Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

(Resolu Formatage) gros probleme d'infection

onkyogs1

Par onkyogs1
dans Analyses et éradication malwares

 Partager

Messages recommandés

onkyogs1 Member

onkyogs1

Posté(e)
  • Auteur
Posté(e)

re

voila le log de gmer

 

GMER 1.0.12.12027 - http://www.gmer.net

Rootkit scan 2007-02-28 00:08:40

Windows 5.1.2600 Service Pack 2

 

 

---- System - GMER 1.0.12 ----

 

SSDT \SystemRoot\System32\drivers\klif.sys ZwClose

SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateProcess

SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateProcessEx

SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateSection

SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateThread

SSDT \SystemRoot\System32\drivers\klif.sys ZwOpenProcess

SSDT \SystemRoot\System32\drivers\klif.sys ZwQueryInformationFile

SSDT \SystemRoot\System32\drivers\klif.sys ZwSetInformationProcess

SSDT \SystemRoot\System32\drivers\klif.sys ZwTerminateProcess

SSDT \SystemRoot\System32\drivers\klif.sys SSDT[284]

SSDT \SystemRoot\System32\drivers\klif.sys SSDT[285]

SSDT \SystemRoot\System32\drivers\klif.sys SSDT[286]

SSDT \SystemRoot\System32\drivers\klif.sys SSDT[287]

SSDT \SystemRoot\System32\drivers\klif.sys SSDT[288]

SSDT \SystemRoot\System32\drivers\klif.sys SSDT[289]

SSDT \SystemRoot\System32\drivers\klif.sys SSDT[290]

SSDT \SystemRoot\System32\drivers\klif.sys SSDT[291]

SSDT \SystemRoot\System32\drivers\klif.sys SSDT[292]

SSDT \SystemRoot\System32\drivers\klif.sys SSDT[293]

SSDT \SystemRoot\System32\drivers\klif.sys SSDT[294]

SSDT \SystemRoot\System32\drivers\klif.sys SSDT[295]

SSDT \SystemRoot\System32\drivers\klif.sys SSDT[296]

 

---- Kernel code sections - GMER 1.0.12 ----

 

.text ntkrnlpa.exe!ZwCallbackReturn + 2F1C 80503C00 2 Bytes [ 30, 95 ]

.text ntkrnlpa.exe!KiDispatchInterrupt + 100 80544C20 7 Bytes JMP F15C9668 \SystemRoot\System32\drivers\klif.sys

 

---- User code sections - GMER 1.0.12 ----

 

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[460] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[460] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[460] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[460] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[460] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[460] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]

.text C:\WINDOWS\system32\wscntfy.exe[516] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\wscntfy.exe[516] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\system32\wscntfy.exe[516] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\WINDOWS\system32\wscntfy.exe[516] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\WINDOWS\system32\wscntfy.exe[516] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\WINDOWS\system32\wscntfy.exe[516] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]

.text C:\Acer\Empowering Technology\ePower\ePower_DMC.exe[540] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\Acer\Empowering Technology\ePower\ePower_DMC.exe[540] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 18, 5F ]

.text C:\Acer\Empowering Technology\ePower\ePower_DMC.exe[540] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]

.text C:\Acer\Empowering Technology\ePower\ePower_DMC.exe[540] KERNEL32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]

.text C:\Acer\Empowering Technology\ePower\ePower_DMC.exe[540] KERNEL32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]

.text C:\Acer\Empowering Technology\ePower\ePower_DMC.exe[540] KERNEL32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]

.text C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe[608] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe[608] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe[608] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe[608] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe[608] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe[608] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]

.text C:\Program Files\AdRem\NetCrunch\4.0\NCTasks.exe[644] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\AdRem\NetCrunch\4.0\NCTasks.exe[644] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\Program Files\AdRem\NetCrunch\4.0\NCTasks.exe[644] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\Program Files\AdRem\NetCrunch\4.0\NCTasks.exe[644] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\Program Files\AdRem\NetCrunch\4.0\NCTasks.exe[644] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\WINDOWS\SYSTEM32\CSRSS.EXE[804] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SYSTEM32\CSRSS.EXE[804] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\SYSTEM32\CSRSS.EXE[804] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\WINDOWS\SYSTEM32\CSRSS.EXE[804] KERNEL32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\WINDOWS\SYSTEM32\CSRSS.EXE[804] KERNEL32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\WINDOWS\SYSTEM32\WINLOGON.EXE[828] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SYSTEM32\WINLOGON.EXE[828] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\SYSTEM32\WINLOGON.EXE[828] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\WINDOWS\SYSTEM32\WINLOGON.EXE[828] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\WINDOWS\SYSTEM32\WINLOGON.EXE[828] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\WINDOWS\system32\igfxsrvc.exe[856] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\igfxsrvc.exe[856] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\system32\igfxsrvc.exe[856] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\WINDOWS\system32\igfxsrvc.exe[856] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\WINDOWS\system32\igfxsrvc.exe[856] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\WINDOWS\system32\igfxsrvc.exe[856] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]

.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[872] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[872] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[872] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[872] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[872] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\WINDOWS\SYSTEM32\LSASS.EXE[884] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SYSTEM32\LSASS.EXE[884] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\SYSTEM32\LSASS.EXE[884] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\WINDOWS\SYSTEM32\LSASS.EXE[884] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\WINDOWS\SYSTEM32\LSASS.EXE[884] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\Documents and Settings\Ariane Vidal\Bureau\gmer\gmer.exe[964] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\Documents and Settings\Ariane Vidal\Bureau\gmer\gmer.exe[964] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\Documents and Settings\Ariane Vidal\Bureau\gmer\gmer.exe[964] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\Documents and Settings\Ariane Vidal\Bureau\gmer\gmer.exe[964] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\Documents and Settings\Ariane Vidal\Bureau\gmer\gmer.exe[964] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\Documents and Settings\Ariane Vidal\Bureau\gmer\gmer.exe[964] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]

.text C:\WINDOWS\SYSTEM32\DRIVERS\CDANTSRV.EXE[1000] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SYSTEM32\DRIVERS\CDANTSRV.EXE[1000] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\SYSTEM32\DRIVERS\CDANTSRV.EXE[1000] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\WINDOWS\SYSTEM32\DRIVERS\CDANTSRV.EXE[1000] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\WINDOWS\SYSTEM32\DRIVERS\CDANTSRV.EXE[1000] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1044] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1044] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1044] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1044] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1044] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLCAPSVC.EXE[1100] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLCAPSVC.EXE[1100] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLCAPSVC.EXE[1100] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLCAPSVC.EXE[1100] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLCAPSVC.EXE[1100] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1160] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1160] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1160] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1160] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1160] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1200] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1200] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1200] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1200] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1200] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVER.EXE[1220] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVER.EXE[1220] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVER.EXE[1220] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVER.EXE[1220] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVER.EXE[1220] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVICE.EXE[1236] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVICE.EXE[1236] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVICE.EXE[1236] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVICE.EXE[1236] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVICE.EXE[1236] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE[1256] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE[1256] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE[1256] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE[1256] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE[1256] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE[1308] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE[1308] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE[1308] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE[1308] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE[1308] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1344] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1344] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1344] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1344] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1344] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1480] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1480] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1480] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1480] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1480] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\Program Files\Canon\CAL\CALMAIN.exe[1568] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Canon\CAL\CALMAIN.exe[1568] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\Program Files\Canon\CAL\CALMAIN.exe[1568] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\Program Files\Canon\CAL\CALMAIN.exe[1568] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\Program Files\Canon\CAL\CALMAIN.exe[1568] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\Program Files\Canon\CAL\CALMAIN.exe[1568] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1600] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1600] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1600] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1600] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1600] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\Program Files\AdRem\NetCrunch\4.0\NCSQLSrv.exe[1616] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\AdRem\NetCrunch\4.0\NCSQLSrv.exe[1616] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\Program Files\AdRem\NetCrunch\4.0\NCSQLSrv.exe[1616] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\Program Files\AdRem\NetCrunch\4.0\NCSQLSrv.exe[1616] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\Program Files\AdRem\NetCrunch\4.0\NCSQLSrv.exe[1616] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\WINDOWS\SYSTEM32\SPOOLSV.EXE[1800] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SYSTEM32\SPOOLSV.EXE[1800] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\SYSTEM32\SPOOLSV.EXE[1800] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\WINDOWS\SYSTEM32\SPOOLSV.EXE[1800] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\WINDOWS\SYSTEM32\SPOOLSV.EXE[1800] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\PROGRAM FILES\FICHIERS COMMUNS\LOGITECH\LVMVFM\LVPRCSRV.EXE[1836] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\PROGRAM FILES\FICHIERS COMMUNS\LOGITECH\LVMVFM\LVPRCSRV.EXE[1836] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\PROGRAM FILES\FICHIERS COMMUNS\LOGITECH\LVMVFM\LVPRCSRV.EXE[1836] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\PROGRAM FILES\FICHIERS COMMUNS\LOGITECH\LVMVFM\LVPRCSRV.EXE[1836] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\PROGRAM FILES\FICHIERS COMMUNS\LOGITECH\LVMVFM\LVPRCSRV.EXE[1836] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1884] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1884] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1884] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1884] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1884] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1952] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1952] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1952] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1952] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1952] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\ACER\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE[1976] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\ACER\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE[1976] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\ACER\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE[1976] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\ACER\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE[1976] KERNEL32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\ACER\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE[1976] KERNEL32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[2076] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[2076] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 12, 5F ]

.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[2076] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 0C, 5F ]

.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[2076] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]

.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[2076] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 09, 5F ]

.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[2076] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]

.text C:\WINDOWS\system32\lvcomsx.exe[2088] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\lvcomsx.exe[2088] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\system32\lvcomsx.exe[2088] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\WINDOWS\system32\lvcomsx.exe[2088] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\WINDOWS\system32\lvcomsx.exe[2088] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\WINDOWS\system32\lvcomsx.exe[2088] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2548] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2548] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2548] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2548] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2548] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2548] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]

.text C:\WINDOWS\System32\alg.exe[2556] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\alg.exe[2556] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\System32\alg.exe[2556] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\WINDOWS\System32\alg.exe[2556] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\WINDOWS\System32\alg.exe[2556] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\WINDOWS\System32\alg.exe[2556] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]

.text C:\WINDOWS\system32\wbem\unsecapp.exe[2780] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\wbem\unsecapp.exe[2780] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\system32\wbem\unsecapp.exe[2780] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\WINDOWS\system32\wbem\unsecapp.exe[2780] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\WINDOWS\system32\wbem\unsecapp.exe[2780] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\WINDOWS\system32\wbem\unsecapp.exe[2780] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2872] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2872] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2872] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2872] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2872] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2872] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]

.text C:\WINDOWS\Explorer.EXE[2928] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[2928] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\Explorer.EXE[2928] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\WINDOWS\Explorer.EXE[2928] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\WINDOWS\Explorer.EXE[2928] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\WINDOWS\Explorer.EXE[2928] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]

.text C:\WINDOWS\system32\wuauclt.exe[3252] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\wuauclt.exe[3252] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\system32\wuauclt.exe[3252] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\WINDOWS\system32\wuauclt.exe[3252] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\WINDOWS\system32\wuauclt.exe[3252] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\WINDOWS\system32\wuauclt.exe[3252] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[3464] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[3464] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[3464] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[3464] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[3464] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[3464] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]

.text C:\Program Files\Acer\OrbiCam\CameraAssistant.exe[4016] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\Program Files\Acer\OrbiCam\CameraAssistant.exe[4016] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\Program Files\Acer\OrbiCam\CameraAssistant.exe[4016] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\Program Files\Acer\OrbiCam\CameraAssistant.exe[4016] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\Program Files\Acer\OrbiCam\CameraAssistant.exe[4016] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\Program Files\Acer\OrbiCam\CameraAssistant.exe[4016] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]

.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE[4056] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE[4056] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE[4056] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]

.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE[4056] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]

.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE[4056] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE[4056] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]

 

---- Registry - GMER 1.0.12 ----

 

Reg \Registry\MACHINE\SOFTWARE\AdRem\Setup@AdRem NetCrunch 4.01.02 0x00 0x00 0x00 0x00 ...

Reg \Registry\MACHINE\SOFTWARE\AdRem\Setup@AdRem NetCrunch 4.01.02LRD 0x00 0x00 0x00 0x00 ...

Reg \Registry\MACHINE\SOFTWARE\AdRem\Setup@AdRem NetCrunch 1.00.02 0x00 0x00 0x00 0x00 ...

Reg \Registry\MACHINE\SOFTWARE\AdRem\Setup@AdRem NetCrunch 1.00.02LRD 0x00 0x00 0x00 0x00 ...

 

---- EOF - GMER 1.0.12 ----

onkyogs1 Member

onkyogs1

Posté(e)
  • Auteur
Posté(e) (modifié)

Re,

un autre bug que je constate si ca peut aider.

j'utilise maxthon et dans la barre de recherhe a gauche je regles les options"options -puis- options de maxthon -puis - recherche - puis - default - puis - ok.

a la suite de ca j'ai dans le menu deroulant de la recherche les anciennes recherche effectuées et ce en francais.

au bout d'un moment ca passe en langage chinois sans que je n'intervienne.

je suis oblige d'aller regler de nouveau les options de recherche et puis ca reviens un peu plus tard en chinois de nouveau

etc ...

je ne sais pas si il y a un rapport avec la lenteur de la machine mais je le signale quand meme au cas ou.....

Modifié par onkyogs1
Thanos Devil Member !

Thanos

Posté(e)
Posté(e) (modifié)

salut :P

 

Je ne vois rien de particulier sur ton rapport Gmer.

a la suite de ca j'ai dans le menu deroulant de la recherche les anciennes recherche effectuées et ce en francais.

au bout d'un moment ca passe en langage chinois sans que je n'intervienne.

Intéressant...Je vais me renseigner là dessus.

 

Stp peux tu relancer DiagHelp et choisir l'option 2 ? poste le rapport .

Modifié par charles ingals
onkyogs1 Member

onkyogs1

Posté(e)
  • Auteur
Posté(e) (modifié)

re

voila le log dialhelp option 2

FPort v2.0 - TCP/IP Process to Port Mapper

Copyright 2000 by Foundstone, Inc.

http://www.foundstone.com

 

Pid Process Port Proto Path

1592 CLMLService -> 12346 TCP C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe

304 MemCheck -> 9999 TCP C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

1868 NCSQLSrv -> 12005 TCP C:\Program Files\AdRem\NetCrunch\4.0\NCSQLSrv.exe

1868 NCSQLSrv -> 12006 TCP C:\Program Files\AdRem\NetCrunch\4.0\NCSQLSrv.exe

4 System -> 139 TCP

4 System -> 445 TCP

1120 svchost -> 135 TCP C:\WINDOWS\system32\svchost.exe

1456 svchost -> 2869 TCP C:\WINDOWS\system32\svchost.exe

 

1592 CLMLService -> 123 UDP C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe

304 MemCheck -> 1055 UDP C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

1868 NCSQLSrv -> 1061 UDP C:\Program Files\AdRem\NetCrunch\4.0\NCSQLSrv.exe

1868 NCSQLSrv -> 4500 UDP C:\Program Files\AdRem\NetCrunch\4.0\NCSQLSrv.exe

4 System -> 1027 UDP

0 System -> 1036 UDP

0 System -> 1207 UDP

0 System -> 123 UDP

0 System -> 137 UDP

0 System -> 138 UDP

0 System -> 1900 UDP

4 System -> 500 UDP

1456 svchost -> 1035 UDP C:\WINDOWS\system32\svchost.exe

1120 svchost -> 445 UDP C:\WINDOWS\system32\svchost.exe

 

 

 

PsList 1.26 - Process Information Lister

Copyright © 1999-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

Process information for ACER-D18848DB56:

 

Name Pid Pri Thd Hnd VM WS Priv

Idle 0 0 2 0 0 28 0

System 4 8 70 831 1908 264 0

SMSS 748 11 3 24 3832 660 176

CSRSS 804 13 13 584 71468 9768 2436

WINLOGON 828 13 16 429 54508 2280 6228

SERVICES 872 9 16 336 39436 5648 2380

MemCheck 304 8 12 283 105184 10148 8280

SVCHOST 504 8 8 151 41732 3296 3020

NCTasks 584 8 4 111 47344 9776 6244

SVCHOST 1040 8 17 223 64652 6664 3472

wmiprvse 808 8 6 166 40688 6224 2372

lvcomsx 2780 8 8 159 46944 5408 3004

unsecapp 3012 8 2 106 41680 4816 2696

wmiprvse 3904 8 5 226 45792 8220 3632

CLSched 1104 8 3 102 40628 7072 1412

SVCHOST 1120 8 11 382 41584 5332 2260

SVCHOST 1160 8 71 1632 118140 39684 19144

wuauclt 2996 8 3 172 49464 6652 6196

wscntfy 3180 8 1 47 30520 2784 1028

EvtEng 1212 8 8 142 183816 10332 4336

S24EvMon 1252 8 7 215 47604 7828 3072

RichVideo 1264 8 3 86 35752 3316 1092

SVCHOST 1304 8 4 80 32824 4024 1524

SVCHOST 1456 8 20 314 54852 9784 5956

mdm 1488 8 4 92 37296 1480 1280

CDANTSRV 1532 8 3 37 20632 2048 744

CLCapSvc 1552 8 4 182 58780 15528 10128

CLMLServer 1568 8 2 37 18132 2080 684

CLMLService 1592 8 4 119 51420 6044 10036

fxssvc 1600 8 6 101 34872 2480 1484

SPOOLSV 1736 8 13 153 46764 6236 3492

LVPrcSrv 1776 8 14 194 39584 2972 1144

NCSQLSrv 1868 8 8 73 39632 6256 2552

RegSrvc 2028 8 3 87 33184 1172 1116

sdhelp 2044 8 6 75 37580 4468 1604

CALMAIN 2076 8 7 135 29120 3492 1292

SVCHOST 3944 8 8 102 39784 4308 1908

LSASS 884 9 17 349 44048 1148 3924

taskmgr 3284 13 3 85 37968 2252 1996

EXPLORER 1188 8 19 573 114996 44396 23880

CameraAssistant 2296 8 4 138 48156 7556 3356

ePower_DMC 2412 8 5 197 115188 18556 12340

jusched 2528 8 1 51 31896 3112 1256

SuperCopier2 3232 8 2 62 36180 4660 1280

Maxthon 3328 8 13 511 117628 11724 32432

cmd 3592 8 1 44 18748 2464 2000

pslist 3468 13 2 99 22780 2600 1296

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

EXPLORER.EXE pid: 1188

Command line: C:\WINDOWS\Explorer.EXE

 

Base Size Version Path

*** Loaded C:\WINDOWS\system32\kernel32.dll differs from file image:

*** File timestamp: Wed Jul 05 12:56:38 2006

*** Loaded image timestamp: Wed Jul 05 12:56:39 2006

*** 0x7c800000 0x104000 5.01.2600.2945 C:\WINDOWS\system32\kernel32.dll

0x77ef0000 0x47000 5.01.2600.2818 C:\WINDOWS\system32\GDI32.dll

0x77d10000 0x90000 5.01.2600.2622 C:\WINDOWS\system32\USER32.dll

0x77f40000 0x76000 6.00.2900.3020 C:\WINDOWS\system32\SHLWAPI.dll

0x7c9d0000 0x823000 6.00.2900.3051 C:\WINDOWS\system32\SHELL32.dll

0x774a0000 0x13d000 5.01.2600.2726 C:\WINDOWS\system32\ole32.dll

0x75f10000 0xfd000 6.00.2900.3020 C:\WINDOWS\system32\BROWSEUI.dll

0x77720000 0x170000 6.00.2900.3020 C:\WINDOWS\system32\SHDOCVW.dll

0x6fee0000 0x54000 5.01.2600.2976 C:\WINDOWS\system32\NETAPI32.dll

0x771b0000 0xcf000 7.00.6000.16414 C:\WINDOWS\system32\WININET.dll

0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll

0x6e850000 0x45000 7.00.6000.16414 C:\WINDOWS\system32\iertutil.dll

0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll

0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL

0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

0x10000000 0xc6000 1.00.0000.0000 C:\Program Files\FreeLaunchBar\flb.dll

0x5a000000 0x1a000 3.06.0000.2080 C:\Program Files\Spyware Doctor\tools\swpg.dat

0x76920000 0x8000 5.01.2600.2751 C:\WINDOWS\system32\LINKINFO.dll

0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL

0x61410000 0x124000 7.00.6000.16414 C:\WINDOWS\system32\urlmon.dll

0x74b30000 0x3c000 7.00.6000.16414 C:\WINDOWS\system32\webcheck.dll

0x7e1e0000 0x5ca000 7.00.6000.16414 C:\WINDOWS\system32\IEFRAME.dll

0x745e0000 0x2c6000 3.01.4000.2435 C:\WINDOWS\system32\msi.dll

0x0ffd0000 0x28000 5.01.2600.2161 C:\WINDOWS\system32\rsaenh.dll

0x01f70000 0x17000 9.04.0004.1069 C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll

0x72c60000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\msacm32.drv

0x76d10000 0x19000 5.01.2600.2912 C:\WINDOWS\system32\iphlpapi.dll

0x01e70000 0x1b000 2.02.0000.0028 C:\WINDOWS\system32\eDStoolbar.dll

0x7c120000 0x19000 7.10.3077.0000 C:\WINDOWS\system32\ATL71.DLL

0x023d0000 0xd5000 1.04.0000.0000 C:\PROGRA~1\SPYBOT~1\SDHelper.dll

0x00cb0000 0x19000 2.00.0000.0009 C:\Program Files\SuperCopier2\SC2Hook.dll

0x022d0000 0x5b000 1.01.0000.0000 C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

0x026b0000 0x1b9000 2.00.0000.0007 C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll

0x7c140000 0x103000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MFC71.DLL

0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCR71.dll

0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCP71.dll

0x020a0000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL

0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL

0x00ba0000 0x8000 0.09.0007.0003 C:\Acer\Empowering Technology\ePower\SysHook.dll

0x02970000 0xb1000 5.01.2600.3019 C:\WINDOWS\system32\SXS.DLL

0x01d90000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll

0x020c0000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll

0x03860000 0x71f000 6.14.0010.8360 C:\WINDOWS\system32\nvcpl.dll

0x74bf0000 0x2c000 4.02.5406.0000 C:\WINDOWS\system32\OLEACC.dll

0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll

0x03230000 0x44000 6.14.0010.8360 C:\WINDOWS\system32\NVRSFR.DLL

0x02e30000 0x26000 3.00.0000.4497 C:\WINDOWS\system32\igfxpph.dll

0x023b0000 0x13000 3.00.0000.4497 C:\WINDOWS\system32\hccutils.DLL

0x03290000 0x73000 6.14.0010.11019 C:\WINDOWS\system32\nvshell.dll

0x73a80000 0x15000 5.01.2600.2709 C:\WINDOWS\system32\mscms.dll

0x011b0000 0x14000 2.00.0000.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll

0x01300000 0x102000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL

0x01500000 0x2c000 C:\Program Files\WinRAR\rarext.dll

0x011d0000 0x13000 7.00.0000.0004 C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll

0x01410000 0x1f000 5.00.0149.0001 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll

0x01430000 0x13000 1.00.0000.0000 C:\Program Files\EPSON\Creativity Suite\Easy Photo Print\EPPShell.dll

0x01450000 0x14000 2.02.0000.0011 C:\WINDOWS\system32\eDSshellExt.dll

0x60980000 0x7000 3.01.4000.1823 C:\WINDOWS\system32\MSISIP.DLL

0x74e10000 0x10000 5.06.0000.8820 C:\WINDOWS\system32\wshext.dll

0x59000000 0xe000 5.06.0000.6626 C:\WINDOWS\system32\wshFR.DLL

0x365a0000 0x15000 10.00.2625.0000 C:\PROGRA~1\MICROS~3\Office10\MCPS.DLL

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

No matching processes were found.

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

WINLOGON.EXE pid: 828

Command line: winlogon.exe

 

Base Size Version Path

0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe

*** Loaded C:\WINDOWS\system32\kernel32.dll differs from file image:

*** File timestamp: Wed Jul 05 12:56:38 2006

*** Loaded image timestamp: Wed Jul 05 12:56:39 2006

*** 0x7c800000 0x104000 5.01.2600.2945 C:\WINDOWS\system32\kernel32.dll

0x77680000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll

0x77d10000 0x90000 5.01.2600.2622 C:\WINDOWS\system32\USER32.dll

0x77ef0000 0x47000 5.01.2600.2818 C:\WINDOWS\system32\GDI32.dll

0x6fee0000 0x54000 5.01.2600.2976 C:\WINDOWS\system32\NETAPI32.dll

0x7c9d0000 0x823000 6.00.2900.3051 C:\WINDOWS\system32\SHELL32.dll

0x77f40000 0x76000 6.00.2900.3020 C:\WINDOWS\system32\SHLWAPI.dll

0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll

0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll

0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll

0x776a0000 0x24000 6.00.2900.3051 C:\WINDOWS\system32\SHSVCS.dll

0x774a0000 0x13d000 5.01.2600.2726 C:\WINDOWS\system32\ole32.dll

0x77210000 0xb1000 5.01.2600.3019 C:\WINDOWS\system32\sxs.dll

0x0ffd0000 0x28000 5.01.2600.2161 C:\WINDOWS\system32\rsaenh.dll

0x76d10000 0x19000 5.01.2600.2912 C:\WINDOWS\system32\iphlpapi.dll

0x72c60000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\msacm32.drv

0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL

0x5a000000 0x1a000 3.06.0000.2080 C:\Program Files\Spyware Doctor\tools\swpg.dat

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

SERVICES.EXE pid: 872

Command line: C:\WINDOWS\system32\services.exe

 

Base Size Version Path

*** Loaded C:\WINDOWS\system32\kernel32.dll differs from file image:

*** File timestamp: Wed Jul 05 12:56:38 2006

*** Loaded image timestamp: Wed Jul 05 12:56:39 2006

*** 0x7c800000 0x104000 5.01.2600.2945 C:\WINDOWS\system32\kernel32.dll

0x77d10000 0x90000 5.01.2600.2622 C:\WINDOWS\system32\USER32.dll

0x77ef0000 0x47000 5.01.2600.2818 C:\WINDOWS\system32\GDI32.dll

0x77680000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll

0x7dbc0000 0x21000 5.01.2600.2744 C:\WINDOWS\system32\umpnpmgr.dll

0x6fee0000 0x54000 5.01.2600.2976 C:\WINDOWS\system32\NETAPI32.dll

0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll

0x774a0000 0x13d000 5.01.2600.2726 C:\WINDOWS\system32\ole32.dll

0x7c9d0000 0x823000 6.00.2900.3051 C:\WINDOWS\system32\SHELL32.dll

0x77f40000 0x76000 6.00.2900.3020 C:\WINDOWS\system32\SHLWAPI.dll

0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll

0x5a000000 0x1a000 3.06.0000.2080 C:\Program Files\Spyware Doctor\tools\swpg.dat

Le volume dans le lecteur C s'appelle ACER

Le numéro de série du volume est A2F2-78E5

 

Répertoire de C:\Program Files

 

10/07/2006 09:46 <REP> .

10/07/2006 09:46 <REP> ..

15/10/2004 11:52 <REP> Fichiers communs

15/10/2004 11:57 <REP> Windows NT

15/10/2004 11:57 <REP> MSN

15/10/2004 11:57 <REP> MSN Gaming Zone

15/10/2004 11:57 <REP> Messenger

15/10/2004 11:57 <REP> Windows Media Player

15/10/2004 11:57 <REP> Online Services

15/10/2004 11:58 <REP> ComPlus Applications

15/10/2004 11:58 <REP> Internet Explorer

15/10/2004 11:58 <REP> Outlook Express

15/10/2004 11:58 <REP> NetMeeting

15/10/2004 11:58 <REP> Movie Maker

15/10/2004 11:59 <REP> Services en ligne

15/10/2004 12:01 <REP> microsoft frontpage

15/10/2004 12:01 <REP> xerox

14/04/2006 16:01 <REP> Intel

14/04/2006 16:04 <REP> Synaptics

14/04/2006 16:05 <REP> Realtek

14/04/2006 16:22 <REP> Acer Inc

14/04/2006 16:22 <REP> NewTech Infosystems

14/04/2006 16:23 <REP> Adobe

06/09/2006 03:10 <REP> Acer

06/09/2006 03:10 <REP> CyberLink

06/09/2006 03:14 <REP> Launch Manager

06/09/2006 03:18 <REP> WinPCap

03/10/2006 16:26 <REP> Microsoft Works

03/10/2006 16:26 <REP> Microsoft Office

03/10/2006 19:29 <REP> InterActual

04/10/2006 01:41 <REP> epson

05/11/2006 00:19 <REP> Scroll Mouse

09/11/2006 19:51 <REP> Microsoft Visual Studio

09/11/2006 19:53 <REP> SuperCopier2

09/11/2006 20:06 <REP> WinRAR

09/11/2006 20:08 <REP> MagicISO

09/11/2006 20:15 <REP> Nero

09/11/2006 20:21 <REP> Universalis 9

09/11/2006 21:28 <REP> CodeStuff

23/12/2006 10:44 <REP> Canon

24/12/2006 18:54 <REP> Maxis

26/12/2006 20:03 <REP> Alice_Triway_WiFi

27/12/2006 03:35 <REP> MSXML 4.0

27/12/2006 12:43 <REP> Google

31/12/2006 14:30 <REP> MSN Messenger

31/12/2006 14:31 <REP> Windows Live Toolbar

03/01/2007 14:09 <REP> CCleaner

03/01/2007 16:18 <REP> Spybot - Search & Destroy

03/01/2007 16:20 <REP> Maxthon

03/01/2007 16:31 <REP> MailWasher Pro

03/01/2007 16:49 <REP> Siber Systems

06/01/2007 11:22 <REP> eMule

14/01/2007 12:39 <REP> Java

24/01/2007 17:38 <REP> FreeLaunchBar

14/01/2007 20:28 <REP> RegSeeker

01/05/2006 04:29 <REP> ecalc

24/01/2007 18:53 <REP> DVD Shrink

24/01/2007 19:37 <REP> Lavasoft

24/01/2007 19:43 <REP> VideoLAN

24/01/2007 19:50 <REP> ToniArts

24/01/2007 20:51 <REP> Kaspersky Lab

24/01/2007 22:22 <REP> Picasa2

10/01/2007 14:56 <REP> BorderMaker

10/01/2007 14:56 <REP> RENOMME

24/01/2007 22:49 <REP> DxO Labs

24/02/2007 13:48 <REP> Spyware Doctor

25/02/2007 10:21 <REP> Hijackthis Version Française

26/02/2007 15:16 <REP> AdRem

28/02/2007 19:23 <REP> AntiVir PersonalEdition Classic

0 fichier(s) 0 octets

69 Rép(s) 13 124 009 984 octets libres

Le volume dans le lecteur C s'appelle ACER

Le numéro de série du volume est A2F2-78E5

 

Répertoire de C:\

 

11/11/2001 00:00 68 096 diff.exe

27/08/2006 14:10 103 424 grep.exe

 

Répertoire de C:\

 

11/11/2001 00:00 68 096 diff.exe

27/08/2006 14:10 103 424 grep.exe

4 fichier(s) 343 040 octets

0 Rép(s) 13 124 009 984 octets libres

C:\Documents and Settings\Sébastien Delcourte\Local Settings\Temporary Internet Files\Content.IE5\GTOE96RS\GoogleEarthWin[1].exe

C:\Documents and Settings\Ariane Vidal\Mes documents\ccsetup136.exe

C:\Documents and Settings\Ariane Vidal\Mes documents\GoogleSketchUpWEN.exe

C:\Documents and Settings\Ariane Vidal\Mes documents\Install_Messenger.exe

C:\Documents and Settings\Ariane Vidal\Mes documents\maxthon159.exe

C:\Documents and Settings\Ariane Vidal\Mes documents\spybotsd14.exe

C:\Documents and Settings\Ariane Vidal\Mes documents\maxthon159\Maxthon.exe

C:\Documents and Settings\Ariane Vidal\Mes documents\maxthon159\MaxUpdate.exe

C:\Documents and Settings\Ariane Vidal\Mes documents\Downloads\Shareaza_2.2.5.0.exe

C:\Documents and Settings\Ariane Vidal\Bureau\antivir_workstation_win7u_en_h.exe

C:\Documents and Settings\Ariane Vidal\Bureau\blbeta.exe

C:\Documents and Settings\Ariane Vidal\Bureau\nailfix.exe

C:\Documents and Settings\Ariane Vidal\Bureau\Spyware Doctor 4.0.0.2621-REA-cRaCkErTeAm\Spyware Doctor 4.0.0.2621-REA-cRaCkErTeAm\sdsetup.exe

C:\Documents and Settings\Ariane Vidal\Bureau\Spyware Doctor 4.0.0.2621-REA-cRaCkErTeAm\Spyware Doctor 4.0.0.2621-REA-cRaCkErTeAm\crack\swdoctor.exe

C:\Documents and Settings\Ariane Vidal\Bureau\roland\nc4prem.exe

C:\Documents and Settings\Ariane Vidal\Bureau\roland\Real VNC Enterprise Edition v4.1.9 Including Keygen\keygen.exe

C:\Documents and Settings\Ariane Vidal\Bureau\roland\Real VNC Enterprise Edition v4.1.9 Including Keygen\setup.exe

C:\Documents and Settings\Ariane Vidal\Bureau\DiagHelp\diff.exe

C:\Documents and Settings\Ariane Vidal\Bureau\DiagHelp\FilesInfoCmd.exe

C:\Documents and Settings\Ariane Vidal\Bureau\DiagHelp\Fport.exe

C:\Documents and Settings\Ariane Vidal\Bureau\DiagHelp\grep.exe

C:\Documents and Settings\Ariane Vidal\Bureau\DiagHelp\LFiles.exe

C:\Documents and Settings\Ariane Vidal\Bureau\DiagHelp\LISTDLLS.exe

C:\Documents and Settings\Ariane Vidal\Bureau\DiagHelp\pslist.exe

C:\Documents and Settings\Ariane Vidal\Bureau\DiagHelp\streams.exe

C:\Documents and Settings\Ariane Vidal\Bureau\DiagHelp\swreg.exe

C:\Documents and Settings\Ariane Vidal\Bureau\gmer\gmer.exe

C:\Documents and Settings\Ariane Vidal\Application Data\Microsoft\Internet Explorer\Quick Launch\SECURITE\HijackThisFR.exe

C:\Documents and Settings\Ariane Vidal\Application Data\Microsoft\Internet Explorer\Quick Launch\Traitement D'images\Renomme.exe

C:\Documents and Settings\Ariane Vidal\Application Data\Microsoft\Internet Explorer\Quick Launch\Traitement D'images\ZoomBrowser.exe

C:\Documents and Settings\Ariane Vidal\Application Data\Microsoft\Installer\{A80C7E17-7E94-4FE9-932F-20E6E257F256}\ARPPRODUCTICON.exe

C:\Documents and Settings\Ariane Vidal\Application Data\Microsoft\Installer\{A80C7E17-7E94-4FE9-932F-20E6E257F256}\NewShortcut1_89A8E5678FEB406FA99151E43005C05D.exe

C:\Documents and Settings\Ariane Vidal\Application Data\Microsoft\Installer\{A80C7E17-7E94-4FE9-932F-20E6E257F256}\NewShortcut2_89A8E5678FEB406FA99151E43005C05D.exe

C:\Documents and Settings\Ariane Vidal\Application Data\Microsoft\Installer\{A80C7E17-7E94-4FE9-932F-20E6E257F256}\NewShortcut4_89A8E5678FEB406FA99151E43005C05D.exe

C:\Documents and Settings\Ariane Vidal\Application Data\Microsoft\Installer\{A80C7E17-7E94-4FE9-932F-20E6E257F256}\NewShortcut6_89A8E5678FEB406FA99151E43005C05D.exe

C:\Documents and Settings\Ariane Vidal\Application Data\Microsoft\Installer\{A80C7E17-7E94-4FE9-932F-20E6E257F256}\WinTools_Premium_A80C7E177E944FE9932F20E6E257F256.exe

Modifié par onkyogs1
Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

salut :P

 

Malgré tous ces rapports, je ne vois rien d'infectieux!

L'origine du problème est peut être de type logicielle.

 

Essaie ceci pour voir >

On va fixer quelques lignes sur ce rapport hijackthis, la conséquence c'est que certaines applications ne se lanceront plus au démarrage de Windows:ce sont évidemment des applications inutiles au bon fonctionnement du pc et que tu pourra lancer manuellement si tu en a besoin(ca liberera des ressources!)

 

* Démarre Hijackthis,clique sur "Do a system scan only", et coche les lignes suivantes :

O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe

O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P36 "EPSON Stylus DX3800 Series (Copie 1)" /O5 "LPT1:" /M "Stylus DX3800"

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

-Ferme tous les programmes et clique sur "Fix Checked"

 

Note importante à propos de ce processus > ePower_DMC.exe

Il appartient à Acer ePower Management et plomberait le pc à cause de ses multiples accès aux registre.

Par ailleurs on rapporte de nombreux bugs dans sa conception. Si tu connais l'Anglais, lis ce topic intéressant à ce propos >

ePower_DMC.exe = Acer ePower Management. Very useful utility, but extremely buggy. This is the worst piece of coding that I have ever seen. This process accesses the registry a whopping 4000 times per second! It also uses between 1 and 15% of CPU! This program is pummeling your computer, making it beg for its life. It is merciless, and no doubt the crappiest piece of excrement ever produced. We should demand that Acer fix this utility immediately!

la suite ici > http://forum.notebookreview.com/showthread.php?t=57064

 

Ceci n'est qu'une piste! et il est toujours difficile de connaitre l'utilité des programmes installés d'origine sur un portable.

Tu peux essayer de désactiver le démarrage automatique de ce programme ( en cochant la ligne 04 correspondante comme je l'ai fait).Il faut savoir que ce programme est utilisé pour gérer l'alimentation du portable (à la place de Windows).

Un autre programme est en mesure de le remplacer > Notebok Hardware Control

Je ne peux pas t'assurer du succès de l'opération...ce n'est qu'une piste comme je te l'ai dit.

 

Lorsque tu as fixé ces lignes, redémarre le pc et constate s'il y a du changement :P

onkyogs1 Member

onkyogs1

Posté(e)
  • Auteur
Posté(e)

re,

j,ai fais ce que tu as dit et pas de changement ,peux tu voir dans les programes installes sur cette machine lesquels poseraient probleme je suis pret a desinstaler ce qu'il faut.

mais j'ai un doute quand a la non infection de cette machine.je pense quand meme qu'il ya queque chose de mauvais qui est cache quelque part

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

ok on peux essayer autre chose :

 

Il s'agit en fait de créer une nouvelle session avec tes paramètres personnels. Ca peux permettre de retrouver un windows stable.

 

Ca se passe en deux étapes et c'est décrit de manière très claire sur le forum de tesgaz >

 

-En premier lieu il faut créer une nouvelle session > http://speedweb1.free.fr/frames2.php?page=bureau5#creation

 

-Ensuite il faut récupérer ton profil comme ceci > http://speedweb1.free.fr/frames2.php?page=bureau5#recup

 

Dans le tuto, il faut comprendre par "Compte corrompu" le compte que tu utilises et qui pose problème.

 

Bien entendu, on ne supprime l'ancienne session que lorsqu'on est certain que tout est bien présent dans la nouvelle et

que tous les paramètres sont bons!!

 

Attention lors du "copier/coller" à ne pas faire un "COUPER-coller" !!!

 

Voilà essaie ca, c'est très simple et j'espère que ca règlera ton souci.

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...