A voir également:
- S.O.S. Virus Film ?????!!!!!! et indetectable
- Télécharger film d'action gratuitement et rapidement - Télécharger - TV & Vidéo
- Télécharger film complet sur mobile - Télécharger - TV & Vidéo
- Trouver un film sans le titre - Télécharger - Divers TV & Vidéo
- Faux message virus ordinateur - Accueil - Arnaque
- Site telechargement film - Accueil - Outils
59 réponses
Hello,
Ces lignes ne sont pas normales.
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{55dcfd89-49f5-11dd-a35e-00508dc8f23b}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Hitman.exe
Open\command- G:\Hitman.exe
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcdde4bb-4b13-11dd-a36b-00508dc8f23b}]
Auto\command- auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
explore\Command- d6fagcs8.cmd
open\Command- d6fagcs8.cmd
MAIS attention ! Il ne faut pas les effacer bêtement mais les filtrer sinon ça va être une catastrophe.
Avant toute chose, nous allons vérifier un point très important pour la suite.
1. Téléchargez GMER ( http://www2.gmer.net/gmer.exe )
2. Extraire le fichier zip puis exécutez "gmer.exe" et cliquez sur "Scan".
3. Attention la fin des traitements cliquer sur "Save..." (ça peut être assez long, patience)
4. Enfin, copiez et collez le rapport dans votre prochain message.
A bientôt.
Ces lignes ne sont pas normales.
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{55dcfd89-49f5-11dd-a35e-00508dc8f23b}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Hitman.exe
Open\command- G:\Hitman.exe
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcdde4bb-4b13-11dd-a36b-00508dc8f23b}]
Auto\command- auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
explore\Command- d6fagcs8.cmd
open\Command- d6fagcs8.cmd
MAIS attention ! Il ne faut pas les effacer bêtement mais les filtrer sinon ça va être une catastrophe.
Avant toute chose, nous allons vérifier un point très important pour la suite.
1. Téléchargez GMER ( http://www2.gmer.net/gmer.exe )
2. Extraire le fichier zip puis exécutez "gmer.exe" et cliquez sur "Scan".
3. Attention la fin des traitements cliquer sur "Save..." (ça peut être assez long, patience)
4. Enfin, copiez et collez le rapport dans votre prochain message.
A bientôt.
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-07-08 02:33:57
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwClose [0xB85D8606]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwConnectPort [0xB8525420]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0xB85D805A]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0xB85D7D3C]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcess [0xB85270A0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcessEx [0xB8527210]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0xB85D9652]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xB8527940]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateThread [0xB85287B0]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0xB85D7E46]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0xB85D7F30]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwDuplicateObject [0xB8527510]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateKey [0xB85189B0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateValueKey [0xB8518A60]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwFlushKey [0xB8518B10]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwInitializeRegistry [0xB8518B90]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0xB85D88CC]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadKey [0xB8519590]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadKey2 [0xB8518BB0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwNotifyChangeKey [0xB8518C80]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0xB85D8362]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenKey [0xB8518D60]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenProcess [0xB8526E90]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenSection [0xB8527CA0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryKey [0xB8518E30]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryMultipleValueKey [0xB8518EE0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQuerySystemInformation [0xB8528460]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryValueKey [0xB8518F90]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwReplaceKey [0xB8519040]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwRequestWaitReplyPort [0xB8525A00]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwRestoreKey [0xB85190D0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwResumeThread [0xB8528760]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSaveKey [0xB85192D0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetContextThread [0xB8528AE0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationFile [0xB85290A0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationKey [0xB8519360]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSecurityObject [0xB8523C20]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSystemInformation [0xB8527B20]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0xB85D7BBA]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSuspendThread [0xB8528710]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSystemDebugControl [0xB85252E0]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0xB85D8814]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwUnloadKey [0xB8519550]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0xB85D8494]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwWriteVirtualMemory [0xB85273D0]
Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) IoIsOperationSynchronous
---- Kernel code sections - GMER 1.0.14 ----
.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAE80 5 Bytes JMP B85294C0 \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF808 5 Bytes JMP B85299C0 \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2D10 80503AC4 12 Bytes [ CC, 88, 5D, B8, 90, 95, 51, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F90 80503D44 2 Bytes [ 14, 88 ]
? C:\DOCUME~1\Smail\LOCALS~1\Temp\mc21.tmp Le fichier spécifié est introuvable. !
---- User code sections - GMER 1.0.14 ----
? C:\Program Files\Internet Download Manager\IDMan.exe[120] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\Program Files\Internet Download Manager\IDMan.exe[120] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\Internet Download Manager\IDMan.exe[120] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: shell32.dll,-31166"
MICROSOFT_SRV_8 = "@shell32.dll,-31167"
PAMSFT
.text C:\Program Files\Internet Download Manager\IDMan.exe[120] SHELL32.dll!SHFileOperationW 7CA7FD1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Internet Download Manager\IDMan.exe[120] SHELL32.dll!SHFileOperation 7CA80002 6 Bytes JMP 5F040F5A
.text C:\Program Files\Internet Download Manager\IDMan.exe[120] ole32.dll!WdtpInterfacePointer_UserFree + FFEE6FEF 774ABF1C 4 Bytes [ F0, 00, 93, 44 ]
? C:\WINDOWS\system32\ctfmon.exe[204] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\WINDOWS\system32\ctfmon.exe[204] SHELL32.dll!SHFileOperationW 7CA7FD1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[204] SHELL32.dll!SHFileOperation 7CA80002 6 Bytes JMP 5F040F5A
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[296] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[296] USER32.dll!VRipOutput + FFFA4DE7 7E392A78 4 Bytes [ D0, 11, 42, 30 ]
? C:\Program Files\Spyware Terminator\sp_rsser.exe[368] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[368] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
? C:\WINDOWS\system32\svchost.exe[592] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
? C:\WINDOWS\system32\csrss.exe[816] C:\WINDOWS\system32\KERNEL32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\winlogon.exe[840] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\services.exe[884] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\lsass.exe[896] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\lsass.exe[896] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\lsass.exe[896] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: shell32.dll,-31166"
MICROSOFT_SRV_8 = "@shell32.dll,-31167"
PAMSFT
? C:\WINDOWS\system32\svchost.exe[1076] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\svchost.exe[1144] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\svchost.exe[1144] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\svchost.exe[1144] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: shell32.dll,-31166"
MICROSOFT_SRV_8 = "@shell32.dll,-31167"
PAMSFT
? C:\WINDOWS\System32\svchost.exe[1296] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\svchost.exe[1380] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\svchost.exe[1380] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\svchost.exe[1380] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: shell32.dll,-31166"
MICROSOFT_SRV_8 = "@shell32.dll,-31167"
PAMSFT
? C:\WINDOWS\system32\svchost.exe[1524] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\svchost.exe[1524] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\svchost.exe[1524] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: shell32.dll,-31166"
MICROSOFT_SRV_8 = "@shell32.dll,-31167"
PAMSFT
? C:\WINDOWS\system32\spoolsv.exe[1656] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\Explorer.EXE[1844] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\Explorer.EXE[1844] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\Explorer.EXE[1844] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: shell32.dll,-31166"
MICROSOFT_SRV_8 = "@shell32.dll,-31167"
PAMSFT
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!StrStrW + FFE29E11 7C9D5008 4 Bytes [ 80, 00, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!StrStrW + FFE29E1D 7C9D5014 4 Bytes [ F0, 00, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!StrStrW + FFE2BCA9 7C9D6EA0 4 Bytes [ 80, 00, 42, 7E ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!StrStrW + FFE2BD91 7C9D6F88 4 Bytes [ 40, 09, FB, 03 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!StrStrW + FFE2BDA5 7C9D6F9C 4 Bytes [ E0, 0B, E3, 00 ]
.text ...
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHFree + 102 7C9FABBC 4 Bytes [ 80, 00, E3, 00 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!ILFree + 9C 7C9FAD48 4 Bytes [ 70, 0B, 42, 7E ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!ILFree + 110 7C9FADBC 4 Bytes [ 70, 0B, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHCoCreateInstance + 10A 7C9FF88C 4 Bytes [ 80, 0E, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHCoCreateInstance + 12E 7C9FF8B0 4 Bytes [ 50, 0C, 42, 7E ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!ILFindChild + 807 7CA0235C 4 Bytes [ 10, 07, 42, 7E ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!ILFindChild + E6F 7CA029C4 4 Bytes [ 90, 0A, 42, 7E ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!ILFindChild + E87 7CA029DC 4 Bytes [ C0, 0C, E3, 00 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!ILFindChild + 1753 7CA032A8 4 Bytes [ C0, 05, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!ILFindChild + 1773 7CA032C8 4 Bytes [ 50, 05, 20, 7D ]
.text ...
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 64B 7CA0C1BC 4 Bytes [ F0, 0E, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 6A7 7CA0C218 4 Bytes [ 60, 0F, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!IsLFNDrive + 8DF 7CA0F328 4 Bytes [ 00, 0B, 42, 7E ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHTestTokenMembership + E5 7CA14A90 4 Bytes [ A0, 0D, 42, 7E ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!PathProcessCommand + C3D 7CA1DF48 4 Bytes [ 50, 05, FB, 03 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!DragQueryFileAorW + 3A0F 7CA2415C 4 Bytes [ 10, 07, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!DragQueryFileAorW + 4107 7CA24854 4 Bytes [ A0, 0D, FB, 03 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!DragQueryFileAorW + 41DF 7CA2492C 4 Bytes [ F0, 07, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!DragQueryFileAorW + 428B 7CA249D8 4 Bytes [ F0, 00, DE, 00 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!DragQueryFileAorW + 42AB 7CA249F8 4 Bytes [ B0, 09, 20, 7D ]
.text ...
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!InternalExtractIconListA + 2033 7CA2C7E8 4 Bytes [ 00, 0B, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!InternalExtractIconListA + 20EF 7CA2C8A4 4 Bytes [ 80, 07, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHGetSetFolderCustomSettingsW + F36 7CA2D984 4 Bytes [ 50, 0C, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!Shell_NotifyIcon + 76F 7CA31410 4 Bytes [ 20, 0A, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHExtractIconsW + 100E 7CA333EC 4 Bytes [ 50, 0C, E3, 00 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHExtractIconsW + 10E2 7CA334C0 4 Bytes [ 20, 0A, E3, 00 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!StrStrIW + 1F5 7CA411A4 4 Bytes [ C0, 05, E3, 00 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHGetRealIDL + 6337 7CA4EE8C 4 Bytes [ C0, 05, FB, 03 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHFileOperationW 7CA7FD1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHFileOperation 7CA80002 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!FindExeDlgProc + E4CE 7CAFDFC4 4 Bytes [ B0, 09, E3, 00 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!FindExeDlgProc + E4E2 7CAFDFD8 4 Bytes [ 10, 07, E3, 00 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!FindExeDlgProc + E4FE 7CAFDFF4 4 Bytes [ A0, 06, E3, 00 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!FindExeDlgProc + E54A 7CAFE040 4 Bytes [ 30, 06, E3, 00 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!FindExeDlgProc + E5E2 7CAFE0D8 4 Bytes [ 40, 09, E3, 00 ]
? C:\WINDOWS\system32\WISPTIS.EXE[1944] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\WINDOWS\system32\WISPTIS.EXE[1944] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
? C:\WINDOWS\system32\WISPTIS.EXE[1944] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\SOUNDMAN.EXE[1980] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\WINDOWS\SOUNDMAN.EXE[1980] SHELL32.dll!SHFileOperationW 7CA7FD1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\SOUNDMAN.EXE[1980] SHELL32.dll!SHFileOperation 7CA80002 6 Bytes JMP 5F040F5A
? C:\WINDOWS\system32\VTTimer.exe[1988] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\VTtrayp.exe[1996] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\VTtrayp.exe[1996] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\VTtrayp.exe[1996] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: shell32.dll,-31166"
MICROSOFT_SRV_8 = "@shell32.dll,-31167"
PAMSFT
.text C:\WINDOWS\system32\VTtrayp.exe[1996] SHELL32.dll!SHFileOperationW 7CA7FD1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\VTtrayp.exe[1996] SHELL32.dll!SHFileOperation 7CA80002 6 Bytes JMP 5F040F5A
? C:\Program Files\ChildParentalControl\ChildParentalControl.exe[2004] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\Program Files\ChildParentalControl\ChildParentalControl.exe[2004] ole32.dll!WdtpInterfacePointer_UserFree + FFEE6FEF 774ABF1C 4 Bytes [ F0, 00, 93, 44 ]
.text C:\Program Files\ChildParentalControl\ChildParentalControl.exe[2004] shell32.dll!SHFileOperationW 7CA7FD1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\ChildParentalControl\ChildParentalControl.exe[2004] shell32.dll!SHFileOperation 7CA80002 6 Bytes JMP 5F040F5A
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2028] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2028] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2028] USER32.dll!VRipOutput + FFFA4DE7 7E392A78 4 Bytes [ D0, 11, 42, 30 ]
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2028] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: shell32.dll,-31166"
MICROSOFT_SRV_8 = "@shell32.dll,-31167"
PAMSFT
? C:\Program Files\SuperCopier2\SuperCopier2.exe[2036] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\Program Files\SuperCopier2\SuperCopier2.exe[2036] C:\WINDOWS\system32\user32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\SuperCopier2\SuperCopier2.exe[2036] C:\WINDOWS\system32\shell32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: shell32.dll,-31166"
MICROSOFT_SRV_8 = "@shell32.dll,-31167"
PAMSFT
? C:\Documents and Settings\Smail\Bureau\gmer.exe[2204] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\Documents and Settings\Smail\Bureau\gmer.exe[2204] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
? C:\Documents and Settings\Smail\Bureau\gmer.exe[2204] C:\WINDOWS\system32\user32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\System32\alg.exe[2368] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\WINDOWS\System32\alg.exe[2368] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] 89339DC0
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] 89339DC0
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]
Rootkit scan 2008-07-08 02:33:57
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwClose [0xB85D8606]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwConnectPort [0xB8525420]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0xB85D805A]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0xB85D7D3C]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcess [0xB85270A0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcessEx [0xB8527210]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0xB85D9652]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xB8527940]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateThread [0xB85287B0]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0xB85D7E46]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0xB85D7F30]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwDuplicateObject [0xB8527510]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateKey [0xB85189B0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateValueKey [0xB8518A60]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwFlushKey [0xB8518B10]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwInitializeRegistry [0xB8518B90]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0xB85D88CC]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadKey [0xB8519590]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadKey2 [0xB8518BB0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwNotifyChangeKey [0xB8518C80]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0xB85D8362]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenKey [0xB8518D60]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenProcess [0xB8526E90]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenSection [0xB8527CA0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryKey [0xB8518E30]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryMultipleValueKey [0xB8518EE0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQuerySystemInformation [0xB8528460]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryValueKey [0xB8518F90]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwReplaceKey [0xB8519040]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwRequestWaitReplyPort [0xB8525A00]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwRestoreKey [0xB85190D0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwResumeThread [0xB8528760]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSaveKey [0xB85192D0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetContextThread [0xB8528AE0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationFile [0xB85290A0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationKey [0xB8519360]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSecurityObject [0xB8523C20]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSystemInformation [0xB8527B20]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0xB85D7BBA]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSuspendThread [0xB8528710]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSystemDebugControl [0xB85252E0]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0xB85D8814]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwUnloadKey [0xB8519550]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0xB85D8494]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwWriteVirtualMemory [0xB85273D0]
Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) IoIsOperationSynchronous
---- Kernel code sections - GMER 1.0.14 ----
.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAE80 5 Bytes JMP B85294C0 \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF808 5 Bytes JMP B85299C0 \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2D10 80503AC4 12 Bytes [ CC, 88, 5D, B8, 90, 95, 51, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F90 80503D44 2 Bytes [ 14, 88 ]
? C:\DOCUME~1\Smail\LOCALS~1\Temp\mc21.tmp Le fichier spécifié est introuvable. !
---- User code sections - GMER 1.0.14 ----
? C:\Program Files\Internet Download Manager\IDMan.exe[120] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\Program Files\Internet Download Manager\IDMan.exe[120] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\Internet Download Manager\IDMan.exe[120] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: shell32.dll,-31166"
MICROSOFT_SRV_8 = "@shell32.dll,-31167"
PAMSFT
.text C:\Program Files\Internet Download Manager\IDMan.exe[120] SHELL32.dll!SHFileOperationW 7CA7FD1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Internet Download Manager\IDMan.exe[120] SHELL32.dll!SHFileOperation 7CA80002 6 Bytes JMP 5F040F5A
.text C:\Program Files\Internet Download Manager\IDMan.exe[120] ole32.dll!WdtpInterfacePointer_UserFree + FFEE6FEF 774ABF1C 4 Bytes [ F0, 00, 93, 44 ]
? C:\WINDOWS\system32\ctfmon.exe[204] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\WINDOWS\system32\ctfmon.exe[204] SHELL32.dll!SHFileOperationW 7CA7FD1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[204] SHELL32.dll!SHFileOperation 7CA80002 6 Bytes JMP 5F040F5A
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[296] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[296] USER32.dll!VRipOutput + FFFA4DE7 7E392A78 4 Bytes [ D0, 11, 42, 30 ]
? C:\Program Files\Spyware Terminator\sp_rsser.exe[368] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[368] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
? C:\WINDOWS\system32\svchost.exe[592] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
? C:\WINDOWS\system32\csrss.exe[816] C:\WINDOWS\system32\KERNEL32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\winlogon.exe[840] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\services.exe[884] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\lsass.exe[896] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\lsass.exe[896] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\lsass.exe[896] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: shell32.dll,-31166"
MICROSOFT_SRV_8 = "@shell32.dll,-31167"
PAMSFT
? C:\WINDOWS\system32\svchost.exe[1076] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\svchost.exe[1144] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\svchost.exe[1144] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\svchost.exe[1144] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: shell32.dll,-31166"
MICROSOFT_SRV_8 = "@shell32.dll,-31167"
PAMSFT
? C:\WINDOWS\System32\svchost.exe[1296] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\svchost.exe[1380] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\svchost.exe[1380] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\svchost.exe[1380] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: shell32.dll,-31166"
MICROSOFT_SRV_8 = "@shell32.dll,-31167"
PAMSFT
? C:\WINDOWS\system32\svchost.exe[1524] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\svchost.exe[1524] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\svchost.exe[1524] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: shell32.dll,-31166"
MICROSOFT_SRV_8 = "@shell32.dll,-31167"
PAMSFT
? C:\WINDOWS\system32\spoolsv.exe[1656] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\Explorer.EXE[1844] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\Explorer.EXE[1844] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\Explorer.EXE[1844] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: shell32.dll,-31166"
MICROSOFT_SRV_8 = "@shell32.dll,-31167"
PAMSFT
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!StrStrW + FFE29E11 7C9D5008 4 Bytes [ 80, 00, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!StrStrW + FFE29E1D 7C9D5014 4 Bytes [ F0, 00, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!StrStrW + FFE2BCA9 7C9D6EA0 4 Bytes [ 80, 00, 42, 7E ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!StrStrW + FFE2BD91 7C9D6F88 4 Bytes [ 40, 09, FB, 03 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!StrStrW + FFE2BDA5 7C9D6F9C 4 Bytes [ E0, 0B, E3, 00 ]
.text ...
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHFree + 102 7C9FABBC 4 Bytes [ 80, 00, E3, 00 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!ILFree + 9C 7C9FAD48 4 Bytes [ 70, 0B, 42, 7E ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!ILFree + 110 7C9FADBC 4 Bytes [ 70, 0B, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHCoCreateInstance + 10A 7C9FF88C 4 Bytes [ 80, 0E, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHCoCreateInstance + 12E 7C9FF8B0 4 Bytes [ 50, 0C, 42, 7E ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!ILFindChild + 807 7CA0235C 4 Bytes [ 10, 07, 42, 7E ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!ILFindChild + E6F 7CA029C4 4 Bytes [ 90, 0A, 42, 7E ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!ILFindChild + E87 7CA029DC 4 Bytes [ C0, 0C, E3, 00 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!ILFindChild + 1753 7CA032A8 4 Bytes [ C0, 05, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!ILFindChild + 1773 7CA032C8 4 Bytes [ 50, 05, 20, 7D ]
.text ...
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 64B 7CA0C1BC 4 Bytes [ F0, 0E, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 6A7 7CA0C218 4 Bytes [ 60, 0F, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!IsLFNDrive + 8DF 7CA0F328 4 Bytes [ 00, 0B, 42, 7E ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHTestTokenMembership + E5 7CA14A90 4 Bytes [ A0, 0D, 42, 7E ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!PathProcessCommand + C3D 7CA1DF48 4 Bytes [ 50, 05, FB, 03 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!DragQueryFileAorW + 3A0F 7CA2415C 4 Bytes [ 10, 07, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!DragQueryFileAorW + 4107 7CA24854 4 Bytes [ A0, 0D, FB, 03 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!DragQueryFileAorW + 41DF 7CA2492C 4 Bytes [ F0, 07, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!DragQueryFileAorW + 428B 7CA249D8 4 Bytes [ F0, 00, DE, 00 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!DragQueryFileAorW + 42AB 7CA249F8 4 Bytes [ B0, 09, 20, 7D ]
.text ...
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!InternalExtractIconListA + 2033 7CA2C7E8 4 Bytes [ 00, 0B, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!InternalExtractIconListA + 20EF 7CA2C8A4 4 Bytes [ 80, 07, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHGetSetFolderCustomSettingsW + F36 7CA2D984 4 Bytes [ 50, 0C, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!Shell_NotifyIcon + 76F 7CA31410 4 Bytes [ 20, 0A, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHExtractIconsW + 100E 7CA333EC 4 Bytes [ 50, 0C, E3, 00 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHExtractIconsW + 10E2 7CA334C0 4 Bytes [ 20, 0A, E3, 00 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!StrStrIW + 1F5 7CA411A4 4 Bytes [ C0, 05, E3, 00 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHGetRealIDL + 6337 7CA4EE8C 4 Bytes [ C0, 05, FB, 03 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHFileOperationW 7CA7FD1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!SHFileOperation 7CA80002 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!FindExeDlgProc + E4CE 7CAFDFC4 4 Bytes [ B0, 09, E3, 00 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!FindExeDlgProc + E4E2 7CAFDFD8 4 Bytes [ 10, 07, E3, 00 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!FindExeDlgProc + E4FE 7CAFDFF4 4 Bytes [ A0, 06, E3, 00 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!FindExeDlgProc + E54A 7CAFE040 4 Bytes [ 30, 06, E3, 00 ]
.text C:\WINDOWS\Explorer.EXE[1844] SHELL32.dll!FindExeDlgProc + E5E2 7CAFE0D8 4 Bytes [ 40, 09, E3, 00 ]
? C:\WINDOWS\system32\WISPTIS.EXE[1944] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\WINDOWS\system32\WISPTIS.EXE[1944] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
? C:\WINDOWS\system32\WISPTIS.EXE[1944] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\SOUNDMAN.EXE[1980] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\WINDOWS\SOUNDMAN.EXE[1980] SHELL32.dll!SHFileOperationW 7CA7FD1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\SOUNDMAN.EXE[1980] SHELL32.dll!SHFileOperation 7CA80002 6 Bytes JMP 5F040F5A
? C:\WINDOWS\system32\VTTimer.exe[1988] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\VTtrayp.exe[1996] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\VTtrayp.exe[1996] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\VTtrayp.exe[1996] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: shell32.dll,-31166"
MICROSOFT_SRV_8 = "@shell32.dll,-31167"
PAMSFT
.text C:\WINDOWS\system32\VTtrayp.exe[1996] SHELL32.dll!SHFileOperationW 7CA7FD1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\VTtrayp.exe[1996] SHELL32.dll!SHFileOperation 7CA80002 6 Bytes JMP 5F040F5A
? C:\Program Files\ChildParentalControl\ChildParentalControl.exe[2004] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\Program Files\ChildParentalControl\ChildParentalControl.exe[2004] ole32.dll!WdtpInterfacePointer_UserFree + FFEE6FEF 774ABF1C 4 Bytes [ F0, 00, 93, 44 ]
.text C:\Program Files\ChildParentalControl\ChildParentalControl.exe[2004] shell32.dll!SHFileOperationW 7CA7FD1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\ChildParentalControl\ChildParentalControl.exe[2004] shell32.dll!SHFileOperation 7CA80002 6 Bytes JMP 5F040F5A
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2028] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2028] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2028] USER32.dll!VRipOutput + FFFA4DE7 7E392A78 4 Bytes [ D0, 11, 42, 30 ]
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2028] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: shell32.dll,-31166"
MICROSOFT_SRV_8 = "@shell32.dll,-31167"
PAMSFT
? C:\Program Files\SuperCopier2\SuperCopier2.exe[2036] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\Program Files\SuperCopier2\SuperCopier2.exe[2036] C:\WINDOWS\system32\user32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\SuperCopier2\SuperCopier2.exe[2036] C:\WINDOWS\system32\shell32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: shell32.dll,-31166"
MICROSOFT_SRV_8 = "@shell32.dll,-31167"
PAMSFT
? C:\Documents and Settings\Smail\Bureau\gmer.exe[2204] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\Documents and Settings\Smail\Bureau\gmer.exe[2204] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
? C:\Documents and Settings\Smail\Bureau\gmer.exe[2204] C:\WINDOWS\system32\user32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\System32\alg.exe[2368] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\WINDOWS\System32\alg.exe[2368] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] 89339DC0
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] 89339DC0
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Internet Download Manager\IDMan.exe[120] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[204] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]
Croyez moi, quand vous me dites patience du fait que le Scan tarde un peu.... je me dis que ne pas avoir la patience d'attendre que le scan termine serait une honte ... surtout devant votre patience devant mon probleme et toutes les lignes des rapports que vous lisez .... je ne sais quelle bon esprit vous habite pour que vous fassiez tout ça !!!! Cette fois je ne voudrai pas Merci, car jamais je ne vous remercierai assez, je dirais cette fois-ci BRAVO ! que dieu vous benisse !
Lyonnais92
Messages postés
25159
Date d'inscription
vendredi 23 juin 2006
Statut
Contributeur sécurité
Dernière intervention
16 septembre 2016
1 536
8 juil. 2008 à 11:56
8 juil. 2008 à 11:56
Bonjour,
on continue ce soir. Il me faut un peu de calme pour analyser ton rapport et te concocter la manip.
Pour gagner du temps, fais ceci :
Ouvre le registre et navigue avec les + et les - jusqu'à la clé :
Pour ouvrir le registre : Démarrer, exécuter, tu tapes regedit dans la fenêtre puis OK. Une fenêtre s'ouvre avec 2 parties. Tu t'intéresses à celle de gauche
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55dcfd89-49f5-11dd-a35e-00508dc8f23b}]
Clique successivement sur Fichier puis sur Exporter et choisis un nom (XXXXXX par exemple). Tu retiens le nom du répertoire (Mes documents par défaut).
Ferme le registre et ouvre l'explorateur Windows.
Clique droit sur le fichier et choisis Modifier.
Le bloc-notes s'ouvre avec le contenu de la clé.
Copie le dans ta réponse.
Recommence avec :
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcdde4bb-4b13-11dd-a36b-00508dc8f23b}
(change de nom pour ne pas écraser le fichier précédent)
on continue ce soir. Il me faut un peu de calme pour analyser ton rapport et te concocter la manip.
Pour gagner du temps, fais ceci :
Ouvre le registre et navigue avec les + et les - jusqu'à la clé :
Pour ouvrir le registre : Démarrer, exécuter, tu tapes regedit dans la fenêtre puis OK. Une fenêtre s'ouvre avec 2 parties. Tu t'intéresses à celle de gauche
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55dcfd89-49f5-11dd-a35e-00508dc8f23b}]
Clique successivement sur Fichier puis sur Exporter et choisis un nom (XXXXXX par exemple). Tu retiens le nom du répertoire (Mes documents par défaut).
Ferme le registre et ouvre l'explorateur Windows.
Clique droit sur le fichier et choisis Modifier.
Le bloc-notes s'ouvre avec le contenu de la clé.
Copie le dans ta réponse.
Recommence avec :
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcdde4bb-4b13-11dd-a36b-00508dc8f23b}
(change de nom pour ne pas écraser le fichier précédent)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Le Premierer :
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55dcfd89-49f5-11dd-a35e-00508dc8f23b}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55dcfd89-49f5-11dd-a35e-00508dc8f23b}\Shell]
@="Autorun"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55dcfd89-49f5-11dd-a35e-00508dc8f23b}\Shell\AutoRun]
"Extended"=""
@="&Exécution automatique"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55dcfd89-49f5-11dd-a35e-00508dc8f23b}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Hitman.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55dcfd89-49f5-11dd-a35e-00508dc8f23b}\Shell\Open]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55dcfd89-49f5-11dd-a35e-00508dc8f23b}\Shell\Open\command]
@="Hitman.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c12aae8-4943-11dd-a35c-00508dc8f23b}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c12abe0-4943-11dd-a35c-00508dc8f23b}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a175730-3f99-11dd-a35f-806d6172696f}]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a175731-3f99-11dd-a35f-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,60,00,00,00,08,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a175731-3f99-11dd-a35f-806d6172696f}\_Autorun]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a175731-3f99-11dd-a35f-806d6172696f}\_Autorun\DefaultIcon]
@="F:\\Nero.ico"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a175732-3f99-11dd-a35f-806d6172696f}]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a175733-3f99-11dd-a35f-806d6172696f}]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a175734-3f99-11dd-a35f-806d6172696f}]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1c47e62-406c-11dd-b032-00508dc8f23b}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fcdde4bb-4b13-11dd-a36b-00508dc8f23b}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00
"_LabelFromReg"="Aziz"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9a175730-3f99-11dd-a35f-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,46,00,44,00,43,00,23,00,47,00,\
45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,46,00,4c,00,4f,00,50,00,50,00,59,\
00,5f,00,44,00,52,00,49,00,56,00,45,00,23,00,35,00,26,00,36,00,65,00,64,00,\
62,00,61,00,62,00,26,00,30,00,26,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,\
00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,\
64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,\
00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
65,00,7b,00,39,00,61,00,31,00,37,00,35,00,37,00,33,00,30,00,2d,00,33,00,66,\
00,39,00,39,00,2d,00,31,00,31,00,64,00,64,00,2d,00,61,00,33,00,35,00,66,00,\
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
00,7d,00,5c,00,00,00,49,00,6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,49,00,\
6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,10,00,\
00,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,00,00,00,00,\
00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
00
"Generation"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9a175731-3f99-11dd-a35f-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,\
64,00,52,00,6f,00,6d,00,54,00,53,00,53,00,54,00,63,00,6f,00,72,00,70,00,5f,\
00,43,00,44,00,23,00,44,00,56,00,44,00,57,00,5f,00,53,00,48,00,2d,00,53,00,\
31,00,38,00,32,00,44,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,\
00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,53,00,42,00,30,00,34,00,5f,00,5f,00,\
5f,00,5f,00,23,00,35,00,26,00,32,00,38,00,30,00,65,00,62,00,64,00,32,00,61,\
00,26,00,30,00,26,00,30,00,2e,00,31,00,2e,00,30,00,23,00,7b,00,35,00,33,00,\
66,00,35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,\
00,31,00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,\
30,00,63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
65,00,7b,00,39,00,61,00,31,00,37,00,35,00,37,00,33,00,31,00,2d,00,33,00,66,\
00,39,00,39,00,2d,00,31,00,31,00,64,00,64,00,2d,00,61,00,33,00,35,00,66,00,\
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
00,7d,00,5c,00,00,00,4d,00,4f,00,4e,00,5f,00,44,00,49,00,53,00,51,00,55,00,\
45,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,43,00,\
44,00,46,00,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,10,00,00,00,ff,01,00,\
00,05,00,08,00,6e,00,00,00,11,00,00,00,88,07,21,66,00,00,00,00,00,00,00,30,\
31,00,04,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
00
"Generation"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9a175732-3f99-11dd-a35f-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,\
47,00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,31,00,26,00,33,\
00,30,00,61,00,39,00,36,00,35,00,39,00,38,00,26,00,30,00,26,00,53,00,69,00,\
67,00,6e,00,61,00,74,00,75,00,72,00,65,00,44,00,42,00,32,00,30,00,44,00,42,\
00,32,00,30,00,4f,00,66,00,66,00,73,00,65,00,74,00,37,00,45,00,30,00,30,00,\
4c,00,65,00,6e,00,67,00,74,00,68,00,39,00,35,00,31,00,32,00,33,00,30,00,34,\
00,30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,\
2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,\
00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,\
62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
65,00,7b,00,39,00,61,00,31,00,37,00,35,00,37,00,33,00,32,00,2d,00,33,00,66,\
00,39,00,39,00,2d,00,31,00,31,00,64,00,64,00,2d,00,61,00,33,00,35,00,66,00,\
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
00,7d,00,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,\
54,00,46,00,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,08,00,00,00,01,10,00,\
00,ff,00,07,00,ff,00,00,00,16,00,00,00,71,d9,87,e8,00,00,00,00,00,00,00,30,\
00,20,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
00
"Generation"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9a175733-3f99-11dd-a35f-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,\
47,00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,31,00,26,00,33,\
00,30,00,61,00,39,00,36,00,35,00,39,00,38,00,26,00,30,00,26,00,53,00,69,00,\
67,00,6e,00,61,00,74,00,75,00,72,00,65,00,44,00,42,00,32,00,30,00,44,00,42,\
00,32,00,30,00,4f,00,66,00,66,00,73,00,65,00,74,00,39,00,35,00,31,00,32,00,\
34,00,30,00,30,00,30,00,30,00,4c,00,65,00,6e,00,67,00,74,00,68,00,34,00,41,\
00,37,00,44,00,35,00,30,00,30,00,30,00,30,00,23,00,7b,00,35,00,33,00,66,00,\
35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,\
00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,\
63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
65,00,7b,00,39,00,61,00,31,00,37,00,35,00,37,00,33,00,33,00,2d,00,33,00,66,\
00,39,00,39,00,2d,00,31,00,31,00,64,00,64,00,2d,00,61,00,33,00,35,00,66,00,\
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
00,7d,00,5c,00,00,00,44,00,6f,00,73,00,73,00,69,00,65,00,72,00,73,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,\
54,00,46,00,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,08,00,00,00,01,10,00,\
00,ff,00,07,00,ff,00,00,00,16,00,00,00,99,9f,d3,e4,00,00,00,00,00,00,00,30,\
00,20,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
00
"Generation"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9a175734-3f99-11dd-a35f-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,\
47,00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,31,00,26,00,33,\
00,30,00,61,00,39,00,36,00,35,00,39,00,38,00,26,00,30,00,26,00,53,00,69,00,\
67,00,6e,00,61,00,74,00,75,00,72,00,65,00,44,00,42,00,32,00,30,00,44,00,42,\
00,32,00,30,00,4f,00,66,00,66,00,73,00,65,00,74,00,44,00,46,00,38,00,46,00,\
39,00,37,00,45,00,30,00,30,00,4c,00,65,00,6e,00,67,00,74,00,68,00,34,00,41,\
00,38,00,35,00,32,00,38,00,32,00,30,00,30,00,23,00,7b,00,35,00,33,00,66,00,\
35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,\
00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,\
63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
65,00,7b,00,39,00,61,00,31,00,37,00,35,00,37,00,33,00,34,00,2d,00,33,00,66,\
00,39,00,39,00,2d,00,31,00,31,00,64,00,64,00,2d,00,61,00,33,00,35,00,66,00,\
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
00,7d,00,5c,00,00,00,4d,00,e9,00,64,00,69,00,61,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,\
54,00,46,00,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,08,00,00,00,01,10,00,\
00,ff,00,07,00,ff,00,00,00,16,00,00,00,60,28,28,c8,00,00,00,00,00,00,00,30,\
00,20,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
00
"Generation"=dword:00000001
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55dcfd89-49f5-11dd-a35e-00508dc8f23b}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55dcfd89-49f5-11dd-a35e-00508dc8f23b}\Shell]
@="Autorun"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55dcfd89-49f5-11dd-a35e-00508dc8f23b}\Shell\AutoRun]
"Extended"=""
@="&Exécution automatique"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55dcfd89-49f5-11dd-a35e-00508dc8f23b}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Hitman.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55dcfd89-49f5-11dd-a35e-00508dc8f23b}\Shell\Open]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55dcfd89-49f5-11dd-a35e-00508dc8f23b}\Shell\Open\command]
@="Hitman.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c12aae8-4943-11dd-a35c-00508dc8f23b}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c12abe0-4943-11dd-a35c-00508dc8f23b}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a175730-3f99-11dd-a35f-806d6172696f}]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a175731-3f99-11dd-a35f-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,60,00,00,00,08,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a175731-3f99-11dd-a35f-806d6172696f}\_Autorun]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a175731-3f99-11dd-a35f-806d6172696f}\_Autorun\DefaultIcon]
@="F:\\Nero.ico"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a175732-3f99-11dd-a35f-806d6172696f}]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a175733-3f99-11dd-a35f-806d6172696f}]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a175734-3f99-11dd-a35f-806d6172696f}]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1c47e62-406c-11dd-b032-00508dc8f23b}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fcdde4bb-4b13-11dd-a36b-00508dc8f23b}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00
"_LabelFromReg"="Aziz"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9a175730-3f99-11dd-a35f-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,46,00,44,00,43,00,23,00,47,00,\
45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,46,00,4c,00,4f,00,50,00,50,00,59,\
00,5f,00,44,00,52,00,49,00,56,00,45,00,23,00,35,00,26,00,36,00,65,00,64,00,\
62,00,61,00,62,00,26,00,30,00,26,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,\
00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,\
64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,\
00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
65,00,7b,00,39,00,61,00,31,00,37,00,35,00,37,00,33,00,30,00,2d,00,33,00,66,\
00,39,00,39,00,2d,00,31,00,31,00,64,00,64,00,2d,00,61,00,33,00,35,00,66,00,\
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
00,7d,00,5c,00,00,00,49,00,6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,49,00,\
6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,10,00,\
00,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,00,00,00,00,\
00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
00
"Generation"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9a175731-3f99-11dd-a35f-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,\
64,00,52,00,6f,00,6d,00,54,00,53,00,53,00,54,00,63,00,6f,00,72,00,70,00,5f,\
00,43,00,44,00,23,00,44,00,56,00,44,00,57,00,5f,00,53,00,48,00,2d,00,53,00,\
31,00,38,00,32,00,44,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,\
00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,53,00,42,00,30,00,34,00,5f,00,5f,00,\
5f,00,5f,00,23,00,35,00,26,00,32,00,38,00,30,00,65,00,62,00,64,00,32,00,61,\
00,26,00,30,00,26,00,30,00,2e,00,31,00,2e,00,30,00,23,00,7b,00,35,00,33,00,\
66,00,35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,\
00,31,00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,\
30,00,63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
65,00,7b,00,39,00,61,00,31,00,37,00,35,00,37,00,33,00,31,00,2d,00,33,00,66,\
00,39,00,39,00,2d,00,31,00,31,00,64,00,64,00,2d,00,61,00,33,00,35,00,66,00,\
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
00,7d,00,5c,00,00,00,4d,00,4f,00,4e,00,5f,00,44,00,49,00,53,00,51,00,55,00,\
45,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,43,00,\
44,00,46,00,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,10,00,00,00,ff,01,00,\
00,05,00,08,00,6e,00,00,00,11,00,00,00,88,07,21,66,00,00,00,00,00,00,00,30,\
31,00,04,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
00
"Generation"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9a175732-3f99-11dd-a35f-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,\
47,00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,31,00,26,00,33,\
00,30,00,61,00,39,00,36,00,35,00,39,00,38,00,26,00,30,00,26,00,53,00,69,00,\
67,00,6e,00,61,00,74,00,75,00,72,00,65,00,44,00,42,00,32,00,30,00,44,00,42,\
00,32,00,30,00,4f,00,66,00,66,00,73,00,65,00,74,00,37,00,45,00,30,00,30,00,\
4c,00,65,00,6e,00,67,00,74,00,68,00,39,00,35,00,31,00,32,00,33,00,30,00,34,\
00,30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,\
2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,\
00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,\
62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
65,00,7b,00,39,00,61,00,31,00,37,00,35,00,37,00,33,00,32,00,2d,00,33,00,66,\
00,39,00,39,00,2d,00,31,00,31,00,64,00,64,00,2d,00,61,00,33,00,35,00,66,00,\
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
00,7d,00,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,\
54,00,46,00,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,08,00,00,00,01,10,00,\
00,ff,00,07,00,ff,00,00,00,16,00,00,00,71,d9,87,e8,00,00,00,00,00,00,00,30,\
00,20,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
00
"Generation"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9a175733-3f99-11dd-a35f-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,\
47,00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,31,00,26,00,33,\
00,30,00,61,00,39,00,36,00,35,00,39,00,38,00,26,00,30,00,26,00,53,00,69,00,\
67,00,6e,00,61,00,74,00,75,00,72,00,65,00,44,00,42,00,32,00,30,00,44,00,42,\
00,32,00,30,00,4f,00,66,00,66,00,73,00,65,00,74,00,39,00,35,00,31,00,32,00,\
34,00,30,00,30,00,30,00,30,00,4c,00,65,00,6e,00,67,00,74,00,68,00,34,00,41,\
00,37,00,44,00,35,00,30,00,30,00,30,00,30,00,23,00,7b,00,35,00,33,00,66,00,\
35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,\
00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,\
63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
65,00,7b,00,39,00,61,00,31,00,37,00,35,00,37,00,33,00,33,00,2d,00,33,00,66,\
00,39,00,39,00,2d,00,31,00,31,00,64,00,64,00,2d,00,61,00,33,00,35,00,66,00,\
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
00,7d,00,5c,00,00,00,44,00,6f,00,73,00,73,00,69,00,65,00,72,00,73,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,\
54,00,46,00,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,08,00,00,00,01,10,00,\
00,ff,00,07,00,ff,00,00,00,16,00,00,00,99,9f,d3,e4,00,00,00,00,00,00,00,30,\
00,20,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
00
"Generation"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{9a175734-3f99-11dd-a35f-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,\
47,00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,31,00,26,00,33,\
00,30,00,61,00,39,00,36,00,35,00,39,00,38,00,26,00,30,00,26,00,53,00,69,00,\
67,00,6e,00,61,00,74,00,75,00,72,00,65,00,44,00,42,00,32,00,30,00,44,00,42,\
00,32,00,30,00,4f,00,66,00,66,00,73,00,65,00,74,00,44,00,46,00,38,00,46,00,\
39,00,37,00,45,00,30,00,30,00,4c,00,65,00,6e,00,67,00,74,00,68,00,34,00,41,\
00,38,00,35,00,32,00,38,00,32,00,30,00,30,00,23,00,7b,00,35,00,33,00,66,00,\
35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,\
00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,\
63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
65,00,7b,00,39,00,61,00,31,00,37,00,35,00,37,00,33,00,34,00,2d,00,33,00,66,\
00,39,00,39,00,2d,00,31,00,31,00,64,00,64,00,2d,00,61,00,33,00,35,00,66,00,\
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
00,7d,00,5c,00,00,00,4d,00,e9,00,64,00,69,00,61,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,\
54,00,46,00,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,08,00,00,00,01,10,00,\
00,ff,00,07,00,ff,00,00,00,16,00,00,00,60,28,28,c8,00,00,00,00,00,00,00,30,\
00,20,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
00
"Generation"=dword:00000001
Le deuxième :
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fcdde4bb-4b13-11dd-a36b-00508dc8f23b}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00
"_LabelFromReg"="Aziz"
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fcdde4bb-4b13-11dd-a36b-00508dc8f23b}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00
"_LabelFromReg"="Aziz"
Ca matin en faisant un Scan avec Kaspersky il a detecté un virus dans un des dossier que vous m'aviez indiqué hier pour récupérer un rapport (Deckard's System Scanner)
Voici le virus qu'il a detecté :
- supprimé : cheval de Troie Trojan-Downloader.Win32.Agent.vmp Le fichier: C:\Deckard\System Scanner\20080706225807\backup\DOCUME~1\Smail\LOCALS~1\Temp\_iu14D2N.tmp
- 08/07/2008 12:10:00 Le fichier C:\Deckard\System Scanner\20080706225807\backup\DOCUME~1\Smail\LOCALS~1\Temp\_iu14D2N.tmp a été supprimé.
Voici le virus qu'il a detecté :
- supprimé : cheval de Troie Trojan-Downloader.Win32.Agent.vmp Le fichier: C:\Deckard\System Scanner\20080706225807\backup\DOCUME~1\Smail\LOCALS~1\Temp\_iu14D2N.tmp
- 08/07/2008 12:10:00 Le fichier C:\Deckard\System Scanner\20080706225807\backup\DOCUME~1\Smail\LOCALS~1\Temp\_iu14D2N.tmp a été supprimé.
Lyonnais92
Messages postés
25159
Date d'inscription
vendredi 23 juin 2006
Statut
Contributeur sécurité
Dernière intervention
16 septembre 2016
1 536
8 juil. 2008 à 19:51
8 juil. 2008 à 19:51
Re,
Ouvre le registre et navigue avec les + et les - jusqu'à la clé
HKEY_CURRENT_USER\Software\Microsoft\Windows \CurrentVersion\Explorer\MountPoints2
Clique sur la mallette pour "l'ouvrir".
Clique successivement sur Fichier puis sur Exporter et choisis un nom (Mountpoints2 par exemple). Clique sur Bureau dans la colonne de gauche. Vérifies que tu vois "fichiers d'enregistrement (*.reg)" dans "type".
Si ce n'est pas le cas, clique pour ouvrir la liste des extensions possibles et choisis celle-ci.
Clique sur Enregistrer
___________________
Ouvre le Bloc Notes.
Copie le texte en gras ci-dessous sans ligne blanche à la fin ou au début (copie/colle) :
REGEDIT4
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{55dcfd89-49f5-11dd-a35e-00508dc8f23b}\AutoRun\command]
@=""
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{55dcfd89-49f5-11dd-a35e-00508dc8f23b}\Open\command]
@=""
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcdde4bb-4b13-11dd-a36b-00508dc8f23b}\Auto\command]
@=""
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcdde4bb-4b13-11dd-a36b-00508dc8f23b}\AutoRun\command]
@=""
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcdde4bb-4b13-11dd-a36b-00508dc8f23b}\explore\Command]
@=""
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcdde4bb-4b13-11dd-a36b-00508dc8f23b}\open\Command]
@=""
Clique sur "Fichier", "Enregistrer sous".
Clique sur Bureau (dans la colonne de gauche)
Dans Nom du fichier tu écris fix.reg
Pour Type tu choisis "tous les fichiers" avec le menu déroulant.
Tu cliques sur Enregistrer.
Tu fermes le Bloc-notes
Sur ton bureau, tu double-clique sur l'icône de Fix.reg
Tu acceptes l'avertissement concernant la fusion
Le fix va travailler sans se manifester.
A la fin, tu vas voir un message disant que la fusion est terminée. Tu valides.
__________________
Fais redémarrer l'ordi.
Tu remets un rapport DSS.
Ouvre le registre et navigue avec les + et les - jusqu'à la clé
HKEY_CURRENT_USER\Software\Microsoft\Windows \CurrentVersion\Explorer\MountPoints2
Clique sur la mallette pour "l'ouvrir".
Clique successivement sur Fichier puis sur Exporter et choisis un nom (Mountpoints2 par exemple). Clique sur Bureau dans la colonne de gauche. Vérifies que tu vois "fichiers d'enregistrement (*.reg)" dans "type".
Si ce n'est pas le cas, clique pour ouvrir la liste des extensions possibles et choisis celle-ci.
Clique sur Enregistrer
___________________
Ouvre le Bloc Notes.
Copie le texte en gras ci-dessous sans ligne blanche à la fin ou au début (copie/colle) :
REGEDIT4
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{55dcfd89-49f5-11dd-a35e-00508dc8f23b}\AutoRun\command]
@=""
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{55dcfd89-49f5-11dd-a35e-00508dc8f23b}\Open\command]
@=""
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcdde4bb-4b13-11dd-a36b-00508dc8f23b}\Auto\command]
@=""
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcdde4bb-4b13-11dd-a36b-00508dc8f23b}\AutoRun\command]
@=""
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcdde4bb-4b13-11dd-a36b-00508dc8f23b}\explore\Command]
@=""
[HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcdde4bb-4b13-11dd-a36b-00508dc8f23b}\open\Command]
@=""
Clique sur "Fichier", "Enregistrer sous".
Clique sur Bureau (dans la colonne de gauche)
Dans Nom du fichier tu écris fix.reg
Pour Type tu choisis "tous les fichiers" avec le menu déroulant.
Tu cliques sur Enregistrer.
Tu fermes le Bloc-notes
Sur ton bureau, tu double-clique sur l'icône de Fix.reg
Tu acceptes l'avertissement concernant la fusion
Le fix va travailler sans se manifester.
A la fin, tu vas voir un message disant que la fusion est terminée. Tu valides.
__________________
Fais redémarrer l'ordi.
Tu remets un rapport DSS.
Quel Bloc Notes ???? j'ai pas compris ou est ce que je dois copier le texte en gras ....dans quel fichier.....
Lyonnais92
Messages postés
25159
Date d'inscription
vendredi 23 juin 2006
Statut
Contributeur sécurité
Dernière intervention
16 septembre 2016
1 536
9 juil. 2008 à 07:56
9 juil. 2008 à 07:56
Bonjour,
le BlocNotes, c'est un éditeur de texte. Son nom anglais est Notepad.
Démarrer, tous les programmes, Accessoires et tu as le Bloc Notes dans la liste.
Double clic pour le lancer.
Pour DSS, tu as une icône sur ton Bureau. Double clic aussi. Tu as déjà fait (post 28).
le BlocNotes, c'est un éditeur de texte. Son nom anglais est Notepad.
Démarrer, tous les programmes, Accessoires et tu as le Bloc Notes dans la liste.
Double clic pour le lancer.
Pour DSS, tu as une icône sur ton Bureau. Double clic aussi. Tu as déjà fait (post 28).
Deckard's System Scanner v20071014.68
Run by Smail on 2008-07-09 13:05:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Smail.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:05:26, on 09/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\ChildParentalControl\ChildParentalControl.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Smail\Bureau\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Smail.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O3 - Toolbar: TV5 - Dictionnaires - {CEDDA62D-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\MEDIADICO\Dico TV5\MDTV5TB.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [ChildParentalControl] "C:\Program Files\ChildParentalControl\ChildParentalControl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S9D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Radio && MP3 Player - {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - C:\PROGRA~1\Crawler\Radio\CRadio.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA0D1EB3-D080-4296-982B-5151778EC84E}: NameServer = 41.221.20.4 208.67.222.222
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
Run by Smail on 2008-07-09 13:05:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Smail.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:05:26, on 09/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\ChildParentalControl\ChildParentalControl.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Smail\Bureau\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Smail.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O3 - Toolbar: TV5 - Dictionnaires - {CEDDA62D-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\MEDIADICO\Dico TV5\MDTV5TB.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [ChildParentalControl] "C:\Program Files\ChildParentalControl\ChildParentalControl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S9D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Radio && MP3 Player - {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - C:\PROGRA~1\Crawler\Radio\CRadio.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA0D1EB3-D080-4296-982B-5151778EC84E}: NameServer = 41.221.20.4 208.67.222.222
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
Je voulais installer un Firewall et j'ai vu sur le net que le meileur qui est gratuit c'est Zone alarm ... j'ai téléchargé mais quand je lance l'installation il bloque a 23%.....???????? il veut jamais aller plus loin ....
Lyonnais92
Messages postés
25159
Date d'inscription
vendredi 23 juin 2006
Statut
Contributeur sécurité
Dernière intervention
16 septembre 2016
1 536
9 juil. 2008 à 19:18
9 juil. 2008 à 19:18
Bonjour,
ça n'a pas fonctionné.
Tu n'as pas eu de message du tea-timer te demandant d'autoriser une modification du registre ?
Fais ceci d'abord :
Ouvre Spybot search and destroy.
clique sur mode, choisis advanced mode;
dans la colonne de gauche clique sur le + devant tools.
clique sur résident (colonne de gauche)
dans la fenêtre de droite décoche la case devant "resident tea-timer"
_______________________
ensuite,
Sur ton bureau, tu double-clique sur l'icône de Fix.reg
Tu acceptes l'avertissement concernant la fusion
Le fix va travailler sans se manifester.
A la fin, tu vas voir un message disant que la fusion est terminée. Tu valides.
__________________
Fais redémarrer l'ordi.
Tu remets un rapport DSS.
ça n'a pas fonctionné.
Tu n'as pas eu de message du tea-timer te demandant d'autoriser une modification du registre ?
Fais ceci d'abord :
Ouvre Spybot search and destroy.
clique sur mode, choisis advanced mode;
dans la colonne de gauche clique sur le + devant tools.
clique sur résident (colonne de gauche)
dans la fenêtre de droite décoche la case devant "resident tea-timer"
_______________________
ensuite,
Sur ton bureau, tu double-clique sur l'icône de Fix.reg
Tu acceptes l'avertissement concernant la fusion
Le fix va travailler sans se manifester.
A la fin, tu vas voir un message disant que la fusion est terminée. Tu valides.
__________________
Fais redémarrer l'ordi.
Tu remets un rapport DSS.
Quand je clique sur Fix.reg il me dit fusion je dis ok et juste après meme pas une seconde y'a un message qui me dit:
Les information de C/:documents and settings/smail/bureau/fix.reg ont été inscrites dans le registre.... c'est ça le message qui veut dire que la fusion est terminée ??
Les information de C/:documents and settings/smail/bureau/fix.reg ont été inscrites dans le registre.... c'est ça le message qui veut dire que la fusion est terminée ??
Lyonnais92
Messages postés
25159
Date d'inscription
vendredi 23 juin 2006
Statut
Contributeur sécurité
Dernière intervention
16 septembre 2016
1 536
10 juil. 2008 à 08:19
10 juil. 2008 à 08:19
Bonjour,
exact, c'est ça le message.
exact, c'est ça le message.
Bonjour !
Avant de poster le rapport je voulais vous dire que si tout ce que vous me faites faire là ne servira pas a récupérer mes deux dossiers disparus je crois que je vous fatigue pour rien .... Car au début quand je suis venu sur ce site c'était pour savoir comment me débarrasser du virus film.exe chose que vous avez faite pour moi et pour laquelle je vous en remercie énormément ... et aussi je voulais savoir si y'a un moyen de récupérer mes deux dossiers disparus de plus de 3 GO les deux ... j'ai téléchargé plein d'utilitaires de récupération de dossier supprimé ou formatés mais je n'arrive pas a récupérer tout ... beaucoup sont endommagé et ne s'ouvrent même pas ...... Donc si je ne pourrais pas en récupérer plus que ça je ne voudrais pas vous déranger plus .... je vais formater tout le disque dur ..... ce que je vous demanderai par contre c'est de me donner un maximum de conseils sur ce qui réduira les risques d'infections ....genre ce que je dois installer en plus d'antivirus ... antispyware et autres .... les noms que vous me conseillez aussi juste que tout doit être gratuit ... je ne peux me permettre d'acheter des programmes surtout aux prix qu'ils affichent ...
Si vous me direz de formater donc mon PC, je tiens a vous répéter mes sincères remerciement pour tout ce que vous avez fait pour moi ... Que dieu vous bénisse !!
Le rapport :
Deckard's System Scanner v20071014.68
Run by Smail on 2008-07-10 16:09:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Smail.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:10:04, on 10/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\ChildParentalControl\ChildParentalControl.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\DOCUME~1\Smail\LOCALS~1\Temp\setup_wm.exe
C:\DOCUME~1\Smail\LOCALS~1\Temp\WMC0000.tmp\WMPAU.exe
C:\Documents and Settings\Smail\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Smail.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O3 - Toolbar: TV5 - Dictionnaires - {CEDDA62D-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\MEDIADICO\Dico TV5\MDTV5TB.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [ChildParentalControl] "C:\Program Files\ChildParentalControl\ChildParentalControl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S9D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Radio && MP3 Player - {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - C:\PROGRA~1\Crawler\Radio\CRadio.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA0D1EB3-D080-4296-982B-5151778EC84E}: NameServer = 41.221.20.4 208.67.222.222
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
Avant de poster le rapport je voulais vous dire que si tout ce que vous me faites faire là ne servira pas a récupérer mes deux dossiers disparus je crois que je vous fatigue pour rien .... Car au début quand je suis venu sur ce site c'était pour savoir comment me débarrasser du virus film.exe chose que vous avez faite pour moi et pour laquelle je vous en remercie énormément ... et aussi je voulais savoir si y'a un moyen de récupérer mes deux dossiers disparus de plus de 3 GO les deux ... j'ai téléchargé plein d'utilitaires de récupération de dossier supprimé ou formatés mais je n'arrive pas a récupérer tout ... beaucoup sont endommagé et ne s'ouvrent même pas ...... Donc si je ne pourrais pas en récupérer plus que ça je ne voudrais pas vous déranger plus .... je vais formater tout le disque dur ..... ce que je vous demanderai par contre c'est de me donner un maximum de conseils sur ce qui réduira les risques d'infections ....genre ce que je dois installer en plus d'antivirus ... antispyware et autres .... les noms que vous me conseillez aussi juste que tout doit être gratuit ... je ne peux me permettre d'acheter des programmes surtout aux prix qu'ils affichent ...
Si vous me direz de formater donc mon PC, je tiens a vous répéter mes sincères remerciement pour tout ce que vous avez fait pour moi ... Que dieu vous bénisse !!
Le rapport :
Deckard's System Scanner v20071014.68
Run by Smail on 2008-07-10 16:09:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Smail.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:10:04, on 10/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\ChildParentalControl\ChildParentalControl.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\DOCUME~1\Smail\LOCALS~1\Temp\setup_wm.exe
C:\DOCUME~1\Smail\LOCALS~1\Temp\WMC0000.tmp\WMPAU.exe
C:\Documents and Settings\Smail\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Smail.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O3 - Toolbar: TV5 - Dictionnaires - {CEDDA62D-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\MEDIADICO\Dico TV5\MDTV5TB.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [ChildParentalControl] "C:\Program Files\ChildParentalControl\ChildParentalControl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S9D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Radio && MP3 Player - {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - C:\PROGRA~1\Crawler\Radio\CRadio.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA0D1EB3-D080-4296-982B-5151778EC84E}: NameServer = 41.221.20.4 208.67.222.222
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
Lyonnais92
Messages postés
25159
Date d'inscription
vendredi 23 juin 2006
Statut
Contributeur sécurité
Dernière intervention
16 septembre 2016
1 536
10 juil. 2008 à 17:44
10 juil. 2008 à 17:44
Bonjour,
les spécialistes qui ont analysé les fichiers que tu as envoyé ne semblent pas avoir trouvé que cette infection détruisait les fichiers.
te souviens tu de ce qui s'est passé entre le moment où tu en as vu un pour la dernière fois et le moment où tu as constaté une disparition ?
Sur quelle partition étaient ils installés ?
les spécialistes qui ont analysé les fichiers que tu as envoyé ne semblent pas avoir trouvé que cette infection détruisait les fichiers.
te souviens tu de ce qui s'est passé entre le moment où tu en as vu un pour la dernière fois et le moment où tu as constaté une disparition ?
Sur quelle partition étaient ils installés ?
Ils étaient sur le disk D... et a vrai dire je ne sais pas exactement quand est ce qu'ils ont disparus ... des fois il m'arrive de venir sur le net seulement et de pas aller sur ce disk pendant des jours ... ce n'est qu'ne fois que j'en ai eu besoin que j'ai remarqué qu'ils étaient plus là ...ce qui est bizrre c'est que c'était pas les seuls y'avait d'autres dossiers mais les deux plus lourds qui ont seulement disparus .... si vous trouvez qu'il y'a pas un moyen de les récupérer je fais comme je vous ai dit et si vous pourviez me conseillez par rapport a tous ces logiciels de sécurité firewall antispyware et tous les autres anti ... je m'y connais pas vraiment ce n'est que ce que je lis sur le net que je sais et c'est pas tjrs fiable ce qu'ils racontent ... donc je vous fais confiance a vous et me fierai a ce que vous me direz .... j'installerai ce que vous me direz et configurerai comme vous me direz .... croyez moi je souffre comme ça ... je suis appelé a foirmater au moin une fois par mois .... des fois plus ... des fois c'est le net qui ne m'est plus accecible ... des fois c'est un logiciel que j'utilise .... des fois mon PC roule a 01 km/h meme avec son processeur 3.2 Ghz et une Ram de 1.5 Go.... et 02 Mo de méoire cash .... je dis ça sans vraiment savoir ce que cela veut dire ,..... des amis techniciens en informatiques me disent que c'est du bon matos que j'ai pour un simple utiliqateur qui n'a pas beaucoup de logiciels lourds ..... a vous de voir et de me dire ..... Merci ...
Lyonnais92
Messages postés
25159
Date d'inscription
vendredi 23 juin 2006
Statut
Contributeur sécurité
Dernière intervention
16 septembre 2016
1 536
10 juil. 2008 à 18:11
10 juil. 2008 à 18:11
Re,
fais d'abord ça :
========================================
->Affiche tous les fichiers et dossiers :
clique sur démarrer/panneau de configuration (en affichage classique)/option des dossiers/affichage
[Coche] « afficher les dossiers et fichiers cachés »
[Décoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »
[Décoche] « masquer les extensions dont le type est connu »
Puis fais [appliquer] pour valider les changements.
Et [Ok]
========================================
Clique sur démarrer, tous les programmes, accessoires, puis bloc-note
Dès qu'il s'ouvre, copie/colle le texte ci-dessous dans le bloc note:
dir "D:\*" /a > files.txt
notepad files.txt
Clique sur fichier, enregistrer sous, choisis de mettre dans type: "tous les fichiers"
Nom de fichier: abcde.bat et enregistre le ou tu le retrouvera facilement
Double clique dessus, un rapport va s'ouvrir, enregistre le et envoit le moi stp
Vérifie si tu connais tous les répertoires qui sont sur ce rapport.
fais d'abord ça :
========================================
->Affiche tous les fichiers et dossiers :
clique sur démarrer/panneau de configuration (en affichage classique)/option des dossiers/affichage
[Coche] « afficher les dossiers et fichiers cachés »
[Décoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »
[Décoche] « masquer les extensions dont le type est connu »
Puis fais [appliquer] pour valider les changements.
Et [Ok]
========================================
Clique sur démarrer, tous les programmes, accessoires, puis bloc-note
Dès qu'il s'ouvre, copie/colle le texte ci-dessous dans le bloc note:
dir "D:\*" /a > files.txt
notepad files.txt
Clique sur fichier, enregistrer sous, choisis de mettre dans type: "tous les fichiers"
Nom de fichier: abcde.bat et enregistre le ou tu le retrouvera facilement
Double clique dessus, un rapport va s'ouvrir, enregistre le et envoit le moi stp
Vérifie si tu connais tous les répertoires qui sont sur ce rapport.