Accès au Site
 FAQFAQ   RechercherCharte   RechercherRechercher   MembresMembres   UtilisateursUtilisateurs   S'enregistrerS'enregistrer   ProfilProfil   Vérifier ses messages privésVérifier ses messages privés   ConnexionConnexion
 
Problème Windows XP SP2
Aller à la page Précédente  1, 2, 3
 
Répondre au sujet Le site -> Assiste PC Index du Forum -> Désinfection des virus & analyses de logs HijackThisCréer un flux RSS 2.0
Auteur Message
Mina
Habitué
Habitué


Inscrit le: 27 Mar 2007
Message(s): 61
MessagePosté le: 05 Avr 2007 10:50    Sujet du message: Répondre en citant
Salut Sév,

Merci pour ta réponse !!! Smile

Voilà les derniers rapports :

1. Rapport Malekal_morte

Citation:
Rapport clean par Malekal_morte - http://www.malekal.com
Option 1, executee le 04/04/2007 a 23:35:48,59

*** Recherche de fichiers sur C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32
"C:\WINDOWS\Downloaded Program Files\CONFLICT.1" FOUND
"C:\WINDOWS\Downloaded Program Files\CONFLICT.2" FOUND
"C:\Documents and Settings\mina\Application Data\hbtools\" FOUND

"C:\Program Files\DNS\" FOUND
"C:\Program Files\Maxifiles\" FOUND
"C:\Program Files\Viewpoint\" FOUND
*** Fin du rapport !


2. Rapport FixWareout

Citation:
Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.



Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other



»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"Motive SmartBridge"="C:\\PROGRA~1\\NUMERI~1\\MONASS~1\\SMARTB~1\\MotiveSB.exe"
"EPSON Stylus C64 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /P23 \"EPSON Stylus C64 Series\" /O6 \"USB002\" /M \"Stylus C64\""
"StatusCheck"="AppMasterCenter.exe"
"powerdll"="10010.exe"
"APVXDWIN"="\"C:\\Program Files\\Panda Software\\Panda Antivirus Titanium\\APVXDWIN.EXE\" /s"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»


3. Rapport HijackThis 1

Citation:
Logfile of HijackThis v1.99.1
Scan saved at 00:04:48, on 05/04/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\pavProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par NC NUMERICABLE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB002" /M "Stylus C64"
O4 - HKLM\..\Run: [StatusCheck] AppMasterCenter.exe
O4 - HKLM\..\Run: [powerdll] 10010.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168006756905
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe



Rappors GMER, HijackThis 2, Panda ==> message 2

a+ Wink
Revenir en haut de page
Voir le profil de l'utilisateur Envoyer un message privé
Mina
Habitué
Habitué


Inscrit le: 27 Mar 2007
Message(s): 61
MessagePosté le: 05 Avr 2007 10:59    Sujet du message: Répondre en citant
message 2

1. Rapport gmer-première partie

Citation:
GMER 1.0.12.12086 - http://www.gmer.net
Rootkit scan 2007-04-05 01:08:11
Windows 5.1.2600 Service Pack 1


---- System - GMER 1.0.12 ----

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwClose
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcess
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcessEx
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteValueKey
SSDT \SystemRoot\system32\drivers\khips.sys ZwLoadDriver
SSDT \SystemRoot\system32\drivers\khips.sys ZwMapViewOfSection
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwResumeThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetInformationFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetValueKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwWriteFile

---- Kernel code sections - GMER 1.0.12 ----

.text ntoskrnl.exe!KeInitializeInterrupt + B67 804DA23C 1 Byte [ 06 ]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 170 805025EC 4 Bytes [ 80, DF, F9, F4 ]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1A0 8050261C 4 Bytes [ 52, D5, F9, F4 ]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1B0 8050262C 4 Bytes [ 82, 98, F9, F4 ]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1C8 80502644 8 Bytes [ 1A, CA, F9, F4, 10, C9, F9, ... ]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1E0 8050265C 4 Bytes [ 2A, CF, F9, F4 ]
.text ...
PAGENDSM NDIS.sys!NdisMIndicateStatus F9D4587D 6 Bytes JMP F4F91C5E \SystemRoot\system32\drivers\fwdrv.sys
.text ntdll.dll!NtClose 77F658AA 5 Bytes JMP 720342BA
.text ntdll.dll!NtCreateProcess 77F659F4 5 Bytes JMP 72034445
.text ntdll.dll!NtCreateProcessEx 77F65A03 5 Bytes JMP 72034329
.text ntdll.dll!NtCreateSection 77F65A21 5 Bytes JMP 720342D8

---- User code sections - GMER 1.0.12 ----

.text C:\WINDOWS\system32\ctfmon.exe[308] kernel32.dll!VirtualProtect 77E4169E 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\ctfmon.exe[308] kernel32.dll!WriteProcessMemory 77E41A94 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\ctfmon.exe[308] kernel32.dll!CreateProcessW 77E41B8E 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\ctfmon.exe[308] kernel32.dll!CreateProcessA 77E41BBC 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\ctfmon.exe[308] kernel32.dll!WinExec 77E4FD35 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\ctfmon.exe[308] kernel32.dll!CreateProcessInternalA 77E53306 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\ctfmon.exe[308] kernel32.dll!VirtualAllocEx 77E5AC24 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\ctfmon.exe[308] kernel32.dll!VirtualAlloc 77E5AC72 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\ctfmon.exe[308] kernel32.dll!CreateRemoteThread 77E5BC9F 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\ctfmon.exe[308] kernel32.dll!CreateThread 77E5BE53 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\ctfmon.exe[308] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\ctfmon.exe[308] kernel32.dll!CreateProcessInternalW 77E6033A 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\ctfmon.exe[308] kernel32.dll!SetThreadContext 77E7391A 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\ctfmon.exe[308] USER32.dll!SetWindowsHookExA 77D25006 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\ctfmon.exe[308] USER32.dll!SetWindowsHookExW 77D2506A 5 Bytes JMP 000707AC
.text C:\WINDOWS\explorer.exe[460] kernel32.dll!VirtualProtect 77E4169E 5 Bytes JMP 00070090
.text C:\WINDOWS\explorer.exe[460] kernel32.dll!WriteProcessMemory 77E41A94 5 Bytes JMP 00070694
.text C:\WINDOWS\explorer.exe[460] kernel32.dll!CreateProcessW 77E41B8E 5 Bytes JMP 000702C0
.text C:\WINDOWS\explorer.exe[460] kernel32.dll!CreateProcessA 77E41BBC 5 Bytes JMP 00070234
.text C:\WINDOWS\explorer.exe[460] kernel32.dll!WinExec 77E4FD35 5 Bytes JMP 00070464
.text C:\WINDOWS\explorer.exe[460] kernel32.dll!CreateProcessInternalA 77E53306 5 Bytes JMP 0007034C
.text C:\WINDOWS\explorer.exe[460] kernel32.dll!VirtualAllocEx 77E5AC24 5 Bytes JMP 0007011C
.text C:\WINDOWS\explorer.exe[460] kernel32.dll!VirtualAlloc 77E5AC72 5 Bytes JMP 00070004
.text C:\WINDOWS\explorer.exe[460] kernel32.dll!CreateRemoteThread 77E5BC9F 5 Bytes JMP 000704F0
.text C:\WINDOWS\explorer.exe[460] kernel32.dll!CreateThread 77E5BE53 5 Bytes JMP 0007057C
.text C:\WINDOWS\explorer.exe[460] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes JMP 000701A8
.text C:\WINDOWS\explorer.exe[460] kernel32.dll!CreateProcessInternalW 77E6033A 5 Bytes JMP 000703D8
.text C:\WINDOWS\explorer.exe[460] kernel32.dll!SetThreadContext 77E7391A 5 Bytes JMP 00070608
.text C:\WINDOWS\explorer.exe[460] USER32.dll!SetWindowsHookExA 77D25006 5 Bytes JMP 00070720
.text C:\WINDOWS\explorer.exe[460] USER32.dll!SetWindowsHookExW 77D2506A 5 Bytes JMP 000707AC
.text C:\WINDOWS\explorer.exe[460] WS2_32.dll!socket 719F3C22 5 Bytes JMP 000708C4
.text C:\WINDOWS\explorer.exe[460] WS2_32.dll!connect 719F3E5D 5 Bytes JMP 00070950
.text C:\WINDOWS\explorer.exe[460] WS2_32.dll!bind 719F3ECE 5 Bytes JMP 00070838
.text C:\WINDOWS\explorer.exe[460] WININET.dll!InternetConnectA 76195DE6 5 Bytes JMP 00070F54
.text C:\WINDOWS\explorer.exe[460] WININET.dll!InternetConnectW 7619AA8A 5 Bytes JMP 00070FE0
.text C:\WINDOWS\explorer.exe[460] WININET.dll!InternetOpenA 761A017D 5 Bytes JMP 00070D24
.text C:\WINDOWS\explorer.exe[460] WININET.dll!InternetOpenW 761A08D4 5 Bytes JMP 00070DB0
.text C:\WINDOWS\explorer.exe[460] WININET.dll!InternetOpenUrlA 761A1DEF 5 Bytes JMP 00070E3C
.text C:\WINDOWS\explorer.exe[460] WININET.dll!InternetOpenUrlW 761D0D67 5 Bytes JMP 00070EC8
.text C:\WINDOWS\system32\csrss.exe[572] USER32.dll!SetWindowsHookExA 77D25006 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\csrss.exe[572] USER32.dll!SetWindowsHookExW 77D2506A 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[572] KERNEL32.dll!VirtualProtect 77E4169E 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[572] KERNEL32.dll!WriteProcessMemory 77E41A94 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[572] KERNEL32.dll!CreateProcessW 77E41B8E 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[572] KERNEL32.dll!CreateProcessA 77E41BBC 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[572] KERNEL32.dll!WinExec 77E4FD35 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[572] KERNEL32.dll!CreateProcessInternalA 77E53306 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[572] KERNEL32.dll!VirtualAllocEx 77E5AC24 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[572] KERNEL32.dll!VirtualAlloc 77E5AC72 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[572] KERNEL32.dll!CreateRemoteThread 77E5BC9F 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[572] KERNEL32.dll!CreateThread 77E5BE53 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[572] KERNEL32.dll!VirtualProtectEx 77E5D258 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[572] KERNEL32.dll!CreateProcessInternalW 77E6033A 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[572] KERNEL32.dll!SetThreadContext 77E7391A 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\winlogon.exe[596] kernel32.dll!VirtualProtect 77E4169E 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[596] kernel32.dll!WriteProcessMemory 77E41A94 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[596] kernel32.dll!CreateProcessW 77E41B8E 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[596] kernel32.dll!CreateProcessA 77E41BBC 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[596] kernel32.dll!WinExec 77E4FD35 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[596] kernel32.dll!CreateProcessInternalA 77E53306 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[596] kernel32.dll!VirtualAllocEx 77E5AC24 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[596] kernel32.dll!VirtualAlloc 77E5AC72 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[596] kernel32.dll!CreateRemoteThread 77E5BC9F 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[596] kernel32.dll!CreateThread 77E5BE53 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[596] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[596] kernel32.dll!CreateProcessInternalW 77E6033A 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[596] kernel32.dll!SetThreadContext 77E7391A 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[596] USER32.dll!SetWindowsHookExA 77D25006 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[596] USER32.dll!SetWindowsHookExW 77D2506A 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[596] WS2_32.dll!socket 719F3C22 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[596] WS2_32.dll!connect 719F3E5D 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\winlogon.exe[596] WS2_32.dll!bind 719F3ECE 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\services.exe[640] kernel32.dll!VirtualProtect 77E4169E 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\services.exe[640] kernel32.dll!WriteProcessMemory 77E41A94 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\services.exe[640] kernel32.dll!CreateProcessW 77E41B8E 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\services.exe[640] kernel32.dll!CreateProcessA 77E41BBC 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\services.exe[640] kernel32.dll!WinExec 77E4FD35 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\services.exe[640] kernel32.dll!CreateProcessInternalA 77E53306 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\services.exe[640] kernel32.dll!VirtualAllocEx 77E5AC24 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\services.exe[640] kernel32.dll!VirtualAlloc 77E5AC72 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\services.exe[640] kernel32.dll!CreateRemoteThread 77E5BC9F 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\services.exe[640] kernel32.dll!CreateThread 77E5BE53 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\services.exe[640] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\services.exe[640] kernel32.dll!CreateProcessInternalW 77E6033A 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\services.exe[640] kernel32.dll!SetThreadContext 77E7391A 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\services.exe[640] USER32.dll!SetWindowsHookExA 77D25006 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\services.exe[640] USER32.dll!SetWindowsHookExW 77D2506A 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\services.exe[640] WS2_32.dll!socket 719F3C22 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\services.exe[640] WS2_32.dll!connect 719F3E5D 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\services.exe[640] WS2_32.dll!bind 719F3ECE 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\lsass.exe[652] kernel32.dll!VirtualProtect 77E4169E 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\lsass.exe[652] kernel32.dll!WriteProcessMemory 77E41A94 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\lsass.exe[652] kernel32.dll!CreateProcessW 77E41B8E 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\lsass.exe[652] kernel32.dll!CreateProcessA 77E41BBC 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\lsass.exe[652] kernel32.dll!WinExec 77E4FD35 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\lsass.exe[652] kernel32.dll!CreateProcessInternalA 77E53306 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\lsass.exe[652] kernel32.dll!VirtualAllocEx 77E5AC24 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\lsass.exe[652] kernel32.dll!VirtualAlloc 77E5AC72 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\lsass.exe[652] kernel32.dll!CreateRemoteThread 77E5BC9F 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\lsass.exe[652] kernel32.dll!CreateThread 77E5BE53 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\lsass.exe[652] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\lsass.exe[652] kernel32.dll!CreateProcessInternalW 77E6033A 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\lsass.exe[652] kernel32.dll!SetThreadContext 77E7391A 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\lsass.exe[652] USER32.dll!SetWindowsHookExA 77D25006 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\lsass.exe[652] USER32.dll!SetWindowsHookExW 77D2506A 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\lsass.exe[652] WS2_32.dll!socket 719F3C22 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\lsass.exe[652] WS2_32.dll!connect 719F3E5D 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\lsass.exe[652] WS2_32.dll!bind 719F3ECE 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!VirtualProtect 77E4169E 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!WriteProcessMemory 77E41A94 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateProcessW 77E41B8E 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateProcessA 77E41BBC 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!WinExec 77E4FD35 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateProcessInternalA 77E53306 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!VirtualAllocEx 77E5AC24 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!VirtualAlloc 77E5AC72 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateRemoteThread 77E5BC9F 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateThread 77E5BE53 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateProcessInternalW 77E6033A 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!SetThreadContext 77E7391A 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\svchost.exe[828] WS2_32.dll!socket 719F3C22 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\svchost.exe[828] WS2_32.dll!connect 719F3E5D 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\svchost.exe[828] WS2_32.dll!bind 719F3ECE 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\svchost.exe[828] USER32.dll!SetWindowsHookExA 77D25006 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\svchost.exe[828] USER32.dll!SetWindowsHookExW 77D2506A 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!VirtualProtect 77E4169E 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!WriteProcessMemory 77E41A94 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CreateProcessW 77E41B8E 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CreateProcessA 77E41BBC 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!WinExec 77E4FD35 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CreateProcessInternalA 77E53306 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!VirtualAllocEx 77E5AC24 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!VirtualAlloc 77E5AC72 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CreateRemoteThread 77E5BC9F 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CreateThread 77E5BE53 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CreateProcessInternalW 77E6033A 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!SetThreadContext 77E7391A 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\svchost.exe[880] USER32.dll!SetWindowsHookExA 77D25006 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\svchost.exe[880] USER32.dll!SetWindowsHookExW 77D2506A 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\svchost.exe[880] WS2_32.dll!socket 719F3C22 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\svchost.exe[880] WS2_32.dll!connect 719F3E5D 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\svchost.exe[880] WS2_32.dll!bind 719F3ECE 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\svchost.exe[880] WININET.dll!InternetConnectA 76195DE6 5 Bytes JMP 00070F54
.text C:\WINDOWS\system32\svchost.exe[880] WININET.dll!InternetConnectW 7619AA8A 5 Bytes JMP 00070FE0
.text C:\WINDOWS\system32\svchost.exe[880] WININET.dll!InternetOpenA 761A017D 5 Bytes JMP 00070D24
.text C:\WINDOWS\system32\svchost.exe[880] WININET.dll!InternetOpenW 761A08D4 5 Bytes JMP 00070DB0
.text C:\WINDOWS\system32\svchost.exe[880] WININET.dll!InternetOpenUrlA 761A1DEF 5 Bytes JMP 00070E3C
.text C:\WINDOWS\system32\svchost.exe[880] WININET.dll!InternetOpenUrlW 761D0D67 5 Bytes JMP 00070EC8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[960] kernel32.dll!VirtualProtect 77E4169E 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[960] kernel32.dll!WriteProcessMemory 77E41A94 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[960] kernel32.dll!CreateProcessW 77E41B8E 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[960] kernel32.dll!CreateProcessA 77E41BBC 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[960] kernel32.dll!WinExec 77E4FD35 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[960] kernel32.dll!CreateProcessInternalA 77E53306 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[960] kernel32.dll!VirtualAllocEx 77E5AC24 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[960] kernel32.dll!VirtualAlloc 77E5AC72 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[960] kernel32.dll!CreateRemoteThread 77E5BC9F 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[960] kernel32.dll!CreateThread 77E5BE53 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[960] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[960] kernel32.dll!CreateProcessInternalW 77E6033A 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[960] kernel32.dll!SetThreadContext 77E7391A 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[960] USER32.dll!SetWindowsHookExA 77D25006 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[960] USER32.dll!SetWindowsHookExW 77D2506A 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[960] WS2_32.dll!socket 719F3C22 5 Bytes JMP 001308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[960] WS2_32.dll!connect 719F3E5D 5 Bytes JMP 00130950
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[960] WS2_32.dll!bind 719F3ECE 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!VirtualProtect 77E4169E 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!WriteProcessMemory 77E41A94 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessW 77E41B8E 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessA 77E41BBC 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!WinExec 77E4FD35 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessInternalA 77E53306 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!VirtualAllocEx 77E5AC24 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!VirtualAlloc 77E5AC72 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateRemoteThread 77E5BC9F 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateThread 77E5BE53 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessInternalW 77E6033A 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!SetThreadContext 77E7391A 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\svchost.exe[988] USER32.dll!SetWindowsHookExA 77D25006 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\svchost.exe[988] USER32.dll!SetWindowsHookExW 77D2506A 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\svchost.exe[988] WS2_32.dll!socket 719F3C22 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\svchost.exe[988] WS2_32.dll!connect 719F3E5D 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\svchost.exe[988] WS2_32.dll!bind 719F3ECE 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!VirtualProtect 77E4169E 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!WriteProcessMemory 77E41A94 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateProcessW 77E41B8E 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateProcessA 77E41BBC 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!WinExec 77E4FD35 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateProcessInternalA 77E53306 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!VirtualAllocEx 77E5AC24 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!VirtualAlloc 77E5AC72 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateRemoteThread 77E5BC9F 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateThread 77E5BE53 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!CreateProcessInternalW 77E6033A 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!SetThreadContext 77E7391A 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\svchost.exe[1044] USER32.dll!SetWindowsHookExA 77D25006 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\svchost.exe[1044] USER32.dll!SetWindowsHookExW 77D2506A 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\svchost.exe[1044] WS2_32.dll!socket 719F3C22 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\svchost.exe[1044] WS2_32.dll!connect 719F3E5D 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\svchost.exe[1044] WS2_32.dll!bind 719F3ECE 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\svchost.exe[1044] WININET.dll!InternetConnectA 76195DE6 5 Bytes JMP 00070F54
.text C:\WINDOWS\system32\svchost.exe[1044] WININET.dll!InternetConnectW 7619AA8A 5 Bytes JMP 00070FE0
.text C:\WINDOWS\system32\svchost.exe[1044] WININET.dll!InternetOpenA 761A017D 5 Bytes JMP 00070D24
.text C:\WINDOWS\system32\svchost.exe[1044] WININET.dll!InternetOpenW 761A08D4 5 Bytes JMP 00070DB0
.text C:\WINDOWS\system32\svchost.exe[1044] WININET.dll!InternetOpenUrlA 761A1DEF 5 Bytes JMP 00070E3C
.text C:\WINDOWS\system32\svchost.exe[1044] WININET.dll!InternetOpenUrlW 761D0D67 5 Bytes JMP 00070EC8
.text C:\WINDOWS\system32\spoolsv.exe[1208] kernel32.dll!VirtualProtect 77E4169E 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\spoolsv.exe[1208] kernel32.dll!WriteProcessMemory 77E41A94 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\spoolsv.exe[1208] kernel32.dll!CreateProcessW 77E41B8E 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\spoolsv.exe[1208] kernel32.dll!CreateProcessA 77E41BBC 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\spoolsv.exe[1208] kernel32.dll!WinExec 77E4FD35 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\spoolsv.exe[1208] kernel32.dll!CreateProcessInternalA 77E53306 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\spoolsv.exe[1208] kernel32.dll!VirtualAllocEx 77E5AC24 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\spoolsv.exe[1208] kernel32.dll!VirtualAlloc 77E5AC72 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\spoolsv.exe[1208] kernel32.dll!CreateRemoteThread 77E5BC9F 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\spoolsv.exe[1208] kernel32.dll!CreateThread 77E5BE53 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\spoolsv.exe[1208] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\spoolsv.exe[1208] kernel32.dll!CreateProcessInternalW 77E6033A 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\spoolsv.exe[1208] kernel32.dll!SetThreadContext 77E7391A 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\spoolsv.exe[1208] USER32.dll!SetWindowsHookExA 77D25006 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\spoolsv.exe[1208] USER32.dll!SetWindowsHookExW 77D2506A 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\spoolsv.exe[1208] WS2_32.dll!socket 719F3C22 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\spoolsv.exe[1208] WS2_32.dll!connect 719F3E5D 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\spoolsv.exe[1208] WS2_32.dll!bind 719F3ECE 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\alg.exe[1312] kernel32.dll!VirtualProtect 77E4169E 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\alg.exe[1312] kernel32.dll!WriteProcessMemory 77E41A94 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\alg.exe[1312] kernel32.dll!CreateProcessW 77E41B8E 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\alg.exe[1312] kernel32.dll!CreateProcessA 77E41BBC 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\alg.exe[1312] kernel32.dll!WinExec 77E4FD35 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\alg.exe[1312] kernel32.dll!CreateProcessInternalA 77E53306 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\alg.exe[1312] kernel32.dll!VirtualAllocEx 77E5AC24 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\alg.exe[1312] kernel32.dll!VirtualAlloc 77E5AC72 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\alg.exe[1312] kernel32.dll!CreateRemoteThread 77E5BC9F 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\alg.exe[1312] kernel32.dll!CreateThread 77E5BE53 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\alg.exe[1312] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\alg.exe[1312] kernel32.dll!CreateProcessInternalW 77E6033A 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\alg.exe[1312] kernel32.dll!SetThreadContext 77E7391A 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\alg.exe[1312] USER32.dll!SetWindowsHookExA 77D25006 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\alg.exe[1312] USER32.dll!SetWindowsHookExW 77D2506A 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\alg.exe[1312] WS2_32.dll!socket 719F3C22 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\alg.exe[1312] WS2_32.dll!connect 719F3E5D 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\alg.exe[1312] WS2_32.dll!bind 719F3ECE 5 Bytes JMP 00070838
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1324] kernel32.dll!VirtualProtect 77E4169E 5 Bytes JMP 00130090
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1324] kernel32.dll!WriteProcessMemory 77E41A94 5 Bytes JMP 00130694
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1324] kernel32.dll!CreateProcessW 77E41B8E 5 Bytes JMP 001302C0
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1324] kernel32.dll!CreateProcessA 77E41BBC 5 Bytes JMP 00130234
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1324] kernel32.dll!WinExec 77E4FD35 5 Bytes JMP 00130464
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1324] kernel32.dll!CreateProcessInternalA 77E53306 5 Bytes JMP 0013034C
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1324] kernel32.dll!VirtualAllocEx 77E5AC24 5 Bytes JMP 0013011C
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1324] kernel32.dll!VirtualAlloc 77E5AC72 5 Bytes JMP 00130004
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1324] kernel32.dll!CreateRemoteThread 77E5BC9F 5 Bytes JMP 001304F0
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1324] kernel32.dll!CreateThread 77E5BE53 5 Bytes JMP 0013057C
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1324] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes JMP 001301A8
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1324] kernel32.dll!CreateProcessInternalW 77E6033A 5 Bytes JMP 001303D8
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1324] kernel32.dll!SetThreadContext 77E7391A 5 Bytes JMP 00130608
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1324] USER32.dll!SetWindowsHookExA 77D25006 5 Bytes JMP 00130720
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1324] USER32.dll!SetWindowsHookExW 77D2506A 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\Crypserv.exe[1352] kernel32.dll!VirtualProtect 77E4169E 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\Crypserv.exe[1352] kernel32.dll!WriteProcessMemory 77E41A94 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\Crypserv.exe[1352] kernel32.dll!CreateProcessW 77E41B8E 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\Crypserv.exe[1352] kernel32.dll!CreateProcessA 77E41BBC 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\Crypserv.exe[1352] kernel32.dll!WinExec 77E4FD35 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\Crypserv.exe[1352] kernel32.dll!CreateProcessInternalA 77E53306 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\Crypserv.exe[1352] kernel32.dll!VirtualAllocEx 77E5AC24 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\Crypserv.exe[1352] kernel32.dll!VirtualAlloc 77E5AC72 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\Crypserv.exe[1352] kernel32.dll!CreateRemoteThread 77E5BC9F 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\Crypserv.exe[1352] kernel32.dll!CreateThread 77E5BE53 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\Crypserv.exe[1352] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\Crypserv.exe[1352] kernel32.dll!CreateProcessInternalW 77E6033A 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\Crypserv.exe[1352] kernel32.dll!SetThreadContext 77E7391A 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\Crypserv.exe[1352] USER32.dll!SetWindowsHookExA 77D25006 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\Crypserv.exe[1352] USER32.dll!SetWindowsHookExW 77D2506A 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1384] kernel32.dll!VirtualProtect 77E4169E 5 Bytes JMP 00030090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1384] kernel32.dll!WriteProcessMemory 77E41A94 5 Bytes JMP 00030694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1384] kernel32.dll!CreateProcessW 77E41B8E 5 Bytes JMP 000302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1384] kernel32.dll!CreateProcessA 77E41BBC 5 Bytes JMP 00030234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1384] kernel32.dll!WinExec 77E4FD35 5 Bytes JMP 00030464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1384] kernel32.dll!CreateProcessInternalA 77E53306 5 Bytes JMP 0003034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1384] kernel32.dll!VirtualAllocEx 77E5AC24 5 Bytes JMP 0003011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1384] kernel32.dll!VirtualAlloc 77E5AC72 5 Bytes JMP 00030004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1384] kernel32.dll!CreateRemoteThread 77E5BC9F 5 Bytes JMP 000304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1384] kernel32.dll!CreateThread 77E5BE53 5 Bytes JMP 0003057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1384] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes JMP 000301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1384] kernel32.dll!CreateProcessInternalW 77E6033A 5 Bytes JMP 000303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1384] kernel32.dll!SetThreadContext 77E7391A 5 Bytes JMP 00030608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1384] USER32.dll!SetWindowsHookExA 77D25006 5 Bytes JMP 00030720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1384] USER32.dll!SetWindowsHookExW 77D2506A 5 Bytes JMP 000307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1384] WS2_32.dll!socket 719F3C22 5 Bytes JMP 000308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1384] WS2_32.dll!connect 719F3E5D 5 Bytes JMP 00030950
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1384] WS2_32.dll!bind 719F3ECE 5 Bytes JMP 00030838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1384] WININET.dll!InternetConnectA 76195DE6 5 Bytes JMP 00030F54
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1384] WININET.dll!InternetConnectW 7619AA8A 5 Bytes JMP 00030FE0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1384] WININET.dll!InternetOpenA 761A017D 5 Bytes JMP 00030D24
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1384] WININET.dll!InternetOpenW 761A08D4 5 Bytes JMP 00030DB0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1384] WININET.dll!InternetOpenUrlA 761A1DEF 5 Bytes JMP 00030E3C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[1384] WININET.dll!InternetOpenUrlW 761D0D67 5 Bytes JMP 00030EC8
.text C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe[1416] kernel32.dll!VirtualProtect 77E4169E 5 Bytes JMP 00130090
.text C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe[1416] kernel32.dll!WriteProcessMemory 77E41A94 5 Bytes JMP 00130694
.text C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe[1416] kernel32.dll!CreateProcessW 77E41B8E 5 Bytes JMP 001302C0
.text C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe[1416] kernel32.dll!CreateProcessA 77E41BBC 5 Bytes JMP 00130234
.text C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe[1416] kernel32.dll!WinExec 77E4FD35 5 Bytes JMP 00130464
.text C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe[1416] kernel32.dll!CreateProcessInternalA 77E53306 5 Bytes JMP 0013034C
.text C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe[1416] kernel32.dll!VirtualAllocEx 77E5AC24 5 Bytes JMP 0013011C
.text C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe[1416] kernel32.dll!VirtualAlloc 77E5AC72 5 Bytes JMP 00130004
.text C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe[1416] kernel32.dll!CreateRemoteThread 77E5BC9F 5 Bytes JMP 001304F0
.text C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe[1416] kernel32.dll!CreateThread 77E5BE53 5 Bytes JMP 0013057C
.text C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe[1416] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes JMP 001301A8
.text C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe[1416] kernel32.dll!CreateProcessInternalW 77E6033A 5 Bytes JMP 001303D8
.text C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe[1416] kernel32.dll!SetThreadContext 77E7391A 5 Bytes JMP 00130608
.text C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe[1416] USER32.dll!SetWindowsHookExA 77D25006 5 Bytes JMP 00130720
.text C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe[1416] USER32.dll!SetWindowsHookExW 77D2506A 5 Bytes JMP 001307AC
.text C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe[1416] WS2_32.dll!socket 719F3C22 5 Bytes JMP 001308C4
.text C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe[1416] WS2_32.dll!connect 719F3E5D 5 Bytes JMP 00130950
.text C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe[1416] WS2_32.dll!bind 719F3ECE 5 Bytes JMP 00130838
.text C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe[1416] WININET.dll!InternetConnectA 76195DE6 5 Bytes JMP 00130F54
.text C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe[1416] WININET.dll!InternetConnectW 7619AA8A 5 Bytes JMP 00130FE0
.text C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe[1416] WININET.dll!InternetOpenA 761A017D 5 Bytes JMP 00130D24
.text C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe[1416] WININET.dll!InternetOpenW 761A08D4 5 Bytes JMP 00130DB0
.text C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe[1416] WININET.dll!InternetOpenUrlA 761A1DEF 5 Bytes JMP 00130E3C
.text C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe[1416] WININET.dll!InternetOpenUrlW 761D0D67 5 Bytes JMP 00130EC8
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe[1424] kernel32.dll!VirtualProtect 77E4169E 5 Bytes JMP 00130090
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe[1424] kernel32.dll!WriteProcessMemory 77E41A94 5 Bytes JMP 00130694
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe[1424] kernel32.dll!CreateProcessW 77E41B8E 5 Bytes JMP 001302C0
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe[1424] kernel32.dll!CreateProcessA 77E41BBC 5 Bytes JMP 00130234
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe[1424] kernel32.dll!WinExec 77E4FD35 5 Bytes JMP 00130464
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe[1424] kernel32.dll!CreateProcessInternalA 77E53306 5 Bytes JMP 0013034C
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe[1424] kernel32.dll!VirtualAllocEx 77E5AC24 5 Bytes JMP 0013011C
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe[1424] kernel32.dll!VirtualAlloc 77E5AC72 5 Bytes JMP 00130004
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe[1424] kernel32.dll!CreateRemoteThread 77E5BC9F 5 Bytes JMP 001304F0
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe[1424] kernel32.dll!CreateThread 77E5BE53 5 Bytes JMP 0013057C
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe[1424] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes JMP 001301A8
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe[1424] kernel32.dll!CreateProcessInternalW 77E6033A 5 Bytes JMP 001303D8
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe[1424] kernel32.dll!SetThreadContext 77E7391A 5 Bytes JMP 00130608
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe[1424] USER32.dll!SetWindowsHookExA 77D25006 5 Bytes JMP 00130720
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe[1424] USER32.dll!SetWindowsHookExW 77D2506A 5 Bytes JMP 001307AC
.text C:\Program Files\Winamp\winampa.exe[1512] kernel32.dll!VirtualProtect 77E4169E 5 Bytes JMP 00130090
.text C:\Program Files\Winamp\winampa.exe[1512] kernel32.dll!WriteProcessMemory 77E41A94 5 Bytes JMP 00130694
.text C:\Program Files\Winamp\winampa.exe[1512] kernel32.dll!CreateProcessW 77E41B8E 5 Bytes JMP 001302C0
.text C:\Program Files\Winamp\winampa.exe[1512] kernel32.dll!CreateProcessA 77E41BBC 5 Bytes JMP 00130234
.text C:\Program Files\Winamp\winampa.exe[1512] kernel32.dll!WinExec 77E4FD35 5 Bytes JMP 00130464
.text C:\Program Files\Winamp\winampa.exe[1512] kernel32.dll!CreateProcessInternalA 77E53306 5 Bytes JMP 0013034C
.text C:\Program Files\Winamp\winampa.exe[1512] kernel32.dll!VirtualAllocEx 77E5AC24 5 Bytes JMP 0013011C
.text C:\Program Files\Winamp\winampa.exe[1512] kernel32.dll!VirtualAlloc 77E5AC72 5 Bytes JMP 00130004
.text C:\Program Files\Winamp\winampa.exe[1512] kernel32.dll!CreateRemoteThread 77E5BC9F 5 Bytes JMP 001304F0
.text C:\Program Files\Winamp\winampa.exe[1512] kernel32.dll!CreateThread 77E5BE53 5 Bytes JMP 0013057C
.text C:\Program Files\Winamp\winampa.exe[1512] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes JMP 001301A8
.text C:\Program Files\Winamp\winampa.exe[1512] kernel32.dll!CreateProcessInternalW 77E6033A 5 Bytes JMP 001303D8
.text C:\Program Files\Winamp\winampa.exe[1512] kernel32.dll!SetThreadContext 77E7391A 5 Bytes JMP 00130608
.text C:\Program Files\Winamp\winampa.exe[1512] USER32.dll!SetWindowsHookExA 77D25006 5 Bytes JMP 00130720
.text C:\Program Files\Winamp\winampa.exe[1512] USER32.dll!SetWindowsHookExW 77D2506A 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE[1560] kernel32.dll!VirtualProtect 77E4169E 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE[1560] kernel32.dll!WriteProcessMemory 77E41A94 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE[1560] kernel32.dll!CreateProcessW 77E41B8E 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE[1560] kernel32.dll!CreateProcessA 77E41BBC 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE[1560] kernel32.dll!WinExec 77E4FD35 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE[1560] kernel32.dll!CreateProcessInternalA 77E53306 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE[1560] kernel32.dll!VirtualAllocEx 77E5AC24 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE[1560] kernel32.dll!VirtualAlloc 77E5AC72 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE[1560] kernel32.dll!CreateRemoteThread 77E5BC9F 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE[1560] kernel32.dll!CreateThread 77E5BE53 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE[1560] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE[1560] kernel32.dll!CreateProcessInternalW 77E6033A 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE[1560] kernel32.dll!SetThreadContext 77E7391A 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE[1560] USER32.dll!SetWindowsHookExA 77D25006 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE[1560] USER32.dll!SetWindowsHookExW 77D2506A 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\LVCOMSX.EXE[1572] kernel32.dll!VirtualProtect 77E4169E 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\LVCOMSX.EXE[1572] kernel32.dll!WriteProcessMemory 77E41A94 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\LVCOMSX.EXE[1572] kernel32.dll!CreateProcessW 77E41B8E 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\LVCOMSX.EXE[1572] kernel32.dll!CreateProcessA 77E41BBC 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\LVCOMSX.EXE[1572] kernel32.dll!WinExec 77E4FD35 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\LVCOMSX.EXE[1572] kernel32.dll!CreateProcessInternalA 77E53306 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\LVCOMSX.EXE[1572] kernel32.dll!VirtualAllocEx 77E5AC24 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\LVCOMSX.EXE[1572] kernel32.dll!VirtualAlloc 77E5AC72 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\LVCOMSX.EXE[1572] kernel32.dll!CreateRemoteThread 77E5BC9F 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\LVCOMSX.EXE[1572] kernel32.dll!CreateThread 77E5BE53 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\LVCOMSX.EXE[1572] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\LVCOMSX.EXE[1572] kernel32.dll!CreateProcessInternalW 77E6033A 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\LVCOMSX.EXE[1572] kernel32.dll!SetThreadContext 77E7391A 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\LVCOMSX.EXE[1572] USER32.dll!SetWindowsHookExA 77D25006 5 Bytes JMP 00130720
.text C:\WINDOW
Revenir en haut de page
Voir le profil de l'utilisateur Envoyer un message privé
Mina
Habitué
Habitué


Inscrit le: 27 Mar 2007
Message(s): 61
MessagePosté le: 05 Avr 2007 11:17    Sujet du message: Répondre en citant
Rapport gmer - suite

Citation:
.text C:\WINDOWS\system32\LVCOMSX.EXE[1572] USER32.dll!SetWindowsHookExW 77D2506A 5 Bytes JMP 001307AC
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Apvxdwin.exe[1584] kernel32.dll!VirtualProtect 77E4169E 5 Bytes JMP 00130090
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Apvxdwin.exe[1584] kernel32.dll!WriteProcessMemory 77E41A94 5 Bytes JMP 00130694
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Apvxdwin.exe[1584] kernel32.dll!CreateProcessW 77E41B8E 5 Bytes JMP 001302C0
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Apvxdwin.exe[1584] kernel32.dll!CreateProcessA 77E41BBC 5 Bytes JMP 00130234
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Apvxdwin.exe[1584] kernel32.dll!WinExec 77E4FD35 5 Bytes JMP 00130464
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Apvxdwin.exe[1584] kernel32.dll!CreateProcessInternalA 77E53306 5 Bytes JMP 0013034C
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Apvxdwin.exe[1584] kernel32.dll!VirtualAllocEx 77E5AC24 5 Bytes JMP 0013011C
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Apvxdwin.exe[1584] kernel32.dll!VirtualAlloc 77E5AC72 5 Bytes JMP 00130004
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Apvxdwin.exe[1584] kernel32.dll!CreateRemoteThread 77E5BC9F 5 Bytes JMP 001304F0
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Apvxdwin.exe[1584] kernel32.dll!CreateThread 77E5BE53 5 Bytes JMP 0013057C
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Apvxdwin.exe[1584] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes JMP 001301A8
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Apvxdwin.exe[1584] kernel32.dll!CreateProcessInternalW 77E6033A 5 Bytes JMP 001303D8
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Apvxdwin.exe[1584] kernel32.dll!SetThreadContext 77E7391A 5 Bytes JMP 00130608
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Apvxdwin.exe[1584] USER32.dll!SetWindowsHookExA 77D25006 5 Bytes JMP 00130720
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Apvxdwin.exe[1584] USER32.dll!SetWindowsHookExW 77D2506A 5 Bytes JMP 001307AC
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Apvxdwin.exe[1584] WS2_32.dll!socket 719F3C22 5 Bytes JMP 001308C4
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Apvxdwin.exe[1584] WS2_32.dll!connect 719F3E5D 5 Bytes JMP 00130950
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Apvxdwin.exe[1584] WS2_32.dll!bind 719F3ECE 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\wdfmgr.exe[1588] kernel32.dll!VirtualProtect 77E4169E 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\wdfmgr.exe[1588] kernel32.dll!WriteProcessMemory 77E41A94 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\wdfmgr.exe[1588] kernel32.dll!CreateProcessW 77E41B8E 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\wdfmgr.exe[1588] kernel32.dll!CreateProcessA 77E41BBC 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\wdfmgr.exe[1588] kernel32.dll!WinExec 77E4FD35 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\wdfmgr.exe[1588] kernel32.dll!CreateProcessInternalA 77E53306 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\wdfmgr.exe[1588] kernel32.dll!VirtualAllocEx 77E5AC24 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\wdfmgr.exe[1588] kernel32.dll!VirtualAlloc 77E5AC72 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\wdfmgr.exe[1588] kernel32.dll!CreateRemoteThread 77E5BC9F 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\wdfmgr.exe[1588] kernel32.dll!CreateThread 77E5BE53 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\wdfmgr.exe[1588] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\wdfmgr.exe[1588] kernel32.dll!CreateProcessInternalW 77E6033A 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\wdfmgr.exe[1588] kernel32.dll!SetThreadContext 77E7391A 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\wdfmgr.exe[1588] USER32.dll!SetWindowsHookExA 77D25006 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\wdfmgr.exe[1588] USER32.dll!SetWindowsHookExW 77D2506A 5 Bytes JMP 000707AC
.text C:\Program Files\Logitech\Video\LogiTray.exe[1812] kernel32.dll!VirtualProtect 77E4169E 5 Bytes JMP 00130090
.text C:\Program Files\Logitech\Video\LogiTray.exe[1812] kernel32.dll!WriteProcessMemory 77E41A94 5 Bytes JMP 00130694
.text C:\Program Files\Logitech\Video\LogiTray.exe[1812] kernel32.dll!CreateProcessW 77E41B8E 5 Bytes JMP 001302C0
.text C:\Program Files\Logitech\Video\LogiTray.exe[1812] kernel32.dll!CreateProcessA 77E41BBC 5 Bytes JMP 00130234
.text C:\Program Files\Logitech\Video\LogiTray.exe[1812] kernel32.dll!WinExec 77E4FD35 5 Bytes JMP 00130464
.text C:\Program Files\Logitech\Video\LogiTray.exe[1812] kernel32.dll!CreateProcessInternalA 77E53306 5 Bytes JMP 0013034C
.text C:\Program Files\Logitech\Video\LogiTray.exe[1812] kernel32.dll!VirtualAllocEx 77E5AC24 5 Bytes JMP 0013011C
.text C:\Program Files\Logitech\Video\LogiTray.exe[1812] kernel32.dll!VirtualAlloc 77E5AC72 5 Bytes JMP 00130004
.text C:\Program Files\Logitech\Video\LogiTray.exe[1812] kernel32.dll!CreateRemoteThread 77E5BC9F 5 Bytes JMP 001304F0
.text C:\Program Files\Logitech\Video\LogiTray.exe[1812] kernel32.dll!CreateThread 77E5BE53 5 Bytes JMP 0013057C
.text C:\Program Files\Logitech\Video\LogiTray.exe[1812] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes JMP 001301A8
.text C:\Program Files\Logitech\Video\LogiTray.exe[1812] kernel32.dll!CreateProcessInternalW 77E6033A 5 Bytes JMP 001303D8
.text C:\Program Files\Logitech\Video\LogiTray.exe[1812] kernel32.dll!SetThreadContext 77E7391A 5 Bytes JMP 00130608
.text C:\Program Files\Logitech\Video\LogiTray.exe[1812] USER32.dll!SetWindowsHookExA 77D25006 5 Bytes JMP 00130720
.text C:\Program Files\Logitech\Video\LogiTray.exe[1812] USER32.dll!SetWindowsHookExW 77D2506A 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\wuauclt.exe[2108] kernel32.dll!VirtualProtect 77E4169E 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\wuauclt.exe[2108] kernel32.dll!WriteProcessMemory 77E41A94 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\wuauclt.exe[2108] kernel32.dll!CreateProcessW 77E41B8E 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\wuauclt.exe[2108] kernel32.dll!CreateProcessA 77E41BBC 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\wuauclt.exe[2108] kernel32.dll!WinExec 77E4FD35 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\wuauclt.exe[2108] kernel32.dll!CreateProcessInternalA 77E53306 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\wuauclt.exe[2108] kernel32.dll!VirtualAllocEx 77E5AC24 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\wuauclt.exe[2108] kernel32.dll!VirtualAlloc 77E5AC72 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\wuauclt.exe[2108] kernel32.dll!CreateRemoteThread 77E5BC9F 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\wuauclt.exe[2108] kernel32.dll!CreateThread 77E5BE53 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\wuauclt.exe[2108] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\wuauclt.exe[2108] kernel32.dll!CreateProcessInternalW 77E6033A 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\wuauclt.exe[2108] kernel32.dll!SetThreadContext 77E7391A 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\wuauclt.exe[2108] USER32.dll!SetWindowsHookExA 77D25006 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\wuauclt.exe[2108] USER32.dll!SetWindowsHookExW 77D2506A 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\wuauclt.exe[2108] WS2_32.dll!socket 719F3C22 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\wuauclt.exe[2108] WS2_32.dll!connect 719F3E5D 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\wuauclt.exe[2108] WS2_32.dll!bind 719F3ECE 5 Bytes JMP 00070838
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavproxy.exe[2172] kernel32.dll!VirtualProtect 77E4169E 5 Bytes JMP 00130090
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavproxy.exe[2172] kernel32.dll!WriteProcessMemory 77E41A94 5 Bytes JMP 00130694
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavproxy.exe[2172] kernel32.dll!CreateProcessW 77E41B8E 5 Bytes JMP 001302C0
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavproxy.exe[2172] kernel32.dll!CreateProcessA 77E41BBC 5 Bytes JMP 00130234
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavproxy.exe[2172] kernel32.dll!WinExec 77E4FD35 5 Bytes JMP 00130464
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavproxy.exe[2172] kernel32.dll!CreateProcessInternalA 77E53306 5 Bytes JMP 0013034C
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavproxy.exe[2172] kernel32.dll!VirtualAllocEx 77E5AC24 5 Bytes JMP 0013011C
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavproxy.exe[2172] kernel32.dll!VirtualAlloc 77E5AC72 5 Bytes JMP 00130004
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavproxy.exe[2172] kernel32.dll!CreateRemoteThread 77E5BC9F 5 Bytes JMP 001304F0
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavproxy.exe[2172] kernel32.dll!CreateThread 77E5BE53 5 Bytes JMP 0013057C
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavproxy.exe[2172] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes JMP 001301A8
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavproxy.exe[2172] kernel32.dll!CreateProcessInternalW 77E6033A 5 Bytes JMP 001303D8
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavproxy.exe[2172] kernel32.dll!SetThreadContext 77E7391A 5 Bytes JMP 00130608
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavproxy.exe[2172] USER32.dll!SetWindowsHookExA 77D25006 5 Bytes JMP 00130720
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavproxy.exe[2172] USER32.dll!SetWindowsHookExW 77D2506A 5 Bytes JMP 001307AC
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavproxy.exe[2172] WS2_32.dll!socket 719F3C22 5 Bytes JMP 001308C4
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavproxy.exe[2172] WS2_32.dll!connect 719F3E5D 5 Bytes JMP 00130950
.text C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavproxy.exe[2172] WS2_32.dll!bind 719F3ECE 5 Bytes JMP 00130838
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2264] kernel32.dll!VirtualProtect 77E4169E 5 Bytes JMP 00130090
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2264] kernel32.dll!WriteProcessMemory 77E41A94 5 Bytes JMP 00130694
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2264] kernel32.dll!CreateProcessW 77E41B8E 5 Bytes JMP 001302C0
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2264] kernel32.dll!CreateProcessA 77E41BBC 5 Bytes JMP 00130234
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2264] kernel32.dll!WinExec 77E4FD35 5 Bytes JMP 00130464
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2264] kernel32.dll!CreateProcessInternalA 77E53306 5 Bytes JMP 0013034C
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2264] kernel32.dll!VirtualAllocEx 77E5AC24 5 Bytes JMP 0013011C
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2264] kernel32.dll!VirtualAlloc 77E5AC72 5 Bytes JMP 00130004
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2264] kernel32.dll!CreateRemoteThread 77E5BC9F 5 Bytes JMP 001304F0
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2264] kernel32.dll!CreateThread 77E5BE53 5 Bytes JMP 0013057C
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2264] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes JMP 001301A8
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2264] kernel32.dll!CreateProcessInternalW 77E6033A 5 Bytes JMP 001303D8
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2264] kernel32.dll!SetThreadContext 77E7391A 5 Bytes JMP 00130608
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2264] USER32.dll!SetWindowsHookExA 77D25006 5 Bytes JMP 00130720
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2264] USER32.dll!SetWindowsHookExW 77D2506A 5 Bytes JMP 001307AC
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2312] kernel32.dll!VirtualProtect 77E4169E 5 Bytes JMP 00130090
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2312] kernel32.dll!WriteProcessMemory 77E41A94 5 Bytes JMP 00130694
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2312] kernel32.dll!CreateProcessW 77E41B8E 5 Bytes JMP 001302C0
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2312] kernel32.dll!CreateProcessA 77E41BBC 5 Bytes JMP 00130234
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2312] kernel32.dll!WinExec 77E4FD35 5 Bytes JMP 00130464
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2312] kernel32.dll!CreateProcessInternalA 77E53306 5 Bytes JMP 0013034C
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2312] kernel32.dll!VirtualAllocEx 77E5AC24 5 Bytes JMP 0013011C
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2312] kernel32.dll!VirtualAlloc 77E5AC72 5 Bytes JMP 00130004
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2312] kernel32.dll!CreateRemoteThread 77E5BC9F 5 Bytes JMP 001304F0
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2312] kernel32.dll!CreateThread 77E5BE53 5 Bytes JMP 0013057C
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2312] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes JMP 001301A8
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2312] kernel32.dll!CreateProcessInternalW 77E6033A 5 Bytes JMP 001303D8
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2312] kernel32.dll!SetThreadContext 77E7391A 5 Bytes JMP 00130608
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2312] USER32.dll!SetWindowsHookExA 77D25006 5 Bytes JMP 00130720
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2312] USER32.dll!SetWindowsHookExW 77D2506A 5 Bytes JMP 001307AC
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2312] WS2_32.dll!socket 719F3C22 5 Bytes JMP 001308C4
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2312] WS2_32.dll!connect 719F3E5D 5 Bytes JMP 00130950
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2312] WS2_32.dll!bind 719F3ECE 5 Bytes JMP 00130838
.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[2344] kernel32.dll!VirtualProtect 77E4169E 5 Bytes JMP 00130090
.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[2344] kernel32.dll!WriteProcessMemory 77E41A94 5 Bytes JMP 00130694
.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[2344] kernel32.dll!CreateProcessW 77E41B8E 5 Bytes JMP 001302C0
.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[2344] kernel32.dll!CreateProcessA 77E41BBC 5 Bytes JMP 00130234
.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[2344] kernel32.dll!WinExec 77E4FD35 5 Bytes JMP 00130464
.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[2344] kernel32.dll!CreateProcessInternalA 77E53306 5 Bytes JMP 0013034C
.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[2344] kernel32.dll!VirtualAllocEx 77E5AC24 5 Bytes JMP 0013011C
.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[2344] kernel32.dll!VirtualAlloc 77E5AC72 5 Bytes JMP 00130004
.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[2344] kernel32.dll!CreateRemoteThread 77E5BC9F 5 Bytes JMP 001304F0
.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[2344] kernel32.dll!CreateThread 77E5BE53 5 Bytes JMP 0013057C
.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[2344] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes JMP 001301A8
.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[2344] kernel32.dll!CreateProcessInternalW 77E6033A 5 Bytes JMP 001303D8
.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[2344] kernel32.dll!SetThreadContext 77E7391A 5 Bytes JMP 00130608
.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[2344] USER32.dll!SetWindowsHookExA 77D25006 5 Bytes JMP 00130720
.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[2344] USER32.dll!SetWindowsHookExW 77D2506A 5 Bytes JMP 001307AC
.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[2344] WININET.dll!InternetConnectA 76195DE6 5 Bytes JMP 00130F54
.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[2344] WININET.dll!InternetConnectW 7619AA8A 5 Bytes JMP 00130FE0
.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[2344] WININET.dll!InternetOpenA 761A017D 5 Bytes JMP 00130D24
.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[2344] WININET.dll!InternetOpenW 761A08D4 5 Bytes JMP 00130DB0
.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[2344] WININET.dll!InternetOpenUrlA 761A1DEF 5 Bytes JMP 00130E3C
.text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[2344] WININET.dll!InternetOpenUrlW 761D0D67 5 Bytes JMP 00130EC8
.text C:\Program Files\Messenger\msmsgs.exe[2364] kernel32.dll!VirtualProtect 77E4169E 5 Bytes JMP 00140090
.text C:\Program Files\Messenger\msmsgs.exe[2364] kernel32.dll!WriteProcessMemory 77E41A94 5 Bytes JMP 00140694
.text C:\Program Files\Messenger\msmsgs.exe[2364] kernel32.dll!CreateProcessW 77E41B8E 5 Bytes JMP 001402C0
.text C:\Program Files\Messenger\msmsgs.exe[2364] kernel32.dll!CreateProcessA 77E41BBC 5 Bytes JMP 00140234
.text C:\Program Files\Messenger\msmsgs.exe[2364] kernel32.dll!WinExec 77E4FD35 5 Bytes JMP 00140464
.text C:\Program Files\Messenger\msmsgs.exe[2364] kernel32.dll!CreateProcessInternalA 77E53306 5 Bytes JMP 0014034C
.text C:\Program Files\Messenger\msmsgs.exe[2364] kernel32.dll!VirtualAllocEx 77E5AC24 5 Bytes JMP 0014011C
.text C:\Program Files\Messenger\msmsgs.exe[2364] kernel32.dll!VirtualAlloc 77E5AC72 5 Bytes JMP 00140004
.text C:\Program Files\Messenger\msmsgs.exe[2364] kernel32.dll!CreateRemoteThread 77E5BC9F 5 Bytes JMP 001404F0
.text C:\Program Files\Messenger\msmsgs.exe[2364] kernel32.dll!CreateThread 77E5BE53 5 Bytes JMP 0014057C
.text C:\Program Files\Messenger\msmsgs.exe[2364] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes JMP 001401A8
.text C:\Program Files\Messenger\msmsgs.exe[2364] kernel32.dll!CreateProcessInternalW 77E6033A 5 Bytes JMP 001403D8
.text C:\Program Files\Messenger\msmsgs.exe[2364] kernel32.dll!SetThreadContext 77E7391A 5 Bytes JMP 00140608
.text C:\Program Files\Messenger\msmsgs.exe[2364] USER32.dll!SetWindowsHookExA 77D25006 5 Bytes JMP 00140720
.text C:\Program Files\Messenger\msmsgs.exe[2364] USER32.dll!SetWindowsHookExW 77D2506A 5 Bytes JMP 001407AC
.text C:\Program Files\Messenger\msmsgs.exe[2364] WS2_32.dll!socket 719F3C22 5 Bytes JMP 001408C4
.text C:\Program Files\Messenger\msmsgs.exe[2364] WS2_32.dll!connect 719F3E5D 5 Bytes JMP 00140950
.text C:\Program Files\Messenger\msmsgs.exe[2364] WS2_32.dll!bind 719F3ECE 5 Bytes JMP 00140838
.text C:\Program Files\Messenger\msmsgs.exe[2364] WININET.dll!InternetConnectA 76195DE6 5 Bytes JMP 00140F54
.text C:\Program Files\Messenger\msmsgs.exe[2364] WININET.dll!InternetConnectW 7619AA8A 5 Bytes JMP 00140FE0
.text C:\Program Files\Messenger\msmsgs.exe[2364] WININET.dll!InternetOpenA 761A017D 5 Bytes JMP 00140D24
.text C:\Program Files\Messenger\msmsgs.exe[2364] WININET.dll!InternetOpenW 761A08D4 5 Bytes JMP 00140DB0
.text C:\Program Files\Messenger\msmsgs.exe[2364] WININET.dll!InternetOpenUrlA 761A1DEF 5 Bytes JMP 00140E3C
.text C:\Program Files\Messenger\msmsgs.exe[2364] WININET.dll!InternetOpenUrlW 761D0D67 5 Bytes JMP 00140EC8
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2388] kernel32.dll!VirtualProtect 77E4169E 5 Bytes JMP 00130090
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2388] kernel32.dll!WriteProcessMemory 77E41A94 5 Bytes JMP 00130694
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2388] kernel32.dll!CreateProcessW 77E41B8E 5 Bytes JMP 001302C0
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2388] kernel32.dll!CreateProcessA 77E41BBC 5 Bytes JMP 00130234
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2388] kernel32.dll!WinExec 77E4FD35 5 Bytes JMP 00130464
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2388] kernel32.dll!CreateProcessInternalA 77E53306 5 Bytes JMP 0013034C
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2388] kernel32.dll!VirtualAllocEx 77E5AC24 5 Bytes JMP 0013011C
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2388] kernel32.dll!VirtualAlloc 77E5AC72 5 Bytes JMP 00130004
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2388] kernel32.dll!CreateRemoteThread 77E5BC9F 5 Bytes JMP 001304F0
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2388] kernel32.dll!CreateThread 77E5BE53 5 Bytes JMP 0013057C
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2388] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes JMP 001301A8
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2388] kernel32.dll!CreateProcessInternalW 77E6033A 5 Bytes JMP 001303D8
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2388] kernel32.dll!SetThreadContext 77E7391A 5 Bytes JMP 00130608
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2388] USER32.dll!SetWindowsHookExA 77D25006 5 Bytes JMP 00130720
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2388] USER32.dll!SetWindowsHookExW 77D2506A 5 Bytes JMP 001307AC
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2680] kernel32.dll!VirtualProtect 77E4169E 5 Bytes JMP 00130090
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2680] kernel32.dll!WriteProcessMemory 77E41A94 5 Bytes JMP 00130694
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2680] kernel32.dll!CreateProcessW 77E41B8E 5 Bytes JMP 001302C0
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2680] kernel32.dll!CreateProcessA 77E41BBC 5 Bytes JMP 00130234
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2680] kernel32.dll!WinExec 77E4FD35 5 Bytes JMP 00130464
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2680] kernel32.dll!CreateProcessInternalA 77E53306 5 Bytes JMP 0013034C
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2680] kernel32.dll!VirtualAllocEx 77E5AC24 5 Bytes JMP 0013011C
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2680] kernel32.dll!VirtualAlloc 77E5AC72 5 Bytes JMP 00130004
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2680] kernel32.dll!CreateRemoteThread 77E5BC9F 5 Bytes JMP 001304F0
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2680] kernel32.dll!CreateThread 77E5BE53 5 Bytes JMP 0013057C
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2680] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes JMP 001301A8
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2680] kernel32.dll!CreateProcessInternalW 77E6033A 5 Bytes JMP 001303D8
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2680] kernel32.dll!SetThreadContext 77E7391A 5 Bytes JMP 00130608
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2680] USER32.dll!SetWindowsHookExA 77D25006 5 Bytes JMP 00130720
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2680] USER32.dll!SetWindowsHookExW 77D2506A 5 Bytes JMP 001307AC
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2680] WININET.dll!InternetConnectA 76195DE6 5 Bytes JMP 00130F54
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2680] WININET.dll!InternetConnectW 7619AA8A 5 Bytes JMP 00130FE0
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2680] WININET.dll!InternetOpenA 761A017D 5 Bytes JMP 00130D24
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2680] WININET.dll!InternetOpenW 761A08D4 5 Bytes JMP 00130DB0
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2680] WININET.dll!InternetOpenUrlA 761A1DEF 5 Bytes JMP 00130E3C
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2680] WININET.dll!InternetOpenUrlW 761D0D67 5 Bytes JMP 00130EC8
.text C:\WINDOWS\system32\wuauclt.exe[2832] kernel32.dll!VirtualProtect 77E4169E 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\wuauclt.exe[2832] kernel32.dll!WriteProcessMemory 77E41A94 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\wuauclt.exe[2832] kernel32.dll!CreateProcessW 77E41B8E 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\wuauclt.exe[2832] kernel32.dll!CreateProcessA 77E41BBC 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\wuauclt.exe[2832] kernel32.dll!WinExec 77E4FD35 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\wuauclt.exe[2832] kernel32.dll!CreateProcessInternalA 77E53306 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\wuauclt.exe[2832] kernel32.dll!VirtualAllocEx 77E5AC24 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\wuauclt.exe[2832] kernel32.dll!VirtualAlloc 77E5AC72 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\wuauclt.exe[2832] kernel32.dll!CreateRemoteThread 77E5BC9F 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\wuauclt.exe[2832] kernel32.dll!CreateThread 77E5BE53 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\wuauclt.exe[2832] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\wuauclt.exe[2832] kernel32.dll!CreateProcessInternalW 77E6033A 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\wuauclt.exe[2832] kernel32.dll!SetThreadContext 77E7391A 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\wuauclt.exe[2832] USER32.dll!SetWindowsHookExA 77D25006 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\wuauclt.exe[2832] USER32.dll!SetWindowsHookExW 77D2506A 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\wuauclt.exe[2832] WS2_32.dll!socket 719F3C22 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\wuauclt.exe[2832] WS2_32.dll!connect 719F3E5D 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\wuauclt.exe[2832] WS2_32.dll!bind 719F3ECE 5 Bytes JMP 00070838
.text C:\gmer\gmer.exe[2928] kernel32.dll!VirtualProtect 77E4169E 5 Bytes JMP 00130090
.text C:\gmer\gmer.exe[2928] kernel32.dll!WriteProcessMemory 77E41A94 5 Bytes JMP 00130694
.text C:\gmer\gmer.exe[2928] kernel32.dll!CreateProcessW 77E41B8E 5 Bytes JMP 001302C0
.text C:\gmer\gmer.exe[2928] kernel32.dll!CreateProcessA 77E41BBC 5 Bytes JMP 00130234
.text C:\gmer\gmer.exe[2928] kernel32.dll!WinExec 77E4FD35 5 Bytes JMP 00130464
.text C:\gmer\gmer.exe[2928] kernel32.dll!CreateProcessInternalA 77E53306 5 Bytes JMP 0013034C
.text C:\gmer\gmer.exe[2928] kernel32.dll!VirtualAllocEx 77E5AC24 5 Bytes JMP 0013011C
.text C:\gmer\gmer.exe[2928] kernel32.dll!VirtualAlloc 77E5AC72 5 Bytes JMP 00130004
.text C:\gmer\gmer.exe[2928] kernel32.dll!CreateRemoteThread 77E5BC9F 5 Bytes JMP 001304F0
.text C:\gmer\gmer.exe[2928] kernel32.dll!CreateThread 77E5BE53 5 Bytes JMP 0013057C
.text C:\gmer\gmer.exe[2928] kernel32.dll!VirtualProtectEx 77E5D258 5 Bytes JMP 001301A8
.text C:\gmer\gmer.exe[2928] kernel32.dll!CreateProcessInternalW 77E6033A 5 Bytes JMP 001303D8
.text C:\gmer\gmer.exe[2928] kernel32.dll!SetThreadContext 77E7391A 5 Bytes JMP 00130608
.text C:\gmer\gmer.exe[2928] USER32.dll!SetWindowsHookExA 77D25006 5 Bytes JMP 00130720
.text C:\gmer\gmer.exe[2928] USER32.dll!SetWindowsHookExW 77D2506A 5 Bytes JMP 001307AC

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\Misho\Mes documents\Ma musique\Copie de m3u.wpl:SummaryInformation
ADS C:\Documents and Settings\Misho\Mes documents\Ma musique\Copie de m3u.wpl:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\Documents and Settings\Misho\Mes documents\Ma musique\m3u.wpl:SummaryInformation
ADS C:\Documents and Settings\Misho\Mes documents\Ma musique\m3u.wpl:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\Documents and Settings\Misho\Mes documents\Ma musique\Revolver [UK].wpl:SummaryInformation
ADS C:\Documents and Settings\Misho\Mes documents\Ma musique\Revolver [UK].wpl:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

---- EOF - GMER 1.0.12 ----


a+