Bonjour, Quand j'ouvre un document Word ou Excel j'ai ce message qui m'apparaît à l'écran : C:\Documents and settings\nom du dossier\Mesdocuments\Nom du répertoire\Nom du fichier... est actuellement utilisé par un autre utilisateur. Voulez-vous faire une copie ? Aussi après un petit laps de temps si je n'ai pas cliqué sur Oui ou Annuler l'écran devient blanc si je déplace ma souris. J'ai dû fermer le fichier avec le gestionnaire de tâches. Je dois avoir un problème à quelque part mais ne sait comment le régler. MERCI.

Dossier utilisé par autre utilisateur [Résolu]

Réponse 1 / 18

Utilisateur anonyme

• Télécharge HijackThis :
• hijackthis
• Avant de lancer HijackThis, renomme-le !
• Pour cela, suis le chemin ci-dessous, jusqu' au fichier en gras :
C:\Program files\Trend Micro\HijackThis\HijackThis.exe
• Clique droit dessus et choisis "renommer" : tape moulin.exe et valide.
Puis, clique droit sur "moulin.exe" et choisis Envoyer vers -> Bureau (créer un raccourci).
• Reviens sur le bureau et clique sur le nouvel icône pour le lancer.
• Accepte la license en cliquant sur le bouton "I Accept"
• Choisis l'option "Do a system scan and save a log file"
• Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
• Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport
• Colle le rapport que tu viens de copier sur ce forum
• Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement
• Tuto : tuto

Réponse 2 / 18

Penouille Messages postés 95 Statut Membre

J'avais déjà Hijackthis installé sur mon bureau. Je n'ai pas pu le renommer en tentant d'y aller directement à C:\Program files\Trend Micro\HijackThis\HijackThis.exe
J'ai tenté à 2 reprises de le renommer et mon ordi gèle à ce moment là et il faut que j'arrête ma demande avec Gestionnaire de taches et ça prend un certain temps avant de fermer l'application.

J'ai quand meme fait un hijackthis et voici le "logfile" :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55, on 2009-05-18
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [SDFix] c:\SDFix\RunThis.bat /second
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

Réponse 3 / 18

Utilisateur anonyme

Rien sur hijackthis .Fait rsit plus complet.
• Télécharge : http://images.malwareremoval.com/random/RSIT.exe

/!\ Important (Sous Vista) /!\

Vous devez exécuter RSIT avec les droits d'administrateur, pour cela Clique droit sur RSIT et "Lancer en tant qu'administrateur"
• Double clique sur RSIT.exe pour lancer l'outil.
• Clique sur 'Continue' à l'écran Disclaimer.
• Si l'outil Hijackthis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
• Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports.
( C:\RSIT\log.txt et C:\RSIT\info.txt )
• CTRL A pour sélectionner tout, CTRL C pour copier et puis CTRL V pour coller
• tuto: : https://www.androidworld.fr/

Réponse 4 / 18

Penouille Messages postés 95 Statut Membre

J'ai passé Malaware en mode sans échec, voici le log ci dessous...
Aussi je n'ai pas pu désinstaller AVG par tous les moyens... il n'est plus en opération mais toujours visible dans mes fichiers dans Program files.

Voici le message d'erreur pour AVG :
Local machine: installation failed
Installation:
Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key....
Error 0x80070005

Log file Malaware :

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2147
Windows 5.1.2600 Service Pack 3

2009-05-18 13:40:39
mbam-log-2009-05-18 (13-40-39).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 227234
Temps écoulé: 2 hour(s), 0 minute(s), 48 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 138

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\Logs (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570 (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-49-290 (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\Results (Rogue.RegTool) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP500\A0065850.rbf (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP539\A0084302.rbf (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\spy_ignore.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\Logs\2009-04-11 19-28-500.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\Logs\2009-04-12 12-00-030.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\Logs\2009-04-12 12-00-040.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\Logs\2009-04-12 14-58-350.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\Logs\2009-04-13 12-00-000.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\Logs\2009-04-13 12-00-001.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\Logs\2009-04-17 12-00-000.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\Logs\2009-04-17 12-00-001.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\Logs\2009-04-18 12-00-010.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\Logs\2009-04-18 12-00-011.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\Logs\2009-04-19 12-00-080.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\Logs\2009-04-19 12-01-030.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\Logs\2009-04-25 12-00-080.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\Logs\2009-04-25 12-00-090.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\Logs\2009-04-26 12-00-070.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\Logs\2009-04-26 12-00-080.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\Logs\2009-04-27 12-00-010.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\Logs\2009-04-27 12-00-020.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\Logs\2009-05-02 12-00-020.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\Logs\2009-05-02 12-00-030.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\Logs\2009-05-03 12-00-020.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\Logs\2009-05-03 12-00-021.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\Logs\2009-05-09 12-00-050.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\Logs\2009-05-09 12-00-051.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\Logs\2009-05-10 12-00-020.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\Logs\2009-05-10 12-00-030.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-0.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-1.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-10.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-100.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-101.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-11.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-12.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-13.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-14.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-15.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-16.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-17.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-18.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-19.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-2.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-20.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-21.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-22.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-23.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-24.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-25.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-26.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-27.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-28.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-29.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-3.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-30.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-31.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-32.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-33.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-34.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-35.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-36.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-37.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-38.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-39.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-4.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-40.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-41.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-42.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-43.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-44.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-45.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-46.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-47.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-48.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-49.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-5.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-50.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-51.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-52.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-53.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-54.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-55.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-56.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-57.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-58.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-59.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-6.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-60.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-61.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-62.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-63.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-64.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-65.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-66.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-67.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-68.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-69.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-7.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-70.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-71.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-72.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-73.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-74.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-75.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-76.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-77.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-78.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-79.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-8.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-80.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-81.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-82.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-83.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-84.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-85.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-86.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-87.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-88.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-89.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-9.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-90.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-91.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-92.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-93.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-94.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-95.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-96.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-97.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-98.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-42-570\regb-99.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\QuarantineW\2009-04-11 21-49-290\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\Results\Evidence.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\Results\Junk.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\Results\Registry.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Huberte Vienneau\Application Data\RegTool\Results\Update.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\RegTool Scan.job (Rogue.RegTool) -> Quarantined and deleted successfully.

Réponse 5 / 18

Utilisateur anonyme

• Télécharge: ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe sur ton bureau.
• Double-clique sur drweb-cureit.exe et clique sur Commencer le scan.
• Si il trouve des processus infectés, clique sur le bouton Oui pour Tout à l'invite.
• Lorsque le scan rapide est terminé, clique sur Options > Changer la configuration.
• Choisis l'onglet Scanner, et décoche Analyse heuristique.
• De retour à la fenêtre principale : choisis Analyse complète.
• Clique la flèche verte sur la droite et le scan débutera. Une publicité apparaît quelquefois, ferme-la.
• Clique Oui pour Tout si un fichier est détecté.
• A la fin du scan, si des infections sont trouvées, clique sur Tout sélectionner, puis surDésinfecter.
• Si la désinfection est impossible, clique sur Quarantaine.
• Au menu principal de l'outil, en haut à gauche, clique sur le menu Fichier et choisis Enregistrer le rapport.
• Sauvegarde le rapport sur ton Bureau. Ce dernier se nommera DrWeb.csv.
• Ferme Dr.Web CureIt!
• /!\ Important /!\ Redémarre ton ordinateur car certains fichiers peuvent être déplacés/réparés au redémarrage.
• Après le redémarrage, fais un copié/collé du rapport dans ta prochaine réponse

Penouille Messages postés 95 Statut Membre

D'accord, à tantot

Penouille Messages postés 95 Statut Membre

Enfin après 3 h de scan....

SDFix.exe\SDFix\apps\Process.exe;C:\Documents and Settings\Huberte Vienneau\Bureau\SDFix.exe;Tool.Prockill;;
SDFix.exe;C:\Documents and Settings\Huberte Vienneau\Bureau;L'archive contient des éléments infectés;Quarantaine.;
Process.exe;C:\SDFix\apps;Tool.Prockill;Irréparable.Quarantaine.;
A0071750.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP509\A0071750.exe;Tool.Prockill;;
A0071750.exe;C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP509;L'archive contient des éléments infectés;Quarantaine.;
A0071803.exe;C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP509;Tool.Prockill;Irréparable.Quarantaine.;
A0071892.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP509\A0071892.exe/data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP509;L'archive contient des éléments infectés;;
A0071892.exe;C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP509;Conteneur comporte des objets infectés;Quarantaine.;
A0092646.EXE;C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP546;Program.PsExec.170;Irréparable.Quarantaine.;
A0092875.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP548\A0092875.exe;Tool.Prockill;;
A0092875.exe;C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP548;L'archive contient des éléments infectés;Quarantaine.;
GTDownLS_125.ocx;C:\WINDOWS\system32;Adware.Gdown;Irréparable.Quarantaine.;

Réponse 6 / 18

Utilisateur anonyme

Bonjour

• Télécharge : http://images.malwareremoval.com/random/RSIT.exe

• Double clique sur RSIT.exe pour lancer l'outil.
• Clique sur 'Continue' à l'écran Disclaimer.
• Si l'outil Hijackthis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
• Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports.
( C:\RSIT\log.txt et C:\RSIT\info.txt )
• CTRL A pour sélectionner tout, CTRL C pour copier et puis CTRL V pour coller
• tuto: : https://www.androidworld.fr/

Penouille Messages postés 95 Statut Membre

Je serai absente pour quelques heures et je m'en occupe dès mon retour.

à bientot et MERCI encore

En passant j'ai souvent le message suivant lorsque j'ouvre mon ordi, car Online-Armor m'avise de quelque chose de suspect.

spupdsvc.exe souhaite contrôler à distance un autre processus utilisant OLE

Quel processus spupdsvc.exe souhaite-t-il contrôler ?
C:\windows\system32\svchost.exe (ID processus = 904)

Qu'est-ce que cela signifie ?
Un programme inconnu (spupdsvc.exe) tente de controler un programme approuvé (svchost.exe). Cela peut permettre à (spupdsvc.exe) d'avoir accès à Internet via le programme approuvé.

Que dois-je faire ?
Approuver ce programme ou le bloquer ?

Penouille Messages postés 95 Statut Membre

Voilà les rapports.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Huberte Vienneau at 2009-05-20 17:09:44
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 49 GB (51%) free of 95 GB
Total RAM: 1014 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:10, on 2009-05-20
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Huberte Vienneau\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Huberte Vienneau.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [SDFix] c:\SDFix\RunThis.bat /second
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

Réponse 7 / 18

Utilisateur anonyme

spupdsvc.exe est un processus qui appartient à Microsoft Update RunOnce Service. "This program is a non-essential process, but should not be terminated unless suspected to be causing problems.\r" "Ce programme est un processus non essentiel, mais ne devrait pas être close, à moins que soupçonné d'être à l'origine des problèmes. \ R"
Conclusion tu acceptes.

Réponse 8 / 18

Utilisateur anonyme

Bonjour

pour palier a ce probleme.Telecharger:UPHCClean-SETUP.MSI
Message: Windows a sauvegardé le Registre utilisateur HUBERTETOSHIBA\Huberte Vienneau alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé.
---------------------------------------------------------------------------------------------------------------------------
Pour nettoyer ton registre.
Telecharges regcleaner:
https://www.malekal.com/nettoyer-sa-base-de-registre-avec-windows-registry-cleaner/#mozTocId128496
Tuto sur la même page.
--------------------------------------------------------------------------------------------------------------------------
Pour vérification passe Malawares bytes en scan rapide.Post son rapport.

Penouille Messages postés 95 Statut Membre

C'est fait

Réponse 9 / 18

Utilisateur anonyme

• Installe: http://siri.urz.free.fr/Fix/SmitfraudFix.exe
• Enregistre-le sur le bureau
• Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée
• Un rapport sera généré, poste-le dans ta prochaine réponse stp.
• Tutoriel ici pour t'aider : http://www.malekal.com//tutorial_SmitFraudfix.php

Penouille Messages postés 95 Statut Membre

Voilà... je dois quitter pour quelques heures.

MERCI encore,

SmitFraudFix v2.416

Rapport fait à 8:07:12.65, 2009-05-21
Executé à partir de C:\Documents and Settings\Huberte Vienneau\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Huberte Vienneau

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HUBERT~1\LOCALS~1\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Huberte Vienneau\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HUBERT~1\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 3945ABG Network Connection
DNS Server Search Order: 24.200.241.37
DNS Server Search Order: 24.201.245.77
DNS Server Search Order: 24.200.243.189

HKLM\SYSTEM\CCS\Services\Tcpip\..\{68BFF211-2AAC-4A95-AF65-3316F16CF473}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS1\Services\Tcpip\..\{68BFF211-2AAC-4A95-AF65-3316F16CF473}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS2\Services\Tcpip\..\{68BFF211-2AAC-4A95-AF65-3316F16CF473}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS3\Services\Tcpip\..\{68BFF211-2AAC-4A95-AF65-3316F16CF473}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Réponse 10 / 18

Utilisateur anonyme

As tu un quelconque rapport avec le canada ou habite tu au canada?Si ta reponse est non fait ce qui suit.
------------------------------------------------------------------------------------------------------------------------
• Maintenant, démarre en mode sans échec
• Pour cela, tu tapotes sur la touche F8 (F5 sur certains pc) dès le début de l’allumage du PC sans t’arrêter, avant l'apparition du logo Windows. Un menu va apparaitre, déplace-toi avec les flèches du clavier sur Démarrer en mode sans échec puis tape Entrée. Choisis ta session
habituelle, et ne t'inquiète pas si les couleurs et la taille des icônes changent, c'est normal !
• Relance le programme SmitfraudFix.
• Cette fois, choisis l’option 5, répond oui à tous.
• A la fin, sauvegarde le rapport.
• redémarre en mode normal.
• copie-colle le rapport sauvegardé sur le forum.

Penouille Messages postés 95 Statut Membre

Je suis du Canada, si tu me le demandes, j'imagine que ce n'est pas la même procédure.
Est-ce qu'il y a une autre procédure à suivre ?

MERCI

Réponse 11 / 18

Utilisateur anonyme

Bien.Je te demandais si tu été du canada par rapport a ton ip.
Refait malawares bytes mais cette fois en mode normal.Post le rapport.
-------------------------------------------------------------------------------------
Télécharge :avg anti rootkit
• Installe Avg Anti Rootkit sur ton bureau.
• Ouvre Avg et clic sur “scanner maintenant“
• Choisis la lettre du disque dur a scanner.
• Coches “Exécuté scan complet “
• Supprimes tout se qu’il trouvera.
• Post le rapport.Il se trouve ici.Clique sur préférence et Statistique /journaux de bord.

Penouille Messages postés 95 Statut Membre

J'avais finalement réussi avec un autre programme à enlever AVG.
Cependant je ne peux que passer Malawares bytes qu'en mode sans échec. Autrement il ne se rend pas jusqu'à la fin, ça gèle et je dois redémarrer.
J'ai toujours les mêmes problèmes à l'ouverture de mes documents WORD comme quoi le document est déjà ouvert par un autre utilisateur...

voici le rapport en mode sans échec.

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2147
Windows 5.1.2600 Service Pack 3

2009-05-22 17:28:37
mbam-log-2009-05-22 (17-28-37).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 227227
Temps écoulé: 2 hour(s), 0 minute(s), 6 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Réponse 12 / 18

Penouille Messages postés 95 Statut Membre

Voici 2 nouveaux rapports avec RSIT.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Huberte Vienneau at 2009-05-22 20:54:25
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 49 GB (51%) free of 95 GB
Total RAM: 1014 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:54:42, on 2009-05-22
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Huberte Vienneau\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Huberte Vienneau.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [SDFix] c:\SDFix\RunThis.bat /second
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

Réponse 13 / 18

Penouille Messages postés 95 Statut Membre

ET voici mon rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:14:03, on 2009-05-22
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [SDFix] c:\SDFix\RunThis.bat /second
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

Réponse 14 / 18

Utilisateur anonyme

Essaie avec cette solution.

Il est parfois souhaitable de fermer des fichiers verrouillés par un autre utilisateur du réseau.

Par exemple, si vous désirez travailler sur un fichier Word alors que celui-ci est déjà ouvert par un autre utilisateur, vous ne pouvez pas car il est vérrouillé par cette utilisateur.

Pour fermer les fichiers verrouillés, suivez la procédure suivante :
Cliquez sur le bouton Démarrer, puis sur Programmes et sur Accessoires.
Dans la liste qui apparaît, cliquez sur Invite de commandes.

Dans la fenêtre Invite de commande (boîte MS-DOS), tapez la commande suivante pour voir les fichiers qui sont verrouillés :
net file

L'affichage vous donnera un ID , le nom du fichier ainsi que l'utilisateur concerné.
Servez vous de l'ID et utilisez la commande net file ID /close pour fermer le fichier verrouillé (ID désigne l'identificateur du fichier).
Information complémentaire : La commande Net file

La commande Net file affiche les noms de tous les fichiers partagés ouverts sur un serveur et, le cas échéant, le nombre de verrous sur chaque fichier. Cette commande permet également de fermer des fichiers partagés particuliers et d'enlever des verrous de fichier. Utilisée sans paramètre, la commande net file affiche la liste des fichiers ouverts sur un serveur.

Syntaxe

net file [ID /close]

Paramètres

ID
Spécifie le numéro d'identification du fichier.
/close
Ferme un fichier ouvert et libère les enregistrements verrouillés. Tapez cette commande à l'invite du serveur sur lequel le fichier est partagé.
net help
Affiche l'aide pour la commande net spécifiée.

Remarques

Vous pouvez également taper net files pour exécuter cette commande.
Utilisez la commande net file pour afficher et gérer les fichiers partagés sur le réseau. Parfois, un utilisateur laisse un fichier partagé ouvert et verrouillé par erreur. Dans ce cas, les autres ordinateurs du réseau n'ont plus accès aux parties verrouillées du fichier en question. Utilisez la commande net file /close pour enlever le verrou et fermer le fichier. La sortie de net file se présente comme suit :

ID Fichier+Chemin Nom d'utilisateur #verrous
--------------------------------------------------------
0 C:\A_FILE.TXT MARYSL 0
1 C:\DATABASE DEBBIET 2

Exemples :
- Pour afficher des informations au sujet de fichiers partagés, tapez : net file
- Pour fermer un fichier ayant pour numéro d'identification 1, tapez : net file 1 /close

Penouille Messages postés 95 Statut Membre

Il n'y a pas d'autres utilisateurs... c'est pourquoi le problème du message à chaque ouverture de document.
J'ai fait quand même ce que vous m'aviez dit de faire et ça m'indique que la liste est vide.

J'ai tenté également de télécharger à nouveau l'antivirus AVG (je le préfère aux autres) et je ne peux pas l'installer, j'ai un message d'erreur de la meme façon que lors de la désinstallation. Alors je continue avec AVAST mais je reçois du courriel d'expéditeurs inconnus à l'occasion (environ 1-2 par jour).

Aussi, je dois passer Malaware en mode sans échec et aussi mon scan avec AVAST car sinon ça gèle un moment donné et je dois fermer ces applications meme si je peux accéder à Internet. Seulement les antivirus qui bloquent pendant leur scan.

Qu'en est-il de mon rapport Hijackthis... est-ce que vous voyez un problème ?

MERCI encore, j'apprécie beaucoup.

Réponse 15 / 18

Utilisateur anonyme

Le rapport hijackthis n'indique auncune infection.
Gmer est un détecteur de rootkit puissant et permet de détecter beaucoup de Rootkits.
gmer gmer.exe
Extraire le contenu du ZIP puis renommer "gmer.exe" en "cool.exe"
Onglet "Rootkit" ; cliquez sur "SCAN" puis patienter...
En fin de traitement cliquez sur "SAVE" et enregistrer sur votre bureau "150309.txt"
Double cliquez sur "150309.txt" ; le fichier s'ouvre dans le bloc-notes.
Copiez le contenu et collez le sur votre prochain message

Penouille Messages postés 95 Statut Membre

J'essaie à plusieurs reprises de vous poster le log mais ça ne s'inscrit pas aux messages envoyés. Possible que ce soit trop volumineux comme texte à ajouter au message.

Penouille Messages postés 95 Statut Membre

6-
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [39, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [30, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [18, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [21, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [2D, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [1B, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [33, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [2A, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [36, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01160001
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 6 Bytes JMP 5F490F5A
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] USER32.dll!SetForegroundWindow 7E3A42ED 6 Bytes JMP 5F420F5A
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F3F0F5A
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] USER32.dll!SetWindowPos 7E3A99F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] USER32.dll!SetWindowPos + 4 7E3A99F7 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F100F5A
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[1056] ole32.dll!CoCreateInstanceEx 774C0526 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1076] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1076] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1076] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1076] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1076] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1076] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1076] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1076] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1076] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1076] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1076] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1076] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1076] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1076] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1076] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1076] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1076] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1076] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1076] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1076] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1076] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1076] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1076] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1076] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1076] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1076] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1076] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1076] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 06630001
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1076] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1076] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1076] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1112] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1112] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1112] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1112] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1112] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1112] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1112] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1112] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1112] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1112] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1112] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1112] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1112] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1112] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1112] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1112] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1112] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1112] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1112] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1112] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1112] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1112] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1112] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1112] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1112] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1112] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1112] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1112] kernel32.dll!LoadLibraryExW + C4 7C801BB9 2 Bytes CALL 01810001
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1112] kernel32.dll!LoadLibraryExW + C7 7C801BBC 1 Byte [85]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1112] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1112] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1112] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A

Penouille Messages postés 95 Statut Membre

8-
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [39, 5F]
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [30, 5F]
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [18, 5F]
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [21, 5F]
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [2D, 5F]
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [1B, 5F]
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [33, 5F]
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [2A, 5F]
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [36, 5F]
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BF0001
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 6 Bytes JMP 5F490F5A
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] USER32.dll!SetForegroundWindow 7E3A42ED 6 Bytes JMP 5F420F5A
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F3F0F5A
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] USER32.dll!SetWindowPos 7E3A99F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] USER32.dll!SetWindowPos + 4 7E3A99F7 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F100F5A
.text C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe[1284] ole32.dll!CoCreateInstanceEx 774C0526 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [39, 5F]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [30, 5F]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [18, 5F]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [21, 5F]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [2D, 5F]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [1B, 5F]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [33, 5F]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [2A, 5F]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [36, 5F]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009C0001
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] USER32.dll!SetForegroundWindow 7E3A42ED 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] USER32.dll!SetWindowPos 7E3A99F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] USER32.dll!SetWindowPos + 4 7E3A99F7 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F3B0F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1304] ole32.dll!CoCreateInstanceEx 774C0526 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Tall Emu\Online Armor\OAcat.exe[1464] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\Program Files\Tall Emu\Online Armor\oasrv.exe[1484] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B40001
.text C:\Program Files\Tall Emu\Online Armor\oasrv.exe[1484] user32.dll!LoadStringW 7E399E36 6 Bytes JMP 5F0B001E
.text C:\Program Files\Tall Emu\Online Armor\oasrv.exe[1484] user32.dll!LoadStringA 7E3AC908 6 Bytes JMP 5F05001E
.text C:\WINDOWS\system32\DVDRAMSV.exe[1524] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\DVDRAMSV.exe[1524] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\DVDRAMSV.exe[1524] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\DVDRAMSV.exe[1524] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\DVDRAMSV.exe[1524] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\DVDRAMSV.exe[1524] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\DVDRAMSV.exe[1524] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\DVDRAMSV.exe[1524] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\DVDRAMSV.exe[1524] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\DVDRAMSV.exe[1524] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\DVDRAMSV.exe[1524] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\DVDRAMSV.exe[1524] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\DVDRAMSV.exe[1524] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\DVDRAMSV.exe[1524] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\DVDRAMSV.exe[1524] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\DVDRAMSV.exe[1524] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\DVDRAMSV.exe[1524] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\DVDRAMSV.exe[1524] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\DVDRAMSV.exe[1524] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\DVDRAMSV.exe[1524] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\DVDRAMSV.exe[1524] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\DVDRAMSV.exe[1524] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\DVDRAMSV.exe[1524] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\DVDRAMSV.exe[1524] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\DVDRAMSV.exe[1524] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\DVDRAMSV.exe[1524] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\DVDRAMSV.exe[1524] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\DVDRAMSV.exe[1524] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CD0001
.text C:\WINDOWS\system32\DVDRAMSV.exe[1524] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\DVDRAMSV.exe[1524] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\DVDRAMSV.exe[1524] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [39, 5F]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [30, 5F]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [18, 5F]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [21, 5F]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [2D, 5F]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [1B, 5F]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [33, 5F]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [2A, 5F]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [36, 5F]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E70001
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 6 Bytes JMP 5F490F5A
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] USER32.dll!SetForegroundWindow 7E3A42ED 6 Bytes JMP 5F420F5A
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F3F0F5A
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] USER32.dll!SetWindowPos 7E3A99F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] USER32.dll!SetWindowPos + 4 7E3A99F7 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F100F5A
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1528] ole32.dll!CoCreateInstanceEx 774C0526 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [39, 5F]
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [30, 5F]
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [18, 5F]
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [21, 5F]
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [2D, 5F]
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [1B, 5F]
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [33, 5F]
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [2A, 5F]
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [36, 5F]
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009A0001
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 6 Bytes JMP 5F490F5A
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] USER32.dll!SetForegroundWindow 7E3A42ED 6 Bytes JMP 5F420F5A
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F3F0F5A
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] USER32.dll!SetWindowPos 7E3A99F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] USER32.dll!SetWindowPos + 4 7E3A99F7 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F100F5A
.text C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe[1672] ole32.dll!CoCreateInstanceEx 774C0526 6 Bytes JMP 5F0D0F5A

Penouille Messages postés 95 Statut Membre

9-
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1700] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1700] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1700] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1700] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1700] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1700] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1700] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1700] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1700] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1700] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1700] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1700] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1700] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1700] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1700] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1700] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1700] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1700] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1700] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1700] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1700] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1700] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1700] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1700] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1700] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1700] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1700] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1700] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00690001
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1700] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1700] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1700] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\TDispVol.exe[1924] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TDispVol.exe[1924] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [39, 5F]
.text C:\WINDOWS\system32\TDispVol.exe[1924] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\TDispVol.exe[1924] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TDispVol.exe[1924] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\WINDOWS\system32\TDispVol.exe[1924] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TDispVol.exe[1924] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\TDispVol.exe[1924] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TDispVol.exe[1924] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [30, 5F]
.text C:\WINDOWS\system32\TDispVol.exe[1924] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TDispVol.exe[1924] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [18, 5F]
.text C:\WINDOWS\system32\TDispVol.exe[1924] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TDispVol.exe[1924] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\WINDOWS\system32\TDispVol.exe[1924] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TDispVol.exe[1924] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [21, 5F]
.text C:\WINDOWS\system32\TDispVol.exe[1924] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TDispVol.exe[1924] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [2D, 5F]
.text C:\WINDOWS\system32\TDispVol.exe[1924] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TDispVol.exe[1924] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [1B, 5F]
.text C:\WINDOWS\system32\TDispVol.exe[1924] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TDispVol.exe[1924] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [33, 5F]
.text C:\WINDOWS\system32\TDispVol.exe[1924] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TDispVol.exe[1924] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\WINDOWS\system32\TDispVol.exe[1924] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TDispVol.exe[1924] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [2A, 5F]
.text C:\WINDOWS\system32\TDispVol.exe[1924] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TDispVol.exe[1924] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [36, 5F]
.text C:\WINDOWS\system32\TDispVol.exe[1924] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A60001
.text C:\WINDOWS\system32\TDispVol.exe[1924] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\TDispVol.exe[1924] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\TDispVol.exe[1924] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\TDispVol.exe[1924] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\system32\TDispVol.exe[1924] USER32.dll!SetForegroundWindow 7E3A42ED 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\system32\TDispVol.exe[1924] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\system32\TDispVol.exe[1924] USER32.dll!SetWindowPos 7E3A99F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TDispVol.exe[1924] USER32.dll!SetWindowPos + 4 7E3A99F7 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\WINDOWS\system32\TDispVol.exe[1924] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F3B0F5A
.text C:\WINDOWS\system32\TDispVol.exe[1924] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\TDispVol.exe[1924] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\TDispVol.exe[1924] ole32.dll!CoCreateInstanceEx 774C0526 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [39, 5F]
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [30, 5F]
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [18, 5F]
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [21, 5F]
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [2D, 5F]
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [1B, 5F]
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [33, 5F]
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [2A, 5F]
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [36, 5F]
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A90001
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 6 Bytes JMP 5F490F5A
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] USER32.dll!SetForegroundWindow 7E3A42ED 6 Bytes JMP 5F420F5A
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F3F0F5A
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] USER32.dll!SetWindowPos 7E3A99F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] USER32.dll!SetWindowPos + 4 7E3A99F7 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F100F5A
.text C:\Program Files\ltmoh\Ltmoh.exe[2052] ole32.dll!CoCreateInstanceEx 774C0526 6 Bytes JMP 5F0D0F5A

Penouille Messages postés 95 Statut Membre

9-
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [39, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [30, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [18, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [21, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [2D, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [1B, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [33, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [2A, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [36, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009A0001
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 6 Bytes JMP 5F490F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] USER32.dll!SetForegroundWindow 7E3A42ED 6 Bytes JMP 5F420F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F3F0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] USER32.dll!SetWindowPos 7E3A99F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] USER32.dll!SetWindowPos + 4 7E3A99F7 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F100F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2108] ole32.dll!CoCreateInstanceEx 774C0526 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [3B, 5F]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [26, 5F]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [16, 5F] {PUSH SS; POP EDI}
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [32, 5F]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [1A, 5F]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [20, 5F]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [23, 5F]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [1D, 5F]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [35, 5F]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [29, 5F]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [38, 5F]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DB0001
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 6 Bytes JMP 5F4B0F5A
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] USER32.dll!SetForegroundWindow 7E3A42ED 6 Bytes JMP 5F440F5A
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F410F5A
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] USER32.dll!SetWindowPos 7E3A99F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] USER32.dll!SetWindowPos + 4 7E3A99F7 2 Bytes [49, 5F] {DEC ECX; POP EDI}
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 6 Bytes JMP 5F4E0F5A
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F100F5A
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2168] ole32.dll!CoCreateInstanceEx 774C0526 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [3B, 5F]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [26, 5F]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [16, 5F] {PUSH SS; POP EDI}
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [32, 5F]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [1A, 5F]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [20, 5F]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [23, 5F]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [1D, 5F]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [35, 5F]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [29, 5F]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [38, 5F]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D70001
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 6 Bytes JMP 5F4B0F5A
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] USER32.dll!SetForegroundWindow 7E3A42ED 6 Bytes JMP 5F440F5A
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F410F5A
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] USER32.dll!SetWindowPos 7E3A99F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] USER32.dll!SetWindowPos + 4 7E3A99F7 2 Bytes [49, 5F] {DEC ECX; POP EDI}
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 6 Bytes JMP 5F4E0F5A
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F100F5A
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2236] ole32.dll!CoCreateInstanceEx 774C0526 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\igfxtray.exe[2276] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxtray.exe[2276] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [39, 5F]
.text C:\WINDOWS\system32\igfxtray.exe[2276] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\igfxtray.exe[2276] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxtray.exe[2276] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\WINDOWS\system32\igfxtray.exe[2276] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxtray.exe[2276] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\igfxtray.exe[2276] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxtray.exe[2276] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [30, 5F]
.text C:\WINDOWS\system32\igfxtray.exe[2276] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxtray.exe[2276] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [18, 5F]
.text C:\WINDOWS\system32\igfxtray.exe[2276] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxtray.exe[2276] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\WINDOWS\system32\igfxtray.exe[2276] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxtray.exe[2276] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [21, 5F]
.text C:\WINDOWS\system32\igfxtray.exe[2276] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxtray.exe[2276] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [2D, 5F]
.text C:\WINDOWS\system32\igfxtray.exe[2276] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxtray.exe[2276] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [1B, 5F]
.text C:\WINDOWS\system32\igfxtray.exe[2276] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxtray.exe[2276] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [33, 5F]
.text C:\WINDOWS\system32\igfxtray.exe[2276] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxtray.exe[2276] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\WINDOWS\system32\igfxtray.exe[2276] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxtray.exe[2276] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [2A, 5F]
.text C:\WINDOWS\system32\igfxtray.exe[2276] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxtray.exe[2276] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [36, 5F]
.text C:\WINDOWS\system32\igfxtray.exe[2276] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00900001
.text C:\WINDOWS\system32\igfxtray.exe[2276] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\igfxtray.exe[2276] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\igfxtray.exe[2276] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\igfxtray.exe[2276] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\system32\igfxtray.exe[2276] USER32.dll!SetForegroundWindow 7E3A42ED 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\system32\igfxtray.exe[2276] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\system32\igfxtray.exe[2276] USER32.dll!SetWindowPos 7E3A99F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxtray.exe[2276] USER32.dll!SetWindowPos + 4 7E3A99F7 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\WINDOWS\system32\igfxtray.exe[2276] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F3B0F5A
.text C:\WINDOWS\system32\igfxtray.exe[2276] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\igfxtray.exe[2276] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\igfxtray.exe[2276] ole32.dll!CoCreateInstanceEx 774C0526 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\hkcmd.exe[2312] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[2312] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [39, 5F]
.text C:\WINDOWS\system32\hkcmd.exe[2312] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\hkcmd.exe[2312] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[2312] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\WINDOWS\system32\hkcmd.exe[2312] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[2312] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\hkcmd.exe[2312] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[2312] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [30, 5F]
.text C:\WINDOWS\system32\hkcmd.exe[2312] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[2312] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [18, 5F]
.text C:\WINDOWS\system32\hkcmd.exe[2312] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[2312] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\WINDOWS\system32\hkcmd.exe[2312] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[2312] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [21, 5F]
.text C:\WINDOWS\system32\hkcmd.exe[2312] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[2312] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [2D, 5F]
.text C:\WINDOWS\system32\hkcmd.exe[2312] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[2312] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [1B, 5F]
.text C:\WINDOWS\system32\hkcmd.exe[2312] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[2312] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [33, 5F]
.text C:\WINDOWS\system32\hkcmd.exe[2312] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[2312] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\WINDOWS\system32\hkcmd.exe[2312] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[2312] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [2A, 5F]
.text C:\WINDOWS\system32\hkcmd.exe[2312] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[2312] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [36, 5F]
.text C:\WINDOWS\system32\hkcmd.exe[2312] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009F0001
.text C:\WINDOWS\system32\hkcmd.exe[2312] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\hkcmd.exe[2312] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\hkcmd.exe[2312] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\hkcmd.exe[2312] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\system32\hkcmd.exe[2312] USER32.dll!SetForegroundWindow 7E3A42ED 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\system32\hkcmd.exe[2312] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\system32\hkcmd.exe[2312] USER32.dll!SetWindowPos 7E3A99F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[2312] USER32.dll!SetWindowPos + 4 7E3A99F7 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\WINDOWS\system32\hkcmd.exe[2312] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F3B0F5A
.text C:\WINDOWS\system32\hkcmd.exe[2312] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\hkcmd.exe[2312] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\hkcmd.exe[2312] ole32.dll!CoCreateInstanceEx 774C0526 6 Bytes JMP 5F0D0F5A

Réponse 16 / 18

Utilisateur anonyme

Post le en 2 fois

Penouille Messages postés 95 Statut Membre

J'essaie en 6-7 fois car en moins de fois ça fonctionne pas.

1-GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-23 13:02:08
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwAllocateVirtualMemory [0xAA802320]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwAssignProcessToJobObject [0xAA802940]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAA75F6B8]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwConnectPort [0xAA800E30]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateFile [0xAA80F420]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF764B514]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreatePort [0xAA800AE0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF763A282]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF763A474]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateSection [0xAA7FD8D0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateThread [0xAA7FF260]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwDebugActiveProcess [0xAA7FFDC0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwDeleteFile [0xAA80FEB0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF764BD00]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF764BFB8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAA75F14C]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwEnumerateKey [0xAA80F3C0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwEnumerateValueKey [0xAA80F3F0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwLoadDriver [0xAA801DF0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwLoadKey [0xAA80EA90]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwOpenFile [0xAA80FAC0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF764A3FA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAA75F08C]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwOpenSection [0xAA7FDB40]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAA75F0F0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwProtectVirtualMemory [0xAA8025D0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwQueryKey [0xAA80F360]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAA75F76E]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwQueueApcThread [0xAA802AC0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF764C422]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwReplaceKey [0xAA80EE30]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwRequestWaitReplyPort [0xAA8019A0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAA75F72E]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwResumeThread [0xAA8004B0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSaveKey [0xAA80F340]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSecureConnectPort [0xAA8011F0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSetContextThread [0xAA7FFBE0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSetInformationFile [0xAA810170]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSetSystemInformation [0xAA7FFF40]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF764B7D8]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwShutdownSystem [0xAA801CF0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSuspendProcess [0xAA800660]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSuspendThread [0xAA8002E0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSystemDebugControl [0xAA800120]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF7639F32]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwTerminateThread [0xAA7FF9C0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwUnloadDriver [0xAA802010]
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xA94206D0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwWriteVirtualMemory [0xAA802780]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 12E 804E4968 12 Bytes [E0, 0A, 80, AA, 82, A2, 63, ...] {LOOPNZ 0xc; SUB BYTE [EDX-0x89c5d7e], 0x74; MOVSB ; ARPL DI, SI}
.text ntoskrnl.exe!ZwYieldExecution + 46A 804E4CA4 12 Bytes [60, 06, 80, AA, E0, 02, 80, ...]
? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys Le fichier spécifié est introuvable. !

Penouille Messages postés 95 Statut Membre

SUITE

2-
---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [39, 5F]
.text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [30, 5F]
.text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [18, 5F]
.text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [21, 5F]
.text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [2D, 5F]
.text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [1B, 5F]
.text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [33, 5F]
.text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [2A, 5F]
.text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [36, 5F]
.text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E90001
.text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\Explorer.EXE[420] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\Explorer.EXE[420] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F3B0F5A
.text C:\WINDOWS\Explorer.EXE[420] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[420] ole32.dll!CoCreateInstanceEx 774C0526 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[472] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 015F0001
.text C:\WINDOWS\system32\spoolsv.exe[472] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\spoolsv.exe[472] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\spoolsv.exe[472] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[564] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[564] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[564] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[564] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[564] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[564] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[564] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[564] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[564] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[564] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[564] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[564] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[564] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[564] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[564] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[564] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[564] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[564] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[564] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[564] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[564] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[564] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[564] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[564] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[564] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[564] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[564] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[564] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00730001
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[564] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[564] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[564] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A

Penouille Messages postés 95 Statut Membre

3-
.text C:\WINDOWS\system32\csrss.exe[588] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[588] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\csrss.exe[588] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\csrss.exe[588] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[588] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\csrss.exe[588] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[588] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\csrss.exe[588] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[588] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\csrss.exe[588] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[588] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\csrss.exe[588] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[588] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\csrss.exe[588] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[588] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\csrss.exe[588] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[588] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\csrss.exe[588] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[588] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\csrss.exe[588] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[588] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\csrss.exe[588] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[588] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\csrss.exe[588] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[588] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\csrss.exe[588] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[588] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\csrss.exe[588] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01640001
.text C:\WINDOWS\system32\csrss.exe[588] KERNEL32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\WINDOWS\system32\csrss.exe[588] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\csrss.exe[588] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\winlogon.exe[612] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[612] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\winlogon.exe[612] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\winlogon.exe[612] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[612] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\winlogon.exe[612] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[612] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\winlogon.exe[612] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[612] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\winlogon.exe[612] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[612] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\winlogon.exe[612] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[612] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\winlogon.exe[612] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[612] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\winlogon.exe[612] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[612] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\winlogon.exe[612] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[612] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\winlogon.exe[612] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[612] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\winlogon.exe[612] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[612] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\winlogon.exe[612] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[612] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\winlogon.exe[612] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[612] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\winlogon.exe[612] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 017C0001
.text C:\WINDOWS\system32\winlogon.exe[612] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\WINDOWS\system32\winlogon.exe[612] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\winlogon.exe[612] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\services.exe[656] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[656] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\services.exe[656] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\services.exe[656] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[656] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\services.exe[656] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[656] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\services.exe[656] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[656] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\services.exe[656] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[656] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\services.exe[656] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[656] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\services.exe[656] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[656] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\services.exe[656] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[656] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\services.exe[656] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[656] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\services.exe[656] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[656] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\services.exe[656] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[656] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\services.exe[656] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[656] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\services.exe[656] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[656] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\services.exe[656] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01420001
.text C:\WINDOWS\system32\services.exe[656] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\WINDOWS\system32\services.exe[656] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\services.exe[656] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\svchost.exe[660] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[660] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\System32\svchost.exe[660] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\svchost.exe[660] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[660] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[660] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[660] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\svchost.exe[660] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[660] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F]
.text C:\WINDOWS\System32\svchost.exe[660] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[660] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\svchost.exe[660] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[660] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F]
.text C:\WINDOWS\System32\svchost.exe[660] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[660] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\System32\svchost.exe[660] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[660] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\System32\svchost.exe[660] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[660] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[660] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[660] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\System32\svchost.exe[660] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[660] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\System32\svchost.exe[660] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[660] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\System32\svchost.exe[660] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[660] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\System32\svchost.exe[660] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00880001
.text C:\WINDOWS\System32\svchost.exe[660] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\System32\svchost.exe[660] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\svchost.exe[660] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\lsass.exe[668] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[668] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\lsass.exe[668] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\lsass.exe[668] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[668] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[668] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[668] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\lsass.exe[668] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[668] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\lsass.exe[668] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[668] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\lsass.exe[668] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[668] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\lsass.exe[668] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[668] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\lsass.exe[668] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[668] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\lsass.exe[668] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[668] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[668] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[668] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\lsass.exe[668] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[668] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\lsass.exe[668] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[668] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\lsass.exe[668] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[668] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\lsass.exe[668] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FB0001
.text C:\WINDOWS\system32\lsass.exe[668] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\WINDOWS\system32\lsass.exe[668] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\lsass.exe[668] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A

Penouille Messages postés 95 Statut Membre

4-
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E30001
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\WINDOWS\system32\svchost.exe[852] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[852] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 010F0001
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\WINDOWS\system32\svchost.exe[904] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[904] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F]
.text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F]
.text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\System32\svchost.exe[944] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 03570001
.text C:\WINDOWS\System32\svchost.exe[944] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\WINDOWS\System32\svchost.exe[944] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\svchost.exe[944] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A

Penouille Messages postés 95 Statut Membre

5-
.text C:\WINDOWS\AGRSMMSG.exe[984] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\AGRSMMSG.exe[984] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [39, 5F]
.text C:\WINDOWS\AGRSMMSG.exe[984] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\WINDOWS\AGRSMMSG.exe[984] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\AGRSMMSG.exe[984] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\WINDOWS\AGRSMMSG.exe[984] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\AGRSMMSG.exe[984] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\AGRSMMSG.exe[984] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\AGRSMMSG.exe[984] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [30, 5F]
.text C:\WINDOWS\AGRSMMSG.exe[984] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\AGRSMMSG.exe[984] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [18, 5F]
.text C:\WINDOWS\AGRSMMSG.exe[984] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\AGRSMMSG.exe[984] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\WINDOWS\AGRSMMSG.exe[984] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\AGRSMMSG.exe[984] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [21, 5F]
.text C:\WINDOWS\AGRSMMSG.exe[984] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\AGRSMMSG.exe[984] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [2D, 5F]
.text C:\WINDOWS\AGRSMMSG.exe[984] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\AGRSMMSG.exe[984] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [1B, 5F]
.text C:\WINDOWS\AGRSMMSG.exe[984] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\AGRSMMSG.exe[984] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [33, 5F]
.text C:\WINDOWS\AGRSMMSG.exe[984] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\AGRSMMSG.exe[984] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\WINDOWS\AGRSMMSG.exe[984] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\AGRSMMSG.exe[984] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [2A, 5F]
.text C:\WINDOWS\AGRSMMSG.exe[984] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\AGRSMMSG.exe[984] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [36, 5F]
.text C:\WINDOWS\AGRSMMSG.exe[984] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C70001
.text C:\WINDOWS\AGRSMMSG.exe[984] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\AGRSMMSG.exe[984] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\AGRSMMSG.exe[984] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\AGRSMMSG.exe[984] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\AGRSMMSG.exe[984] USER32.dll!SetForegroundWindow 7E3A42ED 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\AGRSMMSG.exe[984] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\AGRSMMSG.exe[984] USER32.dll!SetWindowPos 7E3A99F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\AGRSMMSG.exe[984] USER32.dll!SetWindowPos + 4 7E3A99F7 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\WINDOWS\AGRSMMSG.exe[984] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F3B0F5A
.text C:\WINDOWS\AGRSMMSG.exe[984] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\AGRSMMSG.exe[984] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\AGRSMMSG.exe[984] ole32.dll!CoCreateInstanceEx 774C0526 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[992] ntdll.dll!NtClose 7C91CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[992] ntdll.dll!NtClose + 4 7C91CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[992] ntdll.dll!NtCreateFile 7C91D0AE 1 Byte [FF]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[992] ntdll.dll!NtCreateFile 7C91D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[992] ntdll.dll!NtCreateFile + 4 7C91D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[992] ntdll.dll!NtCreateKey 7C91D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[992] ntdll.dll!NtCreateKey + 4 7C91D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[992] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[992] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [23, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[992] ntdll.dll!NtDeleteKey 7C91D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[992] ntdll.dll!NtDeleteKey + 4 7C91D252 2 Bytes [0B, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[992] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[992] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [11, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[992] ntdll.dll!NtRenameKey 7C91DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[992] ntdll.dll!NtRenameKey + 4 7C91DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[992] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[992] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [20, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[992] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[992] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[992] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[992] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[992] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[992] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[992] ntdll.dll!NtWriteFileGather 7C91DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[992] ntdll.dll!NtWriteFileGather + 4 7C91DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[992] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[992] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[992] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01330001
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[992] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[992] USER32.dll!SetWindowsHookExW 7E3A820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[992] USER32.dll!SetWindowsHookExA 7E3B1211 6 Bytes JMP 5F2E0F5A

Réponse 17 / 18

Utilisateur anonyme

Le problème ne vient pas d'une infection.Ton dernier rapport hijackthis est sain.Je te propose de demander de l'aide sur le forum ccm a la rubrique bureautique.

Réponse 18 / 18

Penouille Messages postés 95 Statut Membre

D'accord merci pour tout

Dossier utilisé par autre utilisateur

18 réponses

Votre réponse

Discussions similaires

Newsletters