Vundo ou autre chose?

lachoukrate -
Eliane - 26 févr. 2009 à 11:14

Bonjour,
Depuis deux jours j'ai lu un paquet de postes, mais malgré les aides que ca m'a apporté, j'ai pas réussi à trouver mon probleme exact. J'ai installé spybot, ccleaner, hijackthis, avg spyware. Mais mon probleme vient d'un probleme de "crc check failed", mon antivir ne marche plus, soit une mauvaise manip de ma part, soit un virus... Lorsque j'essaie de l'enlever ou de le réinstaller, il veut pas!!! J'ai essayé d'installer avg antivirus, mais lors de l'installation il me dit une erreur est survenue, et s'arrete. En gros je n'ai plus d'antivirus opérationnel.
Tout a l'heure une page antivirus 2009 signé windows xp, s'est ouverte sans que je l'autorise et m'a fait un scan en me disant que j'avais : spyware.iemonster.b, zlob.pornadvertiser.xplisit (c'est sexuel??? :-)) et trojan.infostealer.banker.s. Je sens que mon ordi va me lacher :-( Je n'ai pas de disque d'install de windows (2000) et j'aimerai éviter le formatage.
Je suis pas douée en informatique, j'apprends sur le tas. Mais grace à toutes vos réponses je commence à etre callée en désinfection d'ordi, mais pas suffisamment hélas pour sauver le mien.
J'ai des logs de hijackthis et spybot.
Merci à celui qui pourra m'aider
et merci à tous pour votre aide si précieuse meme si c'est pas en direct, j'ai compris énormément de choses en lisant vos réponses...

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 16:41:23 05/01/2009

+ Résultat de l'analyse:

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignoré.
HKU\S-1-5-21-57989841-602162358-682003330-1000\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@247realmedia[1].txt -> TrackingCookie.247realmedia : Ignoré.
C:\Documents and Settings\chouchouk\Local Settings\Temp\Cookies\chouchouk@247realmedia[2].txt -> TrackingCookie.247realmedia : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@2o7[2].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@autoscout24.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@divx.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@electronicarts.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@himedia.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@notrefamille.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@parship.122.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@veohnetwork.122.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@adbrite[2].txt -> TrackingCookie.Adbrite : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@adrevolver[2].txt -> TrackingCookie.Adrevolver : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@dynamic.media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@media.adrevolver[2].txt -> TrackingCookie.Adrevolver : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@adtech[2].txt -> TrackingCookie.Adtech : Ignoré.
C:\Documents and Settings\chouchouk\Local Settings\Temp\Cookies\chouchouk@adtech[1].txt -> TrackingCookie.Adtech : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@advertising[1].txt -> TrackingCookie.Advertising : Ignoré.
C:\Documents and Settings\chouchouk\Local Settings\Temp\Cookies\chouchouk@advertising[2].txt -> TrackingCookie.Advertising : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@atdmt[2].txt -> TrackingCookie.Atdmt : Ignoré.
C:\Documents and Settings\chouchouk\Local Settings\Temp\Cookies\chouchouk@atdmt[2].txt -> TrackingCookie.Atdmt : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@bluestreak[2].txt -> TrackingCookie.Bluestreak : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@casinotropez[1].txt -> TrackingCookie.Casinotropez : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@com[1].txt -> TrackingCookie.Com : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Ignoré.
C:\Documents and Settings\chouchouk\Local Settings\Temp\Cookies\chouchouk@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@estat[1].txt -> TrackingCookie.Estat : Ignoré.
C:\Documents and Settings\chouchouk\Local Settings\Temp\Cookies\chouchouk@estat[1].txt -> TrackingCookie.Estat : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@www.etracker[1].txt -> TrackingCookie.Etracker : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Ignoré.
C:\Documents and Settings\chouchouk\Local Settings\Temp\Cookies\chouchouk@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@fastclick[2].txt -> TrackingCookie.Fastclick : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@hitbox[1].txt -> TrackingCookie.Hitbox : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@ivwbox[2].txt -> TrackingCookie.Ivwbox : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@search.live[1].txt -> TrackingCookie.Live : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@ie.search.msn[1].txt -> TrackingCookie.Msn : Ignoré.
C:\Documents and Settings\chouchouk\Local Settings\Temp\Cookies\chouchouk@ie.search.msn[2].txt -> TrackingCookie.Msn : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@overture[1].txt -> TrackingCookie.Overture : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@smartadserver[2].txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\chouchouk\Local Settings\Temp\Cookies\chouchouk@smartadserver[1].txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@specificclick[2].txt -> TrackingCookie.Specificclick : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@statcounter[2].txt -> TrackingCookie.Statcounter : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@toplist[1].txt -> TrackingCookie.Toplist : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@cms.trafficmp[1].txt -> TrackingCookie.Trafficmp : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@aem.solution.weborama[2].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@agircarrco.solution.weborama[2].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@aimfar.solution.weborama[1].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@boursoramabanque.solution.weborama[2].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@cetelem.solution.weborama[1].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@cnam.solution.weborama[2].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@dolcegusto16avril11juin.solution.weborama[2].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@francecredit2.solution.weborama[2].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@interhome.solution.weborama[2].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@intermarche.solution.weborama[2].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@nespresso.solution.weborama[2].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@samsung.solution.weborama[2].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@sanofi.solution.weborama[2].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@vivelledop.solution.weborama[2].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@weborama[2].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\chouchouk\Local Settings\Temp\Cookies\chouchouk@banquepopulaire.solution.weborama[2].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\chouchouk\Local Settings\Temp\Cookies\chouchouk@boursoramabanque.solution.weborama[2].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\chouchouk\Local Settings\Temp\Cookies\chouchouk@intermarche.solution.weborama[2].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\chouchouk\Local Settings\Temp\Cookies\chouchouk@weborama[2].txt -> TrackingCookie.Weborama : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@content.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Ignoré.
C:\Documents and Settings\chouchouk\Cookies\chouchouk@zedo[1].txt -> TrackingCookie.Zedo : Ignoré.

Fin du rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:40:18, on 05/01/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\WINNT\system\msddll.exe
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ScsiAccess.EXE
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\Explorer.exe
C:\Program Files\QuickTime\qttask.exe
D:\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINNT\system32\sysmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINNT\system32\sistray.exe
C:\Program Files\MultiRes\MultiRes.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINNT\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jeuxvideo-flash.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\Mctray.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "D:\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Microsoft(R) System Manager] C:\WINNT\system32\sysmgr.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: MultiRes.lnk = C:\Program Files\MultiRes\MultiRes.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINNT\system32\sistray.exe
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Events Log (Event) - Unknown owner - C:\WINNT\system32\drivers\csrss.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: m43158.exe - Unknown owner - \\82.253.79.183\Admin$\m75034.exe (file missing)
O23 - Service: m46247.exe - Unknown owner - \\82.253.79.183\Admin$\m53463.exe (file missing)
O23 - Service: McAfee Security Agent Taskbar Extension. - Unknown owner - C:\WINNT\Mctray.exe (file missing)
O23 - Service: msddll - Unknown owner - C:\WINNT\system\msddll.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: ptssvc - Unknown owner - D:\Kodak EasyShare software\bin\ptssvc.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\WINNT\system32\ScsiAccess.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VMwareService - Unknown owner - C:\WINNT\system\VMwareService.exe
O23 - Service: Windows Spool Services (WinSpoolSvc) - Unknown owner - C:\WINNT\system32\csrsc.exe (file missing)

Afficher la suite

A voir également:

Vundo ou autre chose?
Flouter quelque chose sur une photo - Guide
Image ours polaire sur une plage qui cache quelque chose - Forum Graphisme
Quelque chose de tres lent - Guide
Retrouver l'image originale après avoir fait des modifications ? ✓ - Forum Windows
Sur la plage... - Forum Loisirs / Divertissements

282 réponses

Réponse 261 / 282

Lyonnais92 Messages postés 25159 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 537

Re,

il scanne toujours ?

je vais aller dormir.

Quand il a fini, tu feras ça :

Tu redémarres (tu enlèves le disque très vite pour booter sur le DD).

Pas de connexion à Internet.

Tu supprimes combofix.exe sur ton Bureau.

Tu télécharge la dernière version de Combofix sur ta clé USB à partir du portable

(le lien : http://download.bleepingcomputer.com/sUBs/ComboFix.exe).

Tu recopies combofix.exe sur ton Bureau.

Tu l'exécutes avec les précautions habituelles.

Tu postes le rapport dans ta réponse.

Réponse 262 / 282

lachoukrate Messages postés 234 Date d'inscription Statut Membre Dernière intervention 2

bonjour Lyonnais,

je suis désolée pour hier soir, je n'ai pas vu que tu étais encore connecté.

Alors ce matin le scan était terminé. Mais un grand desespoir m'a pris lorsque j'ai vu sur le rapport que la moitié des virut.q qui figuraient réparés apparaissaient comme détectés et plus réparés...
Voici le rapport :
En attendant combofix est lancé...

Analyse: terminée le 05/02/09 04:09 (événements : 440, objets : 259008, durée : 05:23:02)
03/02/09 22:46 Lancement de la tâche
03/02/09 22:48 Détectés: Virus.Win32.Virut.q /discs/C:/Documents and Settings/All Users/Application Data/Kodak/EasyShareSetup/$SETUP_0_8288de/Setup.exe
03/02/09 22:48 Détectés: Virus.Win32.Virut.q /discs/C:/Documents and Settings/All Users/Application Data/Kodak/EasyShareSetup/$SETUP_0_893f41/Setup.exe
03/02/09 22:48 Réparés: Virus.Win32.Virut.q /discs/C:/Documents and Settings/All Users/Application Data/Kodak/EasyShareSetup/$SETUP_0_8288de/Setup.exe
03/02/09 22:48 Réparés: Virus.Win32.Virut.q /discs/C:/Documents and Settings/All Users/Application Data/Kodak/EasyShareSetup/$SETUP_0_893f41/Setup.exe
03/02/09 22:49 Détectés: Virus.Win32.Virut.q /discs/C:/Documents and Settings/All Users/Menu Démarrer/Programmes/IDEUtil/SISIDE.exe
03/02/09 22:49 Non réparés: Virus.Win32.Virut.q /discs/C:/Documents and Settings/All Users/Menu Démarrer/Programmes/IDEUtil/SISIDE.exe Ne peut être réparé
03/02/09 22:49 Supprimés: Virus.Win32.Virut.q /discs/C:/Documents and Settings/All Users/Menu Démarrer/Programmes/IDEUtil/SISIDE.exe
03/02/09 22:50 Protégé par un mot de passe /discs/C:/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/InternetGameBox.zip/Conditions g�n�rales.url
03/02/09 22:50 Protégé par un mot de passe /discs/C:/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/InternetGameBox.zip/sbRecovery.ini
03/02/09 22:50 Protégé par un mot de passe /discs/C:/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/InternetGameBox1.zip/Confidentialit�.url
03/02/09 22:50 Protégé par un mot de passe /discs/C:/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/InternetGameBox1.zip/sbRecovery.ini
03/02/09 22:50 Protégé par un mot de passe /discs/C:/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/InternetGameBox2.zip/Website.url
03/02/09 22:50 Protégé par un mot de passe /discs/C:/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/InternetGameBox2.zip/sbRecovery.ini
03/02/09 22:50 Protégé par un mot de passe /discs/C:/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/InternetGameBox3.zip/D�sinstaller.lnk
03/02/09 22:50 Protégé par un mot de passe /discs/C:/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/InternetGameBox3.zip/sbRecovery.ini
03/02/09 22:50 Protégé par un mot de passe /discs/C:/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/InternetGameBox4.zip/InternetGameBox.lnk
03/02/09 22:50 Protégé par un mot de passe /discs/C:/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/InternetGameBox4.zip/sbRecovery.ini
03/02/09 22:50 Protégé par un mot de passe /discs/C:/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/InternetGameBox5.zip/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/sbRecovery.ini
03/02/09 22:50 Protégé par un mot de passe /discs/C:/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MicrosoftWindowsSecurityCenterAntiVirusOverride.zip/sbRecovery.reg
03/02/09 22:50 Protégé par un mot de passe /discs/C:/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MicrosoftWindowsSecurityCenterAntiVirusOverride.zip/sbRecovery.ini
03/02/09 22:50 Protégé par un mot de passe /discs/C:/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MicrosoftWindowsSecurityCenterdisabled.zip/sbRecovery.reg
03/02/09 22:50 Protégé par un mot de passe /discs/C:/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MicrosoftWindowsSecurityCenterdisabled.zip/sbRecovery.ini
03/02/09 22:50 Protégé par un mot de passe /discs/C:/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MicrosoftWindowsSecurityCenterFirewallOverride.zip/sbRecovery.reg
03/02/09 22:50 Protégé par un mot de passe /discs/C:/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MicrosoftWindowsSecurityCenterFirewallOverride.zip/sbRecovery.ini
03/02/09 22:50 Protégé par un mot de passe /discs/C:/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MicrosoftWindowsSecurityCenterSPUpdate.zip/sbRecovery.reg
03/02/09 22:50 Protégé par un mot de passe /discs/C:/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MicrosoftWindowsSecurityCenterSPUpdate.zip/sbRecovery.ini
03/02/09 22:50 Protégé par un mot de passe /discs/C:/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MicrosoftWindowsSecurityCenterTaskManager.zip/sbRecovery.reg
03/02/09 22:50 Protégé par un mot de passe /discs/C:/Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/MicrosoftWindowsSecurityCenterTaskManager.zip/sbRecovery.ini
03/02/09 23:42 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/7-Zip/7z.exe
03/02/09 23:42 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/7-Zip/7zG.exe
03/02/09 23:42 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/7-Zip/7z.exe
03/02/09 23:42 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/7-Zip/7zG.exe
03/02/09 23:42 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/7-Zip/7zG.exe
03/02/09 23:42 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/7-Zip/7zG.exe
03/02/09 23:42 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/7-Zip/7zG.exe
03/02/09 23:42 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/7-Zip/7zG.exe
03/02/09 23:43 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Fichiers communs/InstallShield/Engine/6/Intel 32/IKernel.exe
03/02/09 23:43 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Fichiers communs/InstallShield/Professional/RunTime/0701/Intel32/DotNetInstaller.exe
03/02/09 23:43 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Fichiers communs/InstallShield/Engine/6/Intel 32/IKernel.exe
03/02/09 23:43 Non réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Fichiers communs/InstallShield/Professional/RunTime/0701/Intel32/DotNetInstaller.exe Ne peut être réparé
03/02/09 23:43 Supprimés: Virus.Win32.Virut.q /discs/C:/Program Files/Fichiers communs/InstallShield/Professional/RunTime/0701/Intel32/DotNetInstaller.exe
03/02/09 23:43 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Fichiers communs/Java/Update/Base Images/jre1.6.0.b105/patch-jre1.6.0_07.b06/launcher.exe
03/02/09 23:43 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Fichiers communs/Java/Update/Base Images/jre1.6.0.b105/patch-jre1.6.0_07.b06/zipper.exe
03/02/09 23:43 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Fichiers communs/Java/Update/Base Images/jre1.6.0.b105/patch-jre1.6.0_07.b06/launcher.exe
03/02/09 23:43 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Fichiers communs/Java/Update/Base Images/jre1.6.0.b105/patch-jre1.6.0_07.b06/zipper.exe
03/02/09 23:43 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Fichiers communs/Kodak/kodak_dr/inst_act.exe
03/02/09 23:43 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Fichiers communs/Kodak/kodak_dr/inst_act.exe
03/02/09 23:43 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Fichiers communs/Kodak/kodak_dr/KodakCCS.exe
03/02/09 23:44 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Fichiers communs/Microsoft Shared/MSInfo/msinfo32.exe
03/02/09 23:44 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Fichiers communs/Kodak/kodak_dr/KodakCCS.exe
03/02/09 23:44 Non réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Fichiers communs/Microsoft Shared/MSInfo/msinfo32.exe Ne peut être réparé
03/02/09 23:44 Supprimés: Virus.Win32.Virut.q /discs/C:/Program Files/Fichiers communs/Microsoft Shared/MSInfo/msinfo32.exe
03/02/09 23:44 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Fichiers communs/Nokia/MPAPI/MPAPI3s.exe
03/02/09 23:44 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Fichiers communs/PCSuite/DataLayer/DataLayer.exe
03/02/09 23:44 Non réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Fichiers communs/Nokia/MPAPI/MPAPI3s.exe Ne peut être réparé
03/02/09 23:44 Supprimés: Virus.Win32.Virut.q /discs/C:/Program Files/Fichiers communs/Nokia/MPAPI/MPAPI3s.exe
03/02/09 23:44 Non réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Fichiers communs/PCSuite/DataLayer/DataLayer.exe Ne peut être réparé
03/02/09 23:44 Supprimés: Virus.Win32.Virut.q /discs/C:/Program Files/Fichiers communs/PCSuite/DataLayer/DataLayer.exe
03/02/09 23:45 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Internet Explorer/DW15.EXE
03/02/09 23:45 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Internet Explorer/DW15.EXE
03/02/09 23:45 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Internet Explorer/DW15.EXE
03/02/09 23:45 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Internet Explorer/DW15.EXE
03/02/09 23:45 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Internet Explorer/DW15.EXE
03/02/09 23:45 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Internet Explorer/DW15.EXE
03/02/09 23:46 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Internet Explorer/IE Uninstall/w2kexcp.exe
03/02/09 23:46 Non réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Internet Explorer/IE Uninstall/w2kexcp.exe Ne peut être réparé
03/02/09 23:46 Supprimés: Virus.Win32.Virut.q /discs/C:/Program Files/Internet Explorer/IE Uninstall/w2kexcp.exe
03/02/09 23:46 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Java/jre1.6.0_07/bin/java-rmi.exe
03/02/09 23:46 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Java/jre1.6.0_07/bin/java.exe
03/02/09 23:46 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Java/jre1.6.0_07/bin/java-rmi.exe
03/02/09 23:46 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Java/jre1.6.0_07/bin/java.exe
03/02/09 23:46 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Java/jre1.6.0_07/bin/javacpl.exe
03/02/09 23:46 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Java/jre1.6.0_07/bin/javaw.exe
03/02/09 23:46 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Java/jre1.6.0_07/bin/javacpl.exe
03/02/09 23:46 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Java/jre1.6.0_07/bin/javaw.exe
03/02/09 23:46 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Java/jre1.6.0_07/bin/keytool.exe
03/02/09 23:46 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Java/jre1.6.0_07/bin/kinit.exe
03/02/09 23:46 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Java/jre1.6.0_07/bin/keytool.exe
03/02/09 23:46 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Java/jre1.6.0_07/bin/kinit.exe
03/02/09 23:47 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Java/jre1.6.0_07/bin/klist.exe
03/02/09 23:47 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Java/jre1.6.0_07/bin/klist.exe
03/02/09 23:47 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Java/jre1.6.0_07/bin/ktab.exe
03/02/09 23:47 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Java/jre1.6.0_07/bin/ktab.exe
03/02/09 23:47 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Java/jre1.6.0_07/bin/orbd.exe
03/02/09 23:47 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Java/jre1.6.0_07/bin/pack200.exe
03/02/09 23:47 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Java/jre1.6.0_07/bin/orbd.exe
03/02/09 23:47 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Java/jre1.6.0_07/bin/pack200.exe
03/02/09 23:47 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Java/jre1.6.0_07/bin/policytool.exe
03/02/09 23:47 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Java/jre1.6.0_07/bin/policytool.exe
03/02/09 23:47 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Java/jre1.6.0_07/bin/rmid.exe
03/02/09 23:47 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Java/jre1.6.0_07/bin/rmid.exe
03/02/09 23:47 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Java/jre1.6.0_07/bin/rmiregistry.exe
03/02/09 23:47 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Java/jre1.6.0_07/bin/rmiregistry.exe
03/02/09 23:47 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Java/jre1.6.0_07/bin/servertool.exe
03/02/09 23:48 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Java/jre1.6.0_07/bin/servertool.exe
03/02/09 23:48 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Java/jre1.6.0_07/bin/ssvagent.exe
03/02/09 23:48 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Java/jre1.6.0_07/bin/tnameserv.exe
03/02/09 23:48 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Java/jre1.6.0_07/bin/ssvagent.exe
03/02/09 23:48 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Java/jre1.6.0_07/bin/tnameserv.exe
03/02/09 23:49 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Kodak/Kodak EasyShare software/bin/EasyShare.exe
03/02/09 23:49 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Kodak/Kodak EasyShare software/bin/ptssvc.exe
03/02/09 23:49 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Kodak/Kodak EasyShare software/bin/EasyShare.exe
03/02/09 23:49 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Kodak/Kodak EasyShare software/bin/EasyShare.exe
03/02/09 23:49 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Kodak/Kodak EasyShare software/bin/EasyShare.exe
03/02/09 23:50 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Kodak/Kodak EasyShare software/bin/ptssvc.exe
03/02/09 23:50 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Kodak/Kodak EasyShare software/bin/ptswia.exe
03/02/09 23:50 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Kodak/Kodak EasyShare software/bin/ptswia.exe
03/02/09 23:50 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Kodak/Kodak Utilities/kodnotif.exe
03/02/09 23:51 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Kodak/Kodak Utilities/kodnotif.exe
03/02/09 23:52 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Nokia/Connectivity Cable Driver/setupext.exe
03/02/09 23:52 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Nokia/Nokia PC Suite 6/PCSyncLV.exe
03/02/09 23:52 Non réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Nokia/Connectivity Cable Driver/setupext.exe Ne peut être réparé
03/02/09 23:52 Supprimés: Virus.Win32.Virut.q /discs/C:/Program Files/Nokia/Connectivity Cable Driver/setupext.exe
03/02/09 23:52 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Nokia/Nokia PC Suite 6/PCSyncLV.exe
03/02/09 23:52 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Nokia/Nokia PC Suite 6/PCSyncLV.exe
03/02/09 23:52 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Nokia/Nokia PC Suite 6/PCSyncLV.exe
03/02/09 23:52 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Nokia/Nokia PC Suite 6/PcSync2.exe
03/02/09 23:52 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Nokia/Nokia PC Suite 6/PcSync2.exe
03/02/09 23:52 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Nokia/Nokia PC Suite 6/PcSync2.exe
03/02/09 23:52 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Nokia/Nokia PC Suite 6/PcSync2.exe
03/02/09 23:52 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Nokia/Nokia PC Suite 6/PcSync2.exe
03/02/09 23:52 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Nokia/Nokia PC Suite 6/PcSync2.exe
03/02/09 23:52 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Nokia/Nokia PC Suite 6/PcSync2.exe
03/02/09 23:52 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Nokia/Nokia PC Suite 6/PcSync2.exe
03/02/09 23:52 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Nokia/Nokia PC Suite 6/PcSync2.exe
03/02/09 23:53 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Nokia/Nokia PC Suite 6/PcSync2.exe
03/02/09 23:53 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/senddoc.exe
03/02/09 23:53 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/setofficelang.exe
03/02/09 23:53 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/senddoc.exe
03/02/09 23:53 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/senddoc.exe
03/02/09 23:53 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/senddoc.exe
03/02/09 23:53 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/senddoc.exe
03/02/09 23:53 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/senddoc.exe
03/02/09 23:53 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/setofficelang.exe
03/02/09 23:54 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/soffice.exe
03/02/09 23:54 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/configimport.exe
03/02/09 23:54 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/soffice.exe
03/02/09 23:54 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/soffice.exe
03/02/09 23:54 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/soffice.exe
03/02/09 23:54 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/configimport.exe
03/02/09 23:54 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/crashrep.exe
03/02/09 23:54 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/crashrep.exe
03/02/09 23:55 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/pkgchk.exe
03/02/09 23:55 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/quickstart.exe
03/02/09 23:55 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/pkgchk.exe
03/02/09 23:55 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/quickstart.exe
03/02/09 23:55 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/quickstart.exe
03/02/09 23:55 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/quickstart.exe
03/02/09 23:55 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/quickstart.exe
03/02/09 23:55 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/quickstart.exe
03/02/09 23:55 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/gengal.exe
03/02/09 23:55 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/gengal.exe
03/02/09 23:55 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/stclient_wrapper.exe
03/02/09 23:55 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/stclient_wrapper.exe
03/02/09 23:55 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/uno.exe
03/02/09 23:55 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/unopkg.exe
03/02/09 23:55 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/uno.exe
03/02/09 23:55 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/unopkg.exe
03/02/09 23:56 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/msfontextract.exe
03/02/09 23:56 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/msi-pkgchk.exe
03/02/09 23:56 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/msfontextract.exe
03/02/09 23:56 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/msi-pkgchk.exe
03/02/09 23:56 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/nsplugin.exe
03/02/09 23:56 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/odbcconfig.exe
03/02/09 23:56 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/nsplugin.exe
03/02/09 23:56 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/odbcconfig.exe
03/02/09 23:57 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/swriter.exe
03/02/09 23:57 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/swriter.exe
03/02/09 23:57 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/swriter.exe
03/02/09 23:57 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/swriter.exe
03/02/09 23:57 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/swriter.exe
03/02/09 23:57 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/swriter.exe
03/02/09 23:57 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/swriter.exe
03/02/09 23:57 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/swriter.exe
03/02/09 23:57 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/swriter.exe
03/02/09 23:57 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/swriter.exe
03/02/09 23:57 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/scalc.exe
03/02/09 23:57 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/scalc.exe
03/02/09 23:57 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/scalc.exe
03/02/09 23:57 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/scalc.exe
03/02/09 23:57 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/scalc.exe
03/02/09 23:57 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/scalc.exe
03/02/09 23:57 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/scalc.exe
03/02/09 23:57 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/scalc.exe
03/02/09 23:57 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/scalc.exe
03/02/09 23:57 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/scalc.exe
03/02/09 23:57 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/python-core-2.3.4/bin/python.exe
03/02/09 23:57 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/python-core-2.3.4/bin/python.exe
03/02/09 23:58 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/python-core-2.3.4/lib/distutils/command/wininst.exe
03/02/09 23:58 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/OpenOffice.org 2.4/program/python-core-2.3.4/lib/distutils/command/wininst.exe
04/02/09 00:17 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Outlook Express/MSIMN.EXE
04/02/09 00:17 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Outlook Express/OEMIG50.EXE
04/02/09 00:17 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Outlook Express/setup50.exe
04/02/09 00:17 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Outlook Express/MSIMN.EXE
04/02/09 00:18 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Outlook Express/OEMIG50.EXE
04/02/09 00:18 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Outlook Express/WAB.EXE
04/02/09 00:18 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Outlook Express/OEMIG50.EXE
04/02/09 00:18 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Outlook Express/OEMIG50.EXE
04/02/09 00:18 Non réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Outlook Express/setup50.exe Ne peut être réparé
04/02/09 00:18 Supprimés: Virus.Win32.Virut.q /discs/C:/Program Files/Outlook Express/setup50.exe
04/02/09 00:18 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Outlook Express/WAB.EXE
04/02/09 00:18 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Outlook Express/WABMIG.EXE
04/02/09 00:18 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Outlook Express/WABMIG.EXE
04/02/09 00:18 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/PC Connectivity Solution/NclBTHandler.exe
04/02/09 00:18 Non réparés: Virus.Win32.Virut.q /discs/C:/Program Files/PC Connectivity Solution/NclBTHandler.exe Ne peut être réparé
04/02/09 00:18 Supprimés: Virus.Win32.Virut.q /discs/C:/Program Files/PC Connectivity Solution/NclBTHandler.exe
04/02/09 00:18 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/PC Connectivity Solution/ServiceLayer.exe
04/02/09 00:18 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/QuickTime/QTInfo.exe
04/02/09 00:18 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/QuickTime/qttask.exe
04/02/09 00:18 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/PC Connectivity Solution/ServiceLayer.exe
04/02/09 00:18 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/QuickTime/qttask.exe
04/02/09 00:18 Non réparés: Virus.Win32.Virut.q /discs/C:/Program Files/QuickTime/QTInfo.exe Ne peut être réparé
04/02/09 00:18 Supprimés: Virus.Win32.Virut.q /discs/C:/Program Files/QuickTime/QTInfo.exe
04/02/09 00:18 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Trend Micro/HijackThis/HijackThis.exe
04/02/09 00:18 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Tukanas Files Converter/UNWISE.EXE
04/02/09 00:18 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Trend Micro/HijackThis/HijackThis.exe
04/02/09 00:18 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Trend Micro/HijackThis/HijackThis.exe
04/02/09 00:18 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Trend Micro/HijackThis/HijackThis.exe
04/02/09 00:18 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Tukanas Files Converter/zvprt40/uninstall.exe
04/02/09 00:18 Non réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Tukanas Files Converter/UNWISE.EXE Ne peut être réparé
04/02/09 00:18 Supprimés: Virus.Win32.Virut.q /discs/C:/Program Files/Tukanas Files Converter/UNWISE.EXE
04/02/09 00:18 Non réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Tukanas Files Converter/zvprt40/uninstall.exe Ne peut être réparé
04/02/09 00:18 Supprimés: Virus.Win32.Virut.q /discs/C:/Program Files/Tukanas Files Converter/zvprt40/uninstall.exe
04/02/09 00:18 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Tukanas Files Converter/zvprt40/zvprt40_setup.exe
04/02/09 00:18 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Tukanas Files Converter/zvprt40/zvprtsrv.exe
04/02/09 00:18 Non réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Tukanas Files Converter/zvprt40/zvprt40_setup.exe Ne peut être réparé
04/02/09 00:19 Supprimés: Virus.Win32.Virut.q /discs/C:/Program Files/Tukanas Files Converter/zvprt40/zvprt40_setup.exe
04/02/09 00:19 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Tukanas Files Converter/zvprt40/zvprtsrv.exe
04/02/09 00:20 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Windows Media Player/logagent.exe
04/02/09 00:20 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Windows Media Player/mplayer2.exe
04/02/09 00:20 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Windows Media Player/logagent.exe
04/02/09 00:20 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Windows Media Player/mplayer2.exe
04/02/09 00:20 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Windows Media Player/mplayer2.exe
04/02/09 00:20 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Windows Media Player/mplayer2.exe
04/02/09 00:20 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Windows Media Player/mplayer2.exe
04/02/09 00:20 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Windows Media Player/mplayer2.exe
04/02/09 00:20 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Windows Media Player/mplayer2.exe
04/02/09 00:20 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Windows NT/dialer.exe
04/02/09 00:20 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Windows Media Player/mplayer2.exe
04/02/09 00:20 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Windows Media Player/mplayer2.exe
04/02/09 00:20 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Windows Media Player/mplayer2.exe
04/02/09 00:20 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Windows NT/hypertrm.exe
04/02/09 00:20 Non réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Windows NT/dialer.exe Ne peut être réparé
04/02/09 00:20 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Windows NT/Accessoires/ImageVue/kodakprv.exe
04/02/09 00:20 Supprimés: Virus.Win32.Virut.q /discs/C:/Program Files/Windows NT/dialer.exe
04/02/09 00:20 Non réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Windows NT/hypertrm.exe Ne peut être réparé
04/02/09 00:20 Supprimés: Virus.Win32.Virut.q /discs/C:/Program Files/Windows NT/hypertrm.exe
04/02/09 00:20 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Windows NT/Accessoires/ImageVue/kodakprv.exe
04/02/09 00:20 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Windows NT/Accessoires/ImageVue/kodakprv.exe
04/02/09 00:20 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Windows NT/Accessoires/ImageVue/kodakprv.exe
04/02/09 00:20 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Windows NT/Accessoires/ImageVue/kodakprv.exe
04/02/09 00:20 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Windows NT/Accessoires/ImageVue/kodakprv.exe
04/02/09 00:20 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Windows NT/Accessoires/ImageVue/kodakprv.exe
04/02/09 00:20 Réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Windows NT/Accessoires/ImageVue/kodakprv.exe
04/02/09 00:21 Détectés: Virus.Win32.Virut.q /discs/C:/Program Files/Yahoo!/Messenger/UNWISE.EXE
04/02/09 00:21 Non réparés: Virus.Win32.Virut.q /discs/C:/Program Files/Yahoo!/Messenger/UNWISE.EXE Ne peut être réparé
04/02/09 00:21 Supprimés: Virus.Win32.Virut.q /discs/C:/Program Files/Yahoo!/Messenger/UNWISE.EXE
04/02/09 00:22 Détectés: Virus.Win32.Virut.q /discs/C:/répara2/EXPLORER/explorer.exe
04/02/09 00:22 Détectés: Virus.Win32.Virut.q /discs/C:/répara2/SERVICES/services.exe
04/02/09 00:22 Détectés: Virus.Win32.Virut.q /discs/C:/répara2/SPOOLSV/spoolsv.exe
04/02/09 00:22 Réparés: Virus.Win32.Virut.q /discs/C:/répara2/EXPLORER/explorer.exe
04/02/09 00:22 Détectés: Virus.Win32.Virut.q /discs/C:/répara2/SVCHOST/svchost.exe
04/02/09 00:22 Réparés: Virus.Win32.Virut.q /discs/C:/répara2/SERVICES/services.exe
04/02/09 00:22 Détectés: Virus.Win32.Virut.q /discs/C:/répara2/USERINIT/userinit.exe
04/02/09 00:22 Réparés: Virus.Win32.Virut.q /discs/C:/répara2/SPOOLSV/spoolsv.exe
04/02/09 00:22 Réparés: Virus.Win32.Virut.q /discs/C:/répara2/SVCHOST/svchost.exe
04/02/09 00:22 Détectés: Virus.Win32.Virut.q /discs/C:/WINNT/NIRCMD.exe
04/02/09 00:22 Réparés: Virus.Win32.Virut.q /discs/C:/répara2/USERINIT/userinit.exe
04/02/09 00:22 Réparés: Virus.Win32.Virut.q /discs/C:/WINNT/NIRCMD.exe
04/02/09 00:22 Détectés: Virus.Win32.Virut.q /discs/C:/WINNT/TASKMAN.EXE
04/02/09 00:22 Détectés: Virus.Win32.Virut.q /discs/C:/WINNT/twunk_32.exe
04/02/09 00:22 Détectés: Virus.Win32.Virut.q /discs/C:/WINNT/unvise32qt.exe
04/02/09 00:22 Non réparés: Virus.Win32.Virut.q /discs/C:/WINNT/TASKMAN.EXE Ne peut être réparé
04/02/09 00:22 Non réparés: Virus.Win32.Virut.q /discs/C:/WINNT/twunk_32.exe Ne peut être réparé
04/02/09 00:22 Supprimés: Virus.Win32.Virut.q /discs/C:/WINNT/TASKMAN.EXE
04/02/09 00:22 Supprimés: Virus.Win32.Virut.q /discs/C:/WINNT/twunk_32.exe
04/02/09 00:22 Réparés: Virus.Win32.Virut.q /discs/C:/WINNT/unvise32qt.exe
04/02/09 00:23 Détectés: Virus.Win32.Virut.q /discs/C:/WINNT/upwizun.exe
04/02/09 00:23 Détectés: Virus.Win32.Virut.q /discs/C:/WINNT/explorer.exe
04/02/09 00:23 Non réparés: Virus.Win32.Virut.q /discs/C:/WINNT/upwizun.exe Ne peut être réparé
04/02/09 00:23 Détectés: Virus.Win32.Virut.q /discs/C:/WINNT/fdsv.exe
04/02/09 00:23 Supprimés: Virus.Win32.Virut.q /discs/C:/WINNT/upwizun.exe
04/02/09 00:23 Réparés: Virus.Win32.Virut.q /discs/C:/WINNT/explorer.exe
04/02/09 00:23 Détectés: Virus.Win32.Virut.q /discs/C:/WINNT/grep.exe
04/02/09 00:23 Réparés: Virus.Win32.Virut.q /discs/C:/WINNT/fdsv.exe
04/02/09 00:23 Détectés: Virus.Win32.Virut.q /discs/C:/WINNT/sed.exe
04/02/09 00:23 Réparés: Virus.Win32.Virut.q /discs/C:/WINNT/grep.exe
04/02/09 00:23 Détectés: Virus.Win32.Virut.q /discs/C:/WINNT/SWREG.exe
04/02/09 00:23 Détectés: Virus.Win32.Virut.q /discs/C:/WINNT/SWSC.exe
04/02/09 00:23 Réparés: Virus.Win32.Virut.q /discs/C:/WINNT/sed.exe
04/02/09 00:23 Détectés: Virus.Win32.Virut.q /discs/C:/WINNT/SWXCACLS.exe
04/02/09 00:23 Réparés: Virus.Win32.Virut.q /discs/C:/WINNT/SWSC.exe
04/02/09 00:23 Réparés: Virus.Win32.Virut.q /discs/C:/WINNT/SWREG.exe
04/02/09 00:23 Détectés: Virus.Win32.Virut.q /discs/C:/WINNT/SWREG.exe
04/02/09 00:23 Réparés: Virus.Win32.Virut.q /discs/C:/WINNT/SWREG.exe
04/02/09 00:23 Réparés: Virus.Win32.Virut.q /discs/C:/WINNT/SWXCACLS.exe
04/02/09 00:23 Détectés: Virus.Win32.Virut.q /discs/C:/WINNT/VFIND.exe
04/02/09 00:23 Réparés: Virus.Win32.Virut.q /discs/C:/WINNT/VFIND.exe
04/02/09 00:23 Détectés: Virus.Win32.Virut.q /discs/C:/WINNT/welcome.exe
04/02/09 00:23 Détectés: Virus.Win32.Virut.q /discs/C:/WINNT/winhlp32.exe
04/02/09 00:23 Détectés: Virus.Win32.Virut.q /discs/C:/WINNT/winrep.exe
04/02/09 00:23 Non réparés: Virus.Win32.Virut.q /discs/C:/WINNT/welcome.exe Ne peut être réparé
04/02/09 00:23 Non réparés: Virus.Win32.Virut.q /discs/C:/WINNT/winrep.exe Ne peut être réparé
04/02/09 00:23 Supprimés: Virus.Win32.Virut.q /discs/C:/WINNT/welcome.exe
04/02/09 00:23 Supprimés: Virus.Win32.Virut.q /discs/C:/WINNT/winrep.exe
04/02/09 00:23 Réparés: Virus.Win32.Virut.q /discs/C:/WINNT/winhlp32.exe
04/02/09 00:23 Détectés: Virus.Win32.Virut.q /discs/C:/WINNT/zip.exe
04/02/09 00:23 Détectés: Virus.Win32.Virut.q /discs/C:/WINNT/delttsul.exe
04/02/09 00:23 Réparés: Virus.Win32.Virut.q /discs/C:/WINNT/zip.exe
04/02/09 00:23 Non réparés: Virus.Win32.Virut.q /discs/C:/WINNT/delttsul.exe Ne peut être réparé
04/02/09 00:23 Supprimés: Virus.Win32.Virut.q /discs/C:/WINNT/delttsul.exe
04/02/09 00:23 Détectés: Virus.Win32.Virut.q /discs/C:/WINNT/discover.exe
04/02/09 00:23 Détectés: Virus.Win32.Virut.q /discs/C:/WINNT/InstFunc.exe
04/02/09 00:23 Détectés: Virus.Win32.Virut.q /discs/C:/WINNT/IsUn040c.exe
04/02/09 00:23 Non réparés: Virus.Win32.Virut.q /discs/C:/WINNT/discover.exe Ne peut être réparé
04/02/09 00:23 Non réparés: Virus.Win32.Virut.q /discs/C:/WINNT/InstFunc.exe Ne peut être réparé
04/02/09 00:24 Supprimés: Virus.Win32.Virut.q /discs/C:/WINNT/discover.exe
04/02/09 00:24 Supprimés: Virus.Win32.Virut.q /discs/C:/WINNT/InstFunc.exe
04/02/09 00:24 Non réparés: Virus.Win32.Virut.q /discs/C:/WINNT/IsUn040c.exe Ne peut être réparé
04/02/09 00:24 Supprimés: Virus.Win32.Virut.q /discs/C:/WINNT/IsUn040c.exe
04/02/09 00:24 Détectés: Virus.Win32.Virut.q /discs/C:/WINNT/IsUninst.exe
04/02/09 00:24 Réparés: Virus.Win32.Virut.q /discs/C:/WINNT/IsUninst.exe
04/02/09 00:24 Détectés: Virus.Win32.Virut.q /discs/C:/WINNT/msiinst.tmp/msiexec.exe
04/02/09 00:24 Détectés: Virus.Win32.Virut.q /discs/C:/WINNT/PixArt/Pac7302/AmCap.exe
04/02/09 00:24 Réparés: Virus.Win32.Virut.q /discs/C:/WINNT/msiinst.tmp/msiexec.exe
04/02/09 00:24 Détectés: Virus.Win32.Virut.q /discs/C:/WINNT/PixArt/Pac7302/PASnap.exe
04/02/09 00:24 Réparés: Virus.Win32.Virut.q /discs/C:/WINNT/PixArt/Pac7302/AmCap.exe
04/02/09 00:24 Réparés: Virus.Win32.Virut.q /discs/C:/WINNT/PixArt/Pac7302/PASnap.exe
04/02/09 00:24 Détectés: Virus.Win32.Virut.q /discs/C:/WINNT/RegisteredPackages/{44BBA855-CC51-11CF-AAFA-00AA00B6015C}/dplaysvr.exe
04/02/09 00:24 Détectés: Virus.Win32.Virut.q /discs/C:/WINNT/RegisteredPackages/{44BBA855-CC51-11CF-AAFA-00AA00B6015C}/dpnsvr.exe
04/02/09 00:24 Détectés: Virus.Win32.Virut.q /discs/C:/WINNT/RegisteredPackages/{44BBA855-CC51-11CF-AAFA-00AA00B6015C}/dpvsetup.exe
04/02/09 00:24 Réparés: Virus.Win32.Virut.q /discs/C:/WINNT/RegisteredPackages/{44BBA855-CC51-11CF-AAFA-00AA00B6015C}/dplaysvr.exe
04/02/09 00:24 Réparés: Virus.Win32.Virut.q /discs/C:/WINNT/RegisteredPackages/{44BBA855-CC51-11CF-AAFA-00AA00B6015C}/dpvsetup.exe
04/02/09 00:24 Réparés: Virus.Win32.Virut.q /discs/C:/WINNT/RegisteredPackages/{44BBA855-CC51-11CF-AAFA-00AA00B6015C}/dpnsvr.exe
04/02/09 00:24 Détectés: Virus.Win32.Virut.q /discs/C:/WINNT/RegisteredPackages/{44BBA855-CC51-11CF-AAFA-00AA00B6015C}/dxdiag.exe
04/02/09 00:24 Détectés: Virus.Win32.Virut.q /discs/C:/WINNT/RegisteredPackages/{44BBA855-CC51-11CF-AAFA-00AA00B6015C}/dxdllreg.exe
04/02/09 00:25 Réparés: Virus.Win32.Virut.q /discs/C:/WINNT/RegisteredPackages/{44BBA855-CC51-11CF-AAFA-00AA00B6015C}/dxdiag.exe
04/02/09 00:25 Réparés: Virus.Win32.Virut.q /discs/C:/WINNT/RegisteredPackages/{44BBA855-CC51-11CF-AAFA-00AA00B6015C}/dxdllreg.exe
04/02/09 02:38 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/a12112d/a12112d/WAITWND.EXE
04/02/09 02:38 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/a12112d/a12112d/App/SiSAudHk.exe
04/02/09 02:38 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/a12112d/a12112d/WAITWND.EXE
04/02/09 02:38 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/a12112d/a12112d/WAITWND.EXE
04/02/09 02:38 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/a12112d/a12112d/WAITWND.EXE
04/02/09 02:38 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/a12112d/a12112d/App/SiSAudHk.exe
04/02/09 02:38 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/a12112d/a12112d/App/SiSAudHk.exe
04/02/09 02:38 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/a12112d/a12112d/App/SiSAudHk.exe
04/02/09 02:38 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/a12112d/a12112d/App/SiSaudUt.exe
04/02/09 02:38 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/a12112d/a12112d/App/SoundMan.exe
04/02/09 02:39 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/a12112d/a12112d/App/unDrvApp.exe
04/02/09 02:39 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/a12112d/a12112d/App/SiSaudUt.exe
04/02/09 02:39 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/a12112d/a12112d/App/SoundMan.exe
04/02/09 02:39 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/a12112d/a12112d/AudiRack/AudiRack.exe
04/02/09 02:39 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/a12112d/a12112d/App/unDrvApp.exe
04/02/09 02:39 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/a12112d/a12112d/AudiRack/unAuRack.exe
04/02/09 02:39 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/a12112d/a12112d/AudiRack/AudiRack.exe
04/02/09 02:39 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/a12112d/a12112d/NT40/SISUIAUD.EXE
04/02/09 02:39 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/a12112d/a12112d/AudiRack/unAuRack.exe
04/02/09 02:39 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/a12112d/a12112d/NT40/SISUIAUD.EXE
04/02/09 02:39 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/a12112d/a12112d/srv2003/Uninst2k.exe
04/02/09 02:39 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/a12112d/a12112d/Win2000/Uninst2k.exe
04/02/09 02:39 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/a12112d/a12112d/win95_98/SiSsynth.exe
04/02/09 02:39 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/a12112d/a12112d/srv2003/Uninst2k.exe
04/02/09 02:39 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/a12112d/a12112d/win95_98/SiSsynth.exe
04/02/09 02:39 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/a12112d/a12112d/Win2000/Uninst2k.exe
04/02/09 02:39 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/a12112d/a12112d/WinXP/Uninst2k.exe
04/02/09 02:39 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/a12112d/a12112d/WS03XP64/Uninst2k.exe
04/02/09 02:39 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/a12112d/a12112d/WinXP/Uninst2k.exe
04/02/09 02:39 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/a12112d/a12112d/WS03XP64/Uninst2k.exe
04/02/09 02:39 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/agp121/agp121/SISfiles/AMDInst.exe
04/02/09 02:39 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/agp121/agp121/SISfiles/ata133ap.exe
04/02/09 02:39 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/agp121/agp121/SISfiles/waitwnd.exe
04/02/09 02:39 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/agp121/agp121/SISfiles/ata133ap.exe
04/02/09 02:39 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/agp121/agp121/SISfiles/AMDInst.exe
04/02/09 02:40 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/agp121/agp121/USB/Win2K_XP/WinXPUSB/SiSUSBrg.exe
04/02/09 02:40 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/agp121/agp121/USB/Win9x/SiSFiles/Mp_s3.exe
04/02/09 02:40 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/agp121/agp121/SISfiles/waitwnd.exe
04/02/09 02:40 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/agp121/agp121/USB/Win2K_XP/WinXPUSB/SiSUSBrg.exe
04/02/09 02:40 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/agp121/agp121/USB/Win9x/SiSFiles/Mp_s3.exe
04/02/09 02:40 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/ide204a/R204a/IDE/IdeUtil/PropInstall.exe
04/02/09 02:40 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/ide204a/R204a/IDE/IdeUtil/SISIDE.exe
04/02/09 02:40 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/ide204a/R204a/IDE/IdeUtil/PropInstall.exe
04/02/09 02:40 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/ide204a/R204a/IDE/IdeUtil/SISIDE.exe
04/02/09 02:40 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/ide204a/R204a/SISfiles/ata133ap.exe
04/02/09 02:40 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/ide204a/R204a/SISfiles/DMA98.exe
04/02/09 02:40 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/ide204a/R204a/SISfiles/HDinfo.exe
04/02/09 02:40 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/ide204a/R204a/SISfiles/ata133ap.exe
04/02/09 02:40 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/ide204a/R204a/SISfiles/HDinfo.exe
04/02/09 02:40 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/ide204a/R204a/SISfiles/infinstall.exe
04/02/09 02:40 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/ide204a/R204a/SISfiles/DMA98.exe
04/02/09 02:40 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/ide204a/R204a/SISfiles/SisFilter.exe
04/02/09 02:40 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/ide204a/R204a/SISfiles/infinstall.exe
04/02/09 02:40 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/ide204a/R204a/SISfiles/waitwnd.exe
04/02/09 02:40 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/ide204a/R204a/SISfiles/SisFilter.exe
04/02/09 02:40 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/ide204a/R204a/SISfiles/waitwnd.exe
04/02/09 02:41 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/sl119/sl119/SRV2003/uninst.exe
04/02/09 02:41 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/sl119/sl119/SRV2003/uninst.exe
04/02/09 02:41 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/sl119/sl119/WINXP2K/uninst.exe
04/02/09 02:41 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/sl119/sl119/WINXP2K/uninst.exe
04/02/09 02:41 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/uvga3_373/3[1].73Logo/373_Logo/Setup/AGPPack/SISfiles/AMDInst.exe
04/02/09 02:41 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/uvga3_373/3[1].73Logo/373_Logo/Setup/AGPPack/SISfiles/ata133ap.exe
04/02/09 02:41 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/uvga3_373/3[1].73Logo/373_Logo/Setup/AGPPack/SISfiles/waitwnd.exe
04/02/09 02:41 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/uvga3_373/3[1].73Logo/373_Logo/Setup/AGPPack/SISfiles/AMDInst.exe
04/02/09 02:41 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/uvga3_373/3[1].73Logo/373_Logo/Setup/AGPPack/SISfiles/ata133ap.exe
04/02/09 02:41 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/uvga3_373/3[1].73Logo/373_Logo/Setup/AGPPack/USB/Win2K_XP/WinXPUSB/SiSUSBrg.exe
04/02/09 02:41 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/uvga3_373/3[1].73Logo/373_Logo/Setup/AGPPack/SISfiles/waitwnd.exe
04/02/09 02:41 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/uvga3_373/3[1].73Logo/373_Logo/Setup/AGPPack/USB/Win9x/SiSFiles/Mp_s3.exe
04/02/09 02:41 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/uvga3_373/3[1].73Logo/373_Logo/Setup/AGPPack/USB/Win2K_XP/WinXPUSB/SiSUSBrg.exe
04/02/09 02:41 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/uvga3_373/3[1].73Logo/373_Logo/Setup/AGPPack/USB/Win9x/SiSFiles/Mp_s3.exe
04/02/09 02:41 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/uvga3_373/3[1].73Logo/373_Logo/Setup/setupDLL/IsUninst.exe
04/02/09 02:41 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/uvga3_373/3[1].73Logo/373_Logo/Setup/setupDLL/Progress.exe
04/02/09 02:41 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/uvga3_373/3[1].73Logo/373_Logo/Setup/setupDLL/waitwnd.exe
04/02/09 02:41 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/uvga3_373/3[1].73Logo/373_Logo/Setup/setupDLL/IsUninst.exe
04/02/09 02:42 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/uvga3_373/3[1].73Logo/373_Logo/Setup/setupDLL/Progress.exe
04/02/09 02:42 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/uvga3_373/3[1].73Logo/373_Logo/Setup/setupDLL/waitwnd.exe
04/02/09 02:42 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/uvga3_373/3[1].73Logo/373_Logo/Setup/utilDLL/LCDMode.exe
04/02/09 02:42 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/uvga3_373/3[1].73Logo/373_Logo/Setup/utilDLL/LCDMode.exe
04/02/09 02:42 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/uvga3_373/3[1].73Logo/373_Logo/Setup/WinXP64/InstFunc.exe
04/02/09 02:42 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/uvga3_373/3[1].73Logo/373_Logo/Setup/WinXP64/InstFunc.exe
04/02/09 02:42 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/uvga3_373/3[1].73Logo/373_Logo/Setup/WinXP_2K/InstFunc.exe
04/02/09 02:42 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sis/uvga3_373/3[1].73Logo/373_Logo/Setup/WinXP_2K/InstFunc.exe
04/02/09 02:42 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/SiS7012/Uninst/uninst2k.exe
04/02/09 02:42 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sisagp/SiS7012/Uninst/uninst2k.exe
04/02/09 02:42 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/VGA USB Camera/AMCap.exe
04/02/09 02:42 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/SiS7012/Uninst/uninst2k.exe
04/02/09 02:42 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/sisagp/SiS7012/Uninst/uninst2k.exe
04/02/09 02:42 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/VGA USB Camera/CleanDev.exe
04/02/09 02:42 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/VGA USB Camera/DeINF.exe
04/02/09 02:42 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/VGA USB Camera/AMCap.exe
04/02/09 02:42 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/VGA USB Camera/KillTray.exe
04/02/09 02:42 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/VGA USB Camera/CleanDev.exe
04/02/09 02:42 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/VGA USB Camera/KillTray.exe
04/02/09 02:42 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/VGA USB Camera/Monitor.exe
04/02/09 02:42 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/VGA USB Camera/DeINF.exe
04/02/09 02:42 Détectés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/VGA USB Camera/PASnap.exe
04/02/09 02:42 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/VGA USB Camera/Monitor.exe
04/02/09 02:43 Réparés: Virus.Win32.Virut.q /discs/D:/ASUS Terminator P4_fichiers/VGA USB Camera/PASnap.exe
04/02/09 11:08 Détectés: Virus.Win32.Virut.q /discs/D:/Product Assistant/bin/hprbUpdate.exe
04/02/09 11:08 Réparés: Virus.Win32.Virut.q /discs/D:/Product Assistant/bin/hprbUpdate.exe
05/02/09 04:09 Fin de la tâche

Réponse 263 / 282

lachoukrate Messages postés 234 Date d'inscription Statut Membre Dernière intervention 2

re,

suite au message précedent :

Le passage de combofix releve les 5 memes fichiers infectés :-(

bon je pars a l'atelier...

Réponse 264 / 282

lachoukrate Messages postés 234 Date d'inscription Statut Membre Dernière intervention 2

re,

suite suite du post 263
Tout d'abord désires tu le rapport combofix?

Alors j'ai récupéré tous mes documents importants, en vérifiant qu'il n'y avait pas de .exe, par la clé usb pour les mettre sur mon portable. J'ai scanné avec tous les antimalware, antispyware et antivir du portable, avant de les charger, pas trace d'infection. Maintenant il n'y a rien d'important sur le pc malade. Je laisse l'ordi comme cela. Ce serait bien de trouver un moyen d'éradiquer ce virus pour les prochains infectés sans avoir a formater. De plus demain je pars pour 10 jours de la maison(début des vacances dans ma zone), donc je ne pourrai pas faire grand chose.

Je te propose de te laisser ce temps la pour bucher sur le sujet ;-) et je suis prete à faire tous types de tests que tu jugeras utiles pour éliminer ce virut.q. A moins que tu ne me dises de formater :-( Ce serait dommage, vu tout le boulot fait par nous deux pour ce sauvetage :-).

Si tu vois d'autres manips a faire d'ici demain midi, n'hésites pas....

Et puis encore merci pour tout ce travail :-)

Karine

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 265 / 282

Utilisateur anonyme

bonjour a vous :

tres compliquée cette desinfection :)

Réponse 266 / 282

lachoukrate Messages postés 234 Date d'inscription Statut Membre Dernière intervention 2

c'est vrai que si j'avais pas une telle masse capillaire, je serai chauve à cette heure ci looool
mais on n'a pas dit notre dernier mot!!!!! grrrrrrr
On va l'avoir... meme si il faut formater, on l'aura ce sale virus de !@@@@!
Ah non mais !!!

Réponse 267 / 282

Lyonnais92 Messages postés 25159 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 537

Bonjour,

Karine, ces10 jours nous feront du bien.

Tu feras remonter le post à ton retour.

Ce n'est pas la peine de tenter une nouvelle manip sans avoir le temps de réfléchir.

Mon idée est est de passer en console de récupération avant de repartir en mode normal pour régénérer les 5 fichiers à partir de la version disque.

Mais il faut que je vois la procédure exacte pour ne pas tatonner.

=================

Je veux bien le rapport Combofix. (avec la dernière version de Combo)

Tu peux aussi, mais je suis sur du résultat hélas, vérifier que les fichiers sont bien infectés par virut.q.

Le seul intérêt, si tu as supprimé tout "l'inutile" est de voir quel temps prend Kaspersky AVP Tools.

Vincent

Réponse 268 / 282

lachoukrate Messages postés 234 Date d'inscription Statut Membre Dernière intervention 2

Je ne me rendais pas compte que toi aussi ca te prenait tant d'énergie, mais je suis d'accord avec toi pendant ces 10 jours , je vais décompresser aussi. Et moi je n'aurais pas d'autres virus a traiter en plus(les autres virus doivent ressembler à une promenade, pour le coup ;-)) . Du retard a rattrapper, mais pas de stress :-)

Pour ce que tu appelles "l'inutile" c'est tous ces logiciels (kodak, nokia, acrobat, zip, etc) que je peux virer? Je garde juste les pilotes , et windows? Si c'est ca (n'hesites pas a me préciser) je m'en occupe en rentrant du boulot ce soir. et ainsi je repasserai avp tool et je vérifierai si les 5 fichiers ont bien virut.q, manquerait plus qu'il nous fasse faux bond maintenant , gnark, gnark gnark

je te dis a tout a l'heure pour notre dernière soirée ensemble avant un tit moment ;-)

Alors voici le rapport combofix, mais je sais pas si virut l'a infecté dès son apparition dans le systeme :-(

ComboFix 09-02-04.01 - chouchouk 05/02/2009 9:26:50.9 - NTFSx86
Microsoft Windows 2000 Professionnel 5.0.2195.4.1252.1.1036.18.480.220 [GMT 1:00]
Lancé depuis: c:\documents and settings\chouchouk\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

[COLOR=RED] c:\winnt\system32\userinit.exe . . . est infecté!!/COLOR

[COLOR=RED] c:\winnt\system32\services.exe . . . est infecté!!/COLOR

[COLOR=RED] c:\winnt\system32\svchost.exe . . . est infecté!!/COLOR

[COLOR=RED] c:\winnt\system32\spoolsv.exe . . . est infecté!!/COLOR

[COLOR=RED] c:\winnt\explorer.exe . . . est infecté!!/COLOR

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-05 au 2009-02-05 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans ce laps de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-04 00:18 --------- d-----w c:\program files\Tukanas Files Converter
2009-02-04 00:18 --------- d-----w c:\program files\QuickTime
2009-02-04 00:18 --------- d-----w c:\program files\PC Connectivity Solution
2009-01-27 12:12 --------- d-----w c:\program files\Trend Micro
2009-01-26 21:29 --------- d-----w c:\program files\CCleaner
2009-01-26 17:44 673,280 ----a-w c:\winnt\system32\drivers\KodakCCS.exe
2009-01-26 13:28 --------- d-----w c:\documents and settings\chouchouk\Application Data\OpenOffice.org2
2009-01-25 22:55 --------- d-----w c:\documents and settings\chouchouk\Application Data\Grisoft
2009-01-23 08:39 7,168 ----a-w c:\winnt\system32\drivers\utqxndm3.sys
2009-01-19 14:57 --------- d---a-w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-12 17:09 186,592 ----a-w c:\winnt\system32\drivers\windrvr6.sys
2009-01-11 21:01 7,679,120 ----a-w c:\program files\setupmozilla.exe
2009-01-09 19:56 --------- d-----w c:\program files\microsoft frontpage
2009-01-07 02:51 --------- d-----w c:\documents and settings\chouchouk\Application Data\Malwarebytes
2009-01-07 02:44 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-05 21:04 --------- d-----w c:\documents and settings\chouchouk\Application Data\AVGTOOLBAR
2009-01-04 22:32 --------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2009-01-01 15:28 --------- d-----w c:\documents and settings\chouchouk\Application Data\dvdcss
2008-12-11 12:09 239,472 ----a-w c:\winnt\system32\drivers\SRV.SYS
2008-03-19 11:34 271 ---h--w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [30/08/07 17:43 4670704]
"internat.exe"="internat.exe" [22/01/09 09:14 88576 c:\winnt\system32\internat.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [04/02/09 01:18 450560]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/08 03:27 144784]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [21/01/09 09:09 305152]
"Synchronization Manager"="mobsync.exe" [26/01/09 18:42 484864 c:\winnt\system32\mobsync.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [04/02/09 00:53 1679360]
"internat.exe"="internat.exe" [22/01/09 09:14 88576 c:\winnt\system32\internat.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [21/01/09 09:09 224256]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logiciel Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-04-27 974848]
Utility Tray.lnk - c:\winnt\system32\sistray.exe [2008-04-04 536576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\winnt\explorer.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

R3 openhci;Pilote de contrôleur hôte ouvert USB Microsoft;c:\winnt\system32\drivers\openhci.sys [2003-06-23 24784]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\winnt\system32\drivers\sis7012.sys [2004-11-03 267136]
R3 SISNIC2K;SiS PCI Fast Ethernet Adapter Driver for NDIS5;c:\winnt\system32\drivers\sisnic2k.sys [2006-02-14 32768]
S1 is-2135Adrv;is-2135Adrv;c:\winnt\system32\DRIVERS\25590738.sys --> c:\winnt\system32\DRIVERS\25590738.sys [?]
S1 is-DP22Ldrv;is-DP22Ldrv;c:\winnt\system32\DRIVERS\45200374.sys --> c:\winnt\system32\DRIVERS\45200374.sys [?]
S2 ptssvc;ptssvc;d:\kodak easyshare software\bin\ptssvc.exe --> d:\kodak easyshare software\bin\ptssvc.exe [?]
S3 banshee;banshee;c:\winnt\system32\drivers\banshee.sys [2008-03-24 38928]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\winnt\system32\drivers\fbxusb32.sys [2004-10-20 21344]
S3 nv3;nv3;c:\winnt\system32\drivers\nv3.sys [2008-03-19 201328]
S3 PAC7302;PAC7302 VGA USB Camera;c:\winnt\system32\drivers\PAC7302.SYS [2008-06-03 457856]
S3 utqxndm3;AVZ Kernel Driver;c:\winnt\system32\drivers\utqxndm3.sys [2009-01-21 7168]
.
Contenu du dossier 'Tâches planifiées'

2009-01-07 c:\winnt\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe []
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.xeoo.com/?p=h&a=f
mStart Page = hxxp://ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
IE: Download with &Shareaza - c:\program files\Shareaza\Plugins\RazaWebHook.dll/3000
LSP: %SystemRoot%\system32\msafd.dll
FF - ProfilePath - c:\documents and settings\chouchouk\Application Data\Mozilla\Firefox\Profiles\gh9pde39.default\
FF - prefs.js: browser.search.selectedEngine - xeoo.com
FF - prefs.js: keyword.URL - hxxp://xeoo.com/?p=url&a=firefox&k=
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.bookmark_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.current_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.restore_default", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importBookmarksHTML", true);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importDefaults", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.search.selectedEngine", "xeoo.com");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("keyword.URL", "http://xeoo.com/?p=url&a=firefox&k=");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.startup.homepage", "http://www.xeoo.com/?p=h&a=firefox");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-05 09:46:42
Windows 5.0.2195 Service Pack 4 NTFS

detected NTDLL code modification:
ZwOpenFile

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(184)
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL
c:\winnt\system32\rsabase.dll

- - - - - - - > 'explorer.exe'(1124)
c:\winnt\AppPatch\AcLayers.DLL
c:\winnt\system32\SHDOCVW.DLL
.
Heure de fin: 05/02/2009 10:19:05
ComboFix-quarantined-files.txt 2009-02-05 09:18:36
ComboFix2.txt 2009-01-27 12:03:44
ComboFix3.txt 2009-01-26 21:39:30
ComboFix4.txt 2009-01-26 19:24:03

Avant-CF: 858 406 912 octets libres
Après-CF: 854,577,152 octets libres

137 --- E O F --- 2009-01-23 07:19:58

Réponse 269 / 282

lachoukrate Messages postés 234 Date d'inscription Statut Membre Dernière intervention 2

re,

Gen me propose de t'envoyer sur cet autre topic ou je suis aussi en désinfection pour le portable
Ce qu'il me dit fait froid dans le dos,
moi je crois que je vais cesser totalement l'internet loooooooooool jaune

Alors je sais que portable a été remis en état l'année dernière par un informaticien anglais(super fort normalement), mais je sais pas ce qu'il a fait ou mis pour ce faire, mais j'ai absolument tout récupéré.

http://www.commentcamarche.net/forum/affich 10592260 petite verif vundo pour gen hackman?page=5#98

jme sauve...

Réponse 270 / 282

Lyonnais92 Messages postés 25159 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 537

Re,

tu remets un rapport RSIT (ou Hijackthis selon ce que tu as).

===========

"L'inutile" c'était les photos, les fichiers que virut n'infectera pas mais que l'outils va scanner, ce qui le ralentit.

==============

Fais ça si tu peux :

Télécharger GMER ( http://www2.gmer.net/gmer.zip )
Extraire le contenu du ZIP puis renommer "gmer.exe" en "bypass.exe"
Onglet "Rootkit" ; cliquez sur "SCAN" puis patienter...
En fin de traitement cliquez sur "SAVE" et enregistrer sur votre bureau "050209.txt"
Double cliquez sur "050209.txt" ; le fichier s'ouvre dans le bloc-notes.
Copiez le contenu et collez le sur votre prochain message.

Réponse 271 / 282

Lyonnais92 Messages postés 25159 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 537

Re,

pour ton portable, scanne le avec Kaspersky AVP Tools si tu es inquiète.

Réponse 272 / 282

lachoukrate Messages postés 234 Date d'inscription Statut Membre Dernière intervention 2

tu m'as vu me connecter? Tu m'as envoyé le message quand je me connectais...

D'abord HJT :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:37:27, on 05/02/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\system32\ScsiAccess.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\explorer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINNT\system32\sistray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\MultiRes\MultiRes.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xeoo.com/?p=h&a=f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINNT\explorer.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: is-V6CJF.lnk = C:\Documents and Settings\chouchouk\Bureau\Virus Removal Tool\is-V6CJF\startup.exe
O4 - Startup: MultiRes.lnk = C:\Program Files\MultiRes\MultiRes.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINNT\system32\sistray.exe
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O20 - AppInit_DLLs:
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: ptssvc - Unknown owner - D:\Kodak EasyShare software\bin\ptssvc.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\WINNT\system32\ScsiAccess.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Réponse 273 / 282

Lyonnais92 Messages postés 25159 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 537

Re,

avant les vacances, les travaux continuent.

=============

Copie ou imprime les instructions avant

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

Driver::
qtmdb
ptssvc

Rootkit::
C:\WINNT\system32\vjyfddz.dll
d:\kodak easyshare software\bin\ptssvc.exe

Registry::
[ HKLM\SYSTEM\ControlSet001\Services\qtmdb\Parameters]
"ServiceDll"=-

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport gmer.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.

Réponse 274 / 282

lachoukrate Messages postés 234 Date d'inscription Statut Membre Dernière intervention 2

dis moi dans le rapport HJT, la ligne 08 (avec shareaza) ne sert à rien, je pourrais peut etre la virer au passage?

combofix est reparti et j'envoie Gmer ensuite.

Réponse 275 / 282

Lyonnais92 Messages postés 25159 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 537

Re,

fixe.

Réponse 276 / 282

lachoukrate Messages postés 234 Date d'inscription Statut Membre Dernière intervention 2

re,

scan combofix :
ComboFix 09-02-04.01 - chouchouk 05/02/2009 23:08:46.10 - NTFSx86
Microsoft Windows 2000 Professionnel 5.0.2195.4.1252.1.1036.18.480.237 [GMT 1:00]
Lancé depuis: c:\documents and settings\chouchouk\Bureau\ComboFix.exe
Commutateurs utilisés :: F:\CFscript
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

[COLOR=RED] c:\winnt\system32\userinit.exe . . . est infecté!![/COLOR]

[COLOR=RED] c:\winnt\system32\services.exe . . . est infecté!![/COLOR]

[COLOR=RED] c:\winnt\system32\svchost.exe . . . est infecté!![/COLOR]

[COLOR=RED] c:\winnt\system32\spoolsv.exe . . . est infecté!![/COLOR]

[COLOR=RED] c:\winnt\explorer.exe . . . est infecté!![/COLOR]

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PTSSVC
-------\Service_ptssvc

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-05 au 2009-02-05 ))))))))))))))))))))))))))))))))))))
.

2009-02-05 08:52 . 09-02-05 08:54 51,791 --------- C:\rapport KAV
2009-02-05 08:51 . 09-02-05 08:51 <DIR> d-------- C:\KAV
2009-02-04 01:52 . 09-02-04 01:52 0 --------- C:\scan iso
2009-01-29 08:09 . 09-02-05 21:58 923,646 ---h----- c:\winnt\ShellIconCache
2009-01-27 22:25 . 09-01-27 22:29 <DIR> d-------- C:\répara2
2009-01-27 13:18 . 09-01-27 13:25 <DIR> d-------- C:\repara
2009-01-27 13:12 . 09-01-27 13:12 <DIR> d-------- c:\program files\Trend Micro
2009-01-26 22:29 . 09-01-26 22:29 <DIR> d-------- c:\program files\CCleaner
2009-01-25 23:55 . 09-01-25 23:55 <DIR> d-------- c:\documents and settings\chouchouk\Application Data\Grisoft
2009-01-21 17:21 . 09-01-23 09:39 7,168 --a------ c:\winnt\system32\drivers\utqxndm3.sys
2009-01-19 23:44 . 09-02-05 23:37 54,156 --ah----- c:\winnt\QTFont.qfn
2009-01-19 23:44 . 09-02-05 23:31 1,409 --a------ c:\winnt\QTFont.for
2009-01-12 18:09 . 09-01-12 18:09 186,592 --a------ c:\winnt\system32\drivers\windrvr6.sys
2009-01-11 22:07 . 09-01-11 22:07 0 --a------ c:\winnt\nsreg.dat
2009-01-11 22:01 . 09-01-11 22:01 7,679,120 --a------ c:\program files\setupmozilla.exe
2009-01-10 19:25 . 09-01-10 19:25 144,034 --a------ C:\Sans titre.bmp
2009-01-10 11:03 . 09-01-10 11:03 24,172 --a------ c:\winnt\system32\syncps.dl_
2009-01-09 20:56 . 09-01-09 20:56 <DIR> d-------- c:\program files\microsoft frontpage
2009-01-09 11:14 . 09-01-09 11:14 <DIR> d-------- c:\winnt\ERUNT
2009-01-08 00:34 . 09-01-26 18:52 118,272 --a------ c:\winnt\system32\reg.exe
2009-01-07 03:51 . 09-01-07 03:51 <DIR> d-------- c:\documents and settings\chouchouk\Application Data\Malwarebytes
2009-01-07 03:44 . 09-01-07 03:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-06 23:52 . 04-03-09 01:00 609,824 --a------ c:\winnt\system32\comctl32.ocx
2009-01-05 22:04 . 09-01-05 22:04 <DIR> d-------- c:\documents and settings\chouchouk\Application Data\AVGTOOLBAR

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-05 20:39 --------- d-----w c:\documents and settings\chouchouk\Application Data\OpenOffice.org2
2009-02-04 00:18 --------- d-----w c:\program files\Tukanas Files Converter
2009-02-04 00:18 --------- d-----w c:\program files\QuickTime
2009-02-04 00:18 --------- d-----w c:\program files\PC Connectivity Solution
2009-01-26 17:44 673,280 ----a-w c:\winnt\system32\drivers\KodakCCS.exe
2009-01-19 14:57 --------- d---a-w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-04 22:32 --------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2009-01-01 15:28 --------- d-----w c:\documents and settings\chouchouk\Application Data\dvdcss
2008-12-11 12:09 239,472 ----a-w c:\winnt\system32\drivers\SRV.SYS
2008-03-19 11:34 271 ---h--w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [07-08-30 17:43 4670704]
"internat.exe"="internat.exe" [09-01-22 09:14 88576 c:\winnt\system32\internat.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [09-02-04 01:18 450560]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [08-06-10 03:27 144784]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [09-01-21 09:09 305152]
"Synchronization Manager"="mobsync.exe" [09-01-26 18:42 484864 c:\winnt\system32\mobsync.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [09-02-04 00:53 1712128]
"internat.exe"="internat.exe" [09-01-22 09:14 88576 c:\winnt\system32\internat.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [09-01-21 09:09 224256]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logiciel Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-04-27 974848]
Utility Tray.lnk - c:\winnt\system32\sistray.exe [2008-04-04 536576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\winnt\explorer.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

R3 openhci;Pilote de contrôleur hôte ouvert USB Microsoft;c:\winnt\system32\drivers\openhci.sys [2003-06-23 24784]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\winnt\system32\drivers\sis7012.sys [2004-11-03 267136]
R3 SISNIC2K;SiS PCI Fast Ethernet Adapter Driver for NDIS5;c:\winnt\system32\drivers\sisnic2k.sys [2006-02-14 32768]
S1 is-2135Adrv;is-2135Adrv;c:\winnt\system32\DRIVERS\25590738.sys --> c:\winnt\system32\DRIVERS\25590738.sys [?]
S1 is-DP22Ldrv;is-DP22Ldrv;c:\winnt\system32\DRIVERS\45200374.sys --> c:\winnt\system32\DRIVERS\45200374.sys [?]
S3 banshee;banshee;c:\winnt\system32\drivers\banshee.sys [2008-03-24 38928]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\winnt\system32\drivers\fbxusb32.sys [2004-10-20 21344]
S3 nv3;nv3;c:\winnt\system32\drivers\nv3.sys [2008-03-19 201328]
S3 PAC7302;PAC7302 VGA USB Camera;c:\winnt\system32\drivers\PAC7302.SYS [2008-06-03 457856]
S3 utqxndm3;AVZ Kernel Driver;c:\winnt\system32\drivers\utqxndm3.sys [2009-01-21 7168]
.
Contenu du dossier 'Tâches planifiées'

2009-01-07 c:\winnt\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe []
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.xeoo.com/?p=h&a=f
mStart Page = hxxp://ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
IE: Download with &Shareaza - c:\program files\Shareaza\Plugins\RazaWebHook.dll/3000
LSP: %SystemRoot%\system32\msafd.dll
FF - ProfilePath - c:\documents and settings\chouchouk\Application Data\Mozilla\Firefox\Profiles\gh9pde39.default\
FF - prefs.js: browser.search.selectedEngine - xeoo.com
FF - prefs.js: keyword.URL - hxxp://xeoo.com/?p=url&a=firefox&k=
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.bookmark_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.current_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.restore_default", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importBookmarksHTML", true);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importDefaults", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.search.selectedEngine", "xeoo.com");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("keyword.URL", "http://xeoo.com/?p=url&a=firefox&k=");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.startup.homepage", "http://www.xeoo.com/?p=h&a=firefox");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-05 23:37:27
Windows 5.0.2195 Service Pack 4 NTFS

detected NTDLL code modification:
ZwOpenFile

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(184)
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL
c:\winnt\system32\rsabase.dll
.
Heure de fin: 2009-02-05 23:51:27 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-02-05 22:51:13
ComboFix2.txt 2009-02-05 09:19:19
ComboFix3.txt 2009-01-27 12:03:44
ComboFix4.txt 2009-01-26 21:39:30
ComboFix5.txt 2009-02-05 22:03:27

Avant-CF: 868 274 176 octets libres
Après-CF: 863,387,648 octets libres

152 --- E O F --- 2009-01-23 07:19:58

Réponse 277 / 282

lachoukrate Messages postés 234 Date d'inscription Statut Membre Dernière intervention 2

puis scanbypass

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-06 00:32:47
Windows 5.0.2195 Service Pack 4

---- Kernel code sections - GMER 1.0.14 ----

? C:\ComboFix\catchme.sys Le fichier spécifié est introuvable. !
? C:\WINNT\system32\Drivers\PROCEXP90.SYS Le fichier spécifié est introuvable. !
.text NTDLL.DLL!NtCreateFile 78468278 5 Bytes CALL 7FFA28DA
.text NTDLL.DLL!NtCreateProcess 78468308 5 Bytes CALL 7FFA292E
.text NTDLL.DLL!NtOpenFile 784686AC 5 Bytes CALL 7FFA2927

---- User code sections - GMER 1.0.14 ----

.text C:\WINNT\system32\winlogon.exe[184] ntdll.dll!NtCreateFile 78468278 5 Bytes CALL 7FFA28DA
.text C:\WINNT\system32\winlogon.exe[184] ntdll.dll!NtCreateProcess 78468308 5 Bytes CALL 7FFA292E
.text C:\WINNT\system32\winlogon.exe[184] ntdll.dll!NtOpenFile 784686AC 5 Bytes CALL 7FFA2927
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!StrStrW + FFEEFA8C 7CE31F04 4 Bytes [ 00, 00, 00, 00 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!StrStrW + FFEEFA94 7CE31F0C 1 Byte [ 00 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!StrStrW + FFEEFA98 7CE31F10 2 Bytes [ 00, 00 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!StrStrW + FFEEFAA1 7CE31F19 2 Bytes [ 00, 00 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!StrStrW + FFEEFAA8 7CE31F20 4 Bytes [ 00, 00, 00, 00 ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetFolderLocation + 15 7CE4DB1D 111 Bytes [ 44, 77, 3D, 50, 3A, 73, 0C, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetFolderLocation + 85 7CE4DB8D 95 Bytes [ 44, 77, 3D, 7C, 3A, 73, 0C, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetFolderLocation + E5 7CE4DBED 15 Bytes [ 44, 77, 3D, 9D, 3A, 73, 0C, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetFolderLocation + F5 7CE4DBFD 61 Bytes [ 44, 77, 3D, 94, 3A, 73, 0C, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetSpecialFolderLocation 7CE4DC3B 33 Bytes [ AA, 00, 44, 77, 3D, 9A, 3A, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetSpecialFolderLocation + 22 7CE4DC5D 77 Bytes [ 44, 77, 3D, 99, 3A, 73, 0C, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetSpecialFolderLocation + 70 7CE4DCAB 1 Byte [ AA ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetSpecialFolderLocation + 72 7CE4DCAD 29 Bytes [ 44, 77, 3D, 83, 3A, 73, 0C, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetSpecialFolderLocation + 90 7CE4DCCB 89 Bytes [ AA, 00, 44, 77, 3D, 63, 3A, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHChangeNotify + 104 7CE4E0FD 15 Bytes [ BD, CE, 0B, 5E, F2, 50, 30, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHChangeNotify + 114 7CE4E10D 19 Bytes [ BD, CE, 0B, C0, 23, 3F, BD, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHChangeNotify + 129 7CE4E122 8 Bytes CALL CF7AF2F9
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHChangeNotify + 132 7CE4E12B 47 Bytes [ C0, 4F, C3, 08, 71, 70, F0, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHChangeNotify + 162 7CE4E15B 80 Bytes [ AA, 00, C1, 6E, 65, C0, 5E, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DllGetClassObject + 39 7CE4E7FF 193 Bytes [ 45, 10, 5D, C2, 0C, 00, 55, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DllGetClassObject + FB 7CE4E8C1 20 Bytes [ 00, 8B, F0, 8B, 45, 18, 8B, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DllGetClassObject + 110 7CE4E8D6 1 Byte [ 55 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DllGetClassObject + 112 7CE4E8D8 6 Bytes [ EC, 81, EC, 1C, 03, 00 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DllGetClassObject + 119 7CE4E8DF 7 Bytes [ 83, 4D, F8, FF, 83, 65, FC ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetPathFromIDListW + 9D 7CE4FDDC 1 Byte [ 40 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetPathFromIDListW + 9F 7CE4FDDE 97 Bytes [ 8D, 45, FC, 8B, 3D, F0, 19, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetPathFromIDListW + 101 7CE4FE40 31 Bytes [ 6A, 00, 68, C0, 55, E3, 7C, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetPathFromIDListW + 123 7CE4FE62 12 Bytes [ 8D, 45, FC, 66, 83, A5, EC, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetPathFromIDListW + 131 7CE4FE70 1 Byte [ EC ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetFileInfoW + 17 7CE50382 38 Bytes [ 8B, F8, 85, FF, 0F, 8C, 0F, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetFileInfoW + 3E 7CE503A9 38 Bytes [ 8D, 45, FC, 50, FF, 75, 10, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetFileInfoW + 65 7CE503D0 54 Bytes CALL 7CE504B1 C:\WINNT\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetFileInfoW + 9C 7CE50407 11 Bytes [ 75, 14, 6A, 00, 50, 6A, 00, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetFileInfoW + A8 7CE50413 37 Bytes [ 8B, F8, 85, FF, 7C, 29, FF, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetFolderPathW + 2A 7CE50784 69 Bytes [ 17, C1, E1, 1B, C1, F9, 1B, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetFolderPathW + 70 7CE507CA 93 Bytes [ F6, 44, 24, 1C, 80, BF, 08, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetFolderPathW + CE 7CE50828 155 Bytes [ 85, C0, 75, 36, 57, E8, 21, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetFolderPathW + 16B 7CE508C5 6 Bytes [ 75, 29, 57, E8, 86, DD ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetFolderPathW + 173 7CE508CD 263 Bytes [ 85, C0, 75, 1F, 8B, 16, A1, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ShellExecuteExW + 23 7CE52080 19 Bytes [ 68, F4, 01, 00, 00, 68, 90, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ShellExecuteExW + 37 7CE52094 196 Bytes [ 7D, 05, BE, F4, 01, 00, 00, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ShellExecuteExW + FC 7CE52159 27 Bytes CALL 7CE5BF10 C:\WINNT\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ShellExecuteExW + 118 7CE52175 38 Bytes [ 15, DC, 18, E3, 7C, 89, 45, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ShellExecuteExW + 140 7CE5219D 215 Bytes [ 50, FF, 35, FC, CD, F4, 7C, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetInstanceExplorer + 17 7CE54C1D 57 Bytes [ 50, FF, 52, 1C, 85, C0, 7D, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetFileInfo + 2D 7CE54C57 24 Bytes [ 83, 1C, F3, A5, 33, C0, EB, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetFileInfo + 46 7CE54C70 19 Bytes [ 75, 0C, 50, FF, 51, 1C, EB, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetFileInfo + 5A 7CE54C84 66 Bytes [ 8B, 75, 10, 83, 7E, 04, 00, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetFileInfo + 9D 7CE54CC7 15 Bytes [ 59, 04, 89, 41, 08, 89, 45, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetFileInfo + AD 7CE54CD7 37 Bytes [ 00, 89, 45, F8, 8D, 42, 2C, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetPathFromIDList + 10 7CE54CFD 21 Bytes [ 78, F8, 3B, 7E, 08, 75, 52, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetPathFromIDList + 26 7CE54D13 5 Bytes [ 42, 8B, 31, 83, FE ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetPathFromIDList + 2C 7CE54D19 118 Bytes [ 74, 75, 83, FE, 04, 75, 36, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetPathFromIDList + A3 7CE54D90 61 Bytes [ 83, C2, 08, 52, FF, 15, 14, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetPathFromIDList + E2 7CE54DCF 1 Byte [ 50 ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractIconExW + 37 7CE54FFC 16 Bytes [ 00, FF, 75, 0C, 56, E8, 43, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractIconExW + 49 7CE5500E 7 Bytes [ 8B, C7, 5E, 5F, 5D, C2, 10 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractIconExW + 51 7CE55016 25 Bytes [ 8B, 44, 24, 04, 8B, C8, 2B, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractIconExW + 6B 7CE55030 130 Bytes [ 8B, C8, 2B, 4C, 24, 08, C7, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractIconExW + EE 7CE550B3 42 Bytes [ 45, 08, 8D, 48, 30, EB, 13, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ShellExecuteEx + D 7CE59628 107 Bytes [ 00, 89, 5D, F0, 89, 5D, F4, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ShellExecuteEx + 79 7CE59694 53 Bytes [ 1E, 83, 7D, FC, 00, 7C, 0D, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ShellExecuteEx + AF 7CE596CA 1 Byte [ 00 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ShellExecuteEx + B1 7CE596CC 2 Bytes [ 1C, 67 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ShellExecuteEx + B6 7CE596D1 29 Bytes [ 7D, 10, C7, 06, B0, 3B, E4, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHAddToRecentDocs + 15 7CE5A32B 1 Byte [ 08 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHAddToRecentDocs + 17 7CE5A32D 11 Bytes [ A8, 50, FF, FF, 8B, D8, 3B, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHAddToRecentDocs + 24 7CE5A33A 5 Bytes [ 00, 53, E8, 9B, 43 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHAddToRecentDocs + 2A 7CE5A340 3 Bytes [ FF, 57, 8D ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHAddToRecentDocs + 2E 7CE5A344 6 Bytes [ A8, EB, FF, FF, 68, 24 ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetNewLinkInfoW + 1C 7CE5A476 39 Bytes [ EC, 81, EC, 88, 02, 00, 00, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetNewLinkInfoW + 45 7CE5A49F 12 Bytes [ 50, 8D, 45, 80, 50, 56, FF, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetNewLinkInfoW + 52 7CE5A4AC 17 Bytes [ 00, 85, C0, 0F, 85, C4, 00, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetNewLinkInfoW + 65 7CE5A4BF 19 Bytes [ 75, 80, 8B, 45, 14, 8B, 7D, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetNewLinkInfoW + 79 7CE5A4D3 46 Bytes CALL 7CE5BF10 C:\WINNT\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHAppBarMessage + 11 7CE5AA2F 113 Bytes [ 75, F8, FF, 15, 88, 15, E3, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHAppBarMessage + 83 7CE5AAA1 4 Bytes [ 35, 88, CB, F4 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHAppBarMessage + 88 7CE5AAA6 43 Bytes [ FF, 15, DC, 10, E3, 7C, FF, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHAppBarMessage + B4 7CE5AAD2 38 Bytes [ 57, FF, 75, 14, FF, 75, 10, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHAppBarMessage + DB 7CE5AAF9 34 Bytes [ E3, 7C, FF, 75, 14, FF, 75, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetDesktopFolder + 19 7CE5E913 74 Bytes [ 50, FF, 11, 85, C0, 7C, 08, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetDesktopFolder + 64 7CE5E95E 98 Bytes [ 74, 24, 0C, 6A, 00, 68, 08, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetDesktopFolder + C7 7CE5E9C1 3 Bytes [ 51, 08, 56 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetDesktopFolder + CB 7CE5E9C5 3 Bytes [ 10, 00, 00 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetDesktopFolder + CF 7CE5E9C9 3 Bytes [ 8B, 76, 1C ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!InternalExtractIconListA 7CE62541 71 Bytes [ 8B, 03, 8D, 4D, 08, 51, 8D, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!InternalExtractIconListA + 48 7CE62589 138 Bytes [ 65, EC, 00, 8B, 45, E8, 8B, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!InternalExtractIconListA + D3 7CE62614 1 Byte [ 0C ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!InternalExtractIconListA + D9 7CE6261A 53 Bytes [ 83, 78, 04, 00, 75, 07, C7, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!InternalExtractIconListA + 110 7CE62651 11 Bytes CALL 05E62656
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetMalloc + 2B 7CE6503F 55 Bytes [ 76, 1C, FF, 15, E4, 11, E3, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetMalloc + 63 7CE65077 11 Bytes [ C0, 0F, 85, CC, 00, 00, 00, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetMalloc + 6F 7CE65083 82 Bytes [ 15, B4, 11, E3, 7C, 8D, 55, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetMalloc + 126 7CE6513A 36 Bytes [ 74, 0E, 6A, 00, 68, 2D, A9, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetMalloc + 14B 7CE6515F 68 Bytes [ 6A, 01, 58, C3, 33, C0, C3, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DragQueryFileW + 2 7CE661D1 20 Bytes [ 2B, F8, 66, 8B, 06, 66, 85, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DragQueryFileW + 18 7CE661E7 101 Bytes [ 6A, 2E, 5B, 66, 3B, C3, 75, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DragQueryFileAorW + 62 7CE6624D 40 Bytes [ 4D, 08, 83, 7D, 0C, 00, 8D, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DragQueryFileAorW + 8B 7CE66276 17 Bytes [ 4F, 66, 89, 08, 40, 40, 46, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DragQueryFileAorW + 9D 7CE66288 233 Bytes [ C9, 74, 24, 66, 83, F9, 5C, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DragQueryFileAorW + 187 7CE66372 26 Bytes JMP 7CE66414 C:\WINNT\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DragQueryFileAorW + 1A2 7CE6638D 79 Bytes [ 00, 00, 00, FF, 75, 08, 8B, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractIconEx 7CE70CFE 59 Bytes CALL 7CE4E652 C:\WINNT\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractIconEx + 3C 7CE70D3A 74 Bytes [ 83, 48, 01, 00, 00, 80, 0F, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractIconEx + 87 7CE70D85 23 Bytes [ 81, FF, 1C, 70, 00, 00, 0F, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractIconEx + 9F 7CE70D9D 30 Bytes [ 81, FF, 1F, 70, 00, 00, 0F, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractIconEx + BE 7CE70DBC 21 Bytes [ 00, 74, 13, 8D, 8B, 84, 01, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ShellAboutW + 8 7CE714CD 8 Bytes [ E0, 6A, 01, 50, 6A, 00, A5, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ShellAboutW + 11 7CE714D6 56 Bytes [ 83, BB, 1C, 04, 00, 00, 00, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ShellAboutA + 11 7CE7150F 8 Bytes [ 6A, FF, 8B, CB, E8, 08, 17, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ShellAboutA + 1A 7CE71518 33 Bytes [ 57, 57, 56, 8B, CB, E8, FE, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ShellAboutA + 3C 7CE7153A 6 Bytes [ 10, 85, C0, 0F, 8C, 5C ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ShellAboutA + 43 7CE71541 33 Bytes [ 00, 00, 8B, 45, 10, 33, C9, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ShellAboutA + 65 7CE71563 103 Bytes CALL 7CF338F9 C:\WINNT\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHQueryRecycleBinW + 2C 7CE73DC1 128 Bytes [ 0F, FF, 53, FF, 15, A4, 15, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHQueryRecycleBinA + 2D 7CE73E42 69 Bytes [ D7, 85, C0, 75, 7C, 39, 35, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHEmptyRecycleBinW + 42 7CE73E88 57 Bytes [ 1D, 56, 68, 14, 21, E3, 7C, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHEmptyRecycleBinA + 17 7CE73EC2 30 Bytes [ 04, 33, C0, EB, 08, 6A, 01, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHEmptyRecycleBinA + 36 7CE73EE1 82 Bytes [ 46, 04, 85, C0, 74, 03, 50, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHEmptyRecycleBinA + 89 7CE73F34 157 Bytes [ 33, ED, FF, D7, 39, 05, 74, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHEmptyRecycleBinA + 127 7CE73FD2 13 Bytes [ 7C, 8B, 35, C8, 15, E3, 7C, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHEmptyRecycleBinA + 135 7CE73FE0 70 Bytes [ D6, A1, 34, B0, F4, 7C, 83, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHUpdateRecycleBinIcon + 41 7CE7517A 2 Bytes [ 85, C0 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHUpdateRecycleBinIcon + 44 7CE7517D 2 Bytes [ 18, 39 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHUpdateRecycleBinIcon + 47 7CE75180 88 Bytes [ E6, 75, 13, 8B, 45, FC, 8B, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHUpdateRecycleBinIcon + A0 7CE751D9 97 Bytes [ D3, 39, 35, 3C, B0, F4, 7C, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHUpdateRecycleBinIcon + 102 7CE7523B 32 Bytes [ A8, FB, FF, FF, 50, 8D, 85, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHFreeNameMappings + 7C 7CE7C36E 29 Bytes CALL 7CE7C175 C:\WINNT\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHFreeNameMappings + 9A 7CE7C38C 3 Bytes [ 4D, A0, 51 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHFreeNameMappings + 9E 7CE7C390 4 Bytes CALL 7CE56CFB C:\WINNT\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHFreeNameMappings + A3 7CE7C395 11 Bytes JMP 7CE7C4E6 C:\WINNT\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHFreeNameMappings + AF 7CE7C3A1 89 Bytes [ 00, 00, B8, 04, 01, 00, 00, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHCreateDirectoryExW + 15 7CE7C8A2 37 Bytes [ E3, 7C, 85, C0, 74, 59, 8D, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHCreateDirectoryExW + 3B 7CE7C8C8 22 Bytes [ 00, FF, 35, FC, CD, F4, 7C, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHCreateDirectoryExW + 53 7CE7C8E0 16 Bytes [ 50, 8D, 45, 80, 50, 8D, 85, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHCreateDirectoryExW + 64 7CE7C8F1 20 Bytes [ 33, FF, 8D, 85, 60, F9, FF, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHCreateDirectoryExW + 79 7CE7C906 7 Bytes [ DC, 1D, E3, 7C, EB, 40, 33 ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHCreateDirectoryExA + 34 7CE7CA2E 148 Bytes [ 09, 48, 38, 89, 48, 30, C7, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHCreateDirectoryExA + C9 7CE7CAC3 149 Bytes [ B4, 8B, 45, 28, 6A, 01, 89, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHCreateDirectoryExA + 160 7CE7CB5A 7 Bytes [ F6, 45, 1E, 10, 89, 45, D8 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHCreateDirectoryExA + 168 7CE7CB62 114 Bytes [ 24, 39, 5D, 0C, 74, 1F, 8B, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHCreateDirectoryExA + 1DB 7CE7CBD5 64 Bytes [ 1E, E3, 7C, 83, F8, 06, 0F, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHFileOperationW + 43 7CE80138 3 Bytes [ 00, 01, 00 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHFileOperationW + 48 7CE8013D 19 Bytes [ 8D, 7E, 58, 56, 57, 89, 5D, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHFileOperationW + 5C 7CE80151 19 Bytes [ 0F, 00, 00, 81, F9, 00, 04, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHFileOperationW + 70 7CE80165 184 Bytes [ 70, 04, 0F, B6, 07, 50, 8D, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHFileOperationW + 129 7CE8021E 66 Bytes [ 74, 32, 81, 3F, 00, 02, 00, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHFileOperation + 2E 7CE8048F 55 Bytes [ FF, 83, 7D, 08, 03, 0F, 84, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHFileOperation + 66 7CE804C7 34 Bytes [ 8B, 86, 98, 00, 00, 00, 85, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHFileOperation + 89 7CE804EA 12 Bytes [ 66, C7, 40, 0C, 10, 00, FF, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHFileOperation + 96 7CE804F7 23 Bytes [ 00, 83, 66, 20, 00, E9, 1D, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHFileOperation + AE 7CE8050F 7 Bytes [ FF, 6A, 50, 50, FF, 75, 0C ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!Control_RunDLL + 19 7CE81E9A 17 Bytes [ 75, FC, FF, 75, 08, FF, D3, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!Control_RunDLL + 2B 7CE81EAC 12 Bytes [ 75, 08, FF, 15, 08, 10, E3, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!Control_RunDLL + 39 7CE81EBA 1 Byte [ 04 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!Control_RunDLLW + 5 7CE81EC1 2 Bytes [ 08, 02 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!Control_RunDLLW + 9 7CE81EC5 12 Bytes [ 53, 56, 57, 8B, 7D, 08, 33, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!Control_RunDLLW + 17 7CE81ED3 52 Bytes CALL 7CE81D85 C:\WINNT\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!Control_RunDLLAsUserW + 11 7CE81F08 95 Bytes [ 15, AC, 11, E3, 7C, 33, DB, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!Control_RunDLLAsUserW + 73 7CE81F6A 34 Bytes [ 50, FF, 75, 24, FF, 15, 74, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!Control_RunDLLAsUserW + 96 7CE81F8D 19 Bytes [ 75, 10, 56, FF, 50, 0C, 8B, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!Control_RunDLLAsUserW + AA 7CE81FA1 102 Bytes [ FF, EB, 03, 6A, 06, 58, 5F, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!Control_FillCache_RunDLL + 58 7CE82008 83 Bytes [ 00, 56, 57, 8B, 7C, 24, 0C, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!Control_FillCache_RunDLL + AC 7CE8205C 11 Bytes CALL 7CE825E8 C:\WINNT\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!Control_FillCache_RunDLL + B8 7CE82068 53 Bytes [ 14, 74, 0A, 8B, 4D, FC, 6A, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!Control_FillCache_RunDLLW + 11 7CE8209E 10 Bytes [ 37, 50, FF, 15, 70, 15, E3, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!Control_FillCache_RunDLLW + 1C 7CE820A9 185 Bytes [ 5B, 8B, 47, 04, 66, 83, 38, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!Control_FillCache_RunDLLW + D6 7CE82163 59 Bytes [ FF, 75, 08, FF, 15, BC, 1A, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!Control_FillCache_RunDLLW + 112 7CE8219F 3 Bytes [ 10, 98, E3 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!Control_FillCache_RunDLLW + 116 7CE821A3 9 Bytes [ 33, C0, F3, A6, 74, 3A, 8B, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractIconW + 8 7CE87A2E 29 Bytes [ 15, 7C, 19, E3, 7C, 8B, 45, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractIconW + 26 7CE87A4C 20 Bytes CALL 7CEB32D3 C:\WINNT\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractIconW + 3C 7CE87A62 1 Byte [ 18 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractIconW + 3F 7CE87A65 44 Bytes [ 14, FF, 75, 10, FF, 36, E8, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractAssociatedIconW + 20 7CE87A92 12 Bytes [ FF, 51, 18, EB, 05, B8, 01, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractAssociatedIconW + 2D 7CE87A9F 40 Bytes [ 8B, 44, 24, 04, 8B, 40, 1C, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractAssociatedIconW + 56 7CE87AC8 32 Bytes [ 50, FF, 51, 20, EB, 0B, 8B, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHExtractIconsW + 20 7CE87AE9 64 Bytes [ 74, 24, 0C, 8B, 08, FF, 74, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DuplicateIcon + 3D 7CE87B2A 30 Bytes [ 80, C2, 10, 00, 55, 8B, EC, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DuplicateIcon + 5C 7CE87B49 35 Bytes [ 2C, EB, 0B, 8B, 45, 14, 83, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DuplicateIcon + 80 7CE87B6D 22 Bytes [ 74, 24, 0C, 50, FF, 51, 30, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DuplicateIcon + 97 7CE87B84 2 Bytes [ 00, 8B ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DuplicateIcon + 9A 7CE87B87 14 Bytes [ 24, 04, 8B, 40, 1C, 85, C0, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!FreeIconList + 12 7CE87CC8 142 Bytes [ 45, FC, 74, 5C, 8B, 45, 08, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractIconA + 47 7CE87D57 110 Bytes CALL 02656074
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!InternalExtractIconListW + 59 7CE87DC6 15 Bytes [ C7, EB, AC, 55, 8B, EC, 51, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!InternalExtractIconListW + 69 7CE87DD6 48 Bytes [ 10, 50, 68, 80, 43, E3, 7C, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!InternalExtractIconListW + 9A 7CE87E07 131 Bytes [ 0A, B8, 05, 40, 00, 80, E9, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractVersionResource16W + 10 7CE87E8B 14 Bytes [ 00, FF, 75, FC, 53, FF, 15, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractVersionResource16W + 1F 7CE87E9A 120 Bytes [ 00, FF, 75, FC, 53, E8, B3, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractVersionResource16W + 98 7CE87F13 60 Bytes [ FF, 66, 8B, 83, BE, 08, 00, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractVersionResource16W + D5 7CE87F50 9 Bytes [ 00, 04, 8D, 45, 08, 8D, B3, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractVersionResource16W + E0 7CE87F5B 21 Bytes [ 50, 56, 51, 51, DD, 1C, 24, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractIconResInfoW + 3A 7CE88065 169 Bytes CALL 7CE5E3B4 C:\WINNT\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractIconResInfoW + E4 7CE8810F 7 Bytes [ 00, F0, 66, 89, BE, 98, 06 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractIconResInfoW + EC 7CE88117 33 Bytes [ 00, 66, 89, BE, B8, 08, 00, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractIconResInfoW + 10E 7CE88139 11 Bytes [ 89, BE, A8, 08, 00, 00, C7, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractIconResInfoW + 11A 7CE88145 77 Bytes [ 02, 00, 00, 00, 5F, 33, C0, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractIconResInfoA + 4 7CE8843B 10 Bytes [ FB, 0A, 0F, 8E, F2, 03, 00, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractIconResInfoA + F 7CE88446 109 Bytes CALL 7CF43889 C:\WINNT\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractAssociatedIconExW + 18 7CE884B4 72 Bytes [ AF, F6, 8B, C8, 89, 45, F8, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractAssociatedIconExW + 61 7CE884FD 119 Bytes [ 0F, AF, DB, 8B, C8, 89, 45, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractAssociatedIconExW + D9 7CE88575 14 Bytes [ D3, 8D, 04, 3E, 8B, 3D, D8, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractAssociatedIconExW + E8 7CE88584 6 Bytes [ 75, D4, 56, FF, 75, CC ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractAssociatedIconExW + EF 7CE8858B 40 Bytes CALL CD3945C3
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractAssociatedIconExA + 5 7CE8861C 43 Bytes [ 75, F8, FF, D7, 6A, 01, 50, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractAssociatedIconExA + 31 7CE88648 75 Bytes [ E4, FF, D6, FF, 75, F0, FF, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractAssociatedIconExA + 7F 7CE88696 67 Bytes [ FF, D7, 83, 7D, 14, 00, 89, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractAssociatedIconExA + C4 7CE886DB 1 Byte [ 75 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractAssociatedIconExA + C6 7CE886DD 20 Bytes [ FF, 75, D8, FF, 75, D4, FF, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractAssociatedIconA + F 7CE886F2 48 Bytes [ EB, 69, 8B, 45, 1C, FF, 30, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractAssociatedIconA + 40 7CE88723 12 Bytes [ D7, FF, 75, EC, FF, D6, 8B, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractAssociatedIconA + 4D 7CE88730 15 Bytes [ D3, 8B, D8, 53, FF, 75, 08, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractAssociatedIconA + 5D 7CE88740 2 Bytes [ 75, F8 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ExtractAssociatedIconA + 60 7CE88743 5 Bytes [ 75, F4, FF, 75, CC ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DoEnvironmentSubstA + 1A 7CE887C2 70 Bytes [ D3, FF, 75, E0, FF, 75, CC, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DoEnvironmentSubstW + 7 7CE88809 7 Bytes [ 45, FC, 8B, 4D, 18, 03, C1 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DoEnvironmentSubstW + F 7CE88811 32 Bytes [ FF, 75, F8, FF, 75, 08, FF, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DoEnvironmentSubstW + 30 7CE88832 36 Bytes [ B0, 0B, 00, 5F, 5E, 5B, C9, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DoEnvironmentSubstW + 55 7CE88857 47 Bytes [ 45, FC, 01, 00, 00, 00, 66, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DoEnvironmentSubstW + 85 7CE88887 32 Bytes [ 10, 56, FF, 15, C4, 18, E3, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!OpenAs_RunDLL + 17 7CE8A8D5 37 Bytes CALL 7CEB2510 C:\WINNT\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!OpenAs_RunDLL + 3D 7CE8A8FB 12 Bytes [ 15, 88, 15, E3, 7C, 33, C0, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!OpenAs_RunDLL + 4A 7CE8A908 18 Bytes [ 56, 8B, 74, 24, 0C, 57, 8B, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!OpenAs_RunDLL + 5D 7CE8A91B 37 Bytes [ 57, FF, 15, 98, 18, E3, 7C, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!OpenAs_RunDLLW + 8 7CE8A942 70 Bytes [ 85, C0, 7C, 18, 81, C6, 08, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!OpenAs_RunDLLW + 4F 7CE8A989 29 Bytes [ 15, 90, 18, E3, 7C, 8B, F0, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!OpenAs_RunDLLW + 6D 7CE8A9A7 47 Bytes [ 00, 00, 83, 65, FC, 00, 8D, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!OpenAs_RunDLLW + 9D 7CE8A9D7 37 Bytes [ 86, 10, 04, 00, 00, A8, 01, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!OpenAs_RunDLLW + C3 7CE8A9FD 32 Bytes [ 00, 50, 6A, 02, 51, FF, 15, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHChangeNotifySuspendResume + 91 7CE8C464 6 Bytes [ 46, 0C, C7, 45, FC, 01 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHChangeNotifySuspendResume + 99 7CE8C46C 38 Bytes [ 00, 83, 7D, F8, 00, 74, 06, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHChangeNotifySuspendResume + C1 7CE8C494 140 Bytes [ FF, 15, A4, 15, E3, 7C, 8B, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHChangeNotifySuspendResume + 14E 7CE8C521 128 Bytes [ EB, 02, 33, F6, 8B, 47, 20, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHChangeNotifySuspendResume + 1CF 7CE8C5A2 12 Bytes CALL 7CE4EC7F C:\WINNT\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetNewLinkInfo + 41 7CE8DF69 12 Bytes [ 00, 8B, 45, 08, 89, 45, E0, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetNewLinkInfo + 57 7CE8DF7F 144 Bytes [ 89, 45, EC, 33, C0, 8D, 7D, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetNewLinkInfo + E9 7CE8E011 25 Bytes [ 83, 65, FC, 00, 53, 56, 8B, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetNewLinkInfo + 104 7CE8E02C 15 Bytes [ 0C, 85, C0, 74, 63, 66, 83, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetNewLinkInfo + 114 7CE8E03C 8 Bytes [ FF, 57, 51, 50, E8, 25, 18, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetDataFromIDListW + 23 7CE90350 53 Bytes [ 00, 8B, 45, F8, 8D, 95, B0, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetDataFromIDListW + 59 7CE90386 109 Bytes [ 00, 00, 8B, 45, 84, 50, 8B, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetDataFromIDListW + C7 7CE903F4 65 Bytes [ 7F, FF, 73, 68, FF, 15, B0, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetDataFromIDListA + 29 7CE90436 3 Bytes JMP 7CE9030F C:\WINNT\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetDataFromIDListA + 2D 7CE9043A 10 Bytes [ FF, FF, 75, F4, FF, 15, 08, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetDataFromIDListA + 38 7CE90445 28 Bytes [ 43, 68, 39, 30, 75, 03, 89, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetDataFromIDListA + 55 7CE90462 5 Bytes [ 57, 33, C0, 39, 45 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetDataFromIDListA + 5B 7CE90468 43 Bytes [ B9, 86, 00, 00, 00, 8B, FE, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 16 7CE90549 15 Bytes [ AB, 8B, 45, D8, 52, 8D, 95, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 26 7CE90559 14 Bytes [ 51, 14, 3B, C3, 74, 20, FF, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 35 7CE90568 45 Bytes [ 50, FF, 75, 08, FF, 75, 10, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 63 7CE90596 59 Bytes CALL 7CE83659 C:\WINNT\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 9F 7CE905D2 168 Bytes [ 33, C0, 8D, 7D, E0, AB, AB, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetDiskFreeSpaceA + 14 7CE93A6E 2 Bytes [ 6A, 14 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetDiskFreeSpaceA + 17 7CE93A71 7 Bytes [ 74, 24, 1C, E8, 13, A7, FD ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetDiskFreeSpaceA + 1F 7CE93A79 41 Bytes [ 50, 8B, 44, 24, 1C, 05, B2, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetDiskFreeSpaceA + 49 7CE93AA3 12 Bytes [ 45, 18, 53, 56, 33, F6, 89, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetDiskFreeSpaceA + 56 7CE93AB0 34 Bytes [ FF, 57, 8B, 7D, 0C, 50, FF, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHHelpShortcuts_RunDLL + 29 7CE95155 5 Bytes [ 03, 46, 33, FF, 40 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHHelpShortcuts_RunDLL + 2F 7CE9515B 102 Bytes [ 45, 0C, 3B, 45, 10, 7E, B6, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHHelpShortcuts_RunDLLW + 46 7CE951C2 55 Bytes [ FF, 15, 1C, 18, E3, 7C, 8B, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHHelpShortcuts_RunDLLW + 7E 7CE951FA 13 Bytes [ 4F, 85, C0, 0F, 84, FC, 01, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHHelpShortcuts_RunDLLW + 8C 7CE95208 18 Bytes [ F8, 75, 03, 8B, 7D, F8, 85, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHHelpShortcuts_RunDLLW + 9F 7CE9521B 31 Bytes [ 05, 80, 3E, 5C, 74, 26, C6, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHHelpShortcuts_RunDLLW + BF 7CE9523B 81 Bytes [ 7F, EC, 8A, CB, 2A, C8, FE, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!FindExeDlgProc + 10 7CE9B41B 101 Bytes [ 6A, 01, FF, 75, 0C, FF, D7, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!FindExeDlgProc + 76 7CE9B481 111 Bytes CALL 1C6DC3AE
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!FindExeDlgProc + E6 7CE9B4F1 23 Bytes [ 74, 1C, 3D, 59, 38, 00, 00, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!FindExeDlgProc + FE 7CE9B509 3 Bytes JMP 7CE9B5DC C:\WINNT\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!FindExeDlgProc + 102 7CE9B50D 39 Bytes [ 00, 00, 8D, 83, 9C, 0D, 00, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetFolderPathA + B 7CE9E47B 37 Bytes [ FF, 75, 36, 53, FF, 15, E0, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetFolderPathA + 31 7CE9E4A1 2 Bytes [ 75, 08 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetFolderPathA + 34 7CE9E4A4 79 Bytes [ D7, 83, C4, 0C, C7, 45, 10, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetSpecialFolderPathA + 44 7CE9E4F4 140 Bytes [ EB, 10, C7, 45, 10, 64, 00, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetSpecialFolderPathA + D1 7CE9E581 41 Bytes [ 41, FE, 3B, D0, 75, 16, 66, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetSpecialFolderPathA + FB 7CE9E5AB 68 Bytes [ 00, 00, 8B, 45, FC, 03, C6, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetSpecialFolderPathA + 140 7CE9E5F0 48 Bytes [ 50, FF, 15, E0, 15, E3, 7C, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetSpecialFolderPathA + 171 7CE9E621 147 Bytes [ FF, 8D, 46, 01, 50, FF, 75, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHInvokePrinterCommandA + 2D 7CEA2F99 19 Bytes [ 83, C0, 0C, 56, 50, 8D, 85, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHInvokePrinterCommandA + 41 7CEA2FAD 16 Bytes [ D7, 8B, 45, 10, 56, 83, C0, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHInvokePrinterCommandA + 52 7CEA2FBE 6 Bytes [ D7, 8B, 5D, 14, 81, E3 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHInvokePrinterCommandA + 59 7CEA2FC5 3 Bytes [ FF, 00, 00 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHInvokePrinterCommandA + 5D 7CEA2FC9 5 Bytes [ 18, 8D, 85, E8, FD ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!PrintersGetCommand_RunDLL + 36 7CEA30A2 175 Bytes [ FC, FF, 75, F8, FF, 15, B0, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!PrintersGetCommand_RunDLLW + 96 7CEA3152 101 Bytes [ FF, D3, 85, C0, 75, 06, 83, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!PrintersGetCommand_RunDLLW + FC 7CEA31B8 11 Bytes [ 00, 00, 48, 74, 5B, 83, E8, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!PrintersGetCommand_RunDLLW +

Réponse 278 / 282

Lyonnais92 Messages postés 25159 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 537

Re,

tu es sûre que le rapport gmer est complet ?

Réponse 279 / 282

lachoukrate Messages postés 234 Date d'inscription Statut Membre Dernière intervention 2

.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!PrintersGetCommand_RunDLLW + 108 7CEA31C4 24 Bytes [ 06, 74, 0A, BE, 01, 40, 00, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!PrintersGetCommand_RunDLLW + 121 7CEA31DD 5 Bytes [ 75, 1C, 05, 00, 12 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!PrintersGetCommand_RunDLLW + 128 7CEA31E4 15 Bytes [ 50, FF, 35, FC, CD, F4, 7C, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DragQueryPoint + 4 7CEA4744 71 Bytes [ 35, FC, CD, F4, 7C, E8, BE, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DragQueryPoint + 4C 7CEA478C 65 Bytes [ EC, 81, EC, 20, 08, 00, 00, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DragFinish + 1B 7CEA47D0 68 Bytes [ 8D, 85, F0, FB, FF, FF, 68, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DragFinish + 60 7CEA4815 8 Bytes [ FF, 00, 00, FF, 15, 00, 1B, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DragFinish + 69 7CEA481E 33 Bytes [ 6A, 01, 58, 5E, C9, C2, 04, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DragFinish + 8B 7CEA4840 15 Bytes [ 8D, 45, F8, 50, 57, 57, FF, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DragFinish + 9B 7CEA4850 55 Bytes [ 55, 14, 8B, 1D, CC, 15, E3, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DllRegisterServer + B 7CEA5020 58 Bytes [ 55, 8B, EC, 56, 57, 6A, 1C, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DllRegisterServer + 46 7CEA505B 46 Bytes [ 89, 46, 18, 74, 0C, 8D, 46, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DllRegisterServer + 75 7CEA508A 18 Bytes [ C7, 45, 08, 0E, 00, 07, 80, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DllRegisterServer + 88 7CEA509D 18 Bytes [ 53, 56, 8B, 75, 08, 57, 8B, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DllRegisterServer + 9B 7CEA50B0 91 Bytes [ 75, 10, 68, 64, 01, 00, 00, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!RealShellExecuteExA + 44 7CEA6998 172 Bytes [ 74, 30, FF, 75, 10, 6A, 01, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!RealShellExecuteExW + 4B 7CEA6A45 30 Bytes [ F0, 8D, 45, D4, 89, 5D, F8, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!RealShellExecuteExW + 6A 7CEA6A64 29 Bytes [ 0B, 8B, 08, 8B, 40, 04, 89, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!RealShellExecuteExW + 88 7CEA6A82 300 Bytes [ FF, 35, FC, CD, F4, 7C, 50, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ShellExecuteA + 43 7CEA6BAF 66 Bytes [ FF, 36, FF, D3, 85, C0, 89, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ShellExecuteA + 87 7CEA6BF3 64 Bytes [ FF, 36, FF, 15, 28, 16, E3, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ShellExecuteA + C8 7CEA6C34 52 Bytes [ 85, C0, 0F, 84, 83, 00, 00, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ShellExecuteA + FD 7CEA6C69 66 Bytes [ 47, 01, 50, 56, FF, 15, 94, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ShellExecuteA + 140 7CEA6CAC 12 Bytes [ 75, FC, FF, 15, 4C, 1A, E3, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!FindExecutableW + C1 7CEA7948 19 Bytes [ 0F, 94, C1, 8B, C1, 5F, 5E, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!FindExecutableW + D5 7CEA795C 4 Bytes [ 08, 83, 65, E4 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!FindExecutableW + DA 7CEA7961 43 Bytes [ 89, 45, CC, 8B, 45, 0C, 89, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!FindExecutableA + 15 7CEA798D 278 Bytes [ C7, 45, C4, 3C, 00, 00, 00, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!FindExecutableA + 12D 7CEA7AA5 50 Bytes [ FF, 75, 2C, FF, 75, 28, FF, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!FindExecutableA + 160 7CEA7AD8 26 Bytes [ 75, 24, FF, 75, 20, FF, 75, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!FindExecutableA + 17B 7CEA7AF3 185 Bytes [ FF, 5D, C2, 28, 00, 55, 8B, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!FindExecutableA + 235 7CEA7BAD 14 Bytes [ 00, 00, BE, 00, 02, 00, 00, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!Shell_NotifyIconW + 41 7CEA8125 77 Bytes [ 6A, 59, 50, FF, 15, B4, 19, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!Shell_NotifyIconW + 8F 7CEA8173 30 Bytes [ FF, 85, C0, 0F, 84, 26, 01, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!Shell_NotifyIconW + AE 7CEA8192 14 Bytes [ 75, 18, 50, FF, D7, 6A, 08, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!Shell_NotifyIconW + BE 7CEA81A2 1 Byte [ B8 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!Shell_NotifyIconW + C0 7CEA81A4 183 Bytes [ 8D, 45, D8, 50, 8D, 85, AC, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!Shell_NotifyIcon + 7A 7CEA825D 6 Bytes [ 83, 7D, F8, 00, 74, 3F ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!Shell_NotifyIcon + 81 7CEA8264 5 Bytes [ 4D, 14, 8B, 45, D0 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!Shell_NotifyIcon + 87 7CEA826A 66 Bytes [ 41, 04, 8B, 45, 0C, 89, 41, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!Shell_NotifyIcon + CC 7CEA82AF 9 Bytes CALL 4645E113
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!Shell_NotifyIcon + D6 7CEA82B9 9 Bytes [ 55, 8B, EC, 51, 83, 65, FC, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHLoadInProc + 2E 7CEA8313 17 Bytes [ FF, 15, 08, 10, E3, 7C, 8B, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHLoadInProc + 40 7CEA8325 97 Bytes [ 55, 8B, EC, 56, FF, 75, 0C, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHLoadInProc + A2 7CEA8387 1 Byte [ 15 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHLoadInProc + A4 7CEA8389 22 Bytes [ 19, E3, 7C, 83, C4, 10, 8D, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHLoadInProc + BB 7CEA83A0 33 Bytes [ 15, C0, 10, E3, 7C, 8B, 45, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!CheckEscapesW + 2B 7CEAA25A 2 Bytes [ 38, 00 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!CheckEscapesW + 2E 7CEAA25D 97 Bytes [ 0E, 83, 20, 00, 6A, 00, FF, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!CheckEscapesW + 91 7CEAA2C0 58 Bytes [ 00, FF, 35, FC, CD, F4, 7C, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!CheckEscapesA + 30 7CEAA2FB 41 Bytes [ 80, 68, 08, 30, E3, 7C, 53, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!CheckEscapesA + 5A 7CEAA325 125 Bytes [ 15, F0, 19, E3, 7C, FF, 75, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!CheckEscapesA + D8 7CEAA3A3 22 Bytes [ 24, 08, 56, FF, 56, 14, 56, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!CheckEscapesA + EF 7CEAA3BA 113 Bytes [ 74, 08, FF, 05, EC, CE, F4, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!CheckEscapesA + 161 7CEAA42C 22 Bytes CALL 7C6798FF
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!CommandLineToArgvW + 1F 7CEAA524 83 Bytes [ 15, D0, 11, E3, 7C, 57, FF, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!CommandLineToArgvW + 73 7CEAA578 18 Bytes [ 85, F8, FD, FF, FF, F7, DE, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!CommandLineToArgvW + 86 7CEAA58B 3 Bytes [ 00, 50, 56 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!CommandLineToArgvW + 8A 7CEAA58F 238 Bytes [ 35, FC, CD, F4, 7C, FF, 15, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!CommandLineToArgvW + 179 7CEAA67E 60 Bytes CALL 7CE5A3FB C:\WINNT\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!RegenerateUserEnvironment + 34 7CEAB618 49 Bytes [ 55, FF, 15, 88, 15, E3, 7C, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!RegenerateUserEnvironment + 66 7CEAB64A 28 Bytes [ 0C, 3B, C7, 0F, 84, FD, 00, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!RegenerateUserEnvironment + 83 7CEAB667 100 Bytes [ FF, D3, 68, 00, 10, 00, 00, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!RegenerateUserEnvironment + E9 7CEAB6CD 64 Bytes [ 68, 44, A0, E3, 7C, FF, 75, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!RegenerateUserEnvironment + 12A 7CEAB70E 13 Bytes [ 50, FF, 15, AC, 15, E3, 7C, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHFormatDrive + C 7CEAC79B 40 Bytes [ E4, 50, 53, 68, 74, 78, E3, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHFormatDrive + 35 7CEAC7C4 3 Bytes [ 85, B0, DF ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHFormatDrive + 3A 7CEAC7C9 32 Bytes [ 6A, 01, 50, 8D, 45, FC, 68, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHFormatDrive + 5B 7CEAC7EA 26 Bytes [ FF, 50, 8D, 45, E4, 50, 6A, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHFormatDrive + 76 7CEAC805 10 Bytes [ FF, 56, 50, 8D, 85, B4, EF, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheGetPathOffsetW + 23 7CEAD243 162 Bytes [ 00, 00, C7, 44, 24, 10, 01, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheGetDirW + 56 7CEAD2E6 50 Bytes [ 53, 55, FF, 76, 10, FF, D7, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheGetDirA + 9 7CEAD319 76 Bytes [ 33, DB, EB, 08, C7, 44, 24, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheChangeDirW + 8 7CEAD366 99 Bytes JMP EAC3257C
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheChangeDirW + 6C 7CEAD3CA 49 Bytes CALL 7CEACBC3 C:\WINNT\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheChangeDirW + 9E 7CEAD3FC 29 Bytes [ 10, C7, 45, FC, C0, A3, E3, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheChangeDirW + BC 7CEAD41A 7 Bytes [ 76, 10, FF, D7, 8B, 84, 86 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheChangeDirW + C4 7CEAD422 51 Bytes [ 04, 00, 00, 53, 53, 68, 47, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheChangeDirExW + 4D 7CEAD568 11 Bytes CALL 6E6EE495
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheChangeDirExW + 5A 7CEAD575 43 Bytes [ 00, 0F, 84, BC, 01, 00, 00, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheChangeDirExW + 86 7CEAD5A1 4 Bytes [ 00, FF, 76, 10 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheChangeDirExW + 8B 7CEAD5A6 145 Bytes [ 15, 00, 1E, E3, 7C, 56, E8, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheChangeDirExW + 11D 7CEAD638 96 Bytes [ FF, 75, 14, FF, D3, 89, 46, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheChangeDirExA + 34 7CEAD7BC 31 Bytes [ B9, 2D, 01, 00, 00, 33, C0, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheGetCurDrive + 16 7CEAD7DC 40 Bytes [ FF, 85, C0, 75, 53, 8D, 45, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheSetCurDrive + 1E 7CEAD805 13 Bytes [ 15, 10, 1E, E3, 7C, 8B, 85, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheSetCurDrive + 2C 7CEAD813 50 Bytes [ 15, 28, 16, E3, 7C, 83, BD, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheFullPathA + 25 7CEAD846 23 Bytes [ F6, FF, 15, A8, 15, E3, 7C, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheFullPathA + 3D 7CEAD85E 1 Byte [ BB ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheFullPathA + 3F 7CEAD860 45 Bytes [ 00, 07, 80, 75, 2A, FF, 15, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheFullPathA + 6D 7CEAD88E 95 Bytes [ 00, 85, F6, 75, 30, FF, 74, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheFullPathW + 7 7CEAD8EE 18 Bytes [ 45, 0C, F7, D8, 1B, C0, 05, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheFullPathW + 1A 7CEAD901 63 Bytes [ 15, 0C, 1E, E3, 7C, 8B, 75, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheFullPathW + 5A 7CEAD941 4 Bytes [ 35, 68, CF, F4 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheFullPathW + 5F 7CEAD946 25 Bytes [ 33, DB, 89, 7D, F8, 89, 5D, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheFullPathW + 79 7CEAD960 3 Bytes [ 46, 18, 01 ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheGetDirExW + 8 7CEAD99F 11 Bytes [ 01, 00, 53, 68, 8A, 70, 00, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheGetDirExW + 14 7CEAD9AB 22 Bytes [ 35, FC, CD, F4, 7C, E8, 57, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheGetDirExW + 2B 7CEAD9C2 84 Bytes [ 01, C7, 46, 28, 01, 00, 00, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheGetDirExW + 80 7CEADA17 7 Bytes [ 35, FC, CD, F4, 7C, E8, EB ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheGetDirExW + 88 7CEADA1F 13 Bytes [ 09, 00, 83, C4, 14, 68, 54, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheShortenPathA + 23 7CEADAC7 32 Bytes [ FF, 6A, 64, 50, 68, 8D, 70, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheShortenPathA + 44 7CEADAE8 6 Bytes [ 50, 8D, 85, 68, FE, FF ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheShortenPathA + 4B 7CEADAEF 2 Bytes [ 50, FF ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheShortenPathA + 4E 7CEADAF2 18 Bytes [ EC, 1D, E3, 7C, 83, C4, 0C, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheShortenPathW + 8 7CEADB05 14 Bytes [ FF, 76, 20, FF, D7, 50, FF, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheShortenPathW + 17 7CEADB14 6 Bytes [ 06, 33, DB, 39, 5D, FC ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheShortenPathW + 1E 7CEADB1B 172 Bytes [ 28, 39, 5E, 28, 75, 23, 0F, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheShortenPathW + CB 7CEADBC8 30 Bytes [ 00, FF, D6, 25, FF, FF, 00, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheShortenPathW + EB 7CEADBE8 6 Bytes [ 53, 53, 68, F0, 00, 00 ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheConvertPathW + 4B 7CEADF95 29 Bytes [ FF, FF, 53, 56, 57, 33, DB, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheConvertPathW + 69 7CEADFB3 3 Bytes [ FF, 65, 00 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheConvertPathW + 6D 7CEADFB7 9 Bytes [ 00, FF, 75, 0C, 89, 9D, 54, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheConvertPathW + 77 7CEADFC1 10 Bytes [ 89, 9D, 5C, FD, FF, FF, 89, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SheConvertPathW + 82 7CEADFCC 17 Bytes [ FF, 89, 9D, 64, FD, FF, FF, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!StrCpyNA + 16 7CEAE099 141 Bytes [ 15, 94, 15, E3, 7C, 8B, F8, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!StrNCmpW + 6F 7CEAE127 15 Bytes [ 15, CC, 15, E3, 7C, EB, 03, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!StrNCmpA + 2 7CEAE137 150 Bytes [ 85, 5C, FD, FF, FF, FF, 30, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!StrNCmpIW + 28 7CEAE1CE 232 Bytes [ 8B, 45, FC, 5F, 5E, 5B, C9, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!StrNCpyW + 3B 7CEAE2B7 20 Bytes [ 83, 65, FE, 00, 57, 8D, 78, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!StrNCpyA + D 7CEAE2CC 92 Bytes [ FA, 66, C7, 45, FC, 3A, 00, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!StrRStrW + 21 7CEAE329 25 Bytes [ FF, 57, 50, FF, 75, 08, E8, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!StrRStrW + 3B 7CEAE343 9 Bytes [ F8, FD, FF, FF, FF, 75, 0C, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!StrRStrW + 45 7CEAE34D 4 Bytes [ 6A, 00, 6A, 00 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!StrRStrW + 4A 7CEAE352 19 Bytes [ 15, 2C, 15, E3, 7C, 8B, C7, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!StrRStrA 7CEAE366 16 Bytes [ 00, 53, 56, 8D, 85, E4, FB, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!StrRStrA + 11 7CEAE377 7 Bytes [ 15, 54, 15, E3, 7C, 0F, B7 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!StrRStrA + 19 7CEAE37F 162 Bytes [ E4, FB, FF, FF, 8B, 3D, D8, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!StrRStrA + BC 7CEAE422 83 Bytes CALL 7CF43394 C:\WINNT\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!StrRStrA + 110 7CEAE476 52 Bytes [ 50, FF, 15, B4, 13, E3, 7C, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetSettings + 25 7CEAF199 13 Bytes [ 75, 0C, FF, 75, 08, FF, 15, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetSettings + 35 7CEAF1A9 44 Bytes [ 53, 33, C0, 56, 8B, 75, 08, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetSettings + 62 7CEAF1D6 11 Bytes [ 8B, 0F, 66, 89, 07, FF, 75, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetSettings + 6E 7CEAF1E2 7 Bytes [ 66, 89, 06, E8, C2, 41, 09 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetSettings + 76 7CEAF1EA 77 Bytes [ 59, 66, 89, 1E, 59, 66, 8B, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHPathPrepareForWriteW + F 7CEB30AE 16 Bytes [ 00, 8D, 85, F8, FD, FF, FF, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHPathPrepareForWriteW + 20 7CEB30BF 58 Bytes [ E3, 7C, 8B, 45, 08, 66, 8B, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHPathPrepareForWriteW + 5B 7CEB30FA 2 Bytes [ FF, FF ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHPathPrepareForWriteW + 5E 7CEB30FD 17 Bytes [ 85, F8, FD, FF, FF, 50, FF, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHPathPrepareForWriteW + 70 7CEB310F 62 Bytes [ 8D, 85, F8, FD, FF, FF, 50, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHPathPrepareForWriteA + 16 7CEB314E 8 Bytes [ 10, 75, 1B, 83, BD, CC, FD, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHPathPrepareForWriteA + 1F 7CEB3157 7 Bytes [ 00, 75, 12, 83, BD, D0, FD ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHPathPrepareForWriteA + 27 7CEB315F 2 Bytes [ FF, 00 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHPathPrepareForWriteA + 2A 7CEB3162 1 Byte [ 09 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHPathPrepareForWriteA + 2E 7CEB3166 25 Bytes [ FF, 15, 50, 15, E3, 7C, C9, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHBindToParent + 11 7CEB3180 3 Bytes [ 4E, FF, FF ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHBindToParent + 15 7CEB3184 35 Bytes [ 68, 48, CA, E3, 7C, E8, 44, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHBindToParent + 39 7CEB31A8 38 Bytes [ 8D, 85, F8, FD, FF, FF, 50, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHBindToParent + 61 7CEB31D0 4 Bytes [ 15, 00, 16, E3 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHBindToParent + 66 7CEB31D5 34 Bytes [ 83, C6, 0C, 81, FE, E8, AC, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHIsFileAvailableOffline + 32 7CEB350A 11 Bytes [ 57, 66, 81, 39, 0C, 40, 75, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHIsFileAvailableOffline + 3E 7CEB3516 320 Bytes [ F6, 75, 02, 8B, F1, 8D, 7D, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHIsFileAvailableOffline + 17F 7CEB3657 55 Bytes [ 83, 7C, 24, 04, 00, 74, 1F, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHIsFileAvailableOffline + 1B8 7CEB3690 59 Bytes [ 08, FF, 15, 24, 1B, E3, 7C, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHIsFileAvailableOffline + 1F5 7CEB36CD 20 Bytes [ FF, 75, 08, FF, 15, 1C, 1B, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DllInstall + 2 7CEBFA6C 22 Bytes [ 45, 08, 2B, C2, 89, 45, E4, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DllInstall + 19 7CEBFA83 52 Bytes [ 00, 00, FF, 15, 78, 1A, E3, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DllInstall + 4E 7CEBFAB8 1 Byte [ 00 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DllInstall + 50 7CEBFABA 26 Bytes [ 8B, F0, C1, E6, 04, 40, 89, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DllInstall + 6B 7CEBFAD5 72 Bytes [ 75, F0, 8D, 45, D4, A5, A5, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHBrowseForFolderW + A1 7CECF062 98 Bytes [ 75, 10, 51, 56, FF, 50, 10, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHBrowseForFolder + 2E 7CECF0C6 16 Bytes [ 44, 24, 04, 56, 57, FF, 74, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHBrowseForFolder + 3F 7CECF0D7 127 Bytes [ 8B, F0, 85, F6, 74, 31, FF, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHBrowseForFolder + BF 7CECF157 14 Bytes [ 8D, 81, 94, 00, 00, 00, 74, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHBrowseForFolder + CE 7CECF166 57 Bytes [ 89, 10, 33, C0, EB, 03, 6A, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHBrowseForFolder + 108 7CECF1A0 25 Bytes [ 51, 0C, 83, 7D, 0C, 00, 8B, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHCreateProcessAsUserW + 4E 7CED5114 26 Bytes [ 50, 6A, 01, FF, D3, 83, F8, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHCreateProcessAsUserW + 69 7CED512F 14 Bytes [ FF, 15, 64, 1A, E3, 7C, 85, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHCreateProcessAsUserW + 78 7CED513E 52 Bytes [ 15, 50, 1A, E3, 7C, 8B, 45, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!WOWShellExecute + 2E 7CED5174 1 Byte [ FC ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!WOWShellExecute + 30 7CED5176 25 Bytes [ 15, C8, 15, E3, 7C, 68, 08, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!WOWShellExecute + 4A 7CED5190 5 Bytes [ 55, 8B, EC, 51, 51 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!WOWShellExecute + 51 7CED5197 106 Bytes [ 57, 8B, 7D, 08, BE, 30, F3, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!WOWShellExecute + BC 7CED5202 7 Bytes [ FF, 75, 14, 56, E8, C7, 3B ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ShellExec_RunDLL + 9 7CED529A 38 Bytes [ 00, EB, 74, 68, 55, 55, 00, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ShellExec_RunDLL + 31 7CED52C2 34 Bytes [ FC, FF, 15, 40, 1A, E3, 7C, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ShellExec_RunDLLW + E 7CED52E5 29 Bytes [ 15, 90, 1A, E3, 7C, 85, C0, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ShellExec_RunDLLW + 2C 7CED5303 5 Bytes [ 15, C8, 15, E3, 7C ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ShellExec_RunDLLW + 33 7CED530A 4 Bytes [ 14, FF, 75, 10 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ShellExec_RunDLLW + 38 7CED530F 12 Bytes [ 75, 0C, 57, FF, 15, 18, 1B, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!ShellExec_RunDLLW + 48 7CED531F 149 Bytes [ 57, 6A, 00, 6A, 00, 6A, 00, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetIconOverlayIndexW + 12 7CEDA6CD 85 Bytes [ 00, 8B, 08, 50, FF, 51, 08, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetIconOverlayIndexW + 68 7CEDA723 6 Bytes [ 10, 8B, F0, 33, FF, 3B ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetIconOverlayIndexW + 6F 7CEDA72A 189 Bytes [ 7C, 58, 8D, 45, 10, 89, 7D, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetIconOverlayIndexA + 81 7CEDA7E8 173 Bytes [ 75, 1C, 8B, 08, FF, 75, 18, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetIconOverlayIndexA + 12F 7CEDA896 67 Bytes [ F0, 33, D2, F3, A6, 0F, 84, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetIconOverlayIndexA + 173 7CEDA8DA 59 Bytes CALL 7CF41CE8 C:\WINNT\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetIconOverlayIndexA + 1AF 7CEDA916 72 Bytes CALL 7CE4F527 C:\WINNT\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!SHGetIconOverlayIndexA + 1F8 7CEDA95F 73 Bytes [ 15, 88, 15, E3, 7C, EB, 07, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DllCanUnloadNow + 1E 7CF0C652 155 Bytes [ 8B, 74, 24, 0C, 8B, F8, 56, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DllCanUnloadNow + BA 7CF0C6EE 35 Bytes [ FF, 89, 86, D8, 28, 00, 00, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DllCanUnloadNow + DE 7CF0C712 120 Bytes [ 15, 04, 1E, E3, 7C, 8B, 3D, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DllCanUnloadNow + 157 7CF0C78B 22 Bytes [ FF, 85, C0, 75, 1C, 6A, 01, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DllCanUnloadNow + 16E 7CF0C7A2 66 Bytes [ 4D, F8, 89, 81, D0, 28, 00, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!OCInstall + 5 7CF1DD1E 8 Bytes [ 50, FF, 15, 24, 14, E3, 7C, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!OCInstall + E 7CF1DD27 26 Bytes JMP 3D775A20
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!OCInstall + 2A 7CF1DD43 11 Bytes [ C3, 55, 8B, EC, 81, EC, 1C, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!OCInstall + 36 7CF1DD4F 3 Bytes [ E4, FE, FF ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!OCInstall + 3A 7CF1DD53 72 Bytes [ C7, 85, E4, FE, FF, FF, 1C, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!FixupOptionalComponents + 122 7CF1DF9C 11 Bytes [ 29, 33, C0, 39, 75, 10, 6A, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!FixupOptionalComponents + 12E 7CF1DFA8 64 Bytes [ 45, 10, 8D, 45, 10, 50, 6A, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!FixupOptionalComponents + 16F 7CF1DFE9 4 Bytes [ 15, 00, 10, E3 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!FixupOptionalComponents + 174 7CF1DFEE 9 Bytes [ 8B, F8, 3B, FE, 75, 70, 8D, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!FixupOptionalComponents + 17E 7CF1DFF8 19 Bytes [ 45, FC, 80, 00, 00, 00, 50, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DllGetVersion + 19 7CF40C54 28 Bytes [ FA, A5, A5, A5, A5, 8D, 71, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DllGetVersion + 36 7CF40C71 124 Bytes [ A5, 8D, 71, 10, 8D, 7A, 10, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DllGetVersion + B3 7CF40CEE 10 Bytes [ F8, 81, E7, FF, FF, 00, 00, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DllGetVersion + BE 7CF40CF9 8 Bytes [ 07, 80, 8B, C7, 5F, 5E, C3, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!DllGetVersion + C7 7CF40D02 11 Bytes [ EC, 83, EC, 24, 53, 8B, D9, ... ]
.text ...
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!StrStrW + 7 7CF4247F 233 Bytes [ FF, FF, 85, C0, 74, 05, 6A, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!StrStrW + F1 7CF42569 109 Bytes CALL 7CE5B095 C:\WINNT\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!StrStrW + 160 7CF425D8 6 Bytes [ 3B, F0, 73, 02, 8B, C6 ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!StrStrW + 167 7CF425DF 40 Bytes [ FF, 74, 24, 14, FF, B7, 08, ... ]
.text C:\WINNT\system32\winlogon.exe[184] SHELL32.dll!StrStrW + 190 7CF42608 31 Bytes [ 04, 01, 00, 00, C3, 56, 8B, ... ]
.text ...
.text C:\WINNT\system32\services.exe[212] C:\WINNT\system32\services.exe section is writeable [0x01001000, 0x159A0, 0xE0000060]
.rsrc C:\WINNT\system32\services.exe[212] C:\WINNT\system32\services.exe section is executable [0x01018000, 0x9000, 0xE0000060]
.text C:\WINNT\system32\services.exe[212] ntdll.dll!NtCreateFile 78468278 5 Bytes CALL 7FFA28DA
.text C:\WINNT\system32\services.exe[212] ntdll.dll!NtCreateProcess 78468308 5 Bytes CALL 7FFA292E
.text C:\WINNT\system32\services.exe[212] ntdll.dll!NtOpenFile 784686AC 5 Bytes CALL 7FFA2927
.text C:\WINNT\system32\lsass.exe[224] ntdll.dll!NtCreateFile 78468278 5 Bytes CALL 7FFA28DA
.text C:\WINNT\system32\lsass.exe[224] ntdll.dll!NtCreateProcess 78468308 5 Bytes CALL 7FFA292E
.text C:\WINNT\system32\lsass.exe[224] ntdll.dll!NtOpenFile 784686AC 5 Bytes CALL 7FFA2927
.text C:\WINNT\VFIND.exe[304] ntdll.dll!NtCreateFile 78468278 5 Bytes CALL 7FFA28DA
.text C:\WINNT\VFIND.exe[304] ntdll.dll!NtCreateProcess 78468308 5 Bytes CALL 7FFA292E
.text C:\WINNT\VFIND.exe[304] ntdll.dll!NtOpenFile 784686AC 5 Bytes CALL 7FFA2927
.text C:\WINNT\system32\svchost.exe[404] C:\WINNT\system32\svchost.exe section is writeable [0x01001000, 0x1594, 0xE0000060]
.rsrc C:\WINNT\system32\svchost.exe[404] C:\WINNT\system32\svchost.exe section is executable [0x01004000, 0x8400, 0xE0000060]
.text C:\WINNT\system32\svchost.exe[404] ntdll.dll!NtCreateFile 78468278 5 Bytes CALL 7FFA28DA
.text C:\WINNT\system32\svchost.exe[404] ntdll.dll!NtCreateProcess 78468308 5 Bytes CALL 7FFA292E
.text C:\WINNT\system32\svchost.exe[404] ntdll.dll!NtOpenFile 784686AC 5 Bytes CALL 7FFA2927
.text C:\WINNT\system32\spoolsv.exe[432] ntdll.dll!NtCreateFile 78468278 5 Bytes CALL 7FFA28DA
.text C:\WINNT\system32\spoolsv.exe[432] ntdll.dll!NtCreateProcess 78468308 5 Bytes CALL 7FFA292E
.text C:\WINNT\system32\spoolsv.exe[432] ntdll.dll!NtOpenFile 784686AC 5 Bytes CALL 7FFA2927
.text C:\WINNT\system32\svchost.exe[464] C:\WINNT\system32\svchost.exe section is writeable [0x01001000, 0x1594, 0xE0000060]
.rsrc C:\WINNT\system32\svchost.exe[464] C:\WINNT\system32\svchost.exe section is executable [0x01004000, 0x8400, 0xE0000060]
.text C:\WINNT\system32\svchost.exe[464] ntdll.dll!NtCreateFile 78468278 5 Bytes CALL 7FFA28DA
.text C:\WINNT\system32\svchost.exe[464] ntdll.dll!NtCreateProcess 78468308 5 Bytes CALL 7FFA292E
.text C:\WINNT\system32\svchost.exe[464] ntdll.dll!NtOpenFile 784686AC 5 Bytes CALL 7FFA2927
.text C:\WINNT\system32\drivers\KodakCCS.exe[484] ntdll.dll!NtCreateFile 78468278 5 Bytes CALL 7FFA28DA
.text C:\WINNT\system32\drivers\KodakCCS.exe[484] ntdll.dll!NtCreateProcess 78468308 5 Bytes CALL 7FFA292E
.text C:\WINNT\system32\drivers\KodakCCS.exe[484] ntdll.dll!NtOpenFile 784686AC 5 Bytes CALL 7FFA2927
.text C:\WINNT\system32\HPZipm12.exe[512] ntdll.dll!NtCreateFile 78468278 5 Bytes CALL 7FFA28DA
.text C:\WINNT\system32\HPZipm12.exe[512] ntdll.dll!NtCreateProcess 78468308 5 Bytes CALL 7FFA292E
.text C:\WINNT\system32\HPZipm12.exe[512] ntdll.dll!NtOpenFile 784686AC 5 Bytes CALL 7FFA2927
.text C:\Documents and Settings\chouchouk\Bureau\bypass\bypass.exe[536] ntdll.dll!NtCreateFile 78468278 5 Bytes CALL 7FFA28DA
.text C:\Documents and Settings\chouchouk\Bureau\bypass\bypass.exe[536] ntdll.dll!NtCreateProcess 78468308 5 Bytes CALL 7FFA292E
.text C:\Documents and Settings\chouchouk\Bureau\bypass\bypass.exe[536] ntdll.dll!NtOpenFile 784686AC 5 Bytes CALL 7FFA2927
.text C:\WINNT\system32\ScsiAccess.EXE[552] ntdll.dll!NtCreateFile 78468278 5 Bytes CALL 7FFA28DA
.text C:\WINNT\system32\ScsiAccess.EXE[552] ntdll.dll!NtCreateProcess 78468308 5 Bytes CALL 7FFA292E
.text C:\WINNT\system32\ScsiAccess.EXE[552] ntdll.dll!NtOpenFile 784686AC 5 Bytes CALL 7FFA2927
.text C:\WINNT\System32\WBEM\WinMgmt.exe[584] ntdll.dll!NtCreateFile 78468278 5 Bytes CALL 7FFA28DA
.text C:\WINNT\System32\WBEM\WinMgmt.exe[584] ntdll.dll!NtCreateProcess 78468308 5 Bytes CALL 7FFA292E
.text C:\WINNT\System32\WBEM\WinMgmt.exe[584] ntdll.dll!NtOpenFile 784686AC 5 Bytes CALL 7FFA2927
.text C:\WINNT\system32\mspmspsv.exe[612] ntdll.dll!NtCreateFile 78468278 5 Bytes CALL 7FFA28DA
.text C:\WINNT\system32\mspmspsv.exe[612] ntdll.dll!NtCreateProcess 78468308 5 Bytes CALL 7FFA292E
.text C:\WINNT\system32\mspmspsv.exe[612] ntdll.dll!NtOpenFile 784686AC 5 Bytes CALL 7FFA2927
.text C:\WINNT\system32\svchost.exe[636] C:\WINNT\system32\svchost.exe section is writeable [0x01001000, 0x1594, 0xE0000060]
.rsrc C:\WINNT\system32\svchost.exe[636] C:\WINNT\system32\svchost.exe section is executable [0x01004000, 0x8400, 0xE0000060]
.text C:\WINNT\system32\svchost.exe[636] ntdll.dll!NtCreateFile 78468278 5 Bytes CALL 7FFA28DA
.text C:\WINNT\system32\svchost.exe[636] ntdll.dll!NtCreateProcess 78468308 5 Bytes CALL 7FFA292E
.text C:\WINNT\system32\svchost.exe[636] ntdll.dll!NtOpenFile 784686AC 5 Bytes CALL 7FFA2927
.text C:\WINNT\system32\svchost.exe[752] C:\WINNT\system32\svchost.exe section is writeable [0x01001000, 0x1594, 0xE0000060]
.rsrc C:\WINNT\system32\svchost.exe[752] C:\WINNT\system32\svchost.exe section is executable [0x01004000, 0x8400, 0xE0000060]
.text C:\WINNT\system32\svchost.exe[752] ntdll.dll!NtCreateFile 78468278 5 Bytes CALL 7FFA28DA
.text C:\WINNT\system32\svchost.exe[752] ntdll.dll!NtCreateProcess 78468308 5 Bytes CALL 7FFA292E
.text C:\WINNT\system32\svchost.exe[752] ntdll.dll!NtOpenFile 784686AC 5 Bytes CALL 7FFA2927
.text C:\Program Files\QuickTime\qttask.exe[1040] ntdll.dll!NtCreateFile 78468278 5 Bytes CALL 7FFA28DA
.text C:\Program Files\QuickTime\qttask.exe[1040] ntdll.dll!NtCreateProcess 78468308 5 Bytes CALL 7FFA292E
.text C:\Program Files\QuickTime\qttask.exe[1040] ntdll.dll!NtOpenFile 784686AC 5 Bytes CALL 7FFA2927
.text C:\WINNT\explorer.exe[1060] C:\WINNT\explorer.exe section is writeable [0x00401000, 0x19546, 0xE0000060]
.reloc C:\WINNT\explorer.exe[1060] C:\WINNT\explorer.exe section is executable [0x0043C000, 0x1A000, 0xE2000060]
.reloc C:\WINNT\explorer.exe[1060] C:\WINNT\explorer.exe entry point in ".reloc" section [0x0044E000]
.text C:\WINNT\explorer.exe[1060] ntdll.dll!NtCreateFile 78468278 5 Bytes CALL 7FFA28DA
.text C:\WINNT\explorer.exe[1060] ntdll.dll!NtCreateProcess 78468308 5 Bytes CALL 7FFA292E
.text C:\WINNT\explorer.exe[1060] ntdll.dll!NtOpenFile 784686AC 5 Bytes CALL 7FFA2927
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1076] ntdll.dll!NtCreateFile 78468278 5 Bytes CALL 7FFA28DA
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1076] ntdll.dll!NtCreateProcess 78468308 5 Bytes CALL 7FFA292E
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1076] ntdll.dll!NtOpenFile 784686AC 5 Bytes CALL 7FFA2927
.text C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe[1084] ntdll.dll!NtCreateFile 78468278 5 Bytes CALL 7FFA28DA
.text C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe[1084] ntdll.dll!NtCreateProcess 78468308 5 Bytes CALL 7FFA292E
.text C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe[1084] ntdll.dll!NtOpenFile 784686AC 5 Bytes CALL 7FFA2927
.text C:\WINNT\system32\internat.exe[1100] ntdll.dll!NtCreateFile 78468278 5 Bytes CALL 7FFA28DA
.text C:\WINNT\system32\internat.exe[1100] ntdll.dll!NtCreateProcess 78468308 5 Bytes CALL 7FFA292E
.text C:\WINNT\system32\internat.exe[1100] ntdll.dll!NtOpenFile 784686AC 5 Bytes CALL 7FFA2927
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1104] ntdll.dll!NtCreateFile 78468278 5 Bytes CALL 7FFA28DA
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1104] ntdll.dll!NtCreateProcess 78468308 5 Bytes CALL 7FFA292E
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1104] ntdll.dll!NtOpenFile 784686AC 5 Bytes CALL 7FFA2927
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[1120] ntdll.dll!NtCreateFile 78468278 5 Bytes CALL 7FFA28DA
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[1120] ntdll.dll!NtCreateProcess 78468308 5 Bytes CALL 7FFA292E
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[1120] ntdll.dll!NtOpenFile 784686AC 5 Bytes CALL 7FFA2927
.text C:\WINNT\system32\sistray.exe[1128] ntdll.dll!NtCreateFile 78468278 5 Bytes CALL 7FFA28DA
.text C:\WINNT\system32\sistray.exe[1128] ntdll.dll!NtCreateProcess 78468308 5 Bytes CALL 7FFA292E
.text C:\WINNT\system32\sistray.exe[1128] ntdll.dll!NtOpenFile 784686AC 5 Bytes CALL 7FFA2927
.text C:\Program Files\MultiRes\MultiRes.exe[1144] ntdll.dll!NtCreateFile 78468278 5 Bytes CALL 7FFA28DA
.text C:\Program Files\MultiRes\MultiRes.exe[1144] ntdll.dll!NtCreateProcess 78468308 5 Bytes CALL 7FFA292E
.text C:\Program Files\MultiRes\MultiRes.exe[1144] ntdll.dll!NtOpenFile 784686AC 5 Bytes CALL 7FFA2927
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[1176] ntdll.dll!NtCreateFile 78468278 5 Bytes CALL 7FFA28DA
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[1176] ntdll.dll!NtCreateProcess 78468308 5 Bytes CALL 7FFA292E
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[1176] ntdll.dll!NtOpenFile 784686AC 5 Bytes CALL 7FFA2927
.text C:\WINNT\system32\wuauclt.exe[1204] ntdll.dll!NtCreateFile 78468278 5 Bytes CALL 7FFA28DA
.text C:\WINNT\system32\wuauclt.exe[1204] ntdll.dll!NtCreateProcess 78468308 5 Bytes CALL 7FFA292E
.text C:\WINNT\system32\wuauclt.exe[1204] ntdll.dll!NtOpenFile 784686AC 5 Bytes CALL 7FFA2927

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\explorer.exe [KERNEL32.DLL!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\explorer.exe [KERNEL32.DLL!LoadLibraryW] [7788786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\explorer.exe [KERNEL32.DLL!GetProcAddress] [7788771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\explorer.exe [KERNEL32.DLL!FreeLibrary] [77887A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\explorer.exe [KERNEL32.DLL!LoadLibraryA] [77887800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!LoadLibraryExW] [77887955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!CreateProcessA] [23021346] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!LoadLibraryW] [7788786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!FreeLibrary] [77887A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!LoadLibraryA] [77887800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!GetProcAddress]

Réponse 280 / 282

lachoukrate Messages postés 234 Date d'inscription Statut Membre Dernière intervention 2

IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!GetProcAddress] [7788771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7788786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [77887A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7788771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [77887800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!LoadLibraryA] [77887800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!GetProcAddress] [7788771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!FreeLibrary] [77887A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!LoadLibraryW] [7788786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryExW] [77887955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryA] [77887800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!FreeLibrary] [77887A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!GetProcAddress] [7788771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryW] [7788786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [77887955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [77887800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7788786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7788771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [77887A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryExA] [778878DE] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryExW] [77887955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryW] [7788786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!CreateProcessA] [23021346] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!FreeLibrary] [77887A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryA] [77887800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!GetProcAddress] [7788771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [77887955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [77887800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [7788771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [7788786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [77887A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!GetProcAddress] [7788771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryA] [77887800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!FreeLibrary] [77887A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryW] [7788786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryExW] [77887955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!LoadLibraryW] [7788786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!GetProcAddress] [7788771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!FreeLibrary] [77887A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!FreeLibrary] [77887A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!LoadLibraryA] [77887800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!GetProcAddress] [7788771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!FreeLibrary] [77887A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!LoadLibraryA] [77887800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!GetProcAddress] [7788771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\WININET.DLL [KERNEL32.dll!LoadLibraryW] [7788786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\WININET.DLL [KERNEL32.dll!GetProcAddress] [7788771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\WININET.DLL [KERNEL32.dll!LoadLibraryA] [77887800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\WININET.DLL [KERNEL32.dll!FreeLibrary] [77887A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7788771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [77887800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [77887955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [778878DE] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] [77887A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!LoadLibraryW] [7788786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!FreeLibrary] [77887A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!LoadLibraryExW] [77887955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!LoadLibraryA] [77887800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!GetProcAddress] [7788771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] [77887A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [77887800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[1060] @ C:\WINNT\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [7788771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1104] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1104] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1104] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1104] @ C:\WINNT\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1104] @ C:\WINNT\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1104] @ C:\WINNT\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1104] @ C:\WINNT\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1104] @ C:\WINNT\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1104] @ C:\WINNT\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1104] @ C:\WINNT\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1104] @ C:\WINNT\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1104] @ C:\WINNT\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1104] @ C:\WINNT\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1104] @ C:\WINNT\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1104] @ C:\WINNT\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1104] @ C:\WINNT\system32\SHELL32.DLL [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1104] @ C:\WINNT\system32\SHELL32.DLL [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1104] @ C:\WINNT\system32\SHELL32.DLL [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1104] @ C:\WINNT\system32\SHELL32.DLL [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1104] @ C:\WINNT\system32\SHELL32.DLL [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1104] @ C:\WINNT\system32\SHELL32.DLL [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1104] @ C:\WINNT\system32\SHELL32.DLL [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Fastfat \Fat sisidex.sys (Sample File System Filter Driver/Windows (R) 2000 DDK provider)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\qtmdb@DisplayName Time Installer
Reg HKLM\SYSTEM\ControlSet001\Services\qtmdb@Type 32
Reg HKLM\SYSTEM\ControlSet001\Services\qtmdb@Start 2
Reg HKLM\SYSTEM\ControlSet001\Services\qtmdb@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet001\Services\qtmdb@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet001\Services\qtmdb@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet001\Services\qtmdb@Description Permet le d?marrage d'op?rations sous d'autres informations d'identification
Reg HKLM\SYSTEM\ControlSet001\Services\qtmdb\Parameters
Reg HKLM\SYSTEM\ControlSet001\Services\qtmdb\Parameters@ServiceDll =ãþ C:\WINNT\system32\vjyfddz.dll

---- EOF - GMER 1.0.14 ----

Discussions similaires

Devinette

Que peut faire 3fois/j un homme, mais qu'1fois/j une femme

visualiser une image présente dans le cache

Aide pour une devinette

on dis une chose positive ou positif ?

Votre réponse

Discussions similaires