S.O.S. Virus Film ?????!!!!!! et indetectable

Fermé

Liams2008 - 5 juil. 2008 à 02:20
misteralain - 6 déc. 2008 à 09:36

Bonjour,

Bonjour,

Je voudrais que quelqu'un m'aide, car je suis vraiment perdu là.... Sans préavis, je vais voir un dossier sur mon ordinateur et disparu !!!!!!!!!!!!!!!! je regarde bien et je réalise que d'autres dossiers aussi ont disparu 03 en tt. les plus gros... plus de 01 Go .... je fais une analyse complète quotidienne .... j'ai Kaspersky 2007, Spyware terminator et Ad-Aware 2008...... ils disent tous que pas de ficheirs et programmes vilains ... mais dans un de mes flash disk (clé USB) j'ai trouvé un phénomène qui ressemble a New Folder le virus..... cette fois c'est un fichier Clip Vidéo avec icone de Windows media player .... il prend place dans tous les dossiers et prend le nom du dossier en question .... Je n'arrive pas a m'endébarasser ... je suprime mais dès que je ferme et reviens il est là .... Si vous saviez comment je dois faire je vous en serais très reconnaissant ....

Configuration: Windows XP
Firefox 3.0
Internet Explorer 7

Oui sur mon flash disk que je vois le fichier WMA qui veut pas partir ..... avant j'avais des problemes comme ça ... un dossier nommé New Folder .... ou un dossier qui prend le nom du dossier qu'il occupe.... et là c'est un fichier WMA qui envahit tous les dossier de ma clé USB et qui prend le nom des dossiers ..... kaspersky ne voit rien .... a l'apparnce c'est un fichier WMA mais quand ke lance le SCAN avec Kaspersky il l'indique comme fichier exe et dans propriétés voilà ce que ça dit :
Type de fichier: application
Description: Film
Taille: 203 Ko
Compiled script :AutoIt v3 Script : 3, 2, 4, 2
Langue: Anglais royaume unis
version du fichier: 3, 2, 4, 2

J'ai fait un SCAN hijackthis et voilà ce que ça donne !!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:41:20, on 05/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\drivers\ctfmon.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\ChildParentalControl\ChildParentalControl.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\drivers\ctfmon.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O3 - Toolbar: TV5 - Dictionnaires - {CEDDA62D-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\MEDIADICO\Dico TV5\MDTV5TB.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [ChildParentalControl] "C:\Program Files\ChildParentalControl\ChildParentalControl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S9D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [CTFMON.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Radio && MP3 Player - {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - C:\PROGRA~1\Crawler\Radio\CRadio.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.zebulon.fr/outils/antivirus/kavwebscan_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA0D1EB3-D080-4296-982B-5151778EC84E}: NameServer = 41.221.20.4 208.67.222.222
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

A voir également:

S.O.S. Virus Film ?????!!!!!! et indetectable
Tubidy film d'action telecharger - Télécharger - TV & Vidéo
Telecharger film - Télécharger - TV & Vidéo
Telecharger film netflix - Guide
Faux message virus iphone ✓ - Forum iPhone
Waptrick film - Forum Téléchargement

59 réponses

Réponse 21 / 59

Jaeva
7 juil. 2008 à 16:45

Hello,

Ces lignes ne sont pas normales.

[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{55dcfd89-49f5-11dd-a35e-00508dc8f23b}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Hitman.exe
Open\command- G:\Hitman.exe

[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcdde4bb-4b13-11dd-a36b-00508dc8f23b}]
Auto\command- auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

explore\Command- d6fagcs8.cmd
open\Command- d6fagcs8.cmd

MAIS attention ! Il ne faut pas les effacer bêtement mais les filtrer sinon ça va être une catastrophe.
Avant toute chose, nous allons vérifier un point très important pour la suite.

1. Téléchargez GMER ( http://www2.gmer.net/gmer.exe )
2. Extraire le fichier zip puis exécutez "gmer.exe" et cliquez sur "Scan".
3. Attention la fin des traitements cliquer sur "Save..." (ça peut être assez long, patience)
4. Enfin, copiez et collez le rapport dans votre prochain message.

A bientôt.

Réponse 22 / 59

Liams2008
8 juil. 2008 à 03:35

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-07-08 02:33:57
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwClose [0xB85D8606]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwConnectPort [0xB8525420]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0xB85D805A]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0xB85D7D3C]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcess [0xB85270A0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcessEx [0xB8527210]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0xB85D9652]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xB8527940]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateThread [0xB85287B0]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0xB85D7E46]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0xB85D7F30]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwDuplicateObject [0xB8527510]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateKey [0xB85189B0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateValueKey [0xB8518A60]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwFlushKey [0xB8518B10]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwInitializeRegistry [0xB8518B90]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0xB85D88CC]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadKey [0xB8519590]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadKey2 [0xB8518BB0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwNotifyChangeKey [0xB8518C80]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0xB85D8362]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenKey [0xB8518D60]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenProcess [0xB8526E90]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenSection [0xB8527CA0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryKey [0xB8518E30]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryMultipleValueKey [0xB8518EE0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQuerySystemInformation [0xB8528460]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryValueKey [0xB8518F90]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwReplaceKey [0xB8519040]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwRequestWaitReplyPort [0xB8525A00]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwRestoreKey [0xB85190D0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwResumeThread [0xB8528760]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSaveKey [0xB85192D0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetContextThread [0xB8528AE0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationFile [0xB85290A0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationKey [0xB8519360]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSecurityObject [0xB8523C20]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSystemInformation [0xB8527B20]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0xB85D7BBA]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSuspendThread [0xB8528710]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSystemDebugControl [0xB85252E0]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0xB85D8814]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwUnloadKey [0xB8519550]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0xB85D8494]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwWriteVirtualMemory [0xB85273D0]

Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAE80 5 Bytes JMP B85294C0 \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF808 5 Bytes JMP B85299C0 \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2D10 80503AC4 12 Bytes [ CC, 88, 5D, B8, 90, 95, 51, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F90 80503D44 2 Bytes [ 14, 88 ]
? C:\DOCUME~1\Smail\LOCALS~1\Temp\mc21.tmp Le fichier spécifié est introuvable. !

---- User code sections - GMER 1.0.14 ----

? C:\Program Files\Internet Download Manager\IDMan.exe[120] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\Program Files\Internet Download Manager\IDMan.exe[120] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\Internet Download Manager\IDMan.exe[120] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: shell32.dll,-31166"
MICROSOFT_SRV_8 = "@shell32.dll,-31167"
PAMSFT
.text C:\Program Files\Internet Download Manager\IDMan.exe[120] SHELL32.dll!SHFileOperationW 7CA7FD1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Internet Download Manager\IDMan.exe[120] SHELL32.dll!SHFileOperation 7CA80002 6 Bytes JMP 5F040F5A
.text C:\Program Files\Internet Download Manager\IDMan.exe[120] ole32.dll!WdtpInterfacePointer_UserFree + FFEE6FEF 774ABF1C 4 Bytes [ F0, 00, 93, 44 ]
? C:\WINDOWS\system32\ctfmon.exe[204] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\WINDOWS\system32\ctfmon.exe[204] SHELL32.dll!SHFileOperationW 7CA7FD1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[204] SHELL32.dll!SHFileOperation 7CA80002 6 Bytes JMP 5F040F5A
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[296] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[296] USER32.dll!VRipOutput + FFFA4DE7 7E392A78 4 Bytes [ D0, 11, 42, 30 ]
? C:\Program Files\Spyware Terminator\sp_rsser.exe[368] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[368] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
? C:\WINDOWS\system32\svchost.exe[592] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
? C:\WINDOWS\system32\csrss.exe[816] C:\WINDOWS\system32\KERNEL32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\winlogon.exe[840] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\services.exe[884] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\lsass.exe[896] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\lsass.exe[896] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\lsass.exe[896] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: shell32.dll,-31166"
MICROSOFT_SRV_8 = "@shell32.dll,-31167"
PAMSFT
? C:\WINDOWS\system32\svchost.exe[1076] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\svchost.exe[1144] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\svchost.exe[1144] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\svchost.exe[1144] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: shell32.dll,-31166"
MICROSOFT_SRV_8 = "@shell32.dll,-31167"
PAMSFT
? C:\WINDOWS\System32\svchost.exe[1296] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\svchost.exe[1380] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\svchost.exe[1380] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\svchost.exe[1380] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: shell32.dll,-31166"
MICROSOFT_SRV_8 = "@shell32.dll,-31167"
PAMSFT
? C:\WINDOWS\system32\svchost.exe[1524] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\svchost.exe[1524] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\svchost.exe[1524] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: shell32.dll,-31166"
MICROSOFT_SRV_8 = "@shell32.dll,-31167"
PAMSFT
? C:\WINDOWS\system32\spoolsv.exe[1656] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\Explorer.EXE[1844] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\Explorer.EXE[1844] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\Explorer.EXE[1844] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: shell32.dll,-31166"
MICROSOFT_SRV_8 = "@shell32.dll,-31167"
PAMSFT
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!StrStrW + FFE29E11 7C9D5008 4 Bytes [ 80, 00, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!StrStrW + FFE29E1D 7C9D5014 4 Bytes [ F0, 00, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!StrStrW + FFE2BCA9 7C9D6EA0 4 Bytes [ 80, 00, 42, 7E ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!StrStrW + FFE2BD91 7C9D6F88 4 Bytes [ 40, 09, FB, 03 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!StrStrW + FFE2BDA5 7C9D6F9C 4 Bytes [ E0, 0B, E3, 00 ]
.text ...
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHFree + 102 7C9FABBC 4 Bytes [ 80, 00, E3, 00 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!ILFree + 9C 7C9FAD48 4 Bytes [ 70, 0B, 42, 7E ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!ILFree + 110 7C9FADBC 4 Bytes [ 70, 0B, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHCoCreateInstance + 10A 7C9FF88C 4 Bytes [ 80, 0E, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHCoCreateInstance + 12E 7C9FF8B0 4 Bytes [ 50, 0C, 42, 7E ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!ILFindChild + 807 7CA0235C 4 Bytes [ 10, 07, 42, 7E ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!ILFindChild + E6F 7CA029C4 4 Bytes [ 90, 0A, 42, 7E ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!ILFindChild + E87 7CA029DC 4 Bytes [ C0, 0C, E3, 00 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!ILFindChild + 1753 7CA032A8 4 Bytes [ C0, 05, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!ILFindChild + 1773 7CA032C8 4 Bytes [ 50, 05, 20, 7D ]
.text ...
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 64B 7CA0C1BC 4 Bytes [ F0, 0E, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 6A7 7CA0C218 4 Bytes [ 60, 0F, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!IsLFNDrive + 8DF 7CA0F328 4 Bytes [ 00, 0B, 42, 7E ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHTestTokenMembership + E5 7CA14A90 4 Bytes [ A0, 0D, 42, 7E ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!PathProcessCommand + C3D 7CA1DF48 4 Bytes [ 50, 05, FB, 03 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!DragQueryFileAorW + 3A0F 7CA2415C 4 Bytes [ 10, 07, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!DragQueryFileAorW + 4107 7CA24854 4 Bytes [ A0, 0D, FB, 03 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!DragQueryFileAorW + 41DF 7CA2492C 4 Bytes [ F0, 07, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!DragQueryFileAorW + 428B 7CA249D8 4 Bytes [ F0, 00, DE, 00 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!DragQueryFileAorW + 42AB 7CA249F8 4 Bytes [ B0, 09, 20, 7D ]
.text ...
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!InternalExtractIconListA + 2033 7CA2C7E8 4 Bytes [ 00, 0B, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!InternalExtractIconListA + 20EF 7CA2C8A4 4 Bytes [ 80, 07, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHGetSetFolderCustomSettingsW + F36 7CA2D984 4 Bytes [ 50, 0C, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!Shell_NotifyIcon + 76F 7CA31410 4 Bytes [ 20, 0A, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHExtractIconsW + 100E 7CA333EC 4 Bytes [ 50, 0C, E3, 00 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHExtractIconsW + 10E2 7CA334C0 4 Bytes [ 20, 0A, E3, 00 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!StrStrIW + 1F5 7CA411A4 4 Bytes [ C0, 05, E3, 00 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHGetRealIDL + 6337 7CA4EE8C 4 Bytes [ C0, 05, FB, 03 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHFileOperationW 7CA7FD1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHFileOperation 7CA80002 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!FindExeDlgProc + E4CE 7CAFDFC4 4 Bytes [ B0, 09, E3, 00 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!FindExeDlgProc + E4E2 7CAFDFD8 4 Bytes [ 10, 07, E3, 00 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!FindExeDlgProc + E4FE 7CAFDFF4 4 Bytes [ A0, 06, E3, 00 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!FindExeDlgProc + E54A 7CAFE040 4 Bytes [ 30, 06, E3, 00 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!FindExeDlgProc + E5E2 7CAFE0D8 4 Bytes [ 40, 09, E3, 00 ]
? C:\WINDOWS\system32\WISPTIS.EXE[1944] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\WINDOWS\system32\WISPTIS.EXE[1944] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
? C:\WINDOWS\system32\WISPTIS.EXE[1944] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\SOUNDMAN.EXE[1980] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\WINDOWS\SOUNDMAN.EXE[1980] SHELL32.dll!SHFileOperationW 7CA7FD1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\SOUNDMAN.EXE[1980] SHELL32.dll!SHFileOperation 7CA80002 6 Bytes JMP 5F040F5A
? C:\WINDOWS\system32\VTTimer.exe[1988] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\VTtrayp.exe[1996] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\VTtrayp.exe[1996] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\VTtrayp.exe[1996] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: shell32.dll,-31166"
MICROSOFT_SRV_8 = "@shell32.dll,-31167"
PAMSFT
.text C:\WINDOWS\system32\VTtrayp.exe[1996] SHELL32.dll!SHFileOperationW 7CA7FD1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\VTtrayp.exe[1996] SHELL32.dll!SHFileOperation 7CA80002 6 Bytes JMP 5F040F5A
? C:\Program Files\ChildParentalControl\ChildParentalControl.exe[2004] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\Program Files\ChildParentalControl\ChildParentalControl.exe[2004] ole32.dll!WdtpInterfacePointer_UserFree + FFEE6FEF 774ABF1C 4 Bytes [ F0, 00, 93, 44 ]
.text C:\Program Files\ChildParentalControl\ChildParentalControl.exe[2004] shell32.dll!SHFileOperationW 7CA7FD1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\ChildParentalControl\ChildParentalControl.exe[2004] shell32.dll!SHFileOperation 7CA80002 6 Bytes JMP 5F040F5A
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2028] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2028] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2028] USER32.dll!VRipOutput + FFFA4DE7 7E392A78 4 Bytes [ D0, 11, 42, 30 ]
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2028] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: shell32.dll,-31166"
MICROSOFT_SRV_8 = "@shell32.dll,-31167"
PAMSFT
? C:\Program Files\SuperCopier2\SuperCopier2.exe[2036] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\Program Files\SuperCopier2\SuperCopier2.exe[2036] C:\WINDOWS\system32\user32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\SuperCopier2\SuperCopier2.exe[2036] C:\WINDOWS\system32\shell32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: shell32.dll,-31166"
MICROSOFT_SRV_8 = "@shell32.dll,-31167"
PAMSFT
? C:\Documents and Settings\Smail\Bureau\gmer.exe[2204] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\Documents and Settings\Smail\Bureau\gmer.exe[2204] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
? C:\Documents and Settings\Smail\Bureau\gmer.exe[2204] C:\WINDOWS\system32\user32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\System32\alg.exe[2368] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\WINDOWS\System32\alg.exe[2368] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] 89339DC0
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] 89339DC0

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]

Réponse 23 / 59

Liams2008
8 juil. 2008 à 03:41

Croyez moi, quand vous me dites patience du fait que le Scan tarde un peu.... je me dis que ne pas avoir la patience d'attendre que le scan termine serait une honte ... surtout devant votre patience devant mon probleme et toutes les lignes des rapports que vous lisez .... je ne sais quelle bon esprit vous habite pour que vous fassiez tout ça !!!! Cette fois je ne voudrai pas Merci, car jamais je ne vous remercierai assez, je dirais cette fois-ci BRAVO ! que dieu vous benisse !

Réponse 24 / 59

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
8 juil. 2008 à 11:56

Bonjour,

on continue ce soir. Il me faut un peu de calme pour analyser ton rapport et te concocter la manip.

Pour gagner du temps, fais ceci :

Ouvre le registre et navigue avec les + et les - jusqu'à la clé :

Pour ouvrir le registre : Démarrer, exécuter, tu tapes regedit dans la fenêtre puis OK. Une fenêtre s'ouvre avec 2 parties. Tu t'intéresses à celle de gauche

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55dcfd89-49f5-11dd-a35e-00508dc8f23b}]

Clique successivement sur Fichier puis sur Exporter et choisis un nom (XXXXXX par exemple). Tu retiens le nom du répertoire (Mes documents par défaut).

Ferme le registre et ouvre l'explorateur Windows.

Clique droit sur le fichier et choisis Modifier.

Le bloc-notes s'ouvre avec le contenu de la clé.

Copie le dans ta réponse.

Recommence avec :

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcdde4bb-4b13-11dd-a36b-00508dc8f23b}

(change de nom pour ne pas écraser le fichier précédent)

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 59

Liams2008
8 juil. 2008 à 13:15

Le Premierer :

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55dcfd89-49f5-11dd-a35e-00508dc8f23b}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55dcfd89-49f5-11dd-a35e-00508dc8f23b}\Shell]
@="Autorun"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55dcfd89-49f5-11dd-a35e-00508dc8f23b}\Shell\AutoRun]
"Extended"=""
@="&Exécution automatique"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55dcfd89-49f5-11dd-a35e-00508dc8f23b}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Hitman.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55dcfd89-49f5-11dd-a35e-00508dc8f23b}\Shell\Open]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55dcfd89-49f5-11dd-a35e-00508dc8f23b}\Shell\Open\command]
@="Hitman.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c12aae8-4943-11dd-a35c-00508dc8f23b}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c12abe0-4943-11dd-a35c-00508dc8f23b}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a175730-3f99-11dd-a35f-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a175731-3f99-11dd-a35f-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,60,00,00,00,08,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a175731-3f99-11dd-a35f-806d6172696f}\_Autorun]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a175731-3f99-11dd-a35f-806d6172696f}\_Autorun\DefaultIcon]
@="F:\\Nero.ico"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a175732-3f99-11dd-a35f-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a175733-3f99-11dd-a35f-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a175734-3f99-11dd-a35f-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1c47e62-406c-11dd-b032-00508dc8f23b}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fcdde4bb-4b13-11dd-a36b-00508dc8f23b}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00
"_LabelFromReg"="Aziz"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9a175730-3f99-11dd-a35f-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,46,00,44,00,43,00,23,00,47,00,\
45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,46,00,4c,00,4f,00,50,00,50,00,59,\
00,5f,00,44,00,52,00,49,00,56,00,45,00,23,00,35,00,26,00,36,00,65,00,64,00,\
62,00,61,00,62,00,26,00,30,00,26,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,\
00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,\
64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,\
00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
65,00,7b,00,39,00,61,00,31,00,37,00,35,00,37,00,33,00,30,00,2d,00,33,00,66,\
00,39,00,39,00,2d,00,31,00,31,00,64,00,64,00,2d,00,61,00,33,00,35,00,66,00,\
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
00,7d,00,5c,00,00,00,49,00,6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,49,00,\
6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,10,00,\
00,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,00,00,00,00,\
00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9a175731-3f99-11dd-a35f-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,\
64,00,52,00,6f,00,6d,00,54,00,53,00,53,00,54,00,63,00,6f,00,72,00,70,00,5f,\
00,43,00,44,00,23,00,44,00,56,00,44,00,57,00,5f,00,53,00,48,00,2d,00,53,00,\
31,00,38,00,32,00,44,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,\
00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,53,00,42,00,30,00,34,00,5f,00,5f,00,\
5f,00,5f,00,23,00,35,00,26,00,32,00,38,00,30,00,65,00,62,00,64,00,32,00,61,\
00,26,00,30,00,26,00,30,00,2e,00,31,00,2e,00,30,00,23,00,7b,00,35,00,33,00,\
66,00,35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,\
00,31,00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,\
30,00,63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
65,00,7b,00,39,00,61,00,31,00,37,00,35,00,37,00,33,00,31,00,2d,00,33,00,66,\
00,39,00,39,00,2d,00,31,00,31,00,64,00,64,00,2d,00,61,00,33,00,35,00,66,00,\
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
00,7d,00,5c,00,00,00,4d,00,4f,00,4e,00,5f,00,44,00,49,00,53,00,51,00,55,00,\
45,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,43,00,\
44,00,46,00,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,10,00,00,00,ff,01,00,\
00,05,00,08,00,6e,00,00,00,11,00,00,00,88,07,21,66,00,00,00,00,00,00,00,30,\
31,00,04,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9a175732-3f99-11dd-a35f-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,\
47,00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,31,00,26,00,33,\
00,30,00,61,00,39,00,36,00,35,00,39,00,38,00,26,00,30,00,26,00,53,00,69,00,\
67,00,6e,00,61,00,74,00,75,00,72,00,65,00,44,00,42,00,32,00,30,00,44,00,42,\
00,32,00,30,00,4f,00,66,00,66,00,73,00,65,00,74,00,37,00,45,00,30,00,30,00,\
4c,00,65,00,6e,00,67,00,74,00,68,00,39,00,35,00,31,00,32,00,33,00,30,00,34,\
00,30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,\
2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,\
00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,\
62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
65,00,7b,00,39,00,61,00,31,00,37,00,35,00,37,00,33,00,32,00,2d,00,33,00,66,\
00,39,00,39,00,2d,00,31,00,31,00,64,00,64,00,2d,00,61,00,33,00,35,00,66,00,\
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
00,7d,00,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,\
54,00,46,00,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,08,00,00,00,01,10,00,\
00,ff,00,07,00,ff,00,00,00,16,00,00,00,71,d9,87,e8,00,00,00,00,00,00,00,30,\
00,20,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9a175733-3f99-11dd-a35f-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,\
47,00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,31,00,26,00,33,\
00,30,00,61,00,39,00,36,00,35,00,39,00,38,00,26,00,30,00,26,00,53,00,69,00,\
67,00,6e,00,61,00,74,00,75,00,72,00,65,00,44,00,42,00,32,00,30,00,44,00,42,\
00,32,00,30,00,4f,00,66,00,66,00,73,00,65,00,74,00,39,00,35,00,31,00,32,00,\
34,00,30,00,30,00,30,00,30,00,4c,00,65,00,6e,00,67,00,74,00,68,00,34,00,41,\
00,37,00,44,00,35,00,30,00,30,00,30,00,30,00,23,00,7b,00,35,00,33,00,66,00,\
35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,\
00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,\
63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
65,00,7b,00,39,00,61,00,31,00,37,00,35,00,37,00,33,00,33,00,2d,00,33,00,66,\
00,39,00,39,00,2d,00,31,00,31,00,64,00,64,00,2d,00,61,00,33,00,35,00,66,00,\
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
00,7d,00,5c,00,00,00,44,00,6f,00,73,00,73,00,69,00,65,00,72,00,73,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,\
54,00,46,00,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,08,00,00,00,01,10,00,\
00,ff,00,07,00,ff,00,00,00,16,00,00,00,99,9f,d3,e4,00,00,00,00,00,00,00,30,\
00,20,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9a175734-3f99-11dd-a35f-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,\
47,00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,31,00,26,00,33,\
00,30,00,61,00,39,00,36,00,35,00,39,00,38,00,26,00,30,00,26,00,53,00,69,00,\
67,00,6e,00,61,00,74,00,75,00,72,00,65,00,44,00,42,00,32,00,30,00,44,00,42,\
00,32,00,30,00,4f,00,66,00,66,00,73,00,65,00,74,00,44,00,46,00,38,00,46,00,\
39,00,37,00,45,00,30,00,30,00,4c,00,65,00,6e,00,67,00,74,00,68,00,34,00,41,\
00,38,00,35,00,32,00,38,00,32,00,30,00,30,00,23,00,7b,00,35,00,33,00,66,00,\
35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,\
00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,\
63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
65,00,7b,00,39,00,61,00,31,00,37,00,35,00,37,00,33,00,34,00,2d,00,33,00,66,\
00,39,00,39,00,2d,00,31,00,31,00,64,00,64,00,2d,00,61,00,33,00,35,00,66,00,\
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
00,7d,00,5c,00,00,00,4d,00,e9,00,64,00,69,00,61,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,\
54,00,46,00,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,08,00,00,00,01,10,00,\
00,ff,00,07,00,ff,00,00,00,16,00,00,00,60,28,28,c8,00,00,00,00,00,00,00,30,\
00,20,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
00
"Generation"=dword:00000001

Réponse 26 / 59

Liams2008
8 juil. 2008 à 13:17

Le deuxième :

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fcdde4bb-4b13-11dd-a36b-00508dc8f23b}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00
"_LabelFromReg"="Aziz"

Réponse 27 / 59

Liams2008
8 juil. 2008 à 13:31

Ca matin en faisant un Scan avec Kaspersky il a detecté un virus dans un des dossier que vous m'aviez indiqué hier pour récupérer un rapport (Deckard's System Scanner)

Voici le virus qu'il a detecté :
- supprimé : cheval de Troie Trojan-Downloader.Win32.Agent.vmp Le fichier: C:\Deckard\System Scanner\20080706225807\backup\DOCUME~1\Smail\LOCALS~1\Temp\_iu14D2N.tmp

- 08/07/2008 12:10:00 Le fichier C:\Deckard\System Scanner\20080706225807\backup\DOCUME~1\Smail\LOCALS~1\Temp\_iu14D2N.tmp a été supprimé.

Réponse 28 / 59

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
8 juil. 2008 à 19:51

Re,

Ouvre le registre et navigue avec les + et les - jusqu'à la clé

HKEY_CURRENT_USER\Software\Microsoft\Windows \CurrentVersion\Explorer\MountPoints2

Clique sur la mallette pour "l'ouvrir".

Clique successivement sur Fichier puis sur Exporter et choisis un nom (Mountpoints2 par exemple). Clique sur Bureau dans la colonne de gauche. Vérifies que tu vois "fichiers d'enregistrement (*.reg)" dans "type".

Si ce n'est pas le cas, clique pour ouvrir la liste des extensions possibles et choisis celle-ci.

Clique sur Enregistrer

___________________

Ouvre le Bloc Notes.
Copie le texte en gras ci-dessous sans ligne blanche à la fin ou au début (copie/colle) :

REGEDIT4

[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{55dcfd89-49f5-11dd-a35e-00508dc8f23b}\AutoRun\command]
@=""

[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{55dcfd89-49f5-11dd-a35e-00508dc8f23b}\Open\command]
@=""

[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcdde4bb-4b13-11dd-a36b-00508dc8f23b}\Auto\command]
@=""

[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcdde4bb-4b13-11dd-a36b-00508dc8f23b}\AutoRun\command]
@=""

[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcdde4bb-4b13-11dd-a36b-00508dc8f23b}\explore\Command]
@=""

[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcdde4bb-4b13-11dd-a36b-00508dc8f23b}\open\Command]
@=""

Clique sur "Fichier", "Enregistrer sous".
Clique sur Bureau (dans la colonne de gauche)
Dans Nom du fichier tu écris fix.reg
Pour Type tu choisis "tous les fichiers" avec le menu déroulant.
Tu cliques sur Enregistrer.
Tu fermes le Bloc-notes

Sur ton bureau, tu double-clique sur l'icône de Fix.reg
Tu acceptes l'avertissement concernant la fusion
Le fix va travailler sans se manifester.
A la fin, tu vas voir un message disant que la fusion est terminée. Tu valides.

__________________

Fais redémarrer l'ordi.

Tu remets un rapport DSS.

Réponse 29 / 59

Liams2008
9 juil. 2008 à 03:57

Quel Bloc Notes ???? j'ai pas compris ou est ce que je dois copier le texte en gras ....dans quel fichier.....

Réponse 30 / 59

Liams2008
9 juil. 2008 à 03:58

Et le rapport DSS que je dois remettre c'est quoi et comment je vais l'avoir ?????

Réponse 31 / 59

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
9 juil. 2008 à 07:56

Bonjour,

le BlocNotes, c'est un éditeur de texte. Son nom anglais est Notepad.

Démarrer, tous les programmes, Accessoires et tu as le Bloc Notes dans la liste.

Double clic pour le lancer.

Pour DSS, tu as une icône sur ton Bureau. Double clic aussi. Tu as déjà fait (post 28).

Réponse 32 / 59

Liams2008
9 juil. 2008 à 14:17

Deckard's System Scanner v20071014.68
Run by Smail on 2008-07-09 13:05:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Smail.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:05:26, on 09/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\ChildParentalControl\ChildParentalControl.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Smail\Bureau\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Smail.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O3 - Toolbar: TV5 - Dictionnaires - {CEDDA62D-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\MEDIADICO\Dico TV5\MDTV5TB.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [ChildParentalControl] "C:\Program Files\ChildParentalControl\ChildParentalControl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S9D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Radio && MP3 Player - {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - C:\PROGRA~1\Crawler\Radio\CRadio.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA0D1EB3-D080-4296-982B-5151778EC84E}: NameServer = 41.221.20.4 208.67.222.222
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

Réponse 33 / 59

Liams2008
9 juil. 2008 à 14:20

Je voulais installer un Firewall et j'ai vu sur le net que le meileur qui est gratuit c'est Zone alarm ... j'ai téléchargé mais quand je lance l'installation il bloque a 23%.....???????? il veut jamais aller plus loin ....

Réponse 34 / 59

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
9 juil. 2008 à 19:18

Bonjour,

ça n'a pas fonctionné.

Tu n'as pas eu de message du tea-timer te demandant d'autoriser une modification du registre ?

Fais ceci d'abord :

Ouvre Spybot search and destroy.

clique sur mode, choisis advanced mode;

dans la colonne de gauche clique sur le + devant tools.

clique sur résident (colonne de gauche)

dans la fenêtre de droite décoche la case devant "resident tea-timer"

_______________________

ensuite,

Sur ton bureau, tu double-clique sur l'icône de Fix.reg
Tu acceptes l'avertissement concernant la fusion
Le fix va travailler sans se manifester.
A la fin, tu vas voir un message disant que la fusion est terminée. Tu valides.

__________________

Fais redémarrer l'ordi.

Tu remets un rapport DSS.

Réponse 35 / 59

Liams2008
10 juil. 2008 à 01:17

Quand je clique sur Fix.reg il me dit fusion je dis ok et juste après meme pas une seconde y'a un message qui me dit:

Les information de C/:documents and settings/smail/bureau/fix.reg ont été inscrites dans le registre.... c'est ça le message qui veut dire que la fusion est terminée ??

Réponse 36 / 59

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
10 juil. 2008 à 08:19

Bonjour,

exact, c'est ça le message.

Réponse 37 / 59

Liams2008
10 juil. 2008 à 17:25

Bonjour !

Avant de poster le rapport je voulais vous dire que si tout ce que vous me faites faire là ne servira pas a récupérer mes deux dossiers disparus je crois que je vous fatigue pour rien .... Car au début quand je suis venu sur ce site c'était pour savoir comment me débarrasser du virus film.exe chose que vous avez faite pour moi et pour laquelle je vous en remercie énormément ... et aussi je voulais savoir si y'a un moyen de récupérer mes deux dossiers disparus de plus de 3 GO les deux ... j'ai téléchargé plein d'utilitaires de récupération de dossier supprimé ou formatés mais je n'arrive pas a récupérer tout ... beaucoup sont endommagé et ne s'ouvrent même pas ...... Donc si je ne pourrais pas en récupérer plus que ça je ne voudrais pas vous déranger plus .... je vais formater tout le disque dur ..... ce que je vous demanderai par contre c'est de me donner un maximum de conseils sur ce qui réduira les risques d'infections ....genre ce que je dois installer en plus d'antivirus ... antispyware et autres .... les noms que vous me conseillez aussi juste que tout doit être gratuit ... je ne peux me permettre d'acheter des programmes surtout aux prix qu'ils affichent ...

Si vous me direz de formater donc mon PC, je tiens a vous répéter mes sincères remerciement pour tout ce que vous avez fait pour moi ... Que dieu vous bénisse !!

Le rapport :

Deckard's System Scanner v20071014.68
Run by Smail on 2008-07-10 16:09:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Smail.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:10:04, on 10/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\ChildParentalControl\ChildParentalControl.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\DOCUME~1\Smail\LOCALS~1\Temp\setup_wm.exe
C:\DOCUME~1\Smail\LOCALS~1\Temp\WMC0000.tmp\WMPAU.exe
C:\Documents and Settings\Smail\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Smail.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O3 - Toolbar: TV5 - Dictionnaires - {CEDDA62D-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\MEDIADICO\Dico TV5\MDTV5TB.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [ChildParentalControl] "C:\Program Files\ChildParentalControl\ChildParentalControl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S9D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Radio && MP3 Player - {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - C:\PROGRA~1\Crawler\Radio\CRadio.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA0D1EB3-D080-4296-982B-5151778EC84E}: NameServer = 41.221.20.4 208.67.222.222
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

Réponse 38 / 59

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
10 juil. 2008 à 17:44

Bonjour,

les spécialistes qui ont analysé les fichiers que tu as envoyé ne semblent pas avoir trouvé que cette infection détruisait les fichiers.

te souviens tu de ce qui s'est passé entre le moment où tu en as vu un pour la dernière fois et le moment où tu as constaté une disparition ?

Sur quelle partition étaient ils installés ?

Réponse 39 / 59

Liams2008
10 juil. 2008 à 17:54

Ils étaient sur le disk D... et a vrai dire je ne sais pas exactement quand est ce qu'ils ont disparus ... des fois il m'arrive de venir sur le net seulement et de pas aller sur ce disk pendant des jours ... ce n'est qu'ne fois que j'en ai eu besoin que j'ai remarqué qu'ils étaient plus là ...ce qui est bizrre c'est que c'était pas les seuls y'avait d'autres dossiers mais les deux plus lourds qui ont seulement disparus .... si vous trouvez qu'il y'a pas un moyen de les récupérer je fais comme je vous ai dit et si vous pourviez me conseillez par rapport a tous ces logiciels de sécurité firewall antispyware et tous les autres anti ... je m'y connais pas vraiment ce n'est que ce que je lis sur le net que je sais et c'est pas tjrs fiable ce qu'ils racontent ... donc je vous fais confiance a vous et me fierai a ce que vous me direz .... j'installerai ce que vous me direz et configurerai comme vous me direz .... croyez moi je souffre comme ça ... je suis appelé a foirmater au moin une fois par mois .... des fois plus ... des fois c'est le net qui ne m'est plus accecible ... des fois c'est un logiciel que j'utilise .... des fois mon PC roule a 01 km/h meme avec son processeur 3.2 Ghz et une Ram de 1.5 Go.... et 02 Mo de méoire cash .... je dis ça sans vraiment savoir ce que cela veut dire ,..... des amis techniciens en informatiques me disent que c'est du bon matos que j'ai pour un simple utiliqateur qui n'a pas beaucoup de logiciels lourds ..... a vous de voir et de me dire ..... Merci ...

Réponse 40 / 59

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
10 juil. 2008 à 18:11

Re,

fais d'abord ça :

========================================
->Affiche tous les fichiers et dossiers :
clique sur démarrer/panneau de configuration (en affichage classique)/option des dossiers/affichage

[Coche] « afficher les dossiers et fichiers cachés »

[Décoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »

[Décoche] « masquer les extensions dont le type est connu »

Puis fais [appliquer] pour valider les changements.

Et [Ok]
========================================
Clique sur démarrer, tous les programmes, accessoires, puis bloc-note
Dès qu'il s'ouvre, copie/colle le texte ci-dessous dans le bloc note:

dir "D:\*" /a > files.txt
notepad files.txt

Clique sur fichier, enregistrer sous, choisis de mettre dans type: "tous les fichiers"
Nom de fichier: abcde.bat et enregistre le ou tu le retrouvera facilement

Double clique dessus, un rapport va s'ouvrir, enregistre le et envoit le moi stp

Vérifie si tu connais tous les répertoires qui sont sur ce rapport.

Discussions similaires

Est ce que le site tlauncher est dangereux ?

Comment regarder un film complet sans inscriptions et gratuit ?

Comment télécharger des films légal & gratuit

Site : Téléchargement gratuit de film

Un site pour voir des films en streaming SVP!

Discussions similaires

Newsletters