Edt.exe
Dernière réponse : dans Sécurité
Bonjour,quelqu'un aurait-il l'amabilité de me dire qu'est ce qu'est edt.exe ![:??:]( ":??:")
je travaillais sur mon ordinateur hors connexion quand il se met à ramer sérieusement à la limite du blocage. mon indicateur d'activité du cpu m'indique une activité du processeur de 100%. Je vais faire un tour dans le gestionnaire des taches et je vois qu'effectivement que "windows explorer" et "edt.exe" se partagent le processus à 50% chacun. ceci ne voulait pas finir jusqu'à ce que je redémarre le pc pour que tout rentre dans l'ordre.
Est-ce que tout cela est normal? merci pour votre patience![;)]( ";)")
je travaillais sur mon ordinateur hors connexion quand il se met à ramer sérieusement à la limite du blocage. mon indicateur d'activité du cpu m'indique une activité du processeur de 100%. Je vais faire un tour dans le gestionnaire des taches et je vois qu'effectivement que "windows explorer" et "edt.exe" se partagent le processus à 50% chacun. ceci ne voulait pas finir jusqu'à ce que je redémarre le pc pour que tout rentre dans l'ordre.
Est-ce que tout cela est normal? merci pour votre patience
Autres pages sur : edt exe
Lassé par la pub ? Créez un compte
Bonsoir
On va voir...
1
Télécharge DDS et sauvegarde-le sur ton bureau.
Désactive tout script bloquant, tel q'un antivirus, un logiciel comme ad-block, noscript etc.
Double-clique sur dds.scr pour lancer l'outil.
Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
Clique Oui à la prochaine invite Optional Scan.
Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.
2
Télécharge GMER à partir de ce lien : http://www.gmer.net/files.php - clic sur "Download EXE" et télécharge le fichier sur ton bureau.
Voir le tutorial GMER, ça peut peut-être t'aider : http://www.malekal.com/tutorial_GMER.php
Désactive tes logiciels de protection (antivirus, antispyware etc) et ferme tous les programmes ouverts.
Double-clique sur le fichier GMER téléchargé.
IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
Clique sur l'onglet "rootkit"
A droite, coche tout.
Clique maintenant sur Scan.
Lorsque le scan est terminé, clique sur Copy.
Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.
Enregistre le fichier sur ton Bureau et poste le contenu ici.
++++++++++++++++++++++++
On va voir...
1
Télécharge DDS et sauvegarde-le sur ton bureau.
2
Télécharge GMER à partir de ce lien : http://www.gmer.net/files.php - clic sur "Download EXE" et télécharge le fichier sur ton bureau.
Voir le tutorial GMER, ça peut peut-être t'aider : http://www.malekal.com/tutorial_GMER.php
IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
Le rapport doit alors apparaître.
++++++++++++++++++++++++
- | Alerter
Bonjour SHAM_ROCK
C'est sympa de me répondre et je te remercie infiniment.
Oui j'ai tardé à répondre car le PC dont je parle est à la maison où je ne suis pas connecté. Alors tu vois un peu le travail, je lis et télécharge tout ce que tu me dis au bureau et l'applique at home.
voila je poste le texte dds et ensuite le rapport GMER (sacrement long mon vieux).
DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrateur at 23:55:01,92 on 08/06/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2039.1555 [GMT 1:00]
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\VIDAL\Communs\VIDAL.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinRoll\winroll.exe
C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Microsoft Etudes\Microsoft Encarta 2009 - Études DVD\EDICT.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrateur\Bureau\EDT TUTO\dds.scr
============== Pseudo HJT Report ===============
uWindow Title = Windows Internet Explorer
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: Share Accelerator MM Toolbar: {4596013b-6c31-408b-a266-deae5c086dc2} - c:\program files\share_accelerator_mm\tbShar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Share Accelerator MM Toolbar: {4596013b-6c31-408b-a266-deae5c086dc2} - c:\program files\share_accelerator_mm\tbShar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Systran40premi.IEPlugIn: {cfb25594-4d5f-11d6-ab7b-00b0d094b576} - c:\program files\systran\4_0\premium\IEPlugIn.dll
TB: Share Accelerator MM Toolbar: {4596013b-6c31-408b-a266-deae5c086dc2} - c:\program files\share_accelerator_mm\tbShar.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No File
EB: {9455301C-CF6B-11D3-A266-00C04F689C50} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\fichiers communs\ahead\lib\NMBgMonitor.exe"
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [WinRoll] c:\program files\winroll\winroll.exe
uRun: [SkinClock] c:\program files\clock tray skins\ClockTraySkins.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [L09FXLRD_10794625] "c:\program files\microsoft etudes\microsoft encarta 2009 - études dvd\EDICT.EXE" -m
uRun: [Spn2006] c:\spn\edt.exe stw
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [AutorunRemover.exe] c:\program files\autorunremover\AutorunRemover.exe -Hide
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 7.0\avp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\fichiers communs\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"
mRun: [EPSON Stylus C79 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibgp.exe /fu "c:\windows\temp\E_S8B.tmp" /EF "HKLM"
mRun: [EPSON Stylus C79 Series (Copie 1)] c:\windows\system32\spool\drivers\w32x86\3\e_fatibgp.exe /fu "c:\windows\temp\E_S122.tmp" /EF "HKLM"
mRun: [USB Antivirus] c:\program files\usb disk security\USBGuard.exe
mRun: [vdlDeamon] c:\program files\vidal\communs\VIDAL.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-explorer: HonorAutoRunSetting = 0 (0x0)
mPolicies-explorer: HonorAutoRunSetting = 0 (0x0)
IE: Ajouter à Kaspersky Anti-Bannière - c:\program files\kaspersky lab\kaspersky internet security 7.0\ie_banner_deny.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 7.0\SCIEPlgn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\fichiers communs\microsoft shared\encarta search bar\ENCSBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1.0\adialhk.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\fichiers communs\lightscribe\LSRunOnce.exe"
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\8955rzy4.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.GOOGLE.FR
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2007-4-28 110360]
R1 klif;Klif;c:\windows\system32\drivers\klif.sys [2007-5-18 185616]
R2 AVP;Kaspersky Internet Security 7.0;c:\program files\kaspersky lab\kaspersky internet security 7.0\avp.exe [2007-5-19 218640]
R2 LF30FS;LF30FS;c:\program files\everstrike software\lock folder xp 3.6\LF30XP.sys [2004-11-19 101488]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-4-4 24344]
S2 bzymaojjg;Security Installer;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 ushecizm;Update Center;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 jfdcd;jfdcd;\??\c:\docume~1\admini~1\locals~1\temp\jfdcd.sys --> c:\docume~1\admini~1\locals~1\temp\jfdcd.sys [?]
=============== Created Last 30 ================
2010-06-06 22:43:24 0 d-----w- c:\program files\Conjugaison
2010-06-03 22:56:06 3 ----a-w- c:\windows\cfsywin32.sys
2010-06-03 22:42:34 0 d-----w- C:\Spn
2010-06-01 21:18:05 0 d-----w- c:\program files\USB Disk Security
2010-06-01 20:17:38 116 ----a-w- c:\windows\Tiny_Run.ini
2010-05-31 21:43:32 380928 ----a-w- c:\windows\system32\AviSplitter.ax
2010-05-31 21:41:03 0 d-----w- c:\program files\MUSK Codec Pack v6
2010-05-30 22:45:35 0 d-----w- c:\program files\File Restore Professional
2010-05-30 22:39:43 167 ----a-w- c:\windows\ASYM.ini
2010-05-30 22:39:32 0 d-----w- c:\windows\Asym
2010-05-30 22:39:30 0 d-----w- c:\program files\fichiers communs\Borland Shared
2010-05-30 22:25:38 3932214 ----a-w- c:\windows\Administrateur.bmp
2010-05-30 21:49:08 0 d-----w- c:\program files\Total Video Converter
2010-05-28 22:28:00 0 d-----w- c:\program files\world atlas
2010-05-28 22:23:19 0 d-----w- c:\program files\DAEMON Tools Toolbar
2010-05-28 22:23:17 0 d-----w- c:\program files\DAEMON Tools Lite
2010-05-28 20:42:23 27958 ----a-w- c:\windows\system32\SpoonUninstall-dBpowerAMP Musepack Codec.bmp
2010-05-28 20:42:22 3451 ----a-w- c:\windows\system32\SpoonUninstall-dBpowerAMP Musepack Codec.dat
2010-05-27 20:29:15 0 d-----w- c:\docume~1\alluse~1\applic~1\Zbshareware Lab
2010-05-27 10:31:44 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-05-27 10:31:44 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-05-27 10:15:52 0 d-----w- c:\docume~1\alluse~1\applic~1\UDL
2010-05-27 10:13:10 25 ----a-w- c:\windows\CDE C79ERUK.ini
2010-05-27 09:44:27 0 d-----w- c:\program files\EPSON
2010-05-27 09:44:12 49152 ----a-w- c:\windows\system32\E_DCINST.DLL
2010-05-27 09:44:07 73216 ----a-w- c:\windows\system32\E_FLBBGP.DLL
2010-05-27 09:44:07 62976 ----a-w- c:\windows\system32\E_FD4BBGP.DLL
2010-05-26 21:35:46 0 d-----w- c:\program files\CCleaner
2010-05-18 20:22:10 0 d-----w- c:\program files\Microsoft Etudes
2010-05-18 20:21:26 0 d-----w- c:\program files\Learning Essentials
2010-05-12 19:18:44 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2010-05-12 19:18:44 32640 ----a-w- c:\windows\system32\drivers\symc8xx.sys
2010-05-12 09:12:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-05-12 09:12:47 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-11 13:12:48 0 d-sha-r- C:\autorun.inf
2010-05-11 09:46:13 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-05-11 09:46:13 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-05-11 09:45:36 0 d-----w- c:\program files\Kaspersky Lab
2010-05-11 09:45:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2010-05-11 09:45:34 59420 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-05-11 09:45:34 580896 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-05-11 09:45:34 150524 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-05-11 09:45:34 10588960 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-05-11 09:28:02 0 d-s---w- c:\documents and settings\administrateur\UserData
2010-05-11 09:13:57 0 d-----w- c:\windows\system32\wbem\Repository
2010-05-11 09:06:52 0 d-----w- c:\program files\AutorunRemover
2010-05-11 08:41:25 0 d-----w- C:\UsbFix
2010-05-11 07:26:16 0 d-----w- c:\program files\AutorunRemover(2)
2010-05-09 23:42:11 0 d-----w- c:\docume~1\alluse~1\applic~1\ACD Systems(2)
2010-05-09 23:42:06 0 d-----w- c:\program files\ACD Systems(2)
2010-05-09 23:31:48 0 d-----w- c:\program files\fichiers communs\ACD Systems
==================== Find3M ====================
2010-05-28 20:42:22 167936 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-04-29 21:14:07 4716 ----a-w- c:\windows\gdrv.sys
2010-03-25 12:40:28 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
============= FINISH: 23:55:18,17 ===============
Voila maintenant le rapport GMER.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-09 02:48:58
Windows 5.1.2600 Service Pack 2
Running: 5rxf7ql9.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdapog.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwClose [0xA985C810]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateKey [0xA984F3C0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcess [0xA985C520]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcessEx [0xA985C6A0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSection [0xA985D120]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xA985CD90]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateThread [0xA985DA80]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwDeleteKey [0xA984F4E0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwDeleteValueKey [0xA984F560]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwDuplicateObject [0xA985C960]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateKey [0xA984F5F0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateValueKey [0xA984F6A0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwFlushKey [0xA984F750]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwInitializeRegistry [0xA984F7D0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadDriver [0xA985AD70]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadKey [0xA9850200]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadKey2 [0xA984F7F0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwNotifyChangeKey [0xA984F8F0]
SSDT kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) ZwOpenFile [0xBA4BB000]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenKey [0xA984F9D0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenProcess [0xA985C310]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenSection [0xA985CF60]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryKey [0xA984FAD0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryMultipleValueKey [0xA984FB80]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQuerySystemInformation [0xA985D730]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryValueKey [0xA984FC30]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwReplaceKey [0xA984FCE0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwRestoreKey [0xA984FD70]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwResumeThread [0xA985DA30]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSaveKey [0xA984FF70]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetContextThread [0xA985DDA0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationFile [0xA985E370]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationKey [0xA9850000]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSecurityObject [0xA9859A30]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetValueKey [0xA98500A0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSuspendThread [0xA985D9E0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSystemDebugControl [0xA985B0E0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwTerminateProcess [0xA985D580]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwUnloadKey [0xA98501C0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwWriteVirtualMemory [0xA985C830]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[284] [0xA9858D80]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[285] [0xA9858D90]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[286] [0xA9858DA0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[287] [0xA9858DC0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[288] [0xA9858DE0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[289] [0xA9858E10]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[290] [0xA9858E20]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[291] [0xA9858E40]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[292] [0xA9858E50]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[293] [0xA9858F10]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[294] [0xA9858FE0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[295] [0xA9859020]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[296] [0xA9859060]
INT 0x62 ? 8AA97BF8
INT 0x63 ? 8A77AF00
INT 0x73 ? 8A77AF00
INT 0x82 ? 8AA97BF8
INT 0x83 ? 8A77AF00
INT 0xA4 ? 8A77AF00
INT 0xB4 ? 8A77AF00
Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) IoIsOperationSynchronous
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAE40 5 Bytes JMP A985E790 \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF634 5 Bytes JMP A985EC90 \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)
? sphg.sys Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload BA20662C 5 Bytes JMP 8A77A4E0
.text a5oemv6h.SYS BA132386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a5oemv6h.SYS BA1323AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a5oemv6h.SYS BA1323C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text a5oemv6h.SYS BA1323C9 1 Byte [2E]
.text a5oemv6h.SYS BA1323C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...
---- User code sections - GMER 1.0.15 ----
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[300] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[300] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[300] USER32.dll!VRipOutput + FFFA5010 77D12A78 4 Bytes [70, 11, 88, 00] {JO 0x13; MOV [EAX], AL}
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[300] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\WINDOWS\system32\cisvc.exe[360] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\cisvc.exe[360] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\cisvc.exe[360] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[404] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[404] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[404] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\Program Files\Java\jre6\bin\jqs.exe[564] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Java\jre6\bin\jqs.exe[564] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe[692] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[724] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[724] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[724] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\WINDOWS\system32\wdfmgr.exe[792] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\PROGRA~1\Systran\4_0\Premium\SYSTRA~1.EXE[1108] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\PROGRA~1\Systran\4_0\Premium\SYSTRA~1.EXE[1108] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\PROGRA~1\Systran\4_0\Premium\SYSTRA~1.EXE[1108] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1168] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1168] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1168] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1168] SHELL32.dll!StrStrW + FFE2AEDD 7C9D42A8 4 Bytes [F0, 00, 20, 7D]
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1168] SHELL32.dll!StrStrW + FFE2AEE9 7C9D42B4 4 Bytes [60, 01, 20, 7D]
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1168] SHELL32.dll!StrStrW + FFE2D515 7C9D68E0 4 Bytes [00, 04, 20, 7D]
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1168] SHELL32.dll!StrStrW + FFE2D55D 7C9D6928 4 Bytes [90, 03, 20, 7D]
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1168] SHELL32.dll!StrStrW + FFE2DD5D 7C9D7128 4 Bytes [50, 05, 20, 7D]
.text ...
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1168] SHELL32.dll!SHCreateShellFolderView + 462E 7CA04C9C 4 Bytes [20, 03, 20, 7D]
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1168] SHELL32.dll!SHCreateShellFolderView + 4666 7CA04CD4 4 Bytes [B0, 02, 20, 7D]
? C:\WINDOWS\system32\csrss.exe[1180] C:\WINDOWS\system32\KERNEL32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\winlogon.exe[1204] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\winlogon.exe[1204] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\winlogon.exe[1204] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\WINDOWS\system32\services.exe[1272] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\lsass.exe[1284] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\lsass.exe[1284] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\lsass.exe[1284] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\WINDOWS\system32\svchost.exe[1476] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[1596] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[1596] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\svchost.exe[1596] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\WINDOWS\System32\svchost.exe[1640] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\System32\svchost.exe[1640] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\System32\svchost.exe[1640] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe[1948] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\spoolsv.exe[2028] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Documents and Settings\Administrateur\Bureau\5rxf7ql9.exe[2076] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Documents and Settings\Administrateur\Bureau\5rxf7ql9.exe[2076] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\NOTEPAD.EXE[2156] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\NOTEPAD.EXE[2156] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\NOTEPAD.EXE[2156] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\WINDOWS\system32\cidaemon.exe[2420] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\cidaemon.exe[2420] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\cidaemon.exe[2420] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\WINDOWS\explorer.exe[2792] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\explorer.exe[2792] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\explorer.exe[2792] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!StrStrW + FFE2AEDD 7C9D42A8 4 Bytes [F0, 00, 20, 7D]
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!StrStrW + FFE2AEE9 7C9D42B4 4 Bytes [60, 01, 20, 7D]
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!StrStrW + FFE2C555 7C9D5920 4 Bytes [40, 09, 20, 7D]
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!StrStrW + FFE2C651 7C9D5A1C 4 Bytes [C0, 05, 35, 02]
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!StrStrW + FFE2C66D 7C9D5A38 4 Bytes [B0, 09, 20, 7D]
.text ...
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!ILFree + 24F 7C9F2B50 4 Bytes [20, 0A, F3, 00]
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!IsNetDrive + CDD 7C9FAD1C 4 Bytes [A0, 06, 20, 7D]
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!ILFindChild + 195 7C9FB96C 4 Bytes [90, 03, 35, 02]
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!ILFindChild + E7D 7C9FC654 4 Bytes [50, 05, F3, 00]
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!ILFindChild + E99 7C9FC670 4 Bytes [E0, 04, F3, 00]
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!ILFindChild + EE1 7C9FC6B8 4 Bytes [70, 04, F3, 00]
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!ILFindChild + 133D 7C9FCB14 4 Bytes [00, 0B, 35, 02]
.text ...
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!SHCreateShellFolderView + 460E 7CA04C7C 4 Bytes CALL 9CA59D11
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!SHCreateShellFolderView + 462E 7CA04C9C 4 Bytes [30, 06, 20, 7D]
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!SHCreateShellFolderView + 4666 7CA04CD4 4 Bytes [C0, 05, 20, 7D]
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!DllCanUnloadNow + 32F 7CA118E8 4 Bytes [80, 00, 35, 02]
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!SHTestTokenMembership + E3 7CA21C60 4 Bytes [00, 04, F3, 00]
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!SHPropStgReadMultiple + 472 7CA2A578 4 Bytes [F0, 0E, 20, 7D]
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!SHPropStgReadMultiple + 57E 7CA2A684 4 Bytes [10, 00, F3, 00]
? C:\WINDOWS\RTHDCPL.EXE[2868] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3068] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3068] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3068] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\WINDOWS\system32\wbem\wmiapsrv.exe[3196] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe[3220] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe[3220] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe[3220] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe[3348] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe[3348] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe[3348] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\WINDOWS\System32\alg.exe[3404] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[3864] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[3864] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[3864] USER32.dll!VRipOutput + FFFA5010 77D12A78 4 Bytes [70, 11, 3F, 00]
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[3864] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\WINDOWS\system32\ctfmon.exe[3924] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A904
C'est sympa de me répondre et je te remercie infiniment.
Oui j'ai tardé à répondre car le PC dont je parle est à la maison où je ne suis pas connecté. Alors tu vois un peu le travail, je lis et télécharge tout ce que tu me dis au bureau et l'applique at home.
voila je poste le texte dds et ensuite le rapport GMER (sacrement long mon vieux).
DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrateur at 23:55:01,92 on 08/06/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2039.1555 [GMT 1:00]
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\VIDAL\Communs\VIDAL.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinRoll\winroll.exe
C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Microsoft Etudes\Microsoft Encarta 2009 - Études DVD\EDICT.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrateur\Bureau\EDT TUTO\dds.scr
============== Pseudo HJT Report ===============
uWindow Title = Windows Internet Explorer
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: Share Accelerator MM Toolbar: {4596013b-6c31-408b-a266-deae5c086dc2} - c:\program files\share_accelerator_mm\tbShar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Share Accelerator MM Toolbar: {4596013b-6c31-408b-a266-deae5c086dc2} - c:\program files\share_accelerator_mm\tbShar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Systran40premi.IEPlugIn: {cfb25594-4d5f-11d6-ab7b-00b0d094b576} - c:\program files\systran\4_0\premium\IEPlugIn.dll
TB: Share Accelerator MM Toolbar: {4596013b-6c31-408b-a266-deae5c086dc2} - c:\program files\share_accelerator_mm\tbShar.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No File
EB: {9455301C-CF6B-11D3-A266-00C04F689C50} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\fichiers communs\ahead\lib\NMBgMonitor.exe"
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [WinRoll] c:\program files\winroll\winroll.exe
uRun: [SkinClock] c:\program files\clock tray skins\ClockTraySkins.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [L09FXLRD_10794625] "c:\program files\microsoft etudes\microsoft encarta 2009 - études dvd\EDICT.EXE" -m
uRun: [Spn2006] c:\spn\edt.exe stw
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [AutorunRemover.exe] c:\program files\autorunremover\AutorunRemover.exe -Hide
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 7.0\avp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\fichiers communs\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"
mRun: [EPSON Stylus C79 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibgp.exe /fu "c:\windows\temp\E_S8B.tmp" /EF "HKLM"
mRun: [EPSON Stylus C79 Series (Copie 1)] c:\windows\system32\spool\drivers\w32x86\3\e_fatibgp.exe /fu "c:\windows\temp\E_S122.tmp" /EF "HKLM"
mRun: [USB Antivirus] c:\program files\usb disk security\USBGuard.exe
mRun: [vdlDeamon] c:\program files\vidal\communs\VIDAL.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-explorer: HonorAutoRunSetting = 0 (0x0)
mPolicies-explorer: HonorAutoRunSetting = 0 (0x0)
IE: Ajouter à Kaspersky Anti-Bannière - c:\program files\kaspersky lab\kaspersky internet security 7.0\ie_banner_deny.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 7.0\SCIEPlgn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\fichiers communs\microsoft shared\encarta search bar\ENCSBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1.0\adialhk.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\fichiers communs\lightscribe\LSRunOnce.exe"
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\8955rzy4.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.GOOGLE.FR
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2007-4-28 110360]
R1 klif;Klif;c:\windows\system32\drivers\klif.sys [2007-5-18 185616]
R2 AVP;Kaspersky Internet Security 7.0;c:\program files\kaspersky lab\kaspersky internet security 7.0\avp.exe [2007-5-19 218640]
R2 LF30FS;LF30FS;c:\program files\everstrike software\lock folder xp 3.6\LF30XP.sys [2004-11-19 101488]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-4-4 24344]
S2 bzymaojjg;Security Installer;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 ushecizm;Update Center;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 jfdcd;jfdcd;\??\c:\docume~1\admini~1\locals~1\temp\jfdcd.sys --> c:\docume~1\admini~1\locals~1\temp\jfdcd.sys [?]
=============== Created Last 30 ================
2010-06-06 22:43:24 0 d-----w- c:\program files\Conjugaison
2010-06-03 22:56:06 3 ----a-w- c:\windows\cfsywin32.sys
2010-06-03 22:42:34 0 d-----w- C:\Spn
2010-06-01 21:18:05 0 d-----w- c:\program files\USB Disk Security
2010-06-01 20:17:38 116 ----a-w- c:\windows\Tiny_Run.ini
2010-05-31 21:43:32 380928 ----a-w- c:\windows\system32\AviSplitter.ax
2010-05-31 21:41:03 0 d-----w- c:\program files\MUSK Codec Pack v6
2010-05-30 22:45:35 0 d-----w- c:\program files\File Restore Professional
2010-05-30 22:39:43 167 ----a-w- c:\windows\ASYM.ini
2010-05-30 22:39:32 0 d-----w- c:\windows\Asym
2010-05-30 22:39:30 0 d-----w- c:\program files\fichiers communs\Borland Shared
2010-05-30 22:25:38 3932214 ----a-w- c:\windows\Administrateur.bmp
2010-05-30 21:49:08 0 d-----w- c:\program files\Total Video Converter
2010-05-28 22:28:00 0 d-----w- c:\program files\world atlas
2010-05-28 22:23:19 0 d-----w- c:\program files\DAEMON Tools Toolbar
2010-05-28 22:23:17 0 d-----w- c:\program files\DAEMON Tools Lite
2010-05-28 20:42:23 27958 ----a-w- c:\windows\system32\SpoonUninstall-dBpowerAMP Musepack Codec.bmp
2010-05-28 20:42:22 3451 ----a-w- c:\windows\system32\SpoonUninstall-dBpowerAMP Musepack Codec.dat
2010-05-27 20:29:15 0 d-----w- c:\docume~1\alluse~1\applic~1\Zbshareware Lab
2010-05-27 10:31:44 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-05-27 10:31:44 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-05-27 10:15:52 0 d-----w- c:\docume~1\alluse~1\applic~1\UDL
2010-05-27 10:13:10 25 ----a-w- c:\windows\CDE C79ERUK.ini
2010-05-27 09:44:27 0 d-----w- c:\program files\EPSON
2010-05-27 09:44:12 49152 ----a-w- c:\windows\system32\E_DCINST.DLL
2010-05-27 09:44:07 73216 ----a-w- c:\windows\system32\E_FLBBGP.DLL
2010-05-27 09:44:07 62976 ----a-w- c:\windows\system32\E_FD4BBGP.DLL
2010-05-26 21:35:46 0 d-----w- c:\program files\CCleaner
2010-05-18 20:22:10 0 d-----w- c:\program files\Microsoft Etudes
2010-05-18 20:21:26 0 d-----w- c:\program files\Learning Essentials
2010-05-12 19:18:44 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2010-05-12 19:18:44 32640 ----a-w- c:\windows\system32\drivers\symc8xx.sys
2010-05-12 09:12:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-05-12 09:12:47 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-11 13:12:48 0 d-sha-r- C:\autorun.inf
2010-05-11 09:46:13 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-05-11 09:46:13 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-05-11 09:45:36 0 d-----w- c:\program files\Kaspersky Lab
2010-05-11 09:45:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2010-05-11 09:45:34 59420 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-05-11 09:45:34 580896 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-05-11 09:45:34 150524 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-05-11 09:45:34 10588960 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-05-11 09:28:02 0 d-s---w- c:\documents and settings\administrateur\UserData
2010-05-11 09:13:57 0 d-----w- c:\windows\system32\wbem\Repository
2010-05-11 09:06:52 0 d-----w- c:\program files\AutorunRemover
2010-05-11 08:41:25 0 d-----w- C:\UsbFix
2010-05-11 07:26:16 0 d-----w- c:\program files\AutorunRemover(2)
2010-05-09 23:42:11 0 d-----w- c:\docume~1\alluse~1\applic~1\ACD Systems(2)
2010-05-09 23:42:06 0 d-----w- c:\program files\ACD Systems(2)
2010-05-09 23:31:48 0 d-----w- c:\program files\fichiers communs\ACD Systems
==================== Find3M ====================
2010-05-28 20:42:22 167936 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-04-29 21:14:07 4716 ----a-w- c:\windows\gdrv.sys
2010-03-25 12:40:28 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
============= FINISH: 23:55:18,17 ===============
Voila maintenant le rapport GMER.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-09 02:48:58
Windows 5.1.2600 Service Pack 2
Running: 5rxf7ql9.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdapog.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwClose [0xA985C810]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateKey [0xA984F3C0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcess [0xA985C520]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcessEx [0xA985C6A0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSection [0xA985D120]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xA985CD90]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateThread [0xA985DA80]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwDeleteKey [0xA984F4E0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwDeleteValueKey [0xA984F560]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwDuplicateObject [0xA985C960]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateKey [0xA984F5F0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateValueKey [0xA984F6A0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwFlushKey [0xA984F750]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwInitializeRegistry [0xA984F7D0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadDriver [0xA985AD70]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadKey [0xA9850200]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadKey2 [0xA984F7F0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwNotifyChangeKey [0xA984F8F0]
SSDT kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) ZwOpenFile [0xBA4BB000]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenKey [0xA984F9D0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenProcess [0xA985C310]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenSection [0xA985CF60]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryKey [0xA984FAD0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryMultipleValueKey [0xA984FB80]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQuerySystemInformation [0xA985D730]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryValueKey [0xA984FC30]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwReplaceKey [0xA984FCE0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwRestoreKey [0xA984FD70]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwResumeThread [0xA985DA30]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSaveKey [0xA984FF70]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetContextThread [0xA985DDA0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationFile [0xA985E370]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationKey [0xA9850000]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSecurityObject [0xA9859A30]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetValueKey [0xA98500A0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSuspendThread [0xA985D9E0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSystemDebugControl [0xA985B0E0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwTerminateProcess [0xA985D580]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwUnloadKey [0xA98501C0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwWriteVirtualMemory [0xA985C830]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[284] [0xA9858D80]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[285] [0xA9858D90]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[286] [0xA9858DA0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[287] [0xA9858DC0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[288] [0xA9858DE0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[289] [0xA9858E10]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[290] [0xA9858E20]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[291] [0xA9858E40]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[292] [0xA9858E50]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[293] [0xA9858F10]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[294] [0xA9858FE0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[295] [0xA9859020]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[296] [0xA9859060]
INT 0x62 ? 8AA97BF8
INT 0x63 ? 8A77AF00
INT 0x73 ? 8A77AF00
INT 0x82 ? 8AA97BF8
INT 0x83 ? 8A77AF00
INT 0xA4 ? 8A77AF00
INT 0xB4 ? 8A77AF00
Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) IoIsOperationSynchronous
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAE40 5 Bytes JMP A985E790 \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF634 5 Bytes JMP A985EC90 \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)
? sphg.sys Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload BA20662C 5 Bytes JMP 8A77A4E0
.text a5oemv6h.SYS BA132386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a5oemv6h.SYS BA1323AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a5oemv6h.SYS BA1323C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text a5oemv6h.SYS BA1323C9 1 Byte [2E]
.text a5oemv6h.SYS BA1323C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...
---- User code sections - GMER 1.0.15 ----
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[300] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[300] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[300] USER32.dll!VRipOutput + FFFA5010 77D12A78 4 Bytes [70, 11, 88, 00] {JO 0x13; MOV [EAX], AL}
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[300] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\WINDOWS\system32\cisvc.exe[360] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\cisvc.exe[360] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\cisvc.exe[360] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[404] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[404] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[404] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\Program Files\Java\jre6\bin\jqs.exe[564] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Java\jre6\bin\jqs.exe[564] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe[692] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[724] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[724] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[724] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\WINDOWS\system32\wdfmgr.exe[792] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\PROGRA~1\Systran\4_0\Premium\SYSTRA~1.EXE[1108] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\PROGRA~1\Systran\4_0\Premium\SYSTRA~1.EXE[1108] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\PROGRA~1\Systran\4_0\Premium\SYSTRA~1.EXE[1108] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1168] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1168] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1168] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1168] SHELL32.dll!StrStrW + FFE2AEDD 7C9D42A8 4 Bytes [F0, 00, 20, 7D]
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1168] SHELL32.dll!StrStrW + FFE2AEE9 7C9D42B4 4 Bytes [60, 01, 20, 7D]
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1168] SHELL32.dll!StrStrW + FFE2D515 7C9D68E0 4 Bytes [00, 04, 20, 7D]
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1168] SHELL32.dll!StrStrW + FFE2D55D 7C9D6928 4 Bytes [90, 03, 20, 7D]
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1168] SHELL32.dll!StrStrW + FFE2DD5D 7C9D7128 4 Bytes [50, 05, 20, 7D]
.text ...
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1168] SHELL32.dll!SHCreateShellFolderView + 462E 7CA04C9C 4 Bytes [20, 03, 20, 7D]
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1168] SHELL32.dll!SHCreateShellFolderView + 4666 7CA04CD4 4 Bytes [B0, 02, 20, 7D]
? C:\WINDOWS\system32\csrss.exe[1180] C:\WINDOWS\system32\KERNEL32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\winlogon.exe[1204] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\winlogon.exe[1204] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\winlogon.exe[1204] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\WINDOWS\system32\services.exe[1272] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\lsass.exe[1284] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\lsass.exe[1284] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\lsass.exe[1284] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\WINDOWS\system32\svchost.exe[1476] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[1596] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[1596] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\svchost.exe[1596] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\WINDOWS\System32\svchost.exe[1640] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\System32\svchost.exe[1640] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\System32\svchost.exe[1640] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe[1948] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\spoolsv.exe[2028] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Documents and Settings\Administrateur\Bureau\5rxf7ql9.exe[2076] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Documents and Settings\Administrateur\Bureau\5rxf7ql9.exe[2076] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\NOTEPAD.EXE[2156] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\NOTEPAD.EXE[2156] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\NOTEPAD.EXE[2156] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\WINDOWS\system32\cidaemon.exe[2420] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\cidaemon.exe[2420] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\cidaemon.exe[2420] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\WINDOWS\explorer.exe[2792] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\explorer.exe[2792] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\explorer.exe[2792] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!StrStrW + FFE2AEDD 7C9D42A8 4 Bytes [F0, 00, 20, 7D]
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!StrStrW + FFE2AEE9 7C9D42B4 4 Bytes [60, 01, 20, 7D]
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!StrStrW + FFE2C555 7C9D5920 4 Bytes [40, 09, 20, 7D]
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!StrStrW + FFE2C651 7C9D5A1C 4 Bytes [C0, 05, 35, 02]
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!StrStrW + FFE2C66D 7C9D5A38 4 Bytes [B0, 09, 20, 7D]
.text ...
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!ILFree + 24F 7C9F2B50 4 Bytes [20, 0A, F3, 00]
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!IsNetDrive + CDD 7C9FAD1C 4 Bytes [A0, 06, 20, 7D]
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!ILFindChild + 195 7C9FB96C 4 Bytes [90, 03, 35, 02]
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!ILFindChild + E7D 7C9FC654 4 Bytes [50, 05, F3, 00]
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!ILFindChild + E99 7C9FC670 4 Bytes [E0, 04, F3, 00]
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!ILFindChild + EE1 7C9FC6B8 4 Bytes [70, 04, F3, 00]
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!ILFindChild + 133D 7C9FCB14 4 Bytes [00, 0B, 35, 02]
.text ...
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!SHCreateShellFolderView + 460E 7CA04C7C 4 Bytes CALL 9CA59D11
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!SHCreateShellFolderView + 462E 7CA04C9C 4 Bytes [30, 06, 20, 7D]
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!SHCreateShellFolderView + 4666 7CA04CD4 4 Bytes [C0, 05, 20, 7D]
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!DllCanUnloadNow + 32F 7CA118E8 4 Bytes [80, 00, 35, 02]
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!SHTestTokenMembership + E3 7CA21C60 4 Bytes [00, 04, F3, 00]
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!SHPropStgReadMultiple + 472 7CA2A578 4 Bytes [F0, 0E, 20, 7D]
.text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!SHPropStgReadMultiple + 57E 7CA2A684 4 Bytes [10, 00, F3, 00]
? C:\WINDOWS\RTHDCPL.EXE[2868] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3068] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3068] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3068] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\WINDOWS\system32\wbem\wmiapsrv.exe[3196] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe[3220] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe[3220] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe[3220] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe[3348] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe[3348] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe[3348] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\WINDOWS\System32\alg.exe[3404] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[3864] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[3864] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[3864] USER32.dll!VRipOutput + FFFA5010 77D12A78 4 Bytes [70, 11, 3F, 00]
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[3864] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
? C:\WINDOWS\system32\ctfmon.exe[3924] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A904
- | Alerter
re
le rapport GMER, n'était pas complet... fais attention dans les prochain rapports que je te demanderais.![;)]( ";)")
utilise ceci si besoin: http://www.sendspace.com/
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"
viens sur le forum et édition "coller"
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
le rapport GMER, n'était pas complet... fais attention dans les prochain rapports que je te demanderais.
utilise ceci si besoin: http://www.sendspace.com/
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"
viens sur le forum et édition "coller"
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
- | Alerter
Contenus similaires
- Hotmail faille de sécurité - Forum
- Connexion internet tres lente - Forum
- Virus alerte sécurité windows - Forum
- Virus rootkit hidden file - Forum
bonjour,
il semblerait que quelqu'un t'espionne, edt.exe est lancé par le logiciel
"espion pro à distance" va voir ici http://www.marseillesoft.com/
il semblerait que quelqu'un t'espionne, edt.exe est lancé par le logiciel
"espion pro à distance" va voir ici http://www.marseillesoft.com/
- | Alerter
- | Alerter
- | Alerter
- | Alerter
Lassé par la pub ? Créez un compte
