost.exe[1160] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[1160] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\spoolsv.exe[1280] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[1280] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[1280] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[1280] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[1280] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[1280] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[1280] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[1280] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[1280] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[1280] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[1280] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[1280] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[1280] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[1280] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\spoolsv.exe[1280] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[1280] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[1280] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[1280] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text C:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1384] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1396] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\gearsec.exe[1432] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\gearsec.exe[1432] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\gearsec.exe[1432] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\gearsec.exe[1432] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\gearsec.exe[1432] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\gearsec.exe[1432] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\gearsec.exe[1432] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\gearsec.exe[1432] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\gearsec.exe[1432] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\gearsec.exe[1432] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\gearsec.exe[1432] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\gearsec.exe[1432] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\gearsec.exe[1432] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\gearsec.exe[1432] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\gearsec.exe[1432] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00030004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0003011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0003057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0003034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00030464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00030608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00030720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00030838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] WS2_32.dll!connect 719F406A 5 Bytes JMP 00030950
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00030F54
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00030FE0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00030D24
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00030DB0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00030E3C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1448] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00030EC8
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[1480] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[1480] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[1480] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[1480] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[1480] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[1480] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[1480] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[1480] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[1480] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[1480] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[1480] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[1480] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[1480] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[1480] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[1480] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\explorer.exe[1600] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\explorer.exe[1600] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\explorer.exe[1600] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\explorer.exe[1600] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\explorer.exe[1600] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\explorer.exe[1600] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\explorer.exe[1600] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\explorer.exe[1600] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\explorer.exe[1600] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\explorer.exe[1600] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\explorer.exe[1600] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\explorer.exe[1600] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\explorer.exe[1600] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\explorer.exe[1600] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\explorer.exe[1600] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\explorer.exe[1600] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00080F54
.text C:\WINDOWS\explorer.exe[1600] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00080FE0
.text C:\WINDOWS\explorer.exe[1600] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00080D24
.text C:\WINDOWS\explorer.exe[1600] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00080DB0
.text C:\WINDOWS\explorer.exe[1600] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00080E3C
.text C:\WINDOWS\explorer.exe[1600] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00080EC8
.text C:\WINDOWS\explorer.exe[1600] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\explorer.exe[1600] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\explorer.exe[1600] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1624] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1624] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1624] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1624] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1624] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1624] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1624] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1624] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1624] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1624] kernel32.dll!CreateProcessInternalW
.text C:\WINDOWS\system32\svchost.exe[972] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[972] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[972] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\wscntfy.exe[996] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\wscntfy.exe[996] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\wscntfy.exe[996] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\wscntfy.exe[996] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\wscntfy.exe[996] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\wscntfy.exe[996] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\wscntfy.exe[996] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\wscntfy.exe[996] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\wscntfy.exe[996] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\wscntfy.exe[996] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\wscntfy.exe[996] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\wscntfy.exe[996] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\wscntfy.exe[996] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\wscntfy.exe[996] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\wscntfy.exe[996] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00070720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1060] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1060] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1060] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\ati2evxx.exe[1136] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\ati2evxx.exe[1136] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\ati2evxx.exe[1136] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\ati2evxx.exe[1136] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\ati2evxx.exe[1136] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\ati2evxx.exe[1136] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\ati2evxx.exe[1136] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\ati2evxx.exe[1136] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\ati2evxx.exe[1136] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\ati2evxx.exe[1136] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\ati2evxx.exe[1136] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\ati2evxx.exe[1136] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\ati2evxx.exe[1136] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\ati2evxx.exe[1136] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\ati2evxx.exe[1136] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1160] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1160] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1160] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1160] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1160] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1160] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[1160] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[1160] WININET.dll!InternetOpenA
.text C:\WINDOWS\system32\svchost.exe[972] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[972] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\wscntfy.exe[996] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\wscntfy.exe[996] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\wscntfy.exe[996] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\wscntfy.exe[996] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\wscntfy.exe[996] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\wscntfy.exe[996] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\wscntfy.exe[996] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\wscntfy.exe[996] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\wscntfy.exe[996] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\wscntfy.exe[996] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\wscntfy.exe[996] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\wscntfy.exe[996] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\wscntfy.exe[996] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\wscntfy.exe[996] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\wscntfy.exe[996] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00070720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1004] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1060] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1060] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1060] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\ati2evxx.exe[1136] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\ati2evxx.exe[1136] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\ati2evxx.exe[1136] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\ati2evxx.exe[1136] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\ati2evxx.exe[1136] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\ati2evxx.exe[1136] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\ati2evxx.exe[1136] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\ati2evxx.exe[1136] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\ati2evxx.exe[1136] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\ati2evxx.exe[1136] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\ati2evxx.exe[1136] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\ati2evxx.exe[1136] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\ati2evxx.exe[1136] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\ati2evxx.exe[1136] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\ati2evxx.exe[1136] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1160] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1160] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1160] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1160] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1160] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1160] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[1160] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[1160] WININET.dll!InternetOpenA
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1624] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1624] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1624] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1624] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1624] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1624] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1624] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1624] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text C:\DOCUME~1\HENRI~1.COR\LOCALS~1\Temp\Répertoire temporaire 1 pour gmer.zip\gmer.exe[1632] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\DOCUME~1\HENRI~1.COR\LOCALS~1\Temp\Répertoire temporaire 1 pour gmer.zip\gmer.exe[1632] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\DOCUME~1\HENRI~1.COR\LOCALS~1\Temp\Répertoire temporaire 1 pour gmer.zip\gmer.exe[1632] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\DOCUME~1\HENRI~1.COR\LOCALS~1\Temp\Répertoire temporaire 1 pour gmer.zip\gmer.exe[1632] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\DOCUME~1\HENRI~1.COR\LOCALS~1\Temp\Répertoire temporaire 1 pour gmer.zip\gmer.exe[1632] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\DOCUME~1\HENRI~1.COR\LOCALS~1\Temp\Répertoire temporaire 1 pour gmer.zip\gmer.exe[1632] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\DOCUME~1\HENRI~1.COR\LOCALS~1\Temp\Répertoire temporaire 1 pour gmer.zip\gmer.exe[1632] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\DOCUME~1\HENRI~1.COR\LOCALS~1\Temp\Répertoire temporaire 1 pour gmer.zip\gmer.exe[1632] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\DOCUME~1\HENRI~1.COR\LOCALS~1\Temp\Répertoire temporaire 1 pour gmer.zip\gmer.exe[1632] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\DOCUME~1\HENRI~1.COR\LOCALS~1\Temp\Répertoire temporaire 1 pour gmer.zip\gmer.exe[1632] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\DOCUME~1\HENRI~1.COR\LOCALS~1\Temp\Répertoire temporaire 1 pour gmer.zip\gmer.exe[1632] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\DOCUME~1\HENRI~1.COR\LOCALS~1\Temp\Répertoire temporaire 1 pour gmer.zip\gmer.exe[1632] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\DOCUME~1\HENRI~1.COR\LOCALS~1\Temp\Répertoire temporaire 1 pour gmer.zip\gmer.exe[1632] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\DOCUME~1\HENRI~1.COR\LOCALS~1\Temp\Répertoire temporaire 1 pour gmer.zip\gmer.exe[1632] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\DOCUME~1\HENRI~1.COR\LOCALS~1\Temp\Répertoire temporaire 1 pour gmer.zip\gmer.exe[1632] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\alg.exe[1936] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\alg.exe[1936] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\alg.exe[1936] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\alg.exe[1936] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\alg.exe[1936] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\alg.exe[1936] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\alg.exe[1936] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\alg.exe[1936] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\alg.exe[1936] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\alg.exe[1936] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\alg.exe[1936] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\alg.exe[1936] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\alg.exe[1936] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\alg.exe[1936] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\alg.exe[1936] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\alg.exe[1936] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\alg.exe[1936] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\alg.exe[1936] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00130F54
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00130FE0
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00130D24
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00130DB0
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00130E3C
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00130EC8
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system\hpsysdrv.exe[2152] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system\hpsysdrv.exe[2152] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system\hpsysdrv.exe[2152] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system\hpsysdrv.exe[2152] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system\hpsysdrv.exe[2152] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system\hpsysdrv.exe[2152] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\system\hpsysdrv.exe[2152] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\system\hpsysdrv.exe[2152] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system\hpsysdrv.exe[2152] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\system\hpsysdrv.exe[2152] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\system\hpsysdrv.exe[2152] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system\hpsysdrv.exe[2152] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\system\hpsysdrv.exe[2152] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\WINDOWS\system\hpsysdrv.exe[2152] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system\hpsysdrv.exe[2152] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00130F54
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00130FE0
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00130D24
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00130DB0
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00130E3C
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00130EC8
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] ws2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] ws2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] ws2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\hphmon05.exe[2180] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\hphmon05.exe[2180] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\hphmon05.exe[2180] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\hphmon05.exe[2180] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\hphmon05.exe[2180] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\hphmon05.exe[2180] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\hphmon05.exe[2180] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\hphmon05.exe[2180] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\hphmon05.exe[2180] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\hphmon05.exe[2180] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\hphmon05.exe[2180] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\hphmon05.exe[2180] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\hphmon05.exe[2180] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\hphmon05.exe[2180] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\hphmon05.exe[2180] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\HP\KBD\kbd.exe[2188] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\HP\KBD\kbd.exe[2188] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\HP\KBD\kbd.exe[2188] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\HP\KBD\kbd.exe[2188] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\HP\KBD\kbd.exe[2188] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\HP\KBD\kbd.exe[2188] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\HP\KBD\kbd.exe[2188] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\HP\KBD\kbd.exe[2188] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\HP\KBD\kbd.exe[2188] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\HP\KBD\kbd.exe[2188] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\HP\KBD\kbd.exe[2188] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\HP\KBD\kbd.exe[2188] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\HP\KBD\kbd.exe[2188] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\HP\KBD\kbd.exe[2188] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\HP\KBD\kbd.exe[2188] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\HP\KBD\kbd.exe[2188] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00130F54
.text C:\HP\KBD\kbd.exe[2188] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00130FE0
.text C:\HP\KBD\kbd.exe[2188] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00130D24
.text C:\HP\KBD\kbd.exe[2188] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00130DB0
.text C:\HP\KBD\kbd.exe[2188] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00130E3C
.text C:\HP\KBD\kbd.exe[2188] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00130EC8
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00130F54
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00130FE0
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00130D24
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00130DB0
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00130E3C
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00130EC8
.text C:\WINDOWS\AGRSMMSG.exe[2320] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\AGRSMMSG.exe[2320] kernel32.dll!VirtualProtect
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1624] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1624] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1624] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1624] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1624] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1624] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1624] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text C:\DOCUME~1\HENRI~1.COR\LOCALS~1\Temp\Répertoire temporaire 1 pour gmer.zip\gmer.exe[1632] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\DOCUME~1\HENRI~1.COR\LOCALS~1\Temp\Répertoire temporaire 1 pour gmer.zip\gmer.exe[1632] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\DOCUME~1\HENRI~1.COR\LOCALS~1\Temp\Répertoire temporaire 1 pour gmer.zip\gmer.exe[1632] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\DOCUME~1\HENRI~1.COR\LOCALS~1\Temp\Répertoire temporaire 1 pour gmer.zip\gmer.exe[1632] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\DOCUME~1\HENRI~1.COR\LOCALS~1\Temp\Répertoire temporaire 1 pour gmer.zip\gmer.exe[1632] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\DOCUME~1\HENRI~1.COR\LOCALS~1\Temp\Répertoire temporaire 1 pour gmer.zip\gmer.exe[1632] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\DOCUME~1\HENRI~1.COR\LOCALS~1\Temp\Répertoire temporaire 1 pour gmer.zip\gmer.exe[1632] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\DOCUME~1\HENRI~1.COR\LOCALS~1\Temp\Répertoire temporaire 1 pour gmer.zip\gmer.exe[1632] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\DOCUME~1\HENRI~1.COR\LOCALS~1\Temp\Répertoire temporaire 1 pour gmer.zip\gmer.exe[1632] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\DOCUME~1\HENRI~1.COR\LOCALS~1\Temp\Répertoire temporaire 1 pour gmer.zip\gmer.exe[1632] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\DOCUME~1\HENRI~1.COR\LOCALS~1\Temp\Répertoire temporaire 1 pour gmer.zip\gmer.exe[1632] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\DOCUME~1\HENRI~1.COR\LOCALS~1\Temp\Répertoire temporaire 1 pour gmer.zip\gmer.exe[1632] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\DOCUME~1\HENRI~1.COR\LOCALS~1\Temp\Répertoire temporaire 1 pour gmer.zip\gmer.exe[1632] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\DOCUME~1\HENRI~1.COR\LOCALS~1\Temp\Répertoire temporaire 1 pour gmer.zip\gmer.exe[1632] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\DOCUME~1\HENRI~1.COR\LOCALS~1\Temp\Répertoire temporaire 1 pour gmer.zip\gmer.exe[1632] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\alg.exe[1936] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\alg.exe[1936] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\alg.exe[1936] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\alg.exe[1936] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\alg.exe[1936] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\alg.exe[1936] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\alg.exe[1936] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\alg.exe[1936] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\alg.exe[1936] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\alg.exe[1936] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\alg.exe[1936] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\alg.exe[1936] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\alg.exe[1936] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\alg.exe[1936] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\alg.exe[1936] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\alg.exe[1936] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\alg.exe[1936] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\alg.exe[1936] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00130F54
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00130FE0
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00130D24
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00130DB0
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00130E3C
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00130EC8
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe[2116] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system\hpsysdrv.exe[2152] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system\hpsysdrv.exe[2152] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system\hpsysdrv.exe[2152] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system\hpsysdrv.exe[2152] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system\hpsysdrv.exe[2152] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system\hpsysdrv.exe[2152] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\system\hpsysdrv.exe[2152] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\system\hpsysdrv.exe[2152] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system\hpsysdrv.exe[2152] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\system\hpsysdrv.exe[2152] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\system\hpsysdrv.exe[2152] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system\hpsysdrv.exe[2152] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\system\hpsysdrv.exe[2152] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\WINDOWS\system\hpsysdrv.exe[2152] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system\hpsysdrv.exe[2152] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00130F54
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00130FE0
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00130D24
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00130DB0
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00130E3C
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00130EC8
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] ws2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] ws2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2164] ws2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\hphmon05.exe[2180] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\hphmon05.exe[2180] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\hphmon05.exe[2180] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\hphmon05.exe[2180] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\hphmon05.exe[2180] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\hphmon05.exe[2180] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\hphmon05.exe[2180] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\hphmon05.exe[2180] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\hphmon05.exe[2180] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\hphmon05.exe[2180] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\hphmon05.exe[2180] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\hphmon05.exe[2180] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\hphmon05.exe[2180] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\hphmon05.exe[2180] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\hphmon05.exe[2180] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\HP\KBD\kbd.exe[2188] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\HP\KBD\kbd.exe[2188] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\HP\KBD\kbd.exe[2188] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\HP\KBD\kbd.exe[2188] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\HP\KBD\kbd.exe[2188] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\HP\KBD\kbd.exe[2188] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\HP\KBD\kbd.exe[2188] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\HP\KBD\kbd.exe[2188] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\HP\KBD\kbd.exe[2188] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\HP\KBD\kbd.exe[2188] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\HP\KBD\kbd.exe[2188] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\HP\KBD\kbd.exe[2188] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\HP\KBD\kbd.exe[2188] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\HP\KBD\kbd.exe[2188] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\HP\KBD\kbd.exe[2188] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\HP\KBD\kbd.exe[2188] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00130F54
.text C:\HP\KBD\kbd.exe[2188] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00130FE0
.text C:\HP\KBD\kbd.exe[2188] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00130D24
.text C:\HP\KBD\kbd.exe[2188] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00130DB0
.text C:\HP\KBD\kbd.exe[2188] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00130E3C
.text C:\HP\KBD\kbd.exe[2188] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00130EC8
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00130F54
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00130FE0
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00130D24
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00130DB0
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00130E3C
.text C:\Program Files\iTunes\iTunesHelper.exe[2216] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00130EC8
.text C:\WINDOWS\AGRSMMSG.exe[2320] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\AGRSMMSG.exe[2320] kernel32.dll!VirtualProtect
.text C:\WINDOWS\AGRSMMSG.exe[2320] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\AGRSMMSG.exe[2320] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\AGRSMMSG.exe[2320] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\AGRSMMSG.exe[2320] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\AGRSMMSG.exe[2320] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\AGRSMMSG.exe[2320] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\AGRSMMSG.exe[2320] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\AGRSMMSG.exe[2320] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\AGRSMMSG.exe[2320] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\AGRSMMSG.exe[2320] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\AGRSMMSG.exe[2320] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\WINDOWS\AGRSMMSG.exe[2320] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\AGRSMMSG.exe[2320] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\iPod\bin\iPodService.exe[2328] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\iPod\bin\iPodService.exe[2328] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\iPod\bin\iPodService.exe[2328] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\iPod\bin\iPodService.exe[2328] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\iPod\bin\iPodService.exe[2328] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\iPod\bin\iPodService.exe[2328] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\iPod\bin\iPodService.exe[2328] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\iPod\bin\iPodService.exe[2328] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\iPod\bin\iPodService.exe[2328] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\iPod\bin\iPodService.exe[2328] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\iPod\bin\iPodService.exe[2328] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\iPod\bin\iPodService.exe[2328] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\iPod\bin\iPodService.exe[2328] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\iPod\bin\iPodService.exe[2328] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\iPod\bin\iPodService.exe[2328] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2396] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2396] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2396] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2396] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2396] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2396] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2396] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2396] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2396] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2396] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2396] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2396] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2396] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2396] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2396] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe[2528] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe[2528] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe[2528] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe[2528] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe[2528] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe[2528] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe[2528] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe[2528] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe[2528] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe[2528] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe[2528] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe[2528] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe[2528] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608
.text C:\WINDOWS\ALCXMNTR.EXE[2556] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\ALCXMNTR.EXE[2556] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\ALCXMNTR.EXE[2556] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\ALCXMNTR.EXE[2556] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\ALCXMNTR.EXE[2556] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\ALCXMNTR.EXE[2556] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\ALCXMNTR.EXE[2556] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\ALCXMNTR.EXE[2556] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\ALCXMNTR.EXE[2556] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\ALCXMNTR.EXE[2556] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\ALCXMNTR.EXE[2556] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\ALCXMNTR.EXE[2556] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\ALCXMNTR.EXE[2556] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\WINDOWS\ALCXMNTR.EXE[2556] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\ALCXMNTR.EXE[2556] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2616] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2616] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2616] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2616] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2616] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2616] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2616] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2616] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2616] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2616] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2616] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2616] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2616] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2616] user32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2616] user32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] kernel32.dll!SetUnhandledExceptionFilter 7C84479D 5 Bytes JMP 004E12D0 C:\Program Files\MSN Messenger\msnmsgr.exe
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000707AC
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00070720
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000708C4
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00070838
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] WS2_32.dll!connect 719F406A 5 Bytes JMP 00070950
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00070F54
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00070FE0
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00070D24
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00070DB0
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00070E3C
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00070EC8
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[2688] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[2688] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[2688] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[2688] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[2688] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[2688] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[2688] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[2688] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[2688] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[2688] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[2688] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[2688] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[2688] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[2688] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[2688] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] WININET.dll!InternetConnectA
.text C:\WINDOWS\AGRSMMSG.exe[2320] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\AGRSMMSG.exe[2320] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\AGRSMMSG.exe[2320] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\AGRSMMSG.exe[2320] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\AGRSMMSG.exe[2320] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\AGRSMMSG.exe[2320] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\AGRSMMSG.exe[2320] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\AGRSMMSG.exe[2320] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\AGRSMMSG.exe[2320] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\AGRSMMSG.exe[2320] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\WINDOWS\AGRSMMSG.exe[2320] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\AGRSMMSG.exe[2320] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\iPod\bin\iPodService.exe[2328] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\iPod\bin\iPodService.exe[2328] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\iPod\bin\iPodService.exe[2328] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\iPod\bin\iPodService.exe[2328] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\iPod\bin\iPodService.exe[2328] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\iPod\bin\iPodService.exe[2328] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\iPod\bin\iPodService.exe[2328] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\iPod\bin\iPodService.exe[2328] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\iPod\bin\iPodService.exe[2328] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\iPod\bin\iPodService.exe[2328] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\iPod\bin\iPodService.exe[2328] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\iPod\bin\iPodService.exe[2328] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\iPod\bin\iPodService.exe[2328] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\iPod\bin\iPodService.exe[2328] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\iPod\bin\iPodService.exe[2328] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2396] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2396] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2396] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2396] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2396] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2396] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2396] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2396] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2396] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2396] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2396] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2396] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2396] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2396] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2396] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe[2528] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe[2528] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe[2528] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe[2528] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe[2528] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe[2528] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe[2528] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe[2528] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe[2528] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe[2528] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe[2528] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe[2528] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe[2528] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608
.text C:\WINDOWS\ALCXMNTR.EXE[2556] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\ALCXMNTR.EXE[2556] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\ALCXMNTR.EXE[2556] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\ALCXMNTR.EXE[2556] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\ALCXMNTR.EXE[2556] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\ALCXMNTR.EXE[2556] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\ALCXMNTR.EXE[2556] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\ALCXMNTR.EXE[2556] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\ALCXMNTR.EXE[2556] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\ALCXMNTR.EXE[2556] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\ALCXMNTR.EXE[2556] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\ALCXMNTR.EXE[2556] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\ALCXMNTR.EXE[2556] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\WINDOWS\ALCXMNTR.EXE[2556] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\ALCXMNTR.EXE[2556] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2616] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2616] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2616] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2616] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2616] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2616] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2616] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2616] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2616] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2616] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2616] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2616] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2616] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2616] user32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2616] user32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] kernel32.dll!SetUnhandledExceptionFilter 7C84479D 5 Bytes JMP 004E12D0 C:\Program Files\MSN Messenger\msnmsgr.exe
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000707AC
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00070720
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000708C4
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00070838
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] WS2_32.dll!connect 719F406A 5 Bytes JMP 00070950
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00070F54
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00070FE0
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00070D24
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00070DB0
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00070E3C
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2632] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00070EC8
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[2688] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[2688] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[2688] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[2688] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[2688] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[2688] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[2688] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[2688] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[2688] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[2688] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[2688] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[2688] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[2688] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[2688] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[2688] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2732] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] WININET.dll!InternetConnectA
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] WININET.dll!InternetConnectW 01905B98 5 Bytes JMP 00130FE0
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] WININET.dll!InternetOpenA 0190C859 5 Bytes JMP 00130D24
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] WININET.dll!InternetOpenW 0190CE91 5 Bytes JMP 00130DB0
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] WININET.dll!InternetOpenUrlA 019106CD 5 Bytes JMP 00130E3C
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] WININET.dll!InternetOpenUrlW 0195A881 5 Bytes JMP 00130EC8
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] ws2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] ws2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] ws2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2884] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2884] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2884] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2884] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2884] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2884] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2884] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2884] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2884] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2884] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2884] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2884] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2884] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2884] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2884] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\ctfmon.exe[3328] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\ctfmon.exe[3328] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\ctfmon.exe[3328] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\ctfmon.exe[3328] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\ctfmon.exe[3328] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\ctfmon.exe[3328] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\ctfmon.exe[3328] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\ctfmon.exe[3328] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\ctfmon.exe[3328] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\ctfmon.exe[3328] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\ctfmon.exe[3328] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\ctfmon.exe[3328] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\ctfmon.exe[3328] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\ctfmon.exe[3328] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\ctfmon.exe[3328] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
---- Files - GMER 1.0.12 ----
ADS C:\Documents and Settings\Henri.CORMAHO\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\forleson@hotmail.fr\DFSR\Staging\CS{E1120431-93D4-7C1F-A96B-CE099480A408}\01\13-{E1120431-93D4-7C1F-A96B-CE099480A408}-v1-{D3452B36-DE80-4459-9D46-6C18B49E42A3}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Henri.CORMAHO\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\forleson@hotmail.fr\DFSR\Staging\CS{E1120431-93D4-7C1F-A96B-CE099480A408}\16\16-{D3452B36-DE80-4459-9D46-6C18B49E42A3}-v16-{D3452B36-DE80-4459-9D46-6C18B49E42A3}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Henri.CORMAHO\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\forleson@hotmail.fr\DFSR\Staging\CS{E1120431-93D4-7C1F-A96B-CE099480A408}\16\16-{D3452B36-DE80-4459-9D46-6C18B49E42A3}-v16-{D3452B36-DE80-4459-9D46-6C18B49E42A3}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Henri.CORMAHO\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\forleson@hotmail.fr\DFSR\Staging\CS{E1120431-93D4-7C1F-A96B-CE099480A408}\17\17-{D3452B36-DE80-4459-9D46-6C18B49E42A3}-v17-{D3452B36-DE80-4459-9D46-6C18B49E42A3}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Henri.CORMAHO\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\forleson@hotmail.fr\DFSR\Staging\CS{E1120431-93D4-7C1F-A96B-CE099480A408}\17\17-{D3452B36-DE80-4459-9D46-6C18B49E42A3}-v17-{D3452B36-DE80-4459-9D46-6C18B49E42A3}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Henri.CORMAHO\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\forleson@hotmail.fr\DFSR\Staging\CS{E1120431-93D4-7C1F-A96B-CE099480A408}\18\18-{897944AA-1425-4916-A868-74E993A5A564}-v18-{897944AA-1425-4916-A868-74E993A5A564}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Henri.CORMAHO\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\tristanna_01@hotmail.com\DFSR\Staging\CS{FF0C10DE-3261-B258-7E5E-7EFD6D398E08}\01\15-{FF0C10DE-3261-B258-7E5E-7EFD6D398E08}-v1-{D3452B36-DE80-4459-9D46-6C18B49E42A3}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\berns04@hotmail.fr\DFSR\Staging\CS{45447155-C5C1-6067-BF15-F265F2BEF208}\01\17-{45447155-C5C1-6067-BF15-F265F2BEF208}-v1-{74A24E27-77B7-49D7-BE34-1CCD21B19329}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\berns04@hotmail.fr\DFSR\Staging\CS{45447155-C5C1-6067-BF15-F265F2BEF208}\84\84-{7E6607D7-B475-4549-B890-2CB905F15BAB}-v84-{7E6607D7-B475-4549-B890-2CB905F15BAB}-v84-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\forleson@hotmail.fr\DFSR\Staging\CS{E1120431-93D4-7C1F-A96B-CE099480A408}\01\19-{E1120431-93D4-7C1F-A96B-CE099480A408}-v1-{74A24E27-77B7-49D7-BE34-1CCD21B19329}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\forleson@hotmail.fr\DFSR\Staging\CS{E1120431-93D4-7C1F-A96B-CE099480A408}\12\12-{897944AA-1425-4916-A868-74E993A5A564}-v12-{897944AA-1425-4916-A868-74E993A5A564}-v12-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\forleson@hotmail.fr\DFSR\Staging\CS{E1120431-93D4-7C1F-A96B-CE099480A408}\18\18-{897944AA-1425-4916-A868-74E993A5A564}-v18-{897944AA-1425-4916-A868-74E993A5A564}-v18-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\forleson@hotmail.fr\DFSR\Staging\CS{E1120431-93D4-7C1F-A96B-CE099480A408}\20\20-{74A24E27-77B7-49D7-BE34-1CCD21B19329}-v20-{74A24E27-77B7-49D7-BE34-1CCD21B19329}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\forleson@hotmail.fr\DFSR\Staging\CS{E1120431-93D4-7C1F-A96B-CE099480A408}\20\20-{74A24E27-77B7-49D7-BE34-1CCD21B19329}-v20-{74A24E27-77B7-49D7-BE34-1CCD21B19329}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\forleson@hotmail.fr\DFSR\Staging\CS{E1120431-93D4-7C1F-A96B-CE099480A408}\20\20-{74A24E27-77B7-49D7-BE34-1CCD21B19329}-v20-{74A24E27-77B7-49D7-BE34-1CCD21B19329}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\tristanna_01@hotmail.com\DFSR\Staging\CS{FF0C10DE-3261-B258-7E5E-7EFD6D398E08}\01\18-{FF0C10DE-3261-B258-7E5E-7EFD6D398E08}-v1-{74A24E27-77B7-49D7-BE34-1CCD21B19329}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\tristanna_01@hotmail.com\DFSR\Staging\CS{FF0C10DE-3261-B258-7E5E-7EFD6D398E08}\12\12-{356D7A03-79EE-4337-932B-99876D7B7DCB}-v12-{356D7A03-79EE-4337-932B-99876D7B7DCB}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\zandetbois@hotmail.com\DFSR\Staging\CS{180B34D2-CAA5-DB82-892B-0C4705405C8E}\01\10-{180B34D2-CAA5-DB82-892B-0C4705405C8E}-v1-{74A24E27-77B7-49D7-BE34-1CCD21B19329}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\zandetbois@hotmail.com\DFSR\Staging\CS{180B34D2-CAA5-DB82-892B-0C4705405C8E}\11\11-{74A24E27-77B7-49D7-BE34-1CCD21B19329}-v11-{74A24E27-77B7-49D7-BE34-1CCD21B19329}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\zandetbois@hotmail.com\DFSR\Staging\CS{180B34D2-CAA5-DB82-892B-0C4705405C8E}\11\11-{74A24E27-77B7-49D7-BE34-1CCD21B19329}-v11-{74A24E27-77B7-49D7-BE34-1CCD21B19329}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\zandetbois@hotmail.com\DFSR\Staging\CS{180B34D2-CAA5-DB82-892B-0C4705405C8E}\11\11-{74A24E27-77B7-49D7-BE34-1CCD21B19329}-v11-{74A24E27-77B7-49D7-BE34-1CCD21B19329}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\zandetbois@hotmail.com\DFSR\Staging\CS{180B34D2-CAA5-DB82-892B-0C4705405C8E}\73\273-{F5423A8D-B0D2-4A33-850C-D2E0D123B23B}-v273-{F5423A8D-B0D2-4A33-850C-D2E0D123B23B}-v273-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\zandetbois@hotmail.com\DFSR\Staging\CS{180B34D2-CAA5-DB82-892B-0C4705405C8E}\77\215-{F5423A8D-B0D2-4A33-850C-D2E0D123B23B}-v177-{F5423A8D-B0D2-4A33-850C-D2E0D123B23B}-v215-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\zandetbois@hotmail.com\DFSR\Staging\CS{180B34D2-CAA5-DB82-892B-0C4705405C8E}\78\279-{F5423A8D-B0D2-4A33-850C-D2E0D123B23B}-v278-{F5423A8D-B0D2-4A33-850C-D2E0D123B23B}-v279-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
---- EOF - GMER 1.0.12 ----
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] WININET.dll!InternetOpenA 0190C859 5 Bytes JMP 00130D24
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] WININET.dll!InternetOpenW 0190CE91 5 Bytes JMP 00130DB0
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] WININET.dll!InternetOpenUrlA 019106CD 5 Bytes JMP 00130E3C
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] WININET.dll!InternetOpenUrlW 0195A881 5 Bytes JMP 00130EC8
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] ws2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] ws2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe[2832] ws2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2884] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2884] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2884] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2884] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2884] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2884] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2884] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2884] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2884] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2884] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2884] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2884] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2884] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2884] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2884] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\ctfmon.exe[3328] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\ctfmon.exe[3328] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\ctfmon.exe[3328] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\ctfmon.exe[3328] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\ctfmon.exe[3328] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\ctfmon.exe[3328] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\ctfmon.exe[3328] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\ctfmon.exe[3328] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\ctfmon.exe[3328] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\ctfmon.exe[3328] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\ctfmon.exe[3328] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\ctfmon.exe[3328] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\ctfmon.exe[3328] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\ctfmon.exe[3328] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\ctfmon.exe[3328] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
---- Files - GMER 1.0.12 ----
ADS C:\Documents and Settings\Henri.CORMAHO\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\forleson@hotmail.fr\DFSR\Staging\CS{E1120431-93D4-7C1F-A96B-CE099480A408}\01\13-{E1120431-93D4-7C1F-A96B-CE099480A408}-v1-{D3452B36-DE80-4459-9D46-6C18B49E42A3}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Henri.CORMAHO\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\forleson@hotmail.fr\DFSR\Staging\CS{E1120431-93D4-7C1F-A96B-CE099480A408}\16\16-{D3452B36-DE80-4459-9D46-6C18B49E42A3}-v16-{D3452B36-DE80-4459-9D46-6C18B49E42A3}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Henri.CORMAHO\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\forleson@hotmail.fr\DFSR\Staging\CS{E1120431-93D4-7C1F-A96B-CE099480A408}\16\16-{D3452B36-DE80-4459-9D46-6C18B49E42A3}-v16-{D3452B36-DE80-4459-9D46-6C18B49E42A3}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Henri.CORMAHO\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\forleson@hotmail.fr\DFSR\Staging\CS{E1120431-93D4-7C1F-A96B-CE099480A408}\17\17-{D3452B36-DE80-4459-9D46-6C18B49E42A3}-v17-{D3452B36-DE80-4459-9D46-6C18B49E42A3}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Henri.CORMAHO\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\forleson@hotmail.fr\DFSR\Staging\CS{E1120431-93D4-7C1F-A96B-CE099480A408}\17\17-{D3452B36-DE80-4459-9D46-6C18B49E42A3}-v17-{D3452B36-DE80-4459-9D46-6C18B49E42A3}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Henri.CORMAHO\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\forleson@hotmail.fr\DFSR\Staging\CS{E1120431-93D4-7C1F-A96B-CE099480A408}\18\18-{897944AA-1425-4916-A868-74E993A5A564}-v18-{897944AA-1425-4916-A868-74E993A5A564}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Henri.CORMAHO\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\tristanna_01@hotmail.com\DFSR\Staging\CS{FF0C10DE-3261-B258-7E5E-7EFD6D398E08}\01\15-{FF0C10DE-3261-B258-7E5E-7EFD6D398E08}-v1-{D3452B36-DE80-4459-9D46-6C18B49E42A3}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\berns04@hotmail.fr\DFSR\Staging\CS{45447155-C5C1-6067-BF15-F265F2BEF208}\01\17-{45447155-C5C1-6067-BF15-F265F2BEF208}-v1-{74A24E27-77B7-49D7-BE34-1CCD21B19329}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\berns04@hotmail.fr\DFSR\Staging\CS{45447155-C5C1-6067-BF15-F265F2BEF208}\84\84-{7E6607D7-B475-4549-B890-2CB905F15BAB}-v84-{7E6607D7-B475-4549-B890-2CB905F15BAB}-v84-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\forleson@hotmail.fr\DFSR\Staging\CS{E1120431-93D4-7C1F-A96B-CE099480A408}\01\19-{E1120431-93D4-7C1F-A96B-CE099480A408}-v1-{74A24E27-77B7-49D7-BE34-1CCD21B19329}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\forleson@hotmail.fr\DFSR\Staging\CS{E1120431-93D4-7C1F-A96B-CE099480A408}\12\12-{897944AA-1425-4916-A868-74E993A5A564}-v12-{897944AA-1425-4916-A868-74E993A5A564}-v12-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\forleson@hotmail.fr\DFSR\Staging\CS{E1120431-93D4-7C1F-A96B-CE099480A408}\18\18-{897944AA-1425-4916-A868-74E993A5A564}-v18-{897944AA-1425-4916-A868-74E993A5A564}-v18-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\forleson@hotmail.fr\DFSR\Staging\CS{E1120431-93D4-7C1F-A96B-CE099480A408}\20\20-{74A24E27-77B7-49D7-BE34-1CCD21B19329}-v20-{74A24E27-77B7-49D7-BE34-1CCD21B19329}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\forleson@hotmail.fr\DFSR\Staging\CS{E1120431-93D4-7C1F-A96B-CE099480A408}\20\20-{74A24E27-77B7-49D7-BE34-1CCD21B19329}-v20-{74A24E27-77B7-49D7-BE34-1CCD21B19329}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\forleson@hotmail.fr\DFSR\Staging\CS{E1120431-93D4-7C1F-A96B-CE099480A408}\20\20-{74A24E27-77B7-49D7-BE34-1CCD21B19329}-v20-{74A24E27-77B7-49D7-BE34-1CCD21B19329}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\tristanna_01@hotmail.com\DFSR\Staging\CS{FF0C10DE-3261-B258-7E5E-7EFD6D398E08}\01\18-{FF0C10DE-3261-B258-7E5E-7EFD6D398E08}-v1-{74A24E27-77B7-49D7-BE34-1CCD21B19329}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\tristanna_01@hotmail.com\DFSR\Staging\CS{FF0C10DE-3261-B258-7E5E-7EFD6D398E08}\12\12-{356D7A03-79EE-4337-932B-99876D7B7DCB}-v12-{356D7A03-79EE-4337-932B-99876D7B7DCB}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\zandetbois@hotmail.com\DFSR\Staging\CS{180B34D2-CAA5-DB82-892B-0C4705405C8E}\01\10-{180B34D2-CAA5-DB82-892B-0C4705405C8E}-v1-{74A24E27-77B7-49D7-BE34-1CCD21B19329}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\zandetbois@hotmail.com\DFSR\Staging\CS{180B34D2-CAA5-DB82-892B-0C4705405C8E}\11\11-{74A24E27-77B7-49D7-BE34-1CCD21B19329}-v11-{74A24E27-77B7-49D7-BE34-1CCD21B19329}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\zandetbois@hotmail.com\DFSR\Staging\CS{180B34D2-CAA5-DB82-892B-0C4705405C8E}\11\11-{74A24E27-77B7-49D7-BE34-1CCD21B19329}-v11-{74A24E27-77B7-49D7-BE34-1CCD21B19329}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\zandetbois@hotmail.com\DFSR\Staging\CS{180B34D2-CAA5-DB82-892B-0C4705405C8E}\11\11-{74A24E27-77B7-49D7-BE34-1CCD21B19329}-v11-{74A24E27-77B7-49D7-BE34-1CCD21B19329}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\zandetbois@hotmail.com\DFSR\Staging\CS{180B34D2-CAA5-DB82-892B-0C4705405C8E}\73\273-{F5423A8D-B0D2-4A33-850C-D2E0D123B23B}-v273-{F5423A8D-B0D2-4A33-850C-D2E0D123B23B}-v273-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\zandetbois@hotmail.com\DFSR\Staging\CS{180B34D2-CAA5-DB82-892B-0C4705405C8E}\77\215-{F5423A8D-B0D2-4A33-850C-D2E0D123B23B}-v177-{F5423A8D-B0D2-4A33-850C-D2E0D123B23B}-v215-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\pimanlapat@hotmail.fr\SharingMetadata\zandetbois@hotmail.com\DFSR\Staging\CS{180B34D2-CAA5-DB82-892B-0C4705405C8E}\78\279-{F5423A8D-B0D2-4A33-850C-D2E0D123B23B}-v278-{F5423A8D-B0D2-4A33-850C-D2E0D123B23B}-v279-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
---- EOF - GMER 1.0.12 ----
QUESTION IDIOTE
Est-ce qu'avec toutes ces informations, il ne pourrai pas y avoir un petit malin de passage qui pourrait les utiliser à mon insus??
un gentil compagnon de forum
:-o)) Aahh bon, je ne suis plus un "cas"!? Mdrr
Bon, "gentil compagnon de forum" ça fait un peu animal de compagnie, mais c'est bien, c'est déjà un avancement! Mdrrr ;-)
lol mais comme on ne connait pas ...ton prénom ..y a pas trop le choix lol On veut savoir mon prénom maintenant, lol
tu m a l air d avoir pas mal , d humour aussi
Comme je te disais...
ça change , de ceux qui ne disent meme pas "bonjour" lol
Manque d'éducation, ils sont cachés derrière leur écran et se
croient dispensés d'être polis!! Pfff
Ouais le courant passe bien, on t inviteras aux fiancialles !Pas de prob, c'est quand?
XDD c est quoi ca , suis pas au courand moa d abordDepuis quand les femmes ont le droit de donner leur avis! Mdrr ;-)
sauf que moi , je ne mettais pas arrêté/antivir
J'ai pas compris.
Immense Remerciement à vous, Bonne Journée, A+
Blessed
Jérôme
Est-ce qu'avec toutes ces informations, il ne pourrai pas y avoir un petit malin de passage qui pourrait les utiliser à mon insus??
un gentil compagnon de forum
:-o)) Aahh bon, je ne suis plus un "cas"!? Mdrr
Bon, "gentil compagnon de forum" ça fait un peu animal de compagnie, mais c'est bien, c'est déjà un avancement! Mdrrr ;-)
lol mais comme on ne connait pas ...ton prénom ..y a pas trop le choix lol On veut savoir mon prénom maintenant, lol
tu m a l air d avoir pas mal , d humour aussi
Comme je te disais...
ça change , de ceux qui ne disent meme pas "bonjour" lol
Manque d'éducation, ils sont cachés derrière leur écran et se
croient dispensés d'être polis!! Pfff
Ouais le courant passe bien, on t inviteras aux fiancialles !Pas de prob, c'est quand?
XDD c est quoi ca , suis pas au courand moa d abordDepuis quand les femmes ont le droit de donner leur avis! Mdrr ;-)
sauf que moi , je ne mettais pas arrêté/antivir
J'ai pas compris.
Immense Remerciement à vous, Bonne Journée, A+
Blessed
Jérôme
plouf plouf
Messages postés
4561
Date d'inscription
mercredi 19 avril 2006
Statut
Contributeur
Dernière intervention
20 décembre 2019
801
19 avril 2007 à 17:34
19 avril 2007 à 17:34
Coucou,
Bon, "gentil compagnon de forum" ça fait un peu animal de compagnie, mais c'est bien, c'est déjà un avancement! Mdrrr ;-)
:-o)) non pas du tout , sauf ,si comme toi , on à l esprit ,tordu !? :-))
On veut savoir mon prénom maintenant, lol non pas forcément , je disais simplement qu'au début , ca me faisait bizarre d'écrire "batarsité" mais qu il n'y avait pas trop le choix , du fait que j'ne connaissait pas ton prénom valala :-)
Depuis quand les femmes ont le droit de donner leur avis! Mdrr ;-)
Tu m'cherche encore lol attention , a toi , sinon quan j'te verrais , la 1ere chose que je ferais , c'est de t'écraser les or teilles , méfie toi lol
sauf que moi , je ne mettais pas arrêté/antivir
J'ai pas compris.
C'est Quentin qui va s'occuper .. , d'antivir ...
La force est avec toi :-))
Ouais le courant passe bien, on t inviteras aux fiancialles !
Pas de prob c'est quand !?
A, qui, tu parle là ..loll
Plus sérieusement , ton pc ne va pas mieux , aprés le passage d'antivir!?
Bisous
bonne fin de journée
Bon, "gentil compagnon de forum" ça fait un peu animal de compagnie, mais c'est bien, c'est déjà un avancement! Mdrrr ;-)
:-o)) non pas du tout , sauf ,si comme toi , on à l esprit ,tordu !? :-))
On veut savoir mon prénom maintenant, lol non pas forcément , je disais simplement qu'au début , ca me faisait bizarre d'écrire "batarsité" mais qu il n'y avait pas trop le choix , du fait que j'ne connaissait pas ton prénom valala :-)
Depuis quand les femmes ont le droit de donner leur avis! Mdrr ;-)
Tu m'cherche encore lol attention , a toi , sinon quan j'te verrais , la 1ere chose que je ferais , c'est de t'écraser les or teilles , méfie toi lol
sauf que moi , je ne mettais pas arrêté/antivir
J'ai pas compris.
C'est Quentin qui va s'occuper .. , d'antivir ...
La force est avec toi :-))
Ouais le courant passe bien, on t inviteras aux fiancialles !
Pas de prob c'est quand !?
A, qui, tu parle là ..loll
Plus sérieusement , ton pc ne va pas mieux , aprés le passage d'antivir!?
Bisous
bonne fin de journée
Coucou, ça va?
:-o)) non pas du tout , sauf ,si comme toi , on à l esprit ,tordu !? :-))
:-( no comment. Tu as vu, je maîtrise l'anglais ;-) Mdrr
j'ne connaissait pas ton prénom valala :-) Maintenant, tu le connais, ;-) lol
sinon quan j'te verrais , la 1ere chose que je ferais , c'est de t'écraser les or teilles , méfie toi
Ahh ouai, on sera amenés à se rencontrer, pas de prob. ;-) lol
Tu viens de mon coin? Mdrrrr ;-)
C'est Quentin qui va s'occuper .. , d'antivir ...
Ok, on va voir ce Régis59/Quentin (je sais même plus comment vous appelez) pense de ma situation.
ton pc ne va pas mieux , aprés le passage d'antivir!? Franchement, je ne sais pas. Pour l'instant, je n'ai plus eu d'écran bleu, comme je le disais précédemment l'icône d'antivir a disparue, l'icône windows m'indique que j'encoure un risque car mon anti-virus est périmé, j'ai des problèmes de messagerie orange et je pense avoir quelques saloperies sur mon pc. Sinon, la connection internet et le fonctionnement du pc en général paraissent correctes.
Bonne Journée
Blessed
Jérôme
:-o)) non pas du tout , sauf ,si comme toi , on à l esprit ,tordu !? :-))
:-( no comment. Tu as vu, je maîtrise l'anglais ;-) Mdrr
j'ne connaissait pas ton prénom valala :-) Maintenant, tu le connais, ;-) lol
sinon quan j'te verrais , la 1ere chose que je ferais , c'est de t'écraser les or teilles , méfie toi
Ahh ouai, on sera amenés à se rencontrer, pas de prob. ;-) lol
Tu viens de mon coin? Mdrrrr ;-)
C'est Quentin qui va s'occuper .. , d'antivir ...
Ok, on va voir ce Régis59/Quentin (je sais même plus comment vous appelez) pense de ma situation.
ton pc ne va pas mieux , aprés le passage d'antivir!? Franchement, je ne sais pas. Pour l'instant, je n'ai plus eu d'écran bleu, comme je le disais précédemment l'icône d'antivir a disparue, l'icône windows m'indique que j'encoure un risque car mon anti-virus est périmé, j'ai des problèmes de messagerie orange et je pense avoir quelques saloperies sur mon pc. Sinon, la connection internet et le fonctionnement du pc en général paraissent correctes.
Bonne Journée
Blessed
Jérôme