> Tous les forumsSécurité

 deconnection internet intempestive help svp...
Statut du sujet : NON RESOLU Imprimer
 olivier105
  Posté le 27/01/2007 @ 20:54  
 Petit astucien

27 Messages

Bonsoir,

je rencontre un gros problème avec mon PC, quand je suis sur le net, ma connexion s'arrete a cause d'une fenetre windows "win32.exe", le système a rencontré une erreur et doit fermé.

voici mon log, pourriez vous m'aider

merci

Olivier

Logfile of HijackThis v1.99.1
Scan saved at 20:50:26, on 27/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\lxcgcoms.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=presario&pf=laptop
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0ADCD379-3B3E-4657-8C58-79E6607C1415}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: MSNim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Service de sécurité matérielle (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\System32\lxcgcoms.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
 Afficher le profil de olivier105Envoyer un message privé à olivier105
 
 
Publicité
 Fill  Posté le 27/01/2007 à 21:56  
  Groupe Sécurité


11680 Messages

Bonsoir,

Applique les mesures de pré-nettoyage (voir ma signature). Configure AVGantispyware comme il est indiqué et reviens avec :

  • Le rapport AVGantispyware,
  • Un noveau rapport HijackThis.
Fill
Afficher le profil de Fill Voir la configuration de FillEnvoyer un message privé à Fill
 Revenir en haut de la page
 olivier105  Posté le 27/01/2007 à 22:25  
Petit astucien

27 Messages

j'ai un autre souci mon pc n'arrive pas a demarrer en mode sans echec.

En faisant F8 et en choissisant "mode sans echec" puis "entrée" la seule chose qui se passe c'est un ecran noir avec le tiret blanc qui clignote en haut a gauche et rien d'autre meme au bout de 5 min... est ce normal ou y a t il autre chose a faire ?

merci

olivier

Afficher le profil de olivier105Envoyer un message privé à olivier105
 Revenir en haut de la page
 Fill  Posté le 27/01/2007 à 22:28  
  Groupe Sécurité


11680 Messages

Re,

Si le mode sans échec ne fonctionne pas, fais-le en mode normal.

Fill

Afficher le profil de Fill Voir la configuration de FillEnvoyer un message privé à Fill
 Revenir en haut de la page
 olivier105  Posté le 27/01/2007 à 23:05  
Petit astucien

27 Messages

alors,

j'ai fait les manips mais mon scan AVG antispyware, j'ai pas pu le terminer, çà fait parti du 2eme problème de mon pc, il s'eteind tout seul a certain moment, je sais pas si c du a un problème de ventilateur ou a un virus donc le scan a planter 3 fois en plein milieu, je pers un peu patience de le refaire mais je te redonne un scan hijckasis.

merci @+

Logfile of HijackThis v1.99.1
Scan saved at 23:02:01, on 27/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\lxcgcoms.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=presario&pf=laptop
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0ADCD379-3B3E-4657-8C58-79E6607C1415}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: MSNim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Service de sécurité matérielle (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\System32\lxcgcoms.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Afficher le profil de olivier105Envoyer un message privé à olivier105
 Revenir en haut de la page
 Fill  Posté le 27/01/2007 à 23:11  
  Groupe Sécurité


11680 Messages

Re,

Je ne vois rien ici.

Le ventilo est peut-être sale.

Eteins ton PC, puis nettoie l'intérieur.

Laisse-le ouvert pendant le scan.

Je regarde cela demain.

Fill

Afficher le profil de Fill Voir la configuration de FillEnvoyer un message privé à Fill
 Revenir en haut de la page
 olivier105  Posté le 27/01/2007 à 23:13  
Petit astucien

27 Messages
ok merci a demain (dans l'apres midi)
Afficher le profil de olivier105Envoyer un message privé à olivier105
 Revenir en haut de la page
 olivier105  Posté le 28/01/2007 à 20:55  
Petit astucien

27 Messages

voici le rapport ewido (j'ai du faire un fast scan car si je fais un complet mon pc plante avant la fin voici le rapport

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 20:51:50 28/01/2007

+ Scan result:

C:\Documents and Settings\Vero\Cookies\vero@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Vero\Cookies\vero@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Vero\Cookies\vero@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Vero\Cookies\vero@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Vero\Cookies\vero@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Vero\Cookies\vero@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.


::Report end

et le dernier log HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 20:54:31, on 28/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\lxcgcoms.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5746\GoogleToolbarNotifier.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5746\GoogleToolbarNotifier.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=presario&pf=laptop
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0ADCD379-3B3E-4657-8C58-79E6607C1415}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: MSNim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Service de sécurité matérielle (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\System32\lxcgcoms.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

merci d'avance

olivier

Afficher le profil de olivier105Envoyer un message privé à olivier105
 Revenir en haut de la page
 Fill  Posté le 28/01/2007 à 21:01  
  Groupe Sécurité


11680 Messages

Bonsoir,

Tu devrais désinstaller spyware doctor. Il n'a pas très bonne réputation.

Ceci étant dit, c'est curieux que ça plante ainsi.

1)

  • Télécharger smitfraudfix (de S!Ri) sur le bureau.
  • Clique sur smitfraudfix.exe
  • Choisis l'option 1 et colle dans ta réponse le rapport généré par smitfraudfix. Ce rapport se trouve dans la fenêtre du bloc-note qui s’ouvre.
  • Ferme l'application en tapant sur la touche Q.
2)
  • Télécharge F-Secure Blacklight.
  • Sauvegarde le sur ton Bureau.
  • Double-clique blbeta.exe et accepte la licence ; laisse [X]scan through Windows Explorer activé ; clique Scan puis Next.
  • Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
  • Copie et colle le contenu de ce rapport dans ta prochaine réponse.
Fill

Afficher le profil de Fill Voir la configuration de FillEnvoyer un message privé à Fill
 Revenir en haut de la page
 olivier105  Posté le 28/01/2007 à 21:14  
Petit astucien

27 Messages

voilà les 2 scans:

SmitFraudFix v2.137

Rapport fait à 21:03:26,23, 28/01/2007
Executé à partir de C:\Documents and Settings\Vero\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Vero


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Vero\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Vero\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

et l'autre:

01/28/07 21:09:08 [Info]: BlackLight Engine 1.0.55 initialized
01/28/07 21:09:08 [Info]: OS: 5.1 build 2600 (Service Pack 1)
01/28/07 21:09:08 [Note]: 7019 4
01/28/07 21:09:08 [Note]: 7005 0
01/28/07 21:09:17 [Note]: 7006 0
01/28/07 21:09:17 [Note]: 7011 2016
01/28/07 21:09:17 [Note]: 7026 0
01/28/07 21:09:17 [Note]: 7026 0
01/28/07 21:09:26 [Note]: FSRAW library version 1.7.1021
01/28/07 21:11:01 [Info]: Hidden file: c:\Program Files\Player Metaboli\exs.ini
01/28/07 21:11:01 [Note]: 7002 0
01/28/07 21:11:01 [Note]: 7003 1
01/28/07 21:11:01 [Note]: 10002 1
01/28/07 21:11:01 [Error]: 4016 88098
01/28/07 21:11:01 [Note]: 4027 88098 65536
01/28/07 21:11:01 [Note]: 4020 3519 65536
01/28/07 21:11:01 [Note]: 4018 3519 65536
01/28/07 21:12:46 [Note]: 2000 1012
01/28/07 21:12:58 [Note]: 7007 0

Afficher le profil de olivier105Envoyer un message privé à olivier105
 Revenir en haut de la page
 Fill  Posté le 28/01/2007 à 21:23  
  Groupe Sécurité


11680 Messages
Re,
  • Télécharge gmer sur le bureau et dézippe-le (clic droit et extraire ici).
  • Double-clique sur gmer.exe sur le bureau. Si ton antivirus réagit, ne t'inquiète et ignore l'alerte.
  • Clique sur l'onglet "rootkit", puis clique sur scan.
  • A la fin du scan, clique sur le bouton copy.
  • Dans démarrer>programmes>accessoires : ouvre le bloc-note et clique sur CTRL+V afin de copier le rapport dans ce même bloc-note.
  • Edite ce rapport dans ta prochaine réponse.

Fill

Modifié par Fill le 28/01/2007 21:57
Afficher le profil de Fill Voir la configuration de FillEnvoyer un message privé à Fill
 Revenir en haut de la page
 olivier105  Posté le 28/01/2007 à 21:45  
Petit astucien

27 Messages

le rapport gmer est important quand je le colle dans la fenetre de reponse çà fait planter le site !

quand a la deuxieme application j'arrive a le telchargerl'url requise n'est pas dispo je reessai apres

Afficher le profil de olivier105Envoyer un message privé à olivier105
 Revenir en haut de la page
 Fill  Posté le 28/01/2007 à 21:50  
  Groupe Sécurité


11680 Messages

Re,

Pour le 2e lien, je m'en suis rendu compte. Laisse tomber pour l'instant.

Quant au rapport Gmer, poste-le en plusieurs fois.

Fill

Afficher le profil de Fill Voir la configuration de FillEnvoyer un message privé à Fill
 Revenir en haut de la page
 olivier105  Posté le 28/01/2007 à 21:57  
Petit astucien

27 Messages

ok

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-28 21:33:00
Windows 5.1.2600 Service Pack 1


---- System - GMER 1.0.12 ----

SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwOpenProcess
SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess

---- Kernel code sections - GMER 1.0.12 ----

.text ntdll.dll!NtClose 77F4B5C8 5 Bytes JMP 72033FAA
.text ntdll.dll!NtCreateProcess 77F4B728 5 Bytes JMP 72034135
.text ntdll.dll!NtCreateProcessEx 77F4B738 5 Bytes JMP 72034019
.text ntdll.dll!NtCreateSection 77F4B758 5 Bytes JMP 72033FC8

---- User code sections - GMER 1.0.12 ----

.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[172] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[172] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[172] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[172] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[172] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[172] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[220] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[220] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[220] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[220] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[220] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[220] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\WINDOWS\system32\gearsec.exe[236] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\WINDOWS\system32\gearsec.exe[236] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\gearsec.exe[236] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\gearsec.exe[236] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\gearsec.exe[236] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\WINDOWS\system32\gearsec.exe[236] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[300] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[300] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[300] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[300] user32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[300] user32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[300] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[408] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[408] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[408] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[408] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[408] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[408] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\WINDOWS\system32\svchost.exe[448] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\WINDOWS\system32\svchost.exe[448] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\svchost.exe[448] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\svchost.exe[448] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[448] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\WINDOWS\system32\svchost.exe[448] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\wdfmgr.exe[476] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\WINDOWS\system32\wdfmgr.exe[476] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\wdfmgr.exe[476] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\wdfmgr.exe[476] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\wdfmgr.exe[476] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\WINDOWS\system32\wdfmgr.exe[476] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\AGRSMMSG.exe[848] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\WINDOWS\AGRSMMSG.exe[848] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\AGRSMMSG.exe[848] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\AGRSMMSG.exe[848] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\AGRSMMSG.exe[848] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\WINDOWS\AGRSMMSG.exe[848] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[852] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[852] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[852] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[852] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[852] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[852] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Apoint2K\Apoint.exe[864] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\Program Files\Apoint2K\Apoint.exe[864] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\Apoint2K\Apoint.exe[864] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Apoint2K\Apoint.exe[864] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Apoint2K\Apoint.exe[864] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\Program Files\Apoint2K\Apoint.exe[864] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\csrss.exe[876] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\csrss.exe[876] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\WINDOWS\system32\csrss.exe[876] KERNEL32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\WINDOWS\system32\csrss.exe[876] KERNEL32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\csrss.exe[876] KERNEL32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\csrss.exe[876] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[900] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[900] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[900] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[900] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[900] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[900] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\services.exe[948] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\services.exe[948] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\WINDOWS\system32\services.exe[948] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1032] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1032] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1032] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1032] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1032] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1032] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\ati2evxx.exe[1128] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\WINDOWS\system32\ati2evxx.exe[1128] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\ati2evxx.exe[1128] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\ati2evxx.exe[1128] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\ati2evxx.exe[1128] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\WINDOWS\system32\ati2evxx.exe[1128] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1180] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe[1268] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe[1268] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe[1268] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe[1268] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe[1268] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe[1268] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[1276] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[1276] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[1276] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[1276] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[1276] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[1276] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1308] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe[1376] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe[1376] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe[1376] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe[1376] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe[1376] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe[1376] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe[1384] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe[1384] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe[1384] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe[1384] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe[1384] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe[1384] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe[1396] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe[1396] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe[1396] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe[1396] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe[1396] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe[1396] GDI32.dll!Escape

Afficher le profil de olivier105Envoyer un message privé à olivier105
 Revenir en haut de la page
 olivier105  Posté le 28/01/2007 à 21:58  
Petit astucien

27 Messages

suite

7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe[1404] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe[1404] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe[1404] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe[1404] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe[1404] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe[1404] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Lexmark 2300 Series\lxcgmon.exe[1428] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\Program Files\Lexmark 2300 Series\lxcgmon.exe[1428] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\Lexmark 2300 Series\lxcgmon.exe[1428] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Lexmark 2300 Series\lxcgmon.exe[1428] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Lexmark 2300 Series\lxcgmon.exe[1428] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\Program Files\Lexmark 2300 Series\lxcgmon.exe[1428] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Lexmark 2300 Series\ezprint.exe[1448] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\Program Files\Lexmark 2300 Series\ezprint.exe[1448] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\Lexmark 2300 Series\ezprint.exe[1448] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Lexmark 2300 Series\ezprint.exe[1448] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Lexmark 2300 Series\ezprint.exe[1448] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Lexmark 2300 Series\ezprint.exe[1448] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\Program Files\Spyware Doctor\swdoctor.exe[1480] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 18, 5F ]
.text C:\Program Files\Spyware Doctor\swdoctor.exe[1480] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\Spyware Doctor\swdoctor.exe[1480] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Spyware Doctor\swdoctor.exe[1480] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Spyware Doctor\swdoctor.exe[1480] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\Program Files\Spyware Doctor\swdoctor.exe[1480] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1488] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1488] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1488] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1520] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\Program Files\QuickTime\qttask.exe[1640] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\Program Files\QuickTime\qttask.exe[1640] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\QuickTime\qttask.exe[1640] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\QuickTime\qttask.exe[1640] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\QuickTime\qttask.exe[1640] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\Program Files\QuickTime\qttask.exe[1640] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1648] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1648] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1648] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1648] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1648] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1648] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5746\GoogleToolbarNotifier.exe[1660] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5746\GoogleToolbarNotifier.exe[1660] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5746\GoogleToolbarNotifier.exe[1660] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5746\GoogleToolbarNotifier.exe[1660] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5746\GoogleToolbarNotifier.exe[1660] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5746\GoogleToolbarNotifier.exe[1660] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\lxcgcoms.exe[1696] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\WINDOWS\system32\lxcgcoms.exe[1696] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\lxcgcoms.exe[1696] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\lxcgcoms.exe[1696] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\lxcgcoms.exe[1696] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\WINDOWS\system32\lxcgcoms.exe[1696] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\ati2evxx.exe[1784] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\WINDOWS\system32\ati2evxx.exe[1784] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\ati2evxx.exe[1784] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\ati2evxx.exe[1784] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\ati2evxx.exe[1784] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\WINDOWS\system32\ati2evxx.exe[1784] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1864] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1864] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1864] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1864] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1864] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1864] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\Program Files\Apoint2K\ApntEx.exe[1884] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\Program Files\Apoint2K\ApntEx.exe[1884] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\Apoint2K\ApntEx.exe[1884] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Apoint2K\ApntEx.exe[1884] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Apoint2K\ApntEx.exe[1884] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\Program Files\Apoint2K\ApntEx.exe[1884] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\alg.exe[1984] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\WINDOWS\system32\alg.exe[1984] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\alg.exe[1984] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\alg.exe[1984] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\alg.exe[1984] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\alg.exe[1984] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe[2004] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe[2004] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe[2004] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe[2004] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe[2004] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe[2004] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\explorer.exe[2016] kernel32.dll!CreateProcessW 77E41B8E 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\WINDOWS\explorer.exe[2016] kernel32.dll!CreateProcessA 77E41BBC 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\explorer.exe[2016] kernel32.dll!LoadLibraryExW 77E5D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\explorer.exe[2016] GDI32.dll!Escape 7E0C152E 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\explorer.exe[2016] USER32.dll!SetWindowsHookExA 77D2500D 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\explorer.exe[2016] USER32.dll!SetWindowsHookExW 77D25071 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\Program Files\FinePixViewer\QuickDCF.exe[2112] kernel32.dll!CreateProcessW