Aller au contenu

Vincent François

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    6

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Vincent François

  1. Vincent François
    Bonjour Angélique, Bon, c'est à la fois rassurant et embêtant, car ce problème de pics répétés est récent et alourdit toutes les opération de ma machine. Je me rends compte que même mon Pentium III de 1999 avec Windows 2000 Server dessus est plus rapide que ce Dell Latitude X1 bien plus récent... Dans tous les cas, merci beaucoup de ton aide précise et efficace. je ne suis pas beaucoup plus avancé, mais j'en sais beaucoup plus sur tout un tas de questions liés à la sécurité. Si tu as des pistes concernant des connaissances sur les questions liées au noyau, en plus du lien sur SpeedWeb, je reste preneur. Merci encore. -- Vincent
  2. Vincent François
    Bonjour, Voici le résultat : Nom de l'image PIDÿ Services ========================= ====== ============================================= System Idle Process 0 N/D System 4 N/D smss.exe 580 N/D csrss.exe 656 N/D winlogon.exe 680 N/D services.exe 724 Eventlog, PlugPlay lsass.exe 744 PolicyAgent, ProtectedStorage, SamSs svchost.exe 924 DcomLaunch, TermService svchost.exe 1016 RpcSs MsMpEng.exe 1056 WinDefend svchost.exe 1096 AudioSrv, BITS, Browser, CryptSvc, Dhcp, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, HidServ, lanmanserver, lanmanworkstation, Netman, Nla, RasMan, Schedule, seclogon, SENS, SharedAccess, ShellHWDetection, srservice, TapiSrv, Themes, TrkWks, w32time, winmgmt, wscsvc, wuauserv EvtEng.exe 1164 EvtEng S24EvMon.exe 1224 S24EventMonitor svchost.exe 1452 Dnscache svchost.exe 1488 Alerter, LmHosts, SSDPSRV, upnphost, WebClient ZCfgSvc.exe 1652 N/D explorer.exe 1760 N/D spoolsv.exe 1864 Spooler avguard.exe 116 AntiVirService TSVNCache.exe 384 N/D sched.exe 1352 AntiVirScheduler Crypserv.exe 1212 Crypkey License igfxtray.exe 1412 N/D DTSRVC.exe 1432 DTSRVC 1XConfig.exe 1564 N/D MDM.EXE 1748 MDM NicConfigSvc.exe 1616 NICCONFIGSVC RegSrvc.exe 2052 RegSrvc hkcmd.exe 2104 N/D SynTPLpr.exe 2216 N/D SynTPEnh.exe 2260 N/D iFrmewrk.exe 2280 N/D tfswctrl.exe 2332 N/D dthtml.exe 2368 N/D iTunesHelper.exe 2376 N/D MSASCui.exe 2396 N/D avgnt.exe 2404 N/D ctfmon.exe 2412 N/D Tablet.exe 2456 TabletService TabUserW.exe 2672 N/D HookManager.exe 2708 N/D soffice.exe 2884 N/D wampmanager.exe 3032 N/D soffice.bin 3472 N/D iPodService.exe 2844 iPod Service httpd.exe 3616 wampapache wmiprvse.exe 3796 N/D mysqld-nt.exe 1936 wampmysqld alg.exe 3128 ALG httpd.exe 1560 N/D svchost.exe 4460 stisvc cmd.exe 5736 N/D wmiprvse.exe 4144 N/D tasklist.exe 3304 N/D -- Vincent
  3. Vincent François
    Bonjour angelique, Je ne sais pas en détail à quoi servent ces deux process. Ils sont installés avec mon l'environnement de travail de Delphi et sont liés à la base de données Interbase qui vient avec. Je les ai arrêté et mis en démarrage manuel, car je n'utilise pas Interbase, mais ça ne change rien aux pics. Ce sont d'ailleurs des pics rouges, donc issus du noyau, donc, je ne vois pas le process concernée, en tout cas, avec le gestionnaire de tâches de Windows. Je poste une image qui vaut mille mot : (http://consultation-boreale.com/visiteurs/...312-Pics_UC.jpg) -- Vincent
  4. Vincent François
    Bonjour angelique, Voilà le résultat des actions proposées : - Virsucan - ewido - antivir Le sysmptôme des pics d'UC-noyau est toujours là. À un moment donné, en lciquand sur l'icône de haut-parleur sur la bande du bas de Windows, j'ai une message d'Antivir, deux fois de suite, évoquant C:\System Volume Information\_restore{..., ce qu'on retrouve dans le rapport d'ewido. Je dois ajouter aussi que l'utilisateur "Jean-Marie d'Amour" qui apparaît dans les cookies repérés par Ewido a été détruit depuis et qu'il est ausis l'utilisateur - administrateur à l'époque - qui a probablement reçu l'infection, si c'en est une. Merci. -- Vincent Viruscan de notepad2.exe Ça a l'air propre. Service Service load: 0% 100% File: Notepad2.exe Status: OK MD5: 16080bb7945b35e3a898c753812819ac Packers detected: - Bit9 reports: No threat detected (more info) Scanner results Scan taken on 11 Feb 2008 16:21:28 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing ewido __________________________________________________ ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: TrackingCookie.Atdmt Path: :mozilla.6:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ha8ufmag.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.8:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ha8ufmag.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.18:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ha8ufmag.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.19:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ha8ufmag.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.20:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ha8ufmag.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.21:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ha8ufmag.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.22:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ha8ufmag.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.23:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ha8ufmag.default\cookies.txt Risk: Medium Name: TrackingCookie.Safer-networking Path: :mozilla.28:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ha8ufmag.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.17:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.18:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.247realmedia Path: :mozilla.36:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.247realmedia Path: :mozilla.37:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.38:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.39:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.40:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.41:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.42:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.43:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.44:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Euroclick Path: :mozilla.54:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Euroclick Path: :mozilla.55:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Euroclick Path: :mozilla.56:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Euroclick Path: :mozilla.57:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Adtech Path: :mozilla.58:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.59:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.60:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.61:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.62:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Atdmt Path: :mozilla.78:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.96:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Gemius Path: :mozilla.186:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Gemius Path: :mozilla.187:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Imrworldwide Path: :mozilla.200:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Imrworldwide Path: :mozilla.201:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.202:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.242:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Overture Path: :mozilla.288:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Realmedia Path: :mozilla.317:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Revsci Path: :mozilla.318:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Revsci Path: :mozilla.319:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Revsci Path: :mozilla.320:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Revsci Path: :mozilla.321:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Revsci Path: :mozilla.322:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Revsci Path: :mozilla.323:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.336:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.337:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.338:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.339:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.340:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.341:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.343:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.344:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.345:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.346:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Tribalfusion Path: :mozilla.370:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.410:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.411:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.412:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.413:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Revsci Path: :mozilla.417:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Comclick Path: :mozilla.423:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Comclick Path: :mozilla.424:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Comclick Path: :mozilla.425:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: TrackingCookie.Webtrends Path: :mozilla.441:C:\Documents and Settings\Jean-Marie D'Amour\Application Data\Mozilla\Firefox\Profiles\fsokcg4k.default\cookies.txt Risk: Medium Name: Adware.Accessibility Path: C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP722\A0199297.dll Risk: Medium Antivir AntiVir PersonalEdition Classic Report file date: 11 février 2008 21:15 Scanning for 1099264 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Vincent Computer name: TOUAREG Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 19:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 18:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 21:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 18:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 06:06:46 ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 06:06:50 ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 07:45:19 ANTIVIR3.VDF : 7.0.2.120 38912 Bytes 11/02/2008 02:13:15 AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 05/02/2008 06:07:09 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 16:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 13:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 19:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 05/02/2008 06:07:10 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 13:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 18:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 13:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 17:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 18:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 18:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 15:37:21 Configuration settings for the scan: Jobname..........................: Local Hard Disks Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: 11 février 2008 21:15 Starting search for hidden objects. '60129' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'ewido_micro.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'httpd.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'mysqld-nt.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'httpd.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'ibserver.exe' - '1' Module(s) have been scanned Scan process 'soffice.bin' - '1' Module(s) have been scanned Scan process 'wampmanager.exe' - '1' Module(s) have been scanned Scan process 'soffice.exe' - '1' Module(s) have been scanned Scan process 'HookManager.exe' - '1' Module(s) have been scanned Scan process 'TabUserW.exe' - '1' Module(s) have been scanned Scan process 'Tablet.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'MSASCui.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'dthtml.exe' - '1' Module(s) have been scanned Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned Scan process 'hkcmd.exe' - '1' Module(s) have been scanned Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned Scan process 'NicConfigSvc.exe' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process '1XConfig.exe' - '1' Module(s) have been scanned Scan process 'ibguard.exe' - '1' Module(s) have been scanned Scan process 'DTSRVC.exe' - '1' Module(s) have been scanned Scan process 'igfxtray.exe' - '1' Module(s) have been scanned Scan process 'Crypserv.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'TSVNCache.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned Scan process 'EvtEng.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 53 processes with 53 modules were scanned Starting master boot sector scan: Master boot sector HD0 [NOTE] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '39' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! End of the scan: 12 février 2008 06:49 Used time: 9:33:35 min The scan has been done completely. 29142 Scanning directories 570512 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 570512 Files not concerned 5177 Archives were scanned 2 Warnings 0 Notes 60129 Objects were scanned with rootkit scan 0 Hidden objects were found
  5. Vincent François
    Bonjour angelique, Je viens de suivre les instructions et voi mon rapport HJT final, Je dois ajouter au préalable que 1. lors du lancement de gmer, en manuel, j'ai eu un message d'alerte et j'ai donc conservé le log que voici : 2. après ces manipulations, les pics de lu noyau restent les mêmes Merci en tout cas de votre aide. GMER 1.0.14.14116 - http://www.gmer.net Rootkit scan 2008-02-10 23:49:00 Windows 5.1.2600 Service Pack 2 ---- Devices - GMER 1.0.14 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) ---- Processes - GMER 1.0.14 ---- Process C:\Program Files\notepad2_fr\Notepad2.exe (*** hidden *** ) 4344 ---- EOF - GMER 1.0.14 ---- Puis le HJT : -------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:50:57, on 2008-02-10 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\crypserv.exe C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe C:\Program Files\Borland\InterBase\bin\ibguard.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\Tablet.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Program Files\Borland\InterBase\bin\ibserver.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SEBasic\Monitor.exe C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\PortraitDisplays\Shared\HookManager.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\Program Files\wamp\wampmanager.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\wamp\mysql\bin\mysqld-nt.exe C:\Program Files\wamp\Apache2\bin\httpd.exe C:\Program Files\wamp\Apache2\bin\httpd.exe C:\program files\microsoft office\OFFICE11\1036\msohelp.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://www.dell.ca R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName= Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: &Accessibility Toolbar - {11352A67-0178-46B1-8855-D50B2F81C054} - C:\PROGRA~1\WAT_FR\ACCESS~1.DLL O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [synTPLpr] "C:\ProgramFiles\Synaptics\SynTP\SynTPLpr.exe" O4 - HKLM\..\Run: [synTPEnh] "C:\ProgramFiles\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [intelWireless] "C:\ProgramFiles\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichierscommuns\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ulead AutoDetector] "C:\Program Files\UleadSystems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" O4 - HKLM\..\Run: [DT HPW] "C:\Program Files\Portrait Displays\HP MyDisplay\DTHtml.exe" -startup_folder O4 - HKLM\..\Run: [iTunesHelper] "C:\ProgramFiles\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\WindowsDefender\MSASCui.exe" -hide O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEditionClassic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\ProgramFiles\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org2.3\program\quickstart.exe O4 - Startup: WampServer.lnk = C:\ProgramFiles\wamp\wampmanager.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\ProgramFiles\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\ProgramFiles\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe O8 - Extra context menu item: Convertir les liens sélectionnés en fichierAdobe PDF - res://C:\Program Files\Adobe\Acrobat7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel -res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\NetworkDiagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Antidote\InternetExplorer\6\Antidote K - IE 6.htm (HKCU) O9 - Extra button: Dictionnaire - {FB4AE6A3-EE20-442c-9189-251885352358} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU) O9 - Extra button: Synonymes - {FDD637F8-2693-49ce-817E-1AD59574900C} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote S - IE 6.htm (HKCU) O9 - Extra button: Conjugueur - {FF229BEC-9E1F-48c1-99A6-AF34ABEFAB0A} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote C - IE 6.htm (HKCU) O9 - Extra button: Grammaire - {FFB5EE7F-726F-423e-83C2-572FE7CEB3F0} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU) O15 - Trusted Zone: http://*.secuser.com O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F}(InstallerBehaviorFactory Class) -https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (ShockwaveFlash Object) -http://fpdownload2.macromedia.com/get/shoc...flash/swflash.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB -C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler)- Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) -Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Crypkey License - CrypKey (Canada) Ltd. -C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknownowner - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe O23 - Service: EvtEng - Intel Corporation - C:\ProgramFiles\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - MacrovisionCorporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11 \Intel 32\IDriverT.exe O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland SoftwareCorporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe O23 - Service: InterBase Server (InterBaseServer) - Borland SoftwareCorporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe O23 - Service: iPod Service - Apple Inc. - C:\ProgramFiles\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner -C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\ProgramFiles\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: RegSrvc - Intel Corporation - C:\ProgramFiles\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - IntelCorporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) -SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) -SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe O23 - Service: TabletService - Wacom Technology, Corp. -C:\WINDOWS\system32\Tablet.exe O23 - Service: wampapache - Apache Software Foundation - C:\ProgramFiles\wamp\Apache2\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - C:\ProgramFiles\wamp\mysql\bin\mysqld-nt.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\ProgramFiles\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 10360 bytes
  6. Vincent François
    Bonjour, Après de nombreuses recherches personnelles, mise à jour et autres essais, je viens vous vonsulter sur les symptômes suivants : - gros ralentissement, avec des démarrages d'application de l'ordre de la minute - cycle de reboot de 20 à 30 mn - pics réguliers du noyau, à intervalle de 2-3 sec, continus... J'ai mis à jour tout ce que je pensais pouvoir faire : - remplacement d'Avast par Antivir, - rempalcement d'Adaware par Spybot, - passage de HiJack et débuts d'analyse personnelle des logs, - passage de Gmer, - nettoyages divers de cookies, fichiers temporaires, - création d'un nouvel utilisateur, autre qu'administrateur, - ... J'ai bien trouvé quelques trucs bénins, mais il me smeble que ça ressemble à un rootkit, je n'en sais pas plus, si ce n'est la théorie. Je profite de ce genre de problème pour en apprendre pus sur la sécurité et l'informatique en général, vu que mon métier consiste à développer des applications Web, mais je sèche un peu... Alors, je me permets de vous soumettre les rapports de HiJackTHis et GMer en espérant que vous puissiez m'indiquer une piste à suivre pour comprendre mon problème et me permettre de réparer. Merci d'avance Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:35:55, on 2008-02-10 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\crypserv.exe C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe C:\Program Files\Borland\InterBase\bin\ibguard.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\Tablet.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Program Files\Borland\InterBase\bin\ibserver.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Portrait Displays\Shared\HookManager.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\Program Files\wamp\wampmanager.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\wamp\mysql\bin\mysqld-nt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: &Accessibility Toolbar - {11352A67-0178-46B1-8855-D50B2F81C054} - C:\PROGRA~1\WAT_FR\ACCESS~1.DLL O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [synTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" O4 - HKLM\..\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ulead AutoDetector] "C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" O4 - HKLM\..\Run: [DT HPW] "C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe" -startup_folder O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Startup: WampServer.lnk = C:\Program Files\wamp\wampmanager.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU) O9 - Extra button: Dictionnaire - {FB4AE6A3-EE20-442c-9189-251885352358} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU) O9 - Extra button: Synonymes - {FDD637F8-2693-49ce-817E-1AD59574900C} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote S - IE 6.htm (HKCU) O9 - Extra button: Conjugueur - {FF229BEC-9E1F-48c1-99A6-AF34ABEFAB0A} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote C - IE 6.htm (HKCU) O9 - Extra button: Grammaire - {FFB5EE7F-726F-423e-83C2-572FE7CEB3F0} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU) O15 - Trusted Zone: http://*.secuser.com O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - AppInit_DLLs: GWMHOOK.DLL O20 - Winlogon Notify: wineyes - C:\WINDOWS\SYSTEM32\welogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\Apache2\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\mysql\bin\mysqld-nt.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 10670 bytes GMER 1.0.14.14116 - http://www.gmer.net Rootkit scan 2008-02-10 03:02:04 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT A16A911C ZwCreateThread SSDT A16A9108 ZwOpenProcess SSDT A16A910D ZwOpenThread SSDT A16A9117 ZwTerminateProcess SSDT A16A9112 ZwWriteVirtualMemory ---- User IAT/EAT - GMER 1.0.14 ---- IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011073CC] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [01107376] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [01107376] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011073CC] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [01107376] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011073CC] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011073CC] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [01107376] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [01107376] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011073CC] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011073CC] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [01107376] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011073CC] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [01107376] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011073CC] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [01107376] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [01107376] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011073CC] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011073CC] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [01107376] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [01107376] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011073CC] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011073CC] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [01107376] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011073CC] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [01107376] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [01107376] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[2096] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011073CC] C:\PROGRA~1\MOZILL~2\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011C73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [011C7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [011C7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011C73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [011C7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011C73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011C73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [011C7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [011C7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011C73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011C73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [011C7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011C73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [011C7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011C73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [011C7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [011C7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011C73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011C73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [011C7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [011C7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3536] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [011C73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) ---- Devices - GMER 1.0.14 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
×
×
  • Créer...