effacer répertoire (profil) sous windows xp [résolu]

Salut,

En faisant un clique droit dessus tu peux modifier la valeur.

Bonsoir,

Non enfaisant un clic droit on ne modifie pas la valeur !

Ca fait quoi si je supprime toutes les clefs ?

Je pense sincérement que quelqu'un connait mon mot de passe du routeur.

Dans le fichier hacker.txt c'est le fire wall qui pose peut etre problème:

#Version: 1.5
#Software: Microsoft Windows Firewall
#Time Format: Local
#Fields: date time action protocol src-ip dst-ip src-port dst-port size tcpflags tcpsyn tcpack t

Qu'en penses-tu ?

Ca va pas faire grand chose puisque les clefs étaient liées au profil viviane (sauf du ménage).

Ca doit être un fichier qui récupère des infos basiques de ton ordinateur.
Tu peux chercher "hacker" dans la base de registre?

Bonsoir,

Voici ce que jv16 power tools 2008 a trouvé pour la recherche "hacker"

Peut-être qu'il faut supprimer la première clef mais les autres je pense sont liées à Kaspersky: A Vérifier svp/merci

Voici le rapport:

jv16 PowerTools 2008 [1.8.0.472]

Data fields are: Clé, Nom d'entrée, Valeur, Entrée modifiée en dernier

HKLM\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\7e511006d679f394388ebd50386ec8d0\, 106BB9B49E3124043ACB7E59B54F9AF8, C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\Skin\images\tasks\antihacker32.png, 22.05.2008, 11:24
HKLM\software\kasperskylab\protected\avp7\profiles\retranslationcfg\settings\retrfilter\childs\0002\, CategoryName, Signatures d'attaques pour Anti-Hacker, 22.05.2008, 11:27
HKLM\software\kasperskylab\protected\avp7\profiles\anti_spam\settings\def\users\.default\settings\blackwords\0085\, Rule, * hacker *, 22.05.2008, 11:27
HKLM\software\kasperskylab\protected\avp7\profiles\anti_hacker\, {Clé}, {Clé}, 22.05.2008, 11:26
HKLM\software\kasperskylab\protected\avp7\profiles\anti_hacker\, type, antihacker, 22.05.2008, 11:26
HKLM\software\kasperskylab\protected\avp7\profiles\anti_hacker\profiles\, {Clé}, {Clé}, 22.05.2008, 11:26
HKLM\software\kasperskylab\protected\avp7\profiles\anti_hacker\profiles\AdBlocker\, {Clé}, {Clé}, 22.05.2008, 11:26
HKLM\software\kasperskylab\protected\avp7\profiles\anti_hacker\profiles\AdBlocker\reports\, {Clé}, {Clé}, 22.05.2008, 11:26
HKLM\software\kasperskylab\protected\avp7\profiles\anti_hacker\profiles\AdBlocker\reports\eventcritlog\, {Clé}, {Clé}, 22.05.2008, 11:26
HKLM\software\kasperskylab\protected\avp7\profiles\anti_hacker\profiles\adblocker\reports\eventlog\, {Clé}, {Clé}, 22.05.2008, 11:26
HKLM\software\kasperskylab\protected\avp7\profiles\anti_hacker\profiles\adblocker\settings\, {Clé}, {Clé}, 22.05.2008, 11:26
HKLM\software\kasperskylab\protected\avp7\profiles\anti_hacker\profiles\adblocker\settings\def\, {Clé}, {Clé}, 22.05.2008, 11:26
HKLM\software\kasperskylab\protected\avp7\profiles\anti_hacker\profiles\adblocker\settings\def\askdef\, {Clé}, {Clé}, 22.05.2008, 11:26
HKLM\software\kasperskylab\protected\avp7\profiles\anti_hacker\profiles\adblocker\settings\def\mutexes\, {Clé}, {Clé}, 22.05.2008, 11:26
HKLM\software\kasperskylab\protected\avp7\profiles\anti_hacker\profiles\adblocker\settings\def\mutexes\0000\, {Clé}, {Clé}, 22.05.2008, 11:26
HKLM\software\kasperskylab\protected\avp7\profiles\anti_hacker\profiles\popupchk\, {Clé}, {Clé}, 22.05.2008, 11:26
HKLM\software\kasperskylab\protected\avp7\profiles\anti_hacker\profiles\popupchk\reports\, {Clé}, {Clé}, 22.05.2008, 11:26
HKLM\software\kasperskylab\protected\avp7\profiles\anti_hacker\profiles\popupchk\reports\eventcritlog\, {Clé}, {Clé}, 22.05.2008, 11:26
HKLM\software\kasperskylab\protected\avp7\profiles\anti_hacker\profiles\popupchk\reports\eventlog\, {Clé}, {Clé}, 22.05.2008, 11:26
HKLM\software\kasperskylab\protected\avp7\profiles\anti_hacker\profiles\ids\, {Clé}, {Clé}, 22.05.2008, 11:26
HKLM\software\kasperskylab\protected\avp7\profiles\anti_hacker\profiles\ids\reports\, {Clé}, {Clé}, 22.05.2008, 11:26
HKLM\software\kasperskylab\protected\avp7\profiles\anti_hacker\profiles\ids\reports\eventlog\, {Clé}, {Clé}, 22.05.2008, 11:26
HKLM\software\kasperskylab\protected\avp7\profiles\anti_hacker\profiles\fw\, {Clé}, {Clé}, 22.05.2008, 11:26
HKLM\software\kasperskylab\protected\avp7\profiles\anti_hacker\profiles\fw\reports\, {Clé}, {Clé}, 22.05.2008, 11:26
HKLM\software\kasperskylab\protected\avp7\profiles\anti_hacker\profiles\fw\reports\eventlog_apps\, {Clé}, {Clé}, 22.05.2008, 11:26
HKLM\software\kasperskylab\protected\avp7\profiles\anti_hacker\profiles\fw\reports\eventlog_packets\, {Clé}, {Clé}, 22.05.2008, 11:26

A ++ Très vite signé grisonnant28

Salut,

Bon ya rien, si après cet outil on ne trouve rien, je demande de l'aide.

http://www.gmer.net/index.php

Télécharge Gmer, lance-le, effectue un scan et poste le rapport.

Bonjour,

Voici le rapport du programme GMER :

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-10-26 10:02:17
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwClose [0xF923D370]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwConnectPort [0xF923B420]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateKey [0xF922E7A0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcess [0xF923D0A0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcessEx [0xF923D210]
SSDT \??\C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes' Anti-Malware/Malwarebytes Corporation) ZwCreateSection [0xF7FDFFE0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xF923D940]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateThread [0xF923E7B0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwDeleteKey [0xF922E8A0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwDeleteValueKey [0xF922E920]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwDuplicateObject [0xF923D510]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateKey [0xF922E9B0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateValueKey [0xF922EA60]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwFlushKey [0xF922EB10]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwInitializeRegistry [0xF922EB90]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadDriver [0xF923AFD0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadKey [0xF922F590]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadKey2 [0xF922EBB0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwNotifyChangeKey [0xF922EC80]
SSDT kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) ZwOpenFile [0xF983A030]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenKey [0xF922ED60]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenProcess [0xF923CE90]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenSection [0xF923DCA0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryKey [0xF922EE30]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryMultipleValueKey [0xF922EEE0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQuerySystemInformation [0xF923E460]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryValueKey [0xF922EF90]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwReplaceKey [0xF922F040]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwRequestWaitReplyPort [0xF923BA00]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwRestoreKey [0xF922F0D0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwResumeThread [0xF923E760]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSaveKey [0xF922F2D0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetContextThread [0xF923EAE0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationFile [0xF923F0A0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationKey [0xF922F360]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSecurityObject [0xF9239C20]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSystemInformation [0xF923DB20]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetValueKey [0xF922F400]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSuspendThread [0xF923E710]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSystemDebugControl [0xF923B2E0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwTerminateProcess [0xF923E300]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwUnloadKey [0xF922F550]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwWriteVirtualMemory [0xF923D3D0]

Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!_abnormal_termination + 1D0 804E282C 12 Bytes [ D0, AF, 23, F9, 90, F5, 22, ... ]
.text ntoskrnl.exe!IoIsOperationSynchronous 804E8752 5 Bytes JMP F923F9C0 \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 80503C29 5 Bytes JMP F923F4C0 \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)

---- User code sections - GMER 1.0.14 ----

? C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[132] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] USER32.dll!VRipOutput + FFFA4DE7 7E392A78 4 Bytes [ D0, 11, 42, 30 ]
? C:\Program Files\internet explorer\iexplore.exe[332] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\Program Files\internet explorer\iexplore.exe[332] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\internet explorer\iexplore.exe[332] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dll
? C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[496] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[572] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\ctfmon.exe[792] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[796] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[796] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[796] USER32.dll!VRipOutput + FFFA4DE7 7E392A78 4 Bytes [ D0, 11, 42, 30 ]
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[796] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dll
? C:\WINDOWS\System32\alg.exe[872] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\csrss.exe[924] C:\WINDOWS\system32\KERNEL32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\winlogon.exe[948] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\services.exe[992] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\lsass.exe[1004] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\lsass.exe[1004] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\lsass.exe[1004] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dll
? C:\WINDOWS\system32\svchost.exe[1180] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\svchost.exe[1272] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\System32\svchost.exe[1432] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\Explorer.EXE[1488] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\Explorer.EXE[1488] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\Explorer.EXE[1488] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dll
.text C:\WINDOWS\Explorer.EXE[1488] SHELL32.dll!StrStrW + FFE28B75 7C9D5128 4 Bytes [ 80, 00, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1488] SHELL32.dll!StrStrW + FFE28B81 7C9D5134 4 Bytes [ F0, 00, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1488] SHELL32.dll!StrStrW + FFE2AA25 7C9D6FD8 4 Bytes [ 00, 0B, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1488] SHELL32.dll!StrStrW + FFE2AB0D 7C9D70C0 4 Bytes [ 00, 04, 13, 03 ]
.text C:\WINDOWS\Explorer.EXE[1488] SHELL32.dll!StrStrW + FFE2AB21 7C9D70D4 4 Bytes [ 60, 01, 13, 03 ]
.text ...
.text C:\WINDOWS\Explorer.EXE[1488] SHELL32.dll!SHFree + 11E 7C9FACF8 4 Bytes [ 90, 0A, 42, 7E ]
.text C:\WINDOWS\Explorer.EXE[1488] SHELL32.dll!ILFree + 7C 7C9FAE58 4 Bytes [ 80, 00, 13, 03 ]
.text C:\WINDOWS\Explorer.EXE[1488] SHELL32.dll!ILFree + 110 7C9FAEEC 4 Bytes [ 80, 07, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1488] SHELL32.dll!ILFindChild + 80B 7CA02534 4 Bytes [ D0, 08, 42, 7E ]
.text C:\WINDOWS\Explorer.EXE[1488] SHELL32.dll!ILFindChild + E73 7CA02B9C 4 Bytes [ 20, 03, 13, 03 ]
.text C:\WINDOWS\Explorer.EXE[1488] SHELL32.dll!ILFindChild + E8B 7CA02BB4 4 Bytes [ 30, 06, 13, 03 ]
.text C:\WINDOWS\Explorer.EXE[1488] SHELL32.dll!ILFindChild + 175B 7CA03484 4 Bytes [ 20, 0A, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1488] SHELL32.dll!ILFindChild + 177B 7CA034A4 4 Bytes [ D0, 01, 20, 7D ]
.text ...
.text C:\WINDOWS\Explorer.EXE[1488] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 1F38 7CA0E1C4 4 Bytes [ C0, 05, 13, 03 ]
.text C:\WINDOWS\Explorer.EXE[1488] SHELL32.dll!DllGetVersion + AC9 7CA10084 4 Bytes [ 10, 00, 13, 03 ]
.text C:\WINDOWS\Explorer.EXE[1488] SHELL32.dll!SHTestTokenMembership + E5 7CA14C80 4 Bytes [ 30, 0D, 42, 7E ]
.text C:\WINDOWS\Explorer.EXE[1488] SHELL32.dll!ILLoadFromStream + 6D6 7CA16648 4 Bytes [ 30, 06, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1488] SHELL32.dll!DragQueryFileAorW + 3A07 7CA24934 4 Bytes [ 20, 03, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1488] SHELL32.dll!DragQueryFileAorW + 41D7 7CA25104 4 Bytes [ 00, 04, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1488] SHELL32.dll!DragQueryFileAorW + 42A3 7CA251D0 4 Bytes [ C0, 05, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1488] SHELL32.dll!DragQueryFileAorW + 78F3 7CA28820 4 Bytes [ B0, 02, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1488] SHELL32.dll!InternalExtractIconListA + 2037 7CA2CF98 4 Bytes [ 10, 07, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1488] SHELL32.dll!InternalExtractIconListA + 20F3 7CA2D054 4 Bytes [ 90, 03, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1488] SHELL32.dll!SHGetSetFolderCustomSettingsW + F37 7CA2E144 4 Bytes [ 60, 08, 20, 7D ]
.text C:\WINDOWS\Explorer.EXE[1488] SHELL32.dll!StrStrIW + 1F5 7CA4131C 4 Bytes [ F0, 0E, 42, 7E ]
? C:\WINDOWS\system32\svchost.exe[1556] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\svchost.exe[1556] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\svchost.exe[1556] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dll
? C:\WINDOWS\system32\svchost.exe[1616] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\svchost.exe[1616] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\svchost.exe[1616] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dll
? C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1836] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\spoolsv.exe[1932] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\Documents and Settings\vhurel\Bureau\gmer.exe[2188] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\Documents and Settings\vhurel\Bureau\gmer.exe[2188] C:\WINDOWS\system32\USER32.DLL time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\wuauclt.exe[3040] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[ntoskrnl.exe!IoCreateDevice] 81836D40
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] 81836DF0
IAT \SystemRoot\system32\DRIVERS\netbt.sys[ntoskrnl.exe!IoCreateDevice] 81836D40
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] 81836DF0
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateDevice] 81836D40
IAT \SystemRoot\system32\DRIVERS\netbios.sys[ntoskrnl.exe!IoCreateDevice] 81836D40
IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IoCreateDevice] 81836D40
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoCreateDevice] 81836D40
IAT \SystemRoot\System32\Drivers\Fips.SYS[ntoskrnl.exe!IoCreateDevice] 81836D40
IAT \SystemRoot\system32\DRIVERS\ipnat.sys[ntoskrnl.exe!IoCreateDevice] 81836D40
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[ntoskrnl.exe!IoCreateDevice] 81836D40
IAT \SystemRoot\System32\Drivers\Cdfs.SYS[ntoskrnl.exe!IoCreateDevice] 81836D40
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[ntoskrnl.exe!IoCreateDevice] 81836D40
IAT \SystemRoot\system32\DRIVERS\mrxdav.sys[ntoskrnl.exe!IoCreateDevice] 81836D40
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateDevice] 81836D40
IAT \SystemRoot\system32\drivers\wdmaud.sys[ntoskrnl.exe!IoCreateDevice] 81836D40
IAT \SystemRoot\system32\drivers\sysaudio.sys[ntoskrnl.exe!IoCreateDevice] 81836D40
IAT \SystemRoot\System32\Drivers\HTTP.sys[ntoskrnl.exe!IoCreateDevice] 81836D40
IAT \SystemRoot\System32\Drivers\Fastfat.SYS[ntoskrnl.exe!IoCreateDevice] 81836D40

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[132] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[132] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[132] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[132] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[132] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[132] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[132] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[132] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[132] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[132] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[132] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[132] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[132] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[132] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[132] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[132] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[132] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[132] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[132] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[132] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[132] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[132] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[132] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[132] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[132] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[132] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[132] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[132] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[132] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[132] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[132] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[180] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation)
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] 009604A8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 009604D2
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 009604FC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 00960526
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 00960550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 0096057A
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 009605A4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 009605CE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 009605F8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00960622
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 0096064C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00960676
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 009606A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 009606CA
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 009606F4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 0096071E
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 00960748
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 00960772
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 0096079C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 009607C6
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 009607F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 0096081A
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 00960844
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 0096086E
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 00960898
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 009608C2
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 009608EC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 00960916
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00960940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 0096096A
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 00960994
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 009609BE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 009609E8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 00960A12
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00960E56
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 00960E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 00960EAA
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW] 00960ED4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 00960EFE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00960F28
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 00960F52
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 00960F7C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 00960FA6
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] 00960FD0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 009C0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 009C003A
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 009C0064
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 009C008E
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 009C00B8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 009C00E2
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 009C010C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 009C0136
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 009C0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 009C018A
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 009C01B4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 009C01DE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 009C0208
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 009C0232
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 009C025C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 009C0286
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW] 009C02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 009C02DA
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 009C0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 009C032E
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 009C0358
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[184] @ C:\WINDOWS\sy

Salut,

Passe ce fichier sur VirusTotal http://www.virustotal.com/fr/:

C:\Windows\System32\shell32.dll

Poste la liste des antivirus uniquement.

Bonjour :

Voici le rapport de virus total :

Fichier shell32.dll reçu le 2007.11.28 13:27:06 (CET)
Situation actuelle: terminé

Résultat: 0/32 (0.00%)
Formaté Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.11.28.1 2007.11.28 -
AntiVir 7.6.0.34 2007.11.28 -
Authentium 4.93.8 2007.11.28 -
Avast 4.7.1074.0 2007.11.27 -
AVG 7.5.0.503 2007.11.27 -
BitDefender 7.2 2007.11.28 -
CAT-QuickHeal 9.00 2007.11.27 -
ClamAV 0.91.2 2007.11.28 -
DrWeb 4.44.0.09170 2007.11.28 -
eSafe 7.0.15.0 2007.11.28 -
eTrust-Vet 31.3.5333 2007.11.28 -
Ewido 4.0 2007.11.27 -
F-Prot 4.4.2.54 2007.11.28 -
F-Secure 6.70.13030.0 2007.11.28 -
FileAdvisor 1 2007.11.28 -
Fortinet 3.14.0.0 2007.11.28 -
Ikarus T3.1.1.12 2007.11.28 -
Kaspersky 7.0.0.125 2007.11.28 -
McAfee 5172 2007.11.27 -
Microsoft 1.3007 2007.11.28 -
NOD32v2 2690 2007.11.28 -
Norman 5.80.02 2007.11.27 -
Panda 9.0.0.4 2007.11.26 -
Prevx1 V2 2007.11.28 -
Rising 20.20.21.00 2007.11.28 -
Sophos 4.23.0 2007.11.28 -
Sunbelt 2.2.907.0 2007.11.27 -
Symantec 10 2007.11.28 -
TheHacker 6.2.9.144 2007.11.28 -
VBA32 3.12.2.5 2007.11.27 -
VirusBuster 4.3.26:9 2007.11.28 -
Webwasher-Gateway 6.0.1 2007.11.28 -
Information additionnelle
File size: 8516608 bytes
MD5: afcc9e31e725a79fb4acb819747f043d
SHA1: 05cf007a6a0d0c8e5a2509ec036df9d7f0df0468
A très vite : signé grisonnant28

Salut,

Je donne ma langue au chat, j'appelle les experts.
Edit: toujours pas de réponse... Créer un topic dans la partie Windows&Logiciels en indiquant ton problème ainsi que le lien vers ce topic.

Continue quand même à scruter ce topic si j'ai autre chose à proposer ou si un expert intervient.

Salut,

Suis le tutorial ici et poste le rapport obtenu :

http://forum.pcastuces.com/randoms_system_information_tool_rsit___tutoriel-f2(...)

BOn courage, a propos pas d'alerte de kaspersky sur le svschost.exe ?

Bonjour voici le rapport :


info.txt logfile of random's system information tool 1.04 2008-10-30 11:59:10

======Uninstall list======

GTOneCare-->MsiExec.exe /X{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
jv16 PowerTools 2008-->"C:\Program Files\jv16 PowerTools 2008\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT

=====HijackThis Backups=====

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuw(...)
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://ownbloog.com/phpmyvisites/libs/smarty/internals/core.process_tracking_(...)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

======Security center information======

AV: Kaspersky Anti-Virus (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 5 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0502
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

Et voilà l'autre rapport :

Logfile of random's system information tool 1.04 (written by random/random)
Run by vhurel at 2008-10-30 11:57:45
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 2 GB (20%) free of 8 GB
Total RAM: 255 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:19, on 30/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\vhurel\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\vhurel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuw(...)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--
End of file - 5227 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [2008-02-08 227856]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe [2005-09-08 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe [2002-03-18 188416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-02-08 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"legalnoticecaption"=
"legalnoticetext"=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"\\C000273\Diablo\Diablo.exe"="\\C000273\Diablo\Diablo.exe:*:Enabled:Diablo.exe"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:Partage de l'application RTC"
"C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.325\French\setup.exe"="C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.325\French\setup.exe:*:Enabled:Programme d'installation de Kaspersky Anti-Virus 7.0"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\aMSN\bin\wish.exe"="C:\Program Files\aMSN\bin\wish.exe:*:Enabled:Wish Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======File associations======

.scr - config - "%1" /S

======List of files/folders created in the last 1 months======

2008-10-30 11:57:45 ----D---- C:\rsit
2008-10-27 20:45:06 ----D---- C:\WINDOWS\system32\LogFiles
2008-10-26 09:30:28 ----A---- C:\WINDOWS\gmer.ini
2008-10-26 09:29:45 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-10-26 09:29:44 ----A---- C:\WINDOWS\gmer.dll
2008-10-26 09:29:42 ----A---- C:\WINDOWS\gmer.exe
2008-10-26 09:27:29 ----D---- C:\gmer
2008-10-24 21:03:06 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-24 18:06:30 ----SHD---- C:\RECYCLER
2008-10-24 17:57:48 ----ASH---- C:\WINDOWS\system32\adfeead5_z.dll
2008-10-24 17:56:40 ----D---- C:\Program Files\jv16 PowerTools 2008
2008-10-22 20:11:46 ----D---- C:\WINDOWS\temp
2008-10-22 20:11:41 ----A---- C:\ComboFix.txt
2008-10-22 08:58:26 ----D---- C:\Temp
2008-10-20 15:08:08 ----D---- C:\bidule
2008-10-19 18:13:02 ----D---- C:\Program Files\Windows Live Safety Center
2008-10-19 17:41:53 ----D---- C:\Program Files\Microsoft Windows OneCare Live
2008-10-19 12:27:48 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-19 12:27:48 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-19 10:10:53 ----D---- C:\Program Files\Piratrax
2008-10-18 16:25:18 ----D---- C:\Program Files\Enigma Software Group
2008-10-18 15:07:51 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-18 10:06:29 ----D---- C:\WINDOWS\system32\Kaspersky Lab
2008-10-17 16:22:30 ----A---- C:\WINDOWS\imsins.BAK
2008-10-17 15:44:06 ----D---- C:\Documents and Settings\vhurel\Application Data\Yahoo!
2008-10-17 15:28:13 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-10-17 12:58:37 ----D---- C:\Program Files\Motive
2008-10-17 12:55:11 ----HD---- C:\Config.Msi
2008-10-17 11:53:05 ----D---- C:\Program Files\Motive(2)
2008-10-17 10:04:58 ----D---- C:\WINDOWS\Internet Logs
2008-10-17 09:12:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-17 09:10:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-17 09:07:08 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 21:22:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 21:19:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-14 19:27:19 ----D---- C:\Program Files\RegCleaner
2008-10-11 12:23:51 ----D---- C:\Program Files\Unlocker
2008-10-09 20:25:10 ----D---- C:\Program Files\Yahoo!
2008-10-09 20:24:54 ----D---- C:\Program Files\CCleaner
2008-10-09 20:04:56 ----A---- C:\WINDOWS\msnfix.txt
2008-10-09 19:43:52 ----D---- C:\_OTMoveIt
2008-10-08 19:25:57 ----D---- C:\Documents and Settings\vhurel\Application Data\Apple Computer
2008-10-08 19:24:52 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2008-10-08 19:23:32 ----D---- C:\Program Files\iPod
2008-10-08 19:23:16 ----D---- C:\Program Files\iTunes
2008-10-08 19:22:12 ----D---- C:\Program Files\Bonjour
2008-10-08 19:17:39 ----D---- C:\Program Files\QuickTime
2008-10-08 19:17:33 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-08 19:15:57 ----D---- C:\Program Files\Apple Software Update
2008-10-08 19:13:48 ----D---- C:\Program Files\Fichiers communs\Apple
2008-10-08 19:13:46 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-10-07 17:22:52 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-10-06 19:15:45 ----D---- C:\Program Files\Navilog1
2008-10-05 14:37:01 ----D---- C:\WINDOWS\erdnt
2008-10-05 14:35:47 ----D---- C:\QooBox
2008-10-05 14:35:29 ----A---- C:\WINDOWS\zip.exe
2008-10-05 14:35:29 ----A---- C:\WINDOWS\VFind.exe
2008-10-05 14:35:29 ----A---- C:\WINDOWS\swxcacls.exe
2008-10-05 14:35:29 ----A---- C:\WINDOWS\SWSC.exe
2008-10-05 14:35:29 ----A---- C:\WINDOWS\SWREG.exe
2008-10-05 14:35:29 ----A---- C:\WINDOWS\sed.exe
2008-10-05 14:35:29 ----A---- C:\WINDOWS\Nircmd.exe
2008-10-05 14:35:29 ----A---- C:\WINDOWS\grep.exe
2008-10-05 14:35:29 ----A---- C:\WINDOWS\fdsv.exe
2008-10-05 09:53:37 ----D---- C:\Program Files\Trend Micro
2008-10-04 17:36:32 ----D---- C:\nettoyage

======List of files/folders modified in the last 1 months======

2008-10-30 10:59:19 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-30 10:58:39 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-29 21:17:48 ----D---- C:\Program Files\Mozilla Firefox
2008-10-29 20:21:01 ----D---- C:\Documents and Settings
2008-10-28 21:26:12 ----RSD---- C:\WINDOWS\Fonts
2008-10-28 18:17:38 ----D---- C:\WINDOWS\system32
2008-10-26 17:04:41 ----D---- C:\WINDOWS
2008-10-26 16:24:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-26 16:24:27 ----D---- C:\WINDOWS\Help
2008-10-26 09:29:45 ----D---- C:\WINDOWS\system32\drivers
2008-10-26 09:22:33 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-26 09:15:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-25 17:57:54 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-25 17:57:24 ----HD---- C:\WINDOWS\inf
2008-10-25 15:31:08 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-25 12:55:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-25 10:25:54 ----ASH---- C:\boot.ini
2008-10-25 10:25:54 ----A---- C:\WINDOWS\win.ini
2008-10-25 10:25:54 ----A---- C:\WINDOWS\system.ini
2008-10-24 21:02:10 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-24 17:56:40 ----RD---- C:\Program Files
2008-10-22 19:58:27 ----D---- C:\Program Files\Fichiers communs
2008-10-22 19:58:26 ----D---- C:\WINDOWS\AppPatch
2008-10-22 19:47:14 ----SHD---- C:\System Volume Information
2008-10-22 19:47:14 ----D---- C:\WINDOWS\system32\Restore
2008-10-22 19:41:23 ----SD---- C:\WINDOWS\Tasks
2008-10-20 17:53:05 ----SHD---- C:\WINDOWS\Installer
2008-10-17 16:29:15 ----D---- C:\Program Files\Internet Explorer
2008-10-17 16:10:01 ----D---- C:\WINDOWS\Debug
2008-10-17 15:59:13 ----D---- C:\WINDOWS\system32\config
2008-10-17 15:58:38 ----D---- C:\WINDOWS\system32\wbem
2008-10-17 15:58:36 ----D---- C:\WINDOWS\Registration
2008-10-17 15:27:31 ----D---- C:\WINDOWS\WinSxS
2008-10-17 15:27:31 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2008-10-17 12:56:58 ----D---- C:\WINDOWS\system32\appmgmt
2008-10-17 12:54:37 ----D---- C:\WINDOWS\Motive
2008-10-17 12:40:08 ----D---- C:\WINDOWS\pss
2008-10-17 09:03:34 ----D---- C:\WINDOWS\Prefetch
2008-10-17 08:56:17 ----D---- C:\WINDOWS\ie7updates
2008-10-15 20:07:03 ----D---- C:\Program Files\Windows Live
2008-10-15 17:59:28 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-12 15:35:58 ----D---- C:\Program Files\Club-Internet
2008-10-12 12:36:08 ----SD---- C:\Documents and Settings\vhurel\Application Data\Microsoft
2008-10-09 20:27:47 ----D---- C:\WINDOWS\Minidump
2008-10-08 19:24:51 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-07 20:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-05 13:32:49 ----D---- C:\Program Files\Messenger
2008-10-04 11:08:24 ----D---- C:\Documents and Settings\vhurel\Application Data\Adobe
2008-10-03 18:12:27 ----A---- C:\WINDOWS\system32\ieframe.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 klif;Klif; \??\C:\WINDOWS\system32\drivers\klif.sys []
R3 cwcspud;Pilote Crystal SoundFusion(tm); C:\WINDOWS\system32\drivers\cwcspud.sys [2001-08-17 111872]
R3 cwcwdm;Pilote WDM Crystal SoundFusion(tm); C:\WINDOWS\system32\drivers\cwcwdm.sys [2001-08-17 93952]
R3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 G200;G200; C:\WINDOWS\system32\DRIVERS\G200m.sys [2001-08-23 320512]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 24592]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-10-26 85969]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 AVP;Kaspersky Anti-Virus 7.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [2008-02-08 227856]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-10-22 170640]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]

-----------------EOF-----------------
Grisonnant28

Salut Grisonnant28,

Après recherche je suis tombé sur un fichier probablement infectieux :

C:\WINDOWS\system32\adfeead5_z.dll

Vire-le avec OTMoveIT et poste le rapport obtenu.

Voici le rapport :

C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86 moved successfully.
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86 moved successfully.
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10232008_200858

Grisonnant28

Bonsoir,

Désolé mon fils a voulu faire la manip mais n'a pas trouvé le bon fichier log

Je vais je crois refaire la manipulation ce soir

A ce soir vers 20 heures

grisonnant28

Bonsoir,

J'ai u un mal de chien pour supprimer le fichier adfeead5_z.dll mais je crois que c'est bon.

voici le rapport:

LoadLibrary failed for C:\WINDOWS\system32\adfeead5_z.dll
C:\WINDOWS\system32\adfeead5_z.dll NOT unregistered.
C:\WINDOWS\system32\adfeead5_z.dll moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10302008_202943

Suite au prochain numéro

signé grisonnant28

Re- bonsoir,

Je suis en vacances à partir de demain soir (vendredi 31/10) et je crois que la meilleure chose à faire est de formatter mon PC.

En fait je rentre le 6 au boulot.

Est-ce que si je formatte le PC le Hacker reviendra ?

Merci de me répondre

Signé grisonnant28

Salut,

Non il disparaîtra. Désolé de t'avoir perdre autant de temps, je pensais pouvoir t'aider mais j'ai failli. Je te présente mes excuses et te souhaite une très bonne continuation.

A que coucou Master G :

Début des hostitites avec mon PC pour le refaire.

Tu n'y est pour rien nous n'y sommes pas arrivés c'est tout

c pas grave !

Je te dis quand j'aurai fini si le hacker revient

A ++ Grisonnant28

Salut,

Tiens moi au courant de la situation et bon courage.

Salut

J'ai re-installé windows xp parfaitement puis club-internet

J'en suis aux mises à jour de windows

Quand tout sera terminé je ferai une image ghost de mon PC

A tout de suite

grisonnant 28

Bonsoir Master

Ca Y est j'ai un PC tout neuf !

Et en plus j'ai une image Disque en cas de problèmes

Bonne nuit et pas à bientôt j'éspère

grisonnant 28

NB: J'éspère que le hacker ne trouvera aucunes failles

Bonne continuation

Salut,

Bonne nouvelle !
Installe un antivirus, un antispyware et un firewall. Ainsi tu devrais être tranquille pendant longtemps.

CCleaner est un outil pratique pour faire du ménage dans les fichiers temporaires récupérés sur le net. Tu peux même le configurer pour qu'il les supprime au redémarrage. Parfois les infections se faufilent parmi ces fichiers, donc n'hésite pas à faire un peu de ménage de temps en temps.

Internet Explorer est une passoire, car il est peu mis à jour.
Pour éviter cela, tu peux utiliser un navigateur à côté comme Firefox ou Opera.

J'espère que tout ira bien désormais, si tu as le moindre soucis reviens nous voir, il y aura toujours quelqu'un pour répondre à tes questions/problèmes.

A + , bonne continuation et surtout bon surf !!!

ps : si tu as un peu de temps, édite ton premier message dans ce topic, et modifie le titre en ajoutant "[Résolu]".