 
         
					
                
                
            catch1
Membres- 
                Compteur de contenus106
- 
                Inscription
- 
                Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par catch1
- 
	  SOS Infection (Résolu)catch1 a répondu à un(e) sujet de catch1 dans Analyses et éradication malwares Bonjour, Si échec aujourd'hui, formatage complet. Le week-end sera plus tranquille. Je sais combien les petits enfants sont accapareurs de temps, mais ils sont toujours bien mignons. Ai rechargé DrWeb, Combofix, Win replace et Gmer, après les avoir désinstallés. Apparemment la console fonctionne. Pas de rapport DrWeb, il n'a rien trouvé! Voici le rapport tools : [ Rapport ToolsCleaner version 2.3.4 (par A.Rothstein & dj QUIOU) ] --> Recherche: C:\Gmer.zip: trouvé ! C:\Combofix.txt: trouvé ! C:\fixnavi.txt: trouvé ! C:\cleannavi.txt: trouvé ! C:\Qoobox: trouvé ! C:\Copie mes documents\cleannavi.txt: trouvé ! C:\Documents and Settings\HP_Propriétaire\Bureau\Rapports\Gmer.txt: trouvé ! C:\Infection\ComboFix.exe: trouvé ! C:\Infection\Rapports\Gmer.txt: trouvé ! C:\Program Files\HijackThis: trouvé ! C:\Program Files\HiJackThis\HijackThis.exe: trouvé ! C:\Utilitaires\SdFix.exe: trouvé ! C:\Utilitaires\Navilog1.exe: trouvé ! C:\Utilitaires\vundoFix.exe: trouvé ! C:\Utilitaires\HijackThis.exe: trouvé ! C:\Utilitaires\hijackthis.log: trouvé ! --------------------------------- --> Suppression: C:\Gmer.zip: supprimé ! C:\Infection\ComboFix.exe: ERREUR DE SUPPRESSION !! C:\Program Files\HiJackThis\HijackThis.exe: supprimé ! C:\Utilitaires\SdFix.exe: supprimé ! C:\Utilitaires\Navilog1.exe: supprimé ! C:\Utilitaires\vundoFix.exe: supprimé ! C:\Utilitaires\HijackThis.exe: supprimé ! C:\Combofix.txt: supprimé ! C:\fixnavi.txt: supprimé ! C:\cleannavi.txt: supprimé ! C:\Copie mes documents\cleannavi.txt: supprimé ! C:\Documents and Settings\HP_Propriétaire\Bureau\Rapports\Gmer.txt: supprimé ! C:\Infection\Rapports\Gmer.txt: supprimé ! C:\Utilitaires\hijackthis.log: supprimé ! C:\Qoobox: supprimé ! C:\Program Files\HijackThis: supprimé ! Corbeille vidée! Fichiers temporaires nettoyés ! Sauvegarde du registre crée ! Point de restauration crée ! Voici Combofix : ComboFix 09-04-04.01 - HP_Propriétaire 2009-04-08 21:20:52.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.382.202 [GMT 2:00] Lancé depuis: c:\documents and settings\HP_Propriétaire\Bureau\Combix.exe * Un nouveau point de restauration a été créé . ((((((((((((((((((((((((((((( Fichiers créés du 2009-03-08 au 2009-04-08 )))))))))))))))))))))))))))))))))))) . 2009-04-08 20:18 . 2009-04-08 20:18 45,110,670 --a------ C:\Sauv.reg 2009-04-08 18:43 . 2004-08-05 20:00 221,184 --a------ c:\windows\system32\wmpns.dll 2009-04-08 18:43 . 2009-04-08 18:43 1,932 -rahs---- c:\windows\system32\drivers\103C_HP_CPC_EC616AA-ABF t3128.fr_YC_0Pavi_QCZC531_E53FRheBLU4_47_IAMETHYST-M_SMSI_V1.0_B3.20_T050708_WXH2_L40C_M383_J160_7AMD_8Sempron_91.79_#060127_N10EC8 139_Z11C1048C_G10025954_OLITE-ON DVDRW SOHW-1633S_DPTS0307.MRK 2009-04-08 18:42 . 2005-01-02 03:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\WINDOWS 2009-04-08 18:42 . 2005-01-02 03:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\WINDOWS 2009-04-08 18:42 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage réseau 2009-04-08 18:42 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage réseau 2009-04-08 18:42 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage d'impression 2009-04-08 18:42 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage d'impression 2009-04-08 18:42 . 2009-04-08 18:46 <REP> d-------- c:\documents and settings\HP_Propriétaire\Modèles 2009-04-08 18:42 . 2009-04-08 18:46 <REP> d-------- c:\documents and settings\HP_Propriétaire\Modèles 2009-04-08 18:42 . 2009-04-08 18:56 <REP> dr------- c:\documents and settings\HP_Propriétaire\Mes documents 2009-04-08 18:42 . 2009-04-08 18:56 <REP> dr------- c:\documents and settings\HP_Propriétaire\Mes documents 2009-04-08 18:42 . 2009-04-08 18:45 <REP> d-------- c:\documents and settings\HP_Propriétaire\Menu Démarrer 2009-04-08 18:42 . 2009-04-08 18:45 <REP> d-------- c:\documents and settings\HP_Propriétaire\Menu Démarrer 2009-04-08 18:42 . 2009-04-08 18:36 <REP> dr------- c:\documents and settings\HP_Propriétaire\Favoris 2009-04-08 18:42 . 2009-04-08 18:36 <REP> dr------- c:\documents and settings\HP_Propriétaire\Favoris 2009-04-08 18:42 . 2009-04-08 20:30 <REP> d-------- c:\documents and settings\HP_Propriétaire\Bureau 2009-04-08 18:42 . 2009-04-08 20:30 <REP> d-------- c:\documents and settings\HP_Propriétaire\Bureau 2009-04-08 18:42 . 2009-04-08 18:45 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Symantec 2009-04-08 18:42 . 2005-01-02 03:58 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\SampleView 2009-04-08 18:42 . 2005-01-02 03:47 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Apple Computer 2009-04-08 18:42 . 2009-04-08 20:18 <REP> d-------- c:\documents and settings\HP_Propriétaire 2009-04-08 18:40 . 2005-01-02 03:48 <REP> d-------- c:\windows\system32\config\systemprofile\WINDOWS 2009-04-08 16:56 . 2009-04-08 16:56 <REP> d---s---- c:\documents and settings\HP_Propriétaire\UserData 2009-04-08 16:56 . 2009-04-08 16:56 <REP> d---s---- c:\documents and settings\HP_Propriétaire\UserData 2009-04-08 08:49 . 2009-04-08 08:49 <REP> d-------- c:\windows\AU_Temp 2009-04-08 08:49 . 2009-04-08 08:49 22,859,401 --a------ c:\windows\VPTNFILE.951 2009-04-08 08:49 . 2009-04-08 08:49 22,859,401 --a------ c:\windows\LPT$VPN.951 2009-04-08 07:27 . 2009-04-08 07:27 <REP> d-------- c:\program files\SymNetDrv 2009-04-08 03:49 . 2009-04-08 04:04 <REP> d-------- C:\Infection 2009-04-07 20:09 . 2009-04-07 20:09 <REP> d-------- c:\program files\Jcore 2009-04-07 20:09 . 2009-04-07 23:36 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\nidle 2009-04-07 11:18 . 2009-04-08 14:41 <REP> d-------- C:\gamer 2009-04-07 11:16 . 2009-04-07 11:16 278,161 --a------ C:\gamer.zip 2009-04-06 18:44 . 2009-04-08 14:41 <REP> d-------- C:\gmer 2009-04-06 12:28 . 2009-04-07 16:15 <REP> d-------- c:\windows\dhcp 2009-04-06 12:28 . 2009-04-08 14:45 <REP> dr-hs---- c:\program files\ThunMail 2009-04-06 10:47 . 2009-04-07 21:13 679 --a------ C:\Fich2.bat 2009-04-06 10:46 . 2009-04-07 21:11 133 --a------ C:\Fich1.bat 2009-04-04 21:54 . 2009-04-08 14:41 <REP> d-------- C:\FR-files 2009-04-04 21:46 . 2009-04-07 19:28 <REP> d-------- C:\WinFileReplace 2009-04-04 08:25 . 2009-04-04 08:25 <REP> d-------- c:\program files\Avira 2009-04-04 08:25 . 2009-04-04 08:25 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-04-03 21:55 . 2009-04-04 05:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\DoctorWeb 2009-04-03 21:55 . 2009-04-04 05:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\DoctorWeb 2009-04-03 08:35 . 2009-04-03 14:08 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\.ABC 2009-04-02 17:20 . 2009-04-08 14:45 <REP> d-------- c:\program files\Sudoku 2009-04-02 16:51 . 2009-04-02 16:51 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Goto.Games 2009-04-02 16:46 . 2009-04-08 14:45 <REP> d-------- c:\program files\Objectif Tarot 2009-04-02 16:34 . 2009-04-02 16:34 <REP> d-------- c:\documents and settings\HP_Propriétaire\.bztarot 2009-04-02 16:34 . 2009-04-02 16:34 <REP> d-------- c:\documents and settings\HP_Propriétaire\.bztarot 2009-04-02 16:34 . 2009-04-02 16:34 8 --a------ c:\documents and settings\HP_Propriétaire\.bztarotcumul.dat 2009-04-02 16:34 . 2009-04-02 16:34 8 --a------ c:\documents and settings\HP_Propriétaire\.bztarotcumul.dat 2009-04-02 16:10 . 2009-04-02 16:10 242,176 --a------ c:\windows\~INSX362.EX_ 2009-04-02 15:52 . 2009-04-02 15:52 <REP> d-------- C:\bases 2009-04-02 15:08 . 2009-04-02 15:08 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\vlc 2009-04-02 14:53 . 2009-04-03 20:54 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Ahead 2009-04-02 11:58 . 2009-04-02 11:58 <REP> d-------- C:\6761876ae56e766ef0e09bcba4e9d4b7 2009-04-02 11:39 . 2009-04-08 14:45 <REP> d-------- c:\program files\Spamihilator 2009-04-02 11:01 . 2009-04-04 18:43 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Spamihilator 2009-04-02 10:57 . 2009-04-02 10:57 130,813 --a------ C:\F3.tmp 2009-04-02 10:39 . 2009-04-02 10:39 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Microsoft Web Folders 2009-04-02 09:56 . 2009-04-02 09:56 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\ABBYY 2009-04-02 06:54 . 2009-04-05 21:09 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Orbit 2009-04-02 00:50 . 2009-04-03 12:13 94,208 --a------ c:\windows\DUMP98e4.tmp 2009-04-02 00:50 . 2009-04-02 20:32 94,208 --a------ c:\windows\DUMP832a.tmp 2009-04-01 22:06 . 2009-04-08 20:16 <REP> d-------- C:\Copie mes documents 2009-04-01 18:10 . 2009-04-08 20:16 <REP> d-------- c:\windows\ERUNT 2009-04-01 18:09 . 2009-04-04 22:24 130 --a------ c:\windows\adobe.bat 2009-04-01 18:09 . 2009-04-04 19:53 7 --a------ c:\windows\_id.dat 2009-04-01 18:08 . 2005-01-02 03:48 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\WINDOWS 2009-04-01 18:08 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Voisinage réseau 2009-04-01 18:08 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Voisinage d'impression 2009-04-01 18:08 . 2008-10-11 03:30 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Modèles 2009-04-01 18:08 . 2005-01-02 04:16 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Mes documents 2009-04-01 18:08 . 2004-11-25 05:26 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Menu Démarrer 2009-04-01 18:08 . 2008-10-10 19:05 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Favoris 2009-04-01 18:08 . 2005-01-02 03:51 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Bureau 2009-04-01 18:08 . 2005-01-02 04:07 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Application Data\Symantec 2009-04-01 18:08 . 2005-01-02 03:58 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Application Data\SampleView 2009-04-01 18:08 . 2005-01-02 03:47 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Application Data\Apple Computer 2009-04-01 18:08 . 2009-04-01 21:35 <REP> d-------- c:\documents and settings\Administrateur.CHRIS 2009-04-01 10:06 . 2009-04-01 10:06 0 --a------ C:\F.tmp 2009-04-01 09:52 . 2009-04-08 14:42 <REP> d-------- c:\program files\CleanUp! 2009-04-01 08:13 . 2009-04-01 08:13 0 --a------ C:\C.tmp 2009-04-01 08:10 . 2009-04-01 08:10 0 --a------ C:\B.tmp 2009-03-31 06:03 . 2009-03-31 06:10 <REP> d-------- c:\windows\vf_hip 2009-03-31 06:03 . 2009-04-08 14:43 <REP> d-------- c:\program files\Hide IP Platinum 2009-03-31 05:07 . 2009-03-31 05:07 <REP> d-------- c:\program files\Tetris 2009-03-31 05:07 . 2009-03-31 05:07 <REP> d-------- c:\program files\Intelore 2009-03-31 04:44 . 2009-03-31 05:07 <REP> d-------- c:\windows\vf_hip(2) 2009-03-31 04:44 . 2009-03-31 05:07 <REP> d-------- c:\program files\Hide IP Platinum(2) 2009-03-28 13:16 . 2009-03-28 13:16 <REP> d-------- c:\program files\TomTom International B.V 2009-03-18 17:00 . 2009-03-18 17:00 <REP> d-------- c:\program files\VS Revo Group 2009-03-18 15:34 . 2009-03-18 15:34 <REP> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-03-13 16:38 . 2009-03-13 16:38 <REP> d-------- c:\program files\SFR . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-08 17:36 --------- d-----w c:\program files\Fichiers communs\Symantec Shared 2009-04-08 17:36 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-04-08 16:50 --------- d-----w c:\program files\Symantec 2009-04-08 16:45 --------- d-----w c:\program files\Easy Internet signup 2009-04-08 12:44 --------- d-----w c:\program files\NeoDivx Suite 2009-04-08 12:44 --------- d-----w c:\program files\Microsoft Works 2009-04-08 12:44 --------- d-----w c:\program files\Media Player Classic 2009-04-08 12:44 --------- d-----w c:\program files\MasterSplitter 2009-04-08 12:44 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-08 12:44 --------- d-----w c:\program files\KaraFun 2009-04-08 12:44 --------- d-----w c:\program files\Infra Recorder 2009-04-08 12:43 --------- d-----w c:\program files\GXTranscoder v2 2009-04-08 12:43 --------- d-----w c:\program files\GSpot 2009-04-08 12:43 --------- d-----w c:\program files\Free Window Registry Repair 2009-04-08 12:43 --------- d-----w c:\program files\Free Video Converter 2009-04-08 12:43 --------- d-----w c:\program files\ffdshow 2009-04-08 12:43 --------- d-----w c:\program files\Eraser 2009-04-08 06:49 91,744 -c--a-w c:\windows\BPMNT.dll 2009-04-08 06:49 1,213,784 -c--a-w c:\windows\vsapi32.dll 2009-04-08 06:48 69,689 -c--a-w c:\windows\UNZIP.DLL 2009-04-08 06:48 507,904 -c--a-w c:\windows\TMUPDATE.DLL 2009-04-04 21:16 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-04-04 10:21 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-04-03 15:50 --------- d-----w c:\program files\Microsoft Money 2009-04-03 04:58 --------- d-----w c:\program files\EPSON 2009-04-02 14:26 --------- d-----w c:\program files\ACE Mega CoDecS Pack 2009-04-02 13:36 --------- d-----w c:\program files\Microsoft Bootvis 2009-04-02 11:57 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-04-02 03:56 --------- d-----w c:\program files\CCleaner 2009-04-01 07:25 71,749 -c--a-w c:\windows\hcextoutput.dll 2009-04-01 03:45 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-03-28 10:26 --------- d-----w c:\program files\TomTom HOME 2 2009-03-18 13:34 --------- d-----w c:\program files\Yahoo! 2005-05-13 15:12 217,073 --sha-r c:\windows\meta4.exe 2007-01-28 18:20 22 --sha-w c:\windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952] "PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-03 61440] "HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456] "HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-06 339968] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0\bin\jusched.exe" [2005-01-02 36972] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-10-14 278528] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe] c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2003-09-30 57344] c:\documents and settings\Administrateur.CHRIS\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2009-04-03 57344] c:\documents and settings\Administrateur.NOM-EB85C523610.000\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2009-04-03 57344] c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2003-09-30 57344] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= --- Autres Services/Pilotes en mémoire --- *Deregistered* - DwShield0000761E . Contenu du dossier 'Tâches planifiées' 2009-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-04-08 c:\windows\Tasks\Connexion facile à Internet.job - c:\program files\Easy Internet signup\HPSdpApp.exe [2005-03-03 19:04] 2009-04-03 c:\windows\Tasks\Maintenance en 1 clic.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-08 21:25:35 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(532) c:\windows\system32\Ati2evxx.dll . Heure de fin: 2009-04-08 21:27:39 ComboFix-quarantined-files.txt 2009-04-08 19:27:21 Avant-CF: 46 092 042 240 octets libres Après-CF: 46,091,001,856 octets libres 214 Et enfin celui de Gmer : GMER 1.0.15.14966 - http://www.gmer.net Rootkit scan 2009-04-09 05:47:50 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.15 ---- SSDT 82773880 ZwConnectPort Code \??\C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\catchme.sys pIofCallDriver ---- Kernel code sections - GMER 1.0.15 ---- ? C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\catchme.sys Le fichier spécifié est introuvable. ! ? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Le fichier spécifié est introuvable. ! ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\All Users\Application Data\Adobe\Updater5\AdobeESDGlobalApps.xml 285 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000166.query 3626 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000083.query 11954 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000008b.query 17578 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000a7.query 2934 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000b8.query 182 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000db.query 1892 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000f2.query 4150 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000100.query 340 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000106.query 7128 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000126.query 7702 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000137.query 7340 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000156.query 11238 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000007f.query 8966 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000080.query 222 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000082.query 0 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000084.query 0 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000085.query 2950 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000086.query 2950 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000088.query 284 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000008a.query 17578 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000008c.query 570 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000008d.query 1926 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000008e.query 1926 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000090.query 214 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000092.query 3626 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000093.query 3626 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000094.query 300 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000095.query 778 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000096.query 778 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000098.query 198 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000009a.query 2968 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000009b.query 2968 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000009c.query 264 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000009e.query 5536 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000009f.query 5536 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000a0.query 296 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000a2.query 1994 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000a3.query 1994 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000a4.query 298 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000a6.query 2934 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000a8.query 212 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000aa.query 2866 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ab.query 2866 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ac.query 200 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ae.query 3786 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000af.query 3786 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000b0.query 194 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000b1.query 1062 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000b2.query 1062 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000b4.query 534 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000b5.query 3718 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000b6.query 3718 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ba.query 7326 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000bb.query 7326 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000bc.query 202 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000be.query 4324 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000bf.query 4324 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000c0.query 190 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000c2.query 3660 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000c3.query 3660 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000c4.query 222 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000c6.query 5378 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000c7.query 5378 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000c8.query 276 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ca.query 3976 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000cb.query 3976 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000cc.query 254 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ce.query 14864 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000cf.query 14864 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000d0.query 204 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000d2.query 5480 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000d3.query 5480 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000d4.query 200 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000d6.query 3256 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000d7.query 3256 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000d8.query 194 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000da.query 1892 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000dc.query 368 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000dd.query 514 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000de.query 514 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e0.query 236 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e1.query 378 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e2.query 6314 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e3.query 5944 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e4.query 476 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e5.query 1312 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e6.query 1312 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e8.query 284 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ea.query 8102 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000eb.query 8102 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ec.query 266 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ee.query 8042 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ef.query 8042 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000f0.query 276 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000f3.query 4150 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000f4.query 536 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000f5.query 2360 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000f6.query 2360 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000f8.query 328 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000fa.query 5456 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000fb.query 5456 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000fc.query 318 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000fe.query 3766 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ff.query 3766 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001e6.query 5648 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001e7.query 5648 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001e8.query 564 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ec.query 82 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ed.query 694 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ee.query 694 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001f0.query 694 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001f1.query 1214 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001f2.query 2054 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001f3.query 848 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001f4.query 496 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001f8.query 246 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001fc.query 244 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000200.query 252 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000101.query 506 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000102.query 4902 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000103.query 4404 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000104.query 348 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000107.query 7128 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000108.query 266 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000010a.query 1480 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000010b.query 1480 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000010c.query 356 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000110.query 452 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000111.query 942 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000112.query 942 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000114.query 194 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000115.query 2246 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000116.query 2246 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000118.query 518 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000119.query 990 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000011a.query 990 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000011c.query 278 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000011d.query 2078 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000011e.query 2078 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000120.query 338 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000121.query 1086 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000122.query 1086 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000124.query 246 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000127.query 7702 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000128.query 152 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000012a.query 296 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000012b.query 296 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000012c.query 444 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000012d.query 4082 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000012e.query 4082 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000130.query 238 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000132.query 9370 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000133.query 9370 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000134.query 306 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000136.query 7340 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000138.query 258 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000013a.query 5652 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000013b.query 5652 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000013c.query 232 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000013e.query 7606 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000013f.query 7606 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000140.query 348 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000142.query 9044 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000143.query 9044 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000144.query 294 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000146.query 8426 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000147.query 8426 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000148.query 218 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000014a.query 6942 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000014b.query 6942 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000014c.query 226 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000014e.query 7550 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000014f.query 7550 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000150.query 274 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000152.query 5448 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000153.query 5448 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000154.query 340 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000157.query 11238 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000158.query 478 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000015c.query 504 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000160.query 462 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000162.query 4968 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000163.query 4968 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000164.query 388 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000165.query 3626 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000168.query 252 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000016a.query 19148 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000016b.query 19148 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000016c.query 196 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000016e.query 7594 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000016f.query 7594 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000170.query 168 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000172.query 3420 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000173.query 3420 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000174.query 124 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000176.query 10956 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000177.query 10956 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000178.query 134 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000179.query 184 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000017a.query 2642 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000017b.query 2466 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000017c.query 156 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000017e.query 6006 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000017f.query 6006 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000180.query 234 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000182.query 21404 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000183.query 21404 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000184.query 258 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000186.query 9900 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000187.query 9900 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000018a.query 4206 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000018b.query 4206 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000018c.query 282 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000018d.query 546 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000018e.query 1050 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000018f.query 512 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000190.query 252 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000191.query 598 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000192.query 598 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000194.query 210 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000196.query 1960 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000197.query 1960 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000198.query 216 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000019a.query 19024 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000019b.query 19024 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000019c.query 188 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000019e.query 6536 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000019f.query 6536 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001a0.query 202 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001a2.query 9952 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001a3.query 9952 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001a4.query 432 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001a8.query 246 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001aa.query 5456 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ab.query 5456 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ac.query 364 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ad.query 3866 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ae.query 3866 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001b0.query 194 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000188.query 204 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001b2.query 17598 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001c8.query 274 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001e4.query 262 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000204.query 84 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000219.query 2246 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000022c.query 202 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000024a.query 2154 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000025e.query 664 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000278.query 220 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000028c.query 196 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002ba.query 2542 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001b3.query 17598 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001b4.query 262 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001b6.query 7244 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001b7.query 7244 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001b8.query 258 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ba.query 11944 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001bb.query 11944 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001bc.query 264 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001be.query 2004 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001bf.query 2004 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001c0.query 242 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001c2.query 18050 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001c3.query 18050 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001c4.query 194 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001c6.query 7300 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001c7.query 7300 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002bb.query 2542 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000205.query 476 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000206.query 476 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000208.query 160 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000020a.query 3892 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000020b.query 3892 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000020c.query 230 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000210.query 102 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000212.query 1420 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000213.query 1420 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000214.query 84 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000215.query 2102 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000216.query 2102 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000218.query 244 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000021a.query 2246 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000021c.query 174 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000021d.query 1670 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000021e.query 1670 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000220.query 172 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000221.query 2330 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000222.query 2330 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000224.query 208 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000226.query 2284 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000227.query 2284 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000228.query 264 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000229.query 354 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000022a.query 4378 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000022b.query 4032 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000022d.query 1884 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000022e.query 1884 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000230.query 206 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000231.query 3184 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000232.query 3184 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000234.query 218 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000236.query 5838 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000237.query 5838 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000238.query 282 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000239.query 1520 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000023a.query 1520 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000023c.query 446 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000023d.query 2444 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000023e.query 2444 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000240.query 146 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000241.query 1592 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000242.query 1592 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000244.query 210 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000246.query 1780 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000247.query 1780 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000248.query 216 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000024b.query 2154 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000024c.query 200 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000024e.query 3142 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000024f.query 3142 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000250.query 278 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000252.query 3586 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000253.query 3586 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000254.query 244 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000255.query 2218 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000256.query 2218 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000258.query 162 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000025a.query 3562 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000025b.query 3562 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000025c.query 202 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000025f.query 664 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000260.query 216 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000261.query 562 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000262.query 562 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000264.query 202 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000266.query 3514 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000267.query 3514 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000268.query 184 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000269.query 972 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000026a.query 972 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000026c.query 156 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000026e.query 2260 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000026f.query 2260 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000270.query 184 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000272.query 4014 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000273.query 4014 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000274.query 156 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000276.query 904 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000277.query 904 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000027a.query 1018 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000027b.query 1018 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000027c.query 214 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000027e.query 5064 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000027f.query 5064 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000280.query 216 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000282.query 2858 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000283.query 2858 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000284.query 194 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000285.query 974 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000286.query 974 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000288.query 264 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000289.query 322 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000028a.query 322 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000028d.query 976 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000028e.query 976 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000290.query 134 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000292.query 278 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000293.query 278 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000294.query 146 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000296.query 5174 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000297.query 5174 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000298.query 364 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000299.query 2044 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000029a.query 2044 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000029c.query 350 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000029e.query 1458 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000029f.query 1458 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002a0.query 402 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002a2.query 1996 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002a3.query 1996 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002a4.query 216 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002a6.query 1968 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002a7.query 1968 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002a8.query 258 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002aa.query 1180 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002ab.query 1180 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002ac.query 222 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002ad.query 614 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002ae.query 1628 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002af.query 1022 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002b0.query 230 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002b2.query 3174 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002b3.query 3174 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002b4.query 214 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002b6.query 3162 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002b7.query 3162 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002b8.query 208 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ca.query 7884 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001cb.query 7884 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001cc.query 292 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ce.query 24326 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001cf.query 24326 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001d0.query 242 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001d2.query 4332 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001d3.query 4332 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001d4.query 326 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001d6.query 8208 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001d7.query 8208 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001d8.query 204 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001da.query 6792 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001db.query 6792 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001dc.query 516 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001e0.query 440 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001e2.query 4792 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001e3.query 4792 bytes ---- EOF - GMER 1.0.15 ---- Est-ce très mauvais? ou acceptable? De toute façon, c'est le dernier essai. Je rappppelle que je n'ai toujours pas d'antivirus installé. Conseil? A bientôt
- 
	  SOS Infection (Résolu)catch1 a répondu à un(e) sujet de catch1 dans Analyses et éradication malwares OK. Je vais essayer une dernière fois mais ça m'embête de capituler devant une machine. Merci en tout cas pour votre assistance, vos conseils et votre parience A bientôt
- 
	  SOS Infection (Résolu)catch1 a répondu à un(e) sujet de catch1 dans Analyses et éradication malwares Désolé Pear, Quand je veux telecharger Kaspersky, il me demande de mettre à jour Java et si je télécharge java, l'installer me dit à un moment qu'il ne peut pas décompresser les fichiers Core et l'installation s'arrête. Je suis bloqué avant de commencer!
- 
	  SOS Infection (Résolu)catch1 a répondu à un(e) sujet de catch1 dans Analyses et éradication malwares OK. Ca commence mal, je suis incapable d'installer java. il me di qu'il ne peut pas decompresser les fichiers core. je vais encore réinstaller windows.
- 
	  SOS Infection (Résolu)catch1 a répondu à un(e) sujet de catch1 dans Analyses et éradication malwares OK. Vais faire votre procédure. Tout avait bien fonctionné jusqu'à secuser.com. Scan. Trouvé un tas de PE Virux.F. J'ai dû supprimer des fichiers qu'il ne fallait pas. J'ai dû réinstaller Windows dans les même conditions que précédemment. Merci de bien vouloir m'assister. Je lance votre procédure immédiatement.
- 
	  SOS Infection (Résolu)catch1 a répondu à un(e) sujet de catch1 dans Analyses et éradication malwares Suis toujour en cours de vérification. J'ai fait un bon nettoyage avec DrWeb CureIt. Puis Combofix Voici le log : ComboFix 09-04-04.01 - HP_Propriétaire 2009-04-08 5:05:52.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.382.81 [GMT 2:00] Lancé depuis: c:\documents and settings\HP_Propriétaire\Bureau\ComboFix.exe AV: Norton Internet Security *On-access scanning enabled* (Updated) FW: Norton Internet Security *enabled* * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\HP_Propriétaire\reader_s.exe c:\windows\system32\reader_s.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_restore ((((((((((((((((((((((((((((( Fichiers créés du 2009-03-08 au 2009-04-08 )))))))))))))))))))))))))))))))))))) . 2009-04-08 05:02 . 2009-04-08 05:02 80 --a------ c:\windows\system32\7F.tmp 2009-04-08 04:42 . 2004-08-05 20:00 221,184 --a------ c:\windows\system32\wmpns.dll 2009-04-08 04:42 . 2009-04-08 04:42 1,932 -rahs---- c:\windows\system32\drivers\103C_HP_CPC_EC616AA-ABF t3128.fr_YC_0Pavi_QCZC531_E53FRheBLU4_47_IAMETHYST-M_SMSI_V1.0_B3.20_T050708_WXH2_L40C_M383_J160_7AMD_8Sempron_91.79_#060127_N10EC8 139_Z11C1048C_G10025954_OLITE-ON DVDRW SOHW-1633S_DPTS0307.MRK 2009-04-08 04:41 . 2005-01-02 03:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\WINDOWS 2009-04-08 04:41 . 2005-01-02 03:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\WINDOWS 2009-04-08 04:41 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage réseau 2009-04-08 04:41 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage réseau 2009-04-08 04:41 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage d'impression 2009-04-08 04:41 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage d'impression 2009-04-08 04:41 . 2009-04-08 04:44 <REP> d-------- c:\documents and settings\HP_Propriétaire\Modèles 2009-04-08 04:41 . 2009-04-08 04:44 <REP> d-------- c:\documents and settings\HP_Propriétaire\Modèles 2009-04-08 04:41 . 2009-04-08 04:44 <REP> dr------- c:\documents and settings\HP_Propriétaire\Mes documents 2009-04-08 04:41 . 2009-04-08 04:44 <REP> dr------- c:\documents and settings\HP_Propriétaire\Mes documents 2009-04-08 04:41 . 2009-04-08 04:44 <REP> d-------- c:\documents and settings\HP_Propriétaire\Menu Démarrer 2009-04-08 04:41 . 2009-04-08 04:44 <REP> d-------- c:\documents and settings\HP_Propriétaire\Menu Démarrer 2009-04-08 04:41 . 2009-04-08 04:44 <REP> dr------- c:\documents and settings\HP_Propriétaire\Favoris 2009-04-08 04:41 . 2009-04-08 04:44 <REP> dr------- c:\documents and settings\HP_Propriétaire\Favoris 2009-04-08 04:41 . 2009-04-08 04:44 <REP> d-------- c:\documents and settings\HP_Propriétaire\Bureau 2009-04-08 04:41 . 2009-04-08 04:44 <REP> d-------- c:\documents and settings\HP_Propriétaire\Bureau 2009-04-08 04:41 . 2005-01-02 04:07 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Symantec 2009-04-08 04:41 . 2005-01-02 03:58 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\SampleView 2009-04-08 04:41 . 2005-01-02 03:47 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Apple Computer 2009-04-08 04:41 . 2009-04-08 05:06 <REP> d-------- c:\documents and settings\HP_Propriétaire 2009-04-08 04:39 . 2005-01-02 03:48 <REP> d-------- c:\windows\system32\config\systemprofile\WINDOWS 2009-04-08 04:39 . 2005-01-02 04:07 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\Symantec 2009-04-08 04:39 . 2005-01-02 03:58 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\SampleView 2009-04-08 04:39 . 2005-01-02 03:47 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\Apple Computer 2009-04-08 03:49 . 2009-04-08 04:04 <REP> d-------- C:\Infection 2009-04-07 20:09 . 2009-04-07 20:09 <REP> d-------- c:\program files\Jcore 2009-04-07 20:09 . 2009-04-07 23:36 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\nidle 2009-04-07 11:18 . 2009-04-07 11:19 <REP> d-------- C:\gamer 2009-04-07 11:16 . 2009-04-07 11:16 278,161 --a------ C:\gamer.zip 2009-04-06 18:44 . 2009-04-06 18:44 <REP> d-------- C:\gmer 2009-04-06 18:42 . 2009-04-06 18:42 278,161 --a------ C:\gmer.zip 2009-04-06 12:28 . 2009-04-07 16:15 <REP> d-------- c:\windows\dhcp 2009-04-06 12:28 . 2009-04-07 06:55 <REP> dr-hs---- c:\program files\ThunMail 2009-04-06 10:47 . 2009-04-07 21:13 679 --a------ C:\Fich2.bat 2009-04-06 10:46 . 2009-04-07 21:11 133 --a------ C:\Fich1.bat 2009-04-04 21:58 . 2004-08-05 20:00 1,055,232 --a------ c:\windows\explorer.backup 2009-04-04 21:54 . 2009-04-07 19:33 <REP> d-------- C:\FR-files 2009-04-04 21:46 . 2009-04-07 19:28 <REP> d-------- C:\WinFileReplace 2009-04-04 19:53 . 2009-04-04 19:53 11,452,389 --a------ c:\windows\services.ex_ 2009-04-04 16:47 . 2009-04-04 16:46 22,722,697 --a------ c:\windows\LPT$VPN.943 2009-04-04 16:46 . 2009-04-04 16:46 <REP> d-------- c:\windows\AU_Temp 2009-04-04 16:46 . 2009-04-04 16:46 22,722,697 --a------ c:\windows\VPTNFILE.943 2009-04-04 08:25 . 2009-04-04 08:25 <REP> d-------- c:\program files\Avira 2009-04-04 08:25 . 2009-04-04 08:25 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-04-03 21:55 . 2009-04-04 05:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\DoctorWeb 2009-04-03 21:55 . 2009-04-04 05:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\DoctorWeb 2009-04-03 08:35 . 2009-04-03 14:08 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\.ABC 2009-04-02 17:20 . 2009-04-05 06:28 <REP> d-------- c:\program files\Sudoku 2009-04-02 16:51 . 2009-04-02 16:51 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Goto.Games 2009-04-02 16:46 . 2009-04-02 16:47 <REP> d-------- c:\program files\Objectif Tarot 2009-04-02 16:34 . 2009-04-02 16:34 <REP> d-------- c:\documents and settings\HP_Propriétaire\.bztarot 2009-04-02 16:34 . 2009-04-02 16:34 <REP> d-------- c:\documents and settings\HP_Propriétaire\.bztarot 2009-04-02 16:34 . 2009-04-02 16:34 8 --a------ c:\documents and settings\HP_Propriétaire\.bztarotcumul.dat 2009-04-02 16:34 . 2009-04-02 16:34 8 --a------ c:\documents and settings\HP_Propriétaire\.bztarotcumul.dat 2009-04-02 16:10 . 2009-04-02 16:10 242,176 --a------ c:\windows\~INSX362.EX_ 2009-04-02 15:52 . 2009-04-02 15:52 <REP> d-------- C:\bases 2009-04-02 15:08 . 2009-04-02 15:08 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\vlc 2009-04-02 14:53 . 2009-04-03 20:54 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Ahead 2009-04-02 11:58 . 2009-04-02 11:58 <REP> d-------- C:\6761876ae56e766ef0e09bcba4e9d4b7 2009-04-02 11:39 . 2009-04-04 16:26 <REP> d-------- c:\program files\Spamihilator 2009-04-02 11:01 . 2009-04-04 18:43 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Spamihilator 2009-04-02 10:57 . 2009-04-02 10:57 130,813 --a------ C:\F3.tmp 2009-04-02 10:39 . 2009-04-02 10:39 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Microsoft Web Folders 2009-04-02 09:56 . 2009-04-02 09:56 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\ABBYY 2009-04-02 06:54 . 2009-04-05 21:09 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Orbit 2009-04-02 00:50 . 2009-04-03 12:13 94,208 --a------ c:\windows\DUMP98e4.tmp 2009-04-02 00:50 . 2009-04-02 20:32 94,208 --a------ c:\windows\DUMP832a.tmp 2009-04-01 22:06 . 2009-04-03 18:55 <REP> d-------- C:\Copie mes documents 2009-04-01 18:10 . 2009-04-01 18:10 <REP> d-------- c:\windows\ERUNT 2009-04-01 18:09 . 2009-04-04 22:24 130 --a------ c:\windows\adobe.bat 2009-04-01 18:09 . 2009-04-04 19:53 7 --a------ c:\windows\_id.dat 2009-04-01 18:08 . 2005-01-02 03:48 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\WINDOWS 2009-04-01 18:08 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Voisinage réseau 2009-04-01 18:08 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Voisinage d'impression 2009-04-01 18:08 . 2008-10-11 03:30 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Modèles 2009-04-01 18:08 . 2005-01-02 04:16 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Mes documents 2009-04-01 18:08 . 2004-11-25 05:26 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Menu Démarrer 2009-04-01 18:08 . 2008-10-10 19:05 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Favoris 2009-04-01 18:08 . 2005-01-02 03:51 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Bureau 2009-04-01 18:08 . 2005-01-02 04:07 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Application Data\Symantec 2009-04-01 18:08 . 2005-01-02 03:58 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Application Data\SampleView 2009-04-01 18:08 . 2005-01-02 03:47 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Application Data\Apple Computer 2009-04-01 18:08 . 2009-04-01 21:35 <REP> d-------- c:\documents and settings\Administrateur.CHRIS 2009-04-01 10:06 . 2009-04-01 10:06 0 --a------ C:\F.tmp 2009-04-01 09:52 . 2009-04-01 09:52 <REP> d-------- c:\program files\CleanUp! 2009-04-01 08:13 . 2009-04-01 08:13 0 --a------ C:\C.tmp 2009-04-01 08:10 . 2009-04-01 08:10 0 --a------ C:\B.tmp 2009-03-31 06:03 . 2009-03-31 06:10 <REP> d-------- c:\windows\vf_hip 2009-03-31 06:03 . 2009-03-31 08:52 <REP> d-------- c:\program files\Hide IP Platinum 2009-03-31 05:07 . 2009-03-31 05:07 <REP> d-------- c:\program files\Tetris 2009-03-31 05:07 . 2009-03-31 05:07 <REP> d-------- c:\program files\Intelore 2009-03-31 04:44 . 2009-03-31 05:07 <REP> d-------- c:\windows\vf_hip(2) 2009-03-31 04:44 . 2009-03-31 05:07 <REP> d-------- c:\program files\Hide IP Platinum(2) 2009-03-28 13:16 . 2009-03-28 13:16 <REP> d-------- c:\program files\TomTom International B.V 2009-03-18 17:00 . 2009-03-18 17:00 <REP> d-------- c:\program files\VS Revo Group 2009-03-18 15:34 . 2009-03-18 15:34 <REP> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-03-13 16:38 . 2009-03-13 16:38 <REP> d-------- c:\program files\SFR . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-08 03:03 213,376 ----a-w c:\windows\system32\drivers\ndis.sys 2009-04-04 21:16 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-04-04 14:46 91,744 -c--a-w c:\windows\BPMNT.dll 2009-04-04 14:46 1,213,784 -c--a-w c:\windows\vsapi32.dll 2009-04-04 14:45 69,689 -c--a-w c:\windows\UNZIP.DLL 2009-04-04 14:45 507,904 -c--a-w c:\windows\TMUPDATE.DLL 2009-04-04 10:21 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-04-03 20:00 --------- d-----w c:\program files\DAP 2009-04-03 15:50 --------- d-----w c:\program files\Microsoft Money 2009-04-03 06:35 --------- d-----w c:\program files\ABC 2009-04-03 05:10 --------- d-----w c:\program files\Smart Panel 2009-04-03 04:58 --------- d-----w c:\program files\EPSON 2009-04-02 20:32 --------- d-----w c:\program files\AsfTools 2009-04-02 14:34 --------- d-----w c:\program files\BzTarot 2009-04-02 14:26 --------- d-----w c:\program files\ACE Mega CoDecS Pack 2009-04-02 13:48 --------- d-----w c:\program files\ACD Systems 2009-04-02 13:36 --------- d-----w c:\program files\Microsoft Bootvis 2009-04-02 11:57 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-04-02 09:37 --------- d-----w c:\program files\Orbitdownloader 2009-04-02 08:58 --------- d-----w c:\program files\Eliminate Spam! 2009-04-02 04:57 --------- d-----w c:\program files\A.S.C 2009-04-02 04:36 --------- d-----w c:\program files\PeckJoin 2009-04-02 03:56 --------- d-----w c:\program files\CCleaner 2009-04-01 07:25 71,749 -c--a-w c:\windows\hcextoutput.dll 2009-04-01 07:25 368,709 -c--a-w c:\windows\tsc.exe 2009-04-01 03:45 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-04-01 00:18 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-31 05:50 --------- d-----w c:\program files\eMule 2009-03-28 10:26 --------- d-----w c:\program files\TomTom HOME 2 2009-03-18 15:38 --------- d-----w c:\program files\Tomtomax Maxi-Box 2009-03-18 13:34 --------- d-----w c:\program files\Yahoo! 2009-02-22 09:26 --------- d-----w c:\program files\WinAVI Video Converter 9.0 2009-02-16 14:17 --------- d-----w c:\program files\Video Strip Poker Full Version - NICOLE 2005-05-13 15:12 217,073 --sha-r c:\windows\meta4.exe 2007-01-28 18:20 22 --sha-w c:\windows\SMINST\HPCD.sys . ------- Sigcheck ------- 2004-08-05 20:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$\ndis.sys 2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ndis.sys 2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ndis.sys 2009-04-08 05:03 213376 ff85ebd2ad3679254cf251136c62d764 c:\windows\system32\dllcache\ndis.sys 2009-04-08 05:03 213376 ff85ebd2ad3679254cf251136c62d764 c:\windows\system32\drivers\ndis.sys 2004-08-05 20:00 34304 ecf932debc3adb435a516f58ddffec9d c:\windows\$NtServicePackUninstall$\ctfmon.exe 2008-04-14 04:33 34304 8181a7405cfba23178508c8b837e1333 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ctfmon.exe 2008-04-14 04:33 34304 330f39a904e20672ffc4a035fb3e78af c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ctfmon.exe 2004-08-05 20:00 34304 c3f1c42466430fff66e79b581f0d9ca6 c:\windows\system32\ctfmon.exe 2004-08-05 20:00 34304 c437c943ef10877cf017794cf5bb1527 c:\windows\system32\dllcache\ctfmon.exe 2008-04-14 04:34 131584 94cc30176ce100887fc8cb71421020a5 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\wuauclt.exe 2008-04-14 04:34 131584 e94df3f47d5d9c29fea0ec7cc129d253 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\wuauclt.exe 2004-08-05 20:00 131584 a2813cbef1cdd7b0e6b41238493d9083 c:\windows\system32\wuauclt.exe 2004-08-05 20:00 131584 4356a19011204a240e8ef7c2351828e1 c:\windows\system32\dllcache\wuauclt.exe 2004-08-05 20:00 44032 340283e6986ec63596f2e16d06e21279 c:\windows\$NtServicePackUninstall$\userinit.exe 2008-04-14 04:34 45568 26bf6b49401333ff2d061a47ccfb90f5 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\userinit.exe 2008-04-14 04:34 45568 4cf572364737db447420c278abdfab49 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\userinit.exe 2004-08-05 20:00 44032 1a0d800c5e4e0161a6a12684146c1525 c:\windows\system32\userinit.exe 2004-08-05 20:00 44032 bcc11f664d57aa3faff42fff244b5ef9 c:\windows\system32\dllcache\userinit.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0\bin\jusched.exe" [2005-01-02 36972] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-06 339968] "HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 69632] "HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 679936] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-03 61440] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-10-14 278528] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 253952] "SSC_UserPrompt"="c:\program files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-16 218240] "ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2004-09-07 58488] "IS CfgWiz"="c:\program files\Norton Internet Security\cfgwiz.exe" [2004-08-24 132248] "URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2004-08-31 33936] "PS2"="c:\windows\system32\ps2.exe" [2004-10-25 110592] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 274432] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE] c:\documents and settings\Administrateur.CHRIS\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2009-04-03 57344] c:\documents and settings\Administrateur.NOM-EB85C523610.000\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2009-04-03 57344] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= S3 kkr188b;kkr188b;c:\windows\system32\drivers\kkr188b.sys --> c:\windows\system32\drivers\kkr188b.sys [?] . Contenu du dossier 'Tâches planifiées' 2009-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-04-03 c:\windows\Tasks\Maintenance en 1 clic.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [] 2005-01-02 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-08-24 19:22] . - - - - ORPHELINS SUPPRIMES - - - - HKU-Default-Run-reader_s - c:\documents and settings\HP_Propriétaire\reader_s.exe . ------- Examen supplémentaire ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-08 05:13:30 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwOpenFile Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(536) c:\windows\system32\Ati2evxx.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Fichiers communs\Symantec Shared\ccProxy.exe c:\windows\system32\ati2evxx.exe c:\program files\Fichiers communs\Symantec Shared\ccSetMgr.exe c:\program files\Fichiers communs\Symantec Shared\ccEvtMgr.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\wdfmgr.exe c:\program files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Fichiers communs\Symantec Shared\SNDSrvc.exe . ************************************************************************** . Heure de fin: 2009-04-08 5:17:36 - La machine a redémarré ComboFix-quarantined-files.txt 2009-04-08 03:17:30 ComboFix2.txt 2009-04-07 18:05:22 ComboFix3.txt 2009-04-07 16:58:47 ComboFix4.txt 2009-04-07 16:33:13 ComboFix5.txt 2009-04-08 03:00:47 Avant-CF: 45 557 862 400 octets libres Après-CF: 45,471,227,904 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect 279 Le problème vient de ce que Combofix supprime reader_s.exe. Ceci oblige à une restauration Windows à partir de la sauvegarde constructeur sur D . Elle es verrouillée et donc non polluée. On a quand même besoin du DVD de sauvegarde pur trouver un fichie indispensabble dans i386 sur le DVD. Reinstallation de Windows non destructrice. Ensuite : redémarrage en mode sans échec : DrWeb CureIt. Pas de Virut détecté suivant la procédure que vous avez recommandée. Installer Norton Antivirus fourni avec l'installation. Mise à jour. scan antivirus : 2 virus trouvés: Trojan.pandex dans fichiers BN1 et BN2.temp. Désinfectés. Scan en ligne secuser.com. Trouve une multitude de "PE Virux.F, F-1 et F-2" . La très grande majorité est cleanable. En cours. Peut-être suis-je tombé de Charybde en Scylla?
- 
	  SOS Infection (Résolu)catch1 a répondu à un(e) sujet de catch1 dans Analyses et éradication malwares N'ai pas pu attendre. Pour l'instant j'ai une procédure encours et pas trace de Virut! jusqu'à maintenant. Attendons la fin : je vous communiquerai les résultats. Je crois avoir compris pourquoi batch n'a pas fonctionné. D'après l'aide de Windows que j'ai récupérée, batch d'adresse à des fichiers .txt et non à des fichiers.bat; il aurait donc fallu enregistrer fich1.txt et non fich1.bat. Je suis plein d'espoir et j'espère n'être pas déçu. Je vous tiens au courant dès que le vérifications sont terminées, avant d'entamer une nouvelle procédure en cas d'échec. Pour info : suis d'origine Bretonne : ça explique!
- 
	  SOS Infection (Résolu)catch1 a répondu à un(e) sujet de catch1 dans Analyses et éradication malwares Bonjour, Avant de lancer la bombe atomique(formatage), jai fait une reinstallation de Windows non destructive à partir de la sauvegarde constructeur sur le disque D. Après la réinstallation de Windows, j'ai passé DrWeb CureIt suivant la procédure recommandée au départ, en mode sans échec. Il ne détecte rien. Donc, pas de rapport. avant de faire une bêtise, je me suis arrêté là. Que faire ensuite?. Je ne sais pas si la console fonctionne.
- 
	  SOS Infection (Résolu)catch1 a répondu à un(e) sujet de catch1 dans Analyses et éradication malwares Tout n'est peut-être pas perdu! Lorsque je veux ouvrir la console, il me demande sur quelle session de windows je veux travailler : 1 : D:\i386 2 : D:\miniNT 3 : c:\windows. Est-ce que çà peut aider? Bonne nuit. A demain.
- 
	  SOS Infection (Résolu)catch1 a répondu à un(e) sujet de catch1 dans Analyses et éradication malwares Désolé, Ai retenté la manip, elle coince au niveau batch comme hier. En utilisation console, je ne sais pas faire de copier/coller. La console fonctionne sur la sauvegarde de windows cachée sur une partition spéciale du disque dur. Je ne sais pas où elle se trouve. Enfin, je n'ai plus d'imprimante opérationnelle. Elle a dû être désinstallée au cours des différentes manoeuvres. Si j'introduis le CDrom de réinstallation, il me propose soit la réinstallation non destructive avec conservation de mes fichiers, soit le formatage pur et simple avec effacement total. Moralité, nous en sommes toujours au même point avec quelques bugs supplémentaires. Espérons que nous seront plus efficaces demain. L'espoir fait vivre. Bonne nuit.
- 
	  SOS Infection (Résolu)catch1 a répondu à un(e) sujet de catch1 dans Analyses et éradication malwares Ai essayé de faire correctement la proédure : Gros problèmes . Le premier passage de Combofix s'est bien passé. Voici son log : ComboFix 09-04-04.01 - HP_Propriétaire 2009-04-07 18:21:01.10 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.382.122 [GMT 2:00] Lancé depuis: c:\documents and settings\HP_Propriétaire\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\HP_Propriétaire\Bureau\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Outdated) * Un nouveau point de restauration a été créé FILE :: c:\windows\DUMP32e7.tmp c:\windows\DUMP4352.tmp c:\windows\DUMP66f7.tmp c:\windows\system32\10.tmp c:\windows\system32\11.tmp c:\windows\system32\12.tmp c:\windows\system32\13.tmp c:\windows\system32\2.tmp c:\windows\system32\3.tmp c:\windows\system32\3361 c:\windows\system32\4.tmp c:\windows\system32\8.tmp c:\windows\system32\A.tmp c:\windows\system32\B.tmp c:\windows\system32\C.tmp c:\windows\system32\D.tmp c:\windows\system32\E.tmp c:\windows\system32\F.tmp . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\DUMP32e7.tmp c:\windows\DUMP4352.tmp c:\windows\DUMP66f7.tmp c:\windows\system32\10.tmp c:\windows\system32\11.tmp c:\windows\system32\12.tmp c:\windows\system32\13.tmp c:\windows\system32\2.tmp c:\windows\system32\3.tmp c:\windows\system32\4.tmp c:\windows\system32\8.tmp c:\windows\system32\A.tmp c:\windows\system32\B.tmp c:\windows\system32\C.tmp c:\windows\system32\D.tmp c:\windows\system32\drivers\dywbxpcpqbzpkzn.sys c:\windows\system32\drivers\str.sys c:\windows\system32\E.tmp c:\windows\system32\F.tmp c:\windows\system32\svchost.exe . . . est infecté!! c:\windows\system32\spoolsv.exe . . . est infecté!! c:\windows\explorer.exe . . . est infecté!! . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SYNSEND -------\Service_restore -------\Service_synsend ((((((((((((((((((((((((((((( Fichiers créés du 2009-03-07 au 2009-04-07 )))))))))))))))))))))))))))))))))))) . 2009-04-07 11:18 . 2009-04-07 11:19 <REP> d-------- C:\gamer 2009-04-07 11:16 . 2009-04-07 11:16 278,161 --a------ C:\gamer.zip 2009-04-07 10:24 . 2009-04-07 10:24 84 --a------ c:\windows\system32\6.tmp 2009-04-06 18:44 . 2009-04-06 18:44 <REP> d-------- C:\gmer 2009-04-06 18:42 . 2009-04-06 18:42 278,161 --a------ C:\gmer.zip 2009-04-06 12:28 . 2009-04-07 16:28 <REP> d-------- c:\windows\system32\3361 2009-04-06 12:28 . 2009-04-07 16:15 <REP> d-------- c:\windows\dhcp 2009-04-06 12:28 . 2009-04-07 06:55 <REP> dr-hs---- c:\program files\ThunMail 2009-04-06 12:28 . 2009-04-06 12:28 108,336 --a------ c:\windows\system32\MSWINSCK.OCX 2009-04-06 12:28 . 2009-04-05 22:51 21,704 --a------ c:\windows\system32\vv.exe 2009-04-06 10:47 . 2009-04-06 10:47 679 --a------ C:\Fich2.bat 2009-04-06 10:46 . 2009-04-06 10:46 127 --a------ C:\Fich1.bat 2009-04-04 21:58 . 2004-08-05 20:00 1,055,232 --a------ c:\windows\explorer.backup 2009-04-04 21:58 . 2004-08-05 20:00 76,800 --a------ c:\windows\system32\spoolsv.backup 2009-04-04 21:57 . 2004-08-05 20:00 33,280 --a------ c:\windows\system32\svchost.backup 2009-04-04 21:54 . 2009-04-05 21:12 <REP> d-------- C:\FR-files 2009-04-04 21:46 . 2009-04-05 21:09 <REP> d-------- C:\WinFileReplace 2009-04-04 19:53 . 2009-04-04 19:53 11,452,389 --a------ c:\windows\services.ex_ 2009-04-04 16:47 . 2009-04-04 16:46 22,722,697 --a------ c:\windows\LPT$VPN.943 2009-04-04 16:46 . 2009-04-04 16:46 <REP> d-------- c:\windows\AU_Temp 2009-04-04 16:46 . 2009-04-04 16:46 22,722,697 --a------ c:\windows\VPTNFILE.943 2009-04-04 08:26 . 2009-02-13 11:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys 2009-04-04 08:25 . 2009-04-04 08:25 <REP> d-------- c:\program files\Avira 2009-04-04 08:25 . 2009-04-04 08:25 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-04-03 21:55 . 2009-04-04 05:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\DoctorWeb 2009-04-03 21:55 . 2009-04-04 05:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\DoctorWeb 2009-04-03 08:35 . 2009-04-03 14:08 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\.ABC 2009-04-02 17:20 . 2009-04-05 06:28 <REP> d-------- c:\program files\Sudoku 2009-04-02 16:51 . 2009-04-02 16:51 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Goto.Games 2009-04-02 16:46 . 2009-04-02 16:47 <REP> d-------- c:\program files\Objectif Tarot 2009-04-02 16:46 . 2009-04-02 16:46 150,528 --a------ c:\windows\system32\SpoonUninstall.exe 2009-04-02 16:46 . 2009-04-02 16:46 82,994 --a------ c:\windows\system32\SpoonUninstall-Objectif Tarot.bmp 2009-04-02 16:46 . 2009-04-02 16:46 1,722 --a------ c:\windows\system32\SpoonUninstall-Objectif Tarot.dat 2009-04-02 16:34 . 2009-04-02 16:34 <REP> d-------- c:\documents and settings\HP_Propriétaire\.bztarot 2009-04-02 16:34 . 2009-04-02 16:34 <REP> d-------- c:\documents and settings\HP_Propriétaire\.bztarot 2009-04-02 16:34 . 2009-04-02 16:34 8 --a------ c:\documents and settings\HP_Propriétaire\.bztarotcumul.dat 2009-04-02 16:34 . 2009-04-02 16:34 8 --a------ c:\documents and settings\HP_Propriétaire\.bztarotcumul.dat 2009-04-02 16:28 . 2009-04-03 21:59 98,304 --a------ c:\windows\system32\qttask.exe 2009-04-02 16:24 . 2004-02-17 10:11 53,248 --a------ c:\windows\system32\vp6dec_settings.cpl 2009-04-02 16:23 . 2003-08-18 05:10 122,880 --a------ c:\windows\system32\directx.cpl 2009-04-02 16:23 . 2003-03-25 05:49 106,544 --a------ c:\windows\system32\tweakui.cpl 2009-04-02 16:23 . 2003-03-25 05:49 98,304 --a------ c:\windows\system32\startup.cpl 2009-04-02 16:23 . 2003-03-25 05:49 51,238 --a------ c:\windows\system32\tweakui.hlp 2009-04-02 16:18 . 2004-05-25 16:06 417,792 --a------ c:\windows\system32\ac3filter.cpl 2009-04-02 16:10 . 2009-04-02 16:10 242,176 --a------ c:\windows\~INSX362.EX_ 2009-04-02 15:52 . 2009-04-02 15:52 <REP> d-------- C:\bases 2009-04-02 15:08 . 2009-04-02 15:08 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\vlc 2009-04-02 15:02 . 2009-04-02 15:02 124 --a------ c:\windows\system32\7.tmp 2009-04-02 14:53 . 2009-04-03 20:54 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Ahead 2009-04-02 12:23 . 2009-04-02 12:23 <REP> d-------- c:\windows\system32\fr-fr 2009-04-02 11:58 . 2009-04-02 11:58 <REP> d-------- C:\6761876ae56e766ef0e09bcba4e9d4b7 2009-04-02 11:39 . 2009-04-04 16:26 <REP> d-------- c:\program files\Spamihilator 2009-04-02 11:01 . 2009-04-04 18:43 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Spamihilator 2009-04-02 10:57 . 2009-04-02 10:57 130,813 --a------ C:\F3.tmp 2009-04-02 10:39 . 2009-04-02 10:39 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Microsoft Web Folders 2009-04-02 10:35 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2009-04-02 10:31 . 2001-11-02 15:10 184,320 --a------ c:\windows\system32\PhotoImpression Screen Saver.scr 2009-04-02 09:58 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys 2009-04-02 09:58 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2009-04-02 09:57 . 2003-05-23 03:06 73,869 --a------ c:\windows\system32\EBPMON24.DLL 2009-04-02 09:57 . 2003-05-21 04:27 64,000 --a------ c:\windows\system32\ECBTEG.DLL 2009-04-02 09:57 . 2009-04-03 21:58 39,936 --a------ c:\windows\system32\drivers\CDAC11BA.EXE 2009-04-02 09:57 . 2000-06-07 03:01 34,304 --a------ c:\windows\system32\EBPCHP.DLL 2009-04-02 09:57 . 2001-09-04 04:04 182 --a------ c:\windows\system32\EBPPORT4.DAT 2009-04-02 09:56 . 2009-04-02 09:56 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\ABBYY 2009-04-02 09:54 . 2003-04-02 00:00 217,088 --a------ c:\windows\system32\esdtr.dll 2009-04-02 09:54 . 2001-11-15 00:00 47,104 --a------ c:\windows\system32\escimgd.dll 2009-04-02 09:54 . 2002-06-20 00:00 32,256 --a------ c:\windows\system32\escwiad.dll 2009-04-02 09:54 . 2002-06-20 00:00 22,528 --a------ c:\windows\system32\esccmd.dll 2009-04-02 06:54 . 2009-04-05 21:09 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Orbit 2009-04-02 06:50 . 2009-04-02 06:50 172,032 --a------ c:\windows\system32\AniGIF.ocx 2009-04-02 06:35 . 1997-09-28 14:22 92,672 --a------ c:\windows\system32\COMDLG32.OCX 2009-04-02 06:35 . 1997-09-28 14:22 37,376 --a------ c:\windows\system32\VbVfw.dll 2009-04-02 03:09 . 2009-04-02 03:31 <REP> d-------- c:\windows\system32\CatRoot_bak 2009-04-02 03:06 . 2008-08-14 15:44 2,182,400 --------- c:\windows\system32\dllcache\ntoskrnl.exe 2009-04-02 03:06 . 2008-08-14 15:44 2,138,112 --------- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-04-02 03:06 . 2008-08-14 15:44 2,059,776 --------- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-04-02 03:06 . 2008-08-14 15:44 2,017,792 --------- c:\windows\system32\dllcache\ntkrpamp.exe 2009-04-02 03:03 . 2008-10-24 13:10 453,632 --------- c:\windows\system32\dllcache\mrxsmb.sys 2009-04-02 03:01 . 2006-09-06 16:43 22,752 --a------ c:\windows\system32\spupdsvc.exe 2009-04-02 01:10 . 2008-06-14 19:59 272,768 --------- c:\windows\system32\drivers\bthport.sys 2009-04-02 01:10 . 2008-06-14 19:59 272,768 --------- c:\windows\system32\dllcache\bthport.sys 2009-04-02 01:07 . 2009-04-02 01:07 8,192 --a------ c:\windows\system32\edb.chk 2009-04-02 01:06 . 2005-01-02 03:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\WINDOWS 2009-04-02 01:06 . 2005-01-02 03:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\WINDOWS 2009-04-02 01:06 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage réseau 2009-04-02 01:06 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage réseau 2009-04-02 01:06 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage d'impression 2009-04-02 01:06 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage d'impression 2009-04-02 01:06 . 2009-04-02 08:47 <REP> d-------- c:\documents and settings\HP_Propriétaire\Modèles 2009-04-02 01:06 . 2009-04-02 08:47 <REP> d-------- c:\documents and settings\HP_Propriétaire\Modèles 2009-04-02 01:06 . 2009-04-07 16:30 <REP> dr------- c:\documents and settings\HP_Propriétaire\Mes documents 2009-04-02 01:06 . 2009-04-07 16:30 <REP> dr------- c:\documents and settings\HP_Propriétaire\Mes documents 2009-04-02 01:06 . 2009-04-02 10:38 <REP> d-------- c:\documents and settings\HP_Propriétaire\Menu Démarrer 2009-04-02 01:06 . 2009-04-02 10:38 <REP> d-------- c:\documents and settings\HP_Propriétaire\Menu Démarrer 2009-04-02 01:06 . 2009-04-07 06:54 <REP> dr------- c:\documents and settings\HP_Propriétaire\Favoris 2009-04-02 01:06 . 2009-04-07 06:54 <REP> dr------- c:\documents and settings\HP_Propriétaire\Favoris 2009-04-02 01:06 . 2009-04-07 18:20 <REP> d-------- c:\documents and settings\HP_Propriétaire\Bureau 2009-04-02 01:06 . 2009-04-07 18:20 <REP> d-------- c:\documents and settings\HP_Propriétaire\Bureau 2009-04-02 01:06 . 2005-01-02 04:07 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Symantec 2009-04-02 01:06 . 2005-01-02 03:58 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\SampleView 2009-04-02 01:06 . 2005-01-02 03:47 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Apple Computer 2009-04-02 01:06 . 2009-04-07 16:15 <REP> d-------- c:\documents and settings\HP_Propriétaire 2009-04-02 01:06 . 2004-08-05 20:00 221,184 --a------ c:\windows\system32\wmpns.dll 2009-04-02 01:06 . 2009-04-02 01:06 1,832 -rahs---- c:\windows\system32\drivers\103C_HP_CPC_EC616AA-ABF t3128.fr_YC_0Pavi_QCZC531_E53FRheBLU4_47_IAMETHYST-M_SMSI_V1.0_B3.20_T050708_WXH2_L40C_M383_J160_7AMD_8Sempron_91.79_#060127_N10EC8 139_Z11C1048C_G10025954_OLITE-ON DVDRW SOHW-1633S_DPTS0307.MRK 2009-04-02 01:02 . 2005-01-02 03:48 <REP> d-------- c:\windows\system32\config\systemprofile\WINDOWS 2009-04-02 01:02 . 2005-01-02 04:07 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\Symantec 2009-04-02 01:02 . 2005-01-02 03:58 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\SampleView 2009-04-02 01:02 . 2005-01-02 03:47 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\Apple Computer 2009-04-02 00:50 . 2009-04-03 12:13 94,208 --a------ c:\windows\DUMP98e4.tmp 2009-04-02 00:50 . 2009-04-02 20:32 94,208 --a------ c:\windows\DUMP832a.tmp 2009-04-01 22:06 . 2009-04-03 18:55 <REP> d-------- C:\Copie mes documents 2009-04-01 18:10 . 2009-04-01 18:10 <REP> d-------- c:\windows\ERUNT 2009-04-01 18:09 . 2009-04-04 22:24 130 --a------ c:\windows\adobe.bat 2009-04-01 18:09 . 2009-04-04 19:53 7 --a------ c:\windows\_id.dat 2009-04-01 18:08 . 2005-01-02 03:48 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\WINDOWS 2009-04-01 18:08 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Voisinage réseau 2009-04-01 18:08 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Voisinage d'impression 2009-04-01 18:08 . 2008-10-11 03:30 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Modèles 2009-04-01 18:08 . 2005-01-02 04:16 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Mes documents 2009-04-01 18:08 . 2004-11-25 05:26 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Menu Démarrer 2009-04-01 18:08 . 2008-10-10 19:05 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Favoris 2009-04-01 18:08 . 2005-01-02 03:51 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Bureau 2009-04-01 18:08 . 2005-01-02 04:07 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Application Data\Symantec 2009-04-01 18:08 . 2005-01-02 03:58 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Application Data\SampleView . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-07 14:15 1,055,232 ----a-w c:\windows\explorer.exe 2009-04-06 14:13 213,376 ----a-w c:\windows\system32\drivers\ndis.sys 2009-04-04 21:16 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-04-04 14:46 91,744 -c--a-w c:\windows\BPMNT.dll 2009-04-04 14:46 1,213,784 -c--a-w c:\windows\vsapi32.dll 2009-04-04 14:45 69,689 -c--a-w c:\windows\UNZIP.DLL 2009-04-04 14:45 507,904 -c--a-w c:\windows\TMUPDATE.DLL 2009-04-04 10:21 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-04-03 20:00 --------- d-----w c:\program files\DAP 2009-04-03 19:58 57,344 ----a-w c:\windows\ALCXMNTR.EXE 2009-04-03 15:50 --------- d-----w c:\program files\Microsoft Money 2009-04-03 06:35 --------- d-----w c:\program files\ABC 2009-04-03 05:10 --------- d-----w c:\program files\Smart Panel 2009-04-03 05:09 --------- d--h--w c:\program files\InstallShield Installation Information 2009-04-03 04:58 --------- d-----w c:\program files\EPSON 2009-04-02 20:32 --------- d-----w c:\program files\AsfTools 2009-04-02 14:34 --------- d-----w c:\program files\BzTarot 2009-04-02 14:28 --------- d-----w c:\program files\Quicktime 2009-04-02 14:26 --------- d-----w c:\program files\ACE Mega CoDecS Pack 2009-04-02 13:48 --------- d-----w c:\program files\ACD Systems 2009-04-02 13:36 --------- d-----w c:\program files\Microsoft Bootvis 2009-04-02 11:57 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-04-02 09:37 --------- d-----w c:\program files\Orbitdownloader 2009-04-02 08:58 --------- d-----w c:\program files\Eliminate Spam! 2009-04-02 08:38 --------- d-----w c:\program files\microsoft frontpage 2009-04-02 04:57 --------- d-----w c:\program files\A.S.C 2009-04-02 04:36 --------- d-----w c:\program files\PeckJoin 2009-04-02 03:56 --------- d-----w c:\program files\CCleaner 2009-04-02 03:53 --------- d-----w c:\program files\Easy Internet signup 2009-04-01 23:08 --------- d-----w c:\program files\Symantec 2009-04-01 23:08 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-04-01 07:25 71,749 -c--a-w c:\windows\hcextoutput.dll 2009-04-01 07:25 368,709 -c--a-w c:\windows\tsc.exe 2009-04-01 03:45 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-04-01 00:18 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-31 05:50 --------- d-----w c:\program files\eMule 2009-03-28 10:26 --------- d-----w c:\program files\TomTom HOME 2 2009-03-18 15:38 --------- d-----w c:\program files\Tomtomax Maxi-Box 2009-03-18 13:34 --------- d-----w c:\program files\Yahoo! 2009-02-22 09:26 --------- d-----w c:\program files\WinAVI Video Converter 9.0 2009-02-16 14:17 --------- d-----w c:\program files\Video Strip Poker Full Version - NICOLE 2005-05-13 15:12 217,073 --sha-r c:\windows\meta4.exe 2007-01-28 18:20 22 --sha-w c:\windows\SMINST\HPCD.sys 2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll . ------- Sigcheck ------- 2004-08-05 20:00 33280 f2e9e2bb32afa47558ed88a19c00d32a c:\windows\$NtServicePackUninstall$\svchost.exe 2008-04-14 04:34 33280 4d185cc4379906b3131dfeb549a2a27e c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\svchost.exe 2008-04-14 04:34 33280 d938f7919cdae924800ff857482dd052 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\svchost.exe 2009-04-07 16:16 33280 e073bdd9f0d227e937d359f6d318ab14 c:\windows\system32\svchost.exe 2004-08-19 16:10 33280 48e130102a691a742cf082e34a39ce8b c:\windows\system32\dllcache\svchost.exe 2004-08-05 20:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$\ndis.sys 2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ndis.sys 2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ndis.sys 2009-04-06 16:13 213376 ff85ebd2ad3679254cf251136c62d764 c:\windows\system32\dllcache\ndis.sys 2009-04-06 16:13 213376 ff85ebd2ad3679254cf251136c62d764 c:\windows\system32\drivers\ndis.sys 2009-04-07 16:15 1055232 e1837536d4d0c12d328ec68b4b238750 c:\windows\explorer.exe 2007-06-13 15:10 1056256 6e77d2e39fdf839e2475406b0e854d9f c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-05 20:00 1055232 678e4eae8ed8741191bac5743157f12f c:\windows\$NtServicePackUninstall$\explorer.exe 2004-08-05 20:00 1055232 3a52c5525902fb158b435f5dcc9764fe c:\windows\$NtUninstallKB938828$\explorer.exe 2008-04-14 04:34 1056768 58f989c78fcfa836ac446b39a9e49d0c c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\explorer.exe 2008-04-14 04:34 1056768 2a6361367c665bec3f2b31c423af2cf8 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\explorer.exe 2004-08-19 16:09 1055232 dde1fb7c583310811b326a8563b8eed8 c:\windows\system32\dllcache\explorer.exe 2004-08-05 20:00 34304 ecf932debc3adb435a516f58ddffec9d c:\windows\$NtServicePackUninstall$\ctfmon.exe 2008-04-14 04:33 34304 8181a7405cfba23178508c8b837e1333 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ctfmon.exe 2008-04-14 04:33 34304 330f39a904e20672ffc4a035fb3e78af c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ctfmon.exe 2009-04-03 21:58 15360 14f3132dc8d481eba108ba9e2cf1389e c:\windows\system32\ctfmon.exe 2004-08-05 20:00 34304 9b8145273b153cba00630a03f3ffd31c c:\windows\system32\dllcache\ctfmon.exe 2005-06-11 02:17 76800 101d417010dee6004a41675dad35b720 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe 2004-08-05 20:00 76800 68167077066c4e7712b48d0268a46130 c:\windows\$NtServicePackUninstall$\spoolsv.exe 2004-08-05 20:00 76800 67a22c54ac31dc3b94a01db45d77b642 c:\windows\$NtUninstallKB896423$\spoolsv.exe 2008-04-14 04:34 76800 59d0d18b7cd8d3811282751758e94372 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\spoolsv.exe 2008-04-14 04:34 76800 9beabc5acd60828b61be65231878f7a5 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\spoolsv.exe 2009-04-07 16:16 57856 9d10cde0735ca583eaeb7ec4bacb0839 c:\windows\system32\spoolsv.exe 2004-08-19 16:10 76800 ac2a0001265ad3e7cf82e0225bd21cd5 c:\windows\system32\dllcache\spoolsv.exe 2004-08-05 20:00 44032 340283e6986ec63596f2e16d06e21279 c:\windows\$NtServicePackUninstall$\userinit.exe 2008-04-14 04:34 45568 26bf6b49401333ff2d061a47ccfb90f5 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\userinit.exe 2008-04-14 04:34 45568 4cf572364737db447420c278abdfab49 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\userinit.exe 2009-04-03 21:59 25088 1fa37ceb2e7eb9fc851d14ad1a56a335 c:\windows\system32\userinit.exe 2004-08-05 20:00 44032 7e493f374f6fda57e47bc498a9ba9bf3 c:\windows\system32\dllcache\userinit.exe . ((((((((((((((((((((((((((((( SnapShot@2009-04-07_16.44.29.48 ))))))))))))))))))))))))))))))))))))))))) . - 2009-04-07 14:41:11 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-04-07 16:19:21 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-04-07 14:41:11 65,536 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2009-04-07 16:19:21 65,536 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat - 2009-04-07 14:41:11 114,688 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-04-07 16:19:21 311,296 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-04-03 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2009-04-03 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] c:\documents and settings\Administrateur.CHRIS\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2009-04-03 57344] c:\documents and settings\Administrateur.NOM-EB85C523610.000\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2009-04-03 57344] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\ThunMail\testabd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.iac2"= c:\progra~1\ACEMEG~1\SystemS\Intel\iac25_32.ax "msacm.sl_anet"= c:\progra~1\ACEMEG~1\SystemS\sl_anet.acm "vidc.yv12"= c:\progra~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL "vidc.divx"= c:\progra~1\ACEMEG~1\SystemS\DivX\DivX520.dll "vidc.iyuv"= c:\progra~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll "vidc.yvu9"= c:\progra~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll "msacm.msadpcm"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msadp32.acm "msacm.imaadpcm"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\imaadp32.acm "msacm.msg711"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msg711.acm "msacm.msg723"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msg723.acm "msacm.msgsm610"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msgsm32.acm "vidc.m261"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msh261.drv "vidc.m263"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msh263.drv "vidc.i420"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msh263.drv "vidc.mrle"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msrle32.dll "vidc.uyvy"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msyuv.dll "vidc.yuy2"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msyuv.dll "vidc.yvyu"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msyuv.dll "vidc.msvc"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msvidc32.dll "vidc.cram"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msvidc32.dll "vidc.mpg4"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp41"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp42"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp43"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp4s"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp4v"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.wmv3"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\WMV9VCM.dll "msacm.msaudio1"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msaud32.acm "vidc.vp30"= c:\progra~1\ACEMEG~1\SystemS\ON2TEC~2\vp31vfw.dll "vidc.vp31"= c:\progra~1\ACEMEG~1\SystemS\ON2TEC~2\vp31vfw.dll "vidc.vp60"= c:\progra~1\ACEMEG~1\SystemS\ON2TEC~2\vp6vfw.dll "vidc.vp61"= c:\progra~1\ACEMEG~1\SystemS\ON2TEC~2\vp6vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "avg8emc"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-04 108032] . Contenu du dossier 'Tâches planifiées' 2009-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-04-03 c:\windows\Tasks\Maintenance en 1 clic.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.sfr.fr/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htm IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-07 18:28:39 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwOpenFile Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(532) c:\windows\system32\Ati2evxx.dll c:\windows\system32\WININET.DLL . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\drivers\CDAC11BA.EXE c:\windows\system32\HPZipm12.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wscntfy.exe c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe . ************************************************************************** . Heure de fin: 2009-04-07 18:33:06 - La machine a redémarré ComboFix-quarantined-files.txt 2009-04-07 16:33:03 ComboFix2.txt 2009-04-07 14:45:37 ComboFix3.txt 2009-04-06 08:21:00 Avant-CF: 45 723 656 192 octets libres Après-CF: 45,712,318,464 octets libres 397 --- E O F --- 2009-04-02 07:30:34 Pour WinFilereplace, ça été difficile. Il a commencé a travailler eta obligé le pc a redémarrer très vite : voici le log WinFileRep - ver : 1.00 - by Loup blanc --------------------------- Microsoft Windows XP Service Pack 2 Français --------------------------- ============ Comparaison des fichiers avant remplacement ============ --------- Les fichiers "c:\WINDOWS\system32\svchost.exe" et "C:\FR-files\svchost.exe" sont différents... ----------- Les fichiers "c:\WINDOWS\explorer.exe" et "C:\FR-files\explorer.exe" sont différents... ----------- Les fichiers "c:\WINDOWS\system32\ctfmon.exe" et "C:\FR-files\ctfmon.exe" sont différents... ----------- Les fichiers "c:\WINDOWS\system32\spoolsv.exe" et "C:\FR-files\spoolsv.exe" sont différents... ----------- Les fichiers "c:\WINDOWS\system32\userinit.exe" et "C:\FR-files\userinit.exe" sont différents... ----------- Les fichiers "c:\WINDOWS\system32\drivers\ndis.sys" et "C:\FR-files\ndis.sys" sont différents... ----------- Manifestement il n'a pas fait son travail. A la remise en route plusieurs bugs : En mode normal, l'adresse 0x00390681 ne peut pas être "written". En mode sans échec, l'adresse memoire 0x0000005c ne peut pas être "read". Ecran bleu. Ai été obligé de lancer explorer par CTRL+Alt+Supp. Ai relancé WinFile replace en mode sans échec. Voici le log : pas satisfaisant. WinFileRep - ver : 1.00 - by Loup blanc --------------------------- Microsoft Windows XP Service Pack 2 Français --------------------------- ============ Comparaison des fichiers avant remplacement ============ --------- Les fichiers "c:\WINDOWS\system32\svchost.exe" et "C:\FR-files\svchost.exe" sont différents... ----------- Les fichiers "c:\WINDOWS\explorer.exe" et "C:\FR-files\explorer.exe" sont différents... ----------- Les fichiers "c:\WINDOWS\system32\ctfmon.exe" et "C:\FR-files\ctfmon.exe" sont différents... ----------- Les fichiers "c:\WINDOWS\system32\spoolsv.exe" et "C:\FR-files\spoolsv.exe" sont différents... ----------- Les fichiers "c:\WINDOWS\system32\userinit.exe" et "C:\FR-files\userinit.exe" sont différents... ----------- Les fichiers "c:\WINDOWS\system32\drivers\ndis.sys" et "C:\FR-files\ndis.sys" sont identiques... ----------- Ai quand même repassé ComboFix. Voici le log : toujours infecté. ComboFix 09-04-04.01 - HP_Propriétaire 2009-04-07 19:34:15.12 - NTFSx86 NETWORK Lancé depuis: c:\documents and settings\HP_Propriétaire\Bureau\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\userinit.exe . . . est infecté!! c:\windows\system32\svchost.exe . . . est infecté!! c:\windows\system32\spoolsv.exe . . . est infecté!! c:\windows\explorer.exe . . . est infecté!! . ((((((((((((((((((((((((((((( Fichiers créés du 2009-03-07 au 2009-04-07 )))))))))))))))))))))))))))))))))))) . 2009-04-07 18:39 . 2009-04-06 16:13 213,376 --a------ c:\windows\system32\drivers\ndis.backup 2009-04-07 18:39 . 2009-04-03 21:59 25,088 --a------ c:\windows\system32\userinit.backup 2009-04-07 18:39 . 2009-04-03 21:58 15,360 --a------ c:\windows\system32\ctfmon.backup 2009-04-07 11:18 . 2009-04-07 11:19 <REP> d-------- C:\gamer 2009-04-07 11:16 . 2009-04-07 11:16 278,161 --a------ C:\gamer.zip 2009-04-07 10:24 . 2009-04-07 10:24 84 --a------ c:\windows\system32\6.tmp 2009-04-06 18:44 . 2009-04-06 18:44 <REP> d-------- C:\gmer 2009-04-06 18:42 . 2009-04-06 18:42 278,161 --a------ C:\gmer.zip 2009-04-06 12:28 . 2009-04-07 16:28 <REP> d-------- c:\windows\system32\3361 2009-04-06 12:28 . 2009-04-07 16:15 <REP> d-------- c:\windows\dhcp 2009-04-06 12:28 . 2009-04-07 06:55 <REP> dr-hs---- c:\program files\ThunMail 2009-04-06 12:28 . 2009-04-06 12:28 108,336 --a------ c:\windows\system32\MSWINSCK.OCX 2009-04-06 12:28 . 2009-04-05 22:51 21,704 --a------ c:\windows\system32\vv.exe 2009-04-06 10:47 . 2009-04-06 10:47 679 --a------ C:\Fich2.bat 2009-04-06 10:46 . 2009-04-06 10:46 127 --a------ C:\Fich1.bat 2009-04-04 21:58 . 2004-08-05 20:00 1,055,232 --a------ c:\windows\explorer.backup 2009-04-04 21:58 . 2004-08-05 20:00 76,800 --a------ c:\windows\system32\spoolsv.backup 2009-04-04 21:57 . 2004-08-05 20:00 33,280 --a------ c:\windows\system32\svchost.backup 2009-04-04 21:54 . 2009-04-07 19:33 <REP> d-------- C:\FR-files 2009-04-04 21:46 . 2009-04-07 19:28 <REP> d-------- C:\WinFileReplace 2009-04-04 19:53 . 2009-04-04 19:53 11,452,389 --a------ c:\windows\services.ex_ 2009-04-04 16:47 . 2009-04-04 16:46 22,722,697 --a------ c:\windows\LPT$VPN.943 2009-04-04 16:46 . 2009-04-04 16:46 <REP> d-------- c:\windows\AU_Temp 2009-04-04 16:46 . 2009-04-04 16:46 22,722,697 --a------ c:\windows\VPTNFILE.943 2009-04-04 08:26 . 2009-02-13 11:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys 2009-04-04 08:25 . 2009-04-04 08:25 <REP> d-------- c:\program files\Avira 2009-04-04 08:25 . 2009-04-04 08:25 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-04-03 21:55 . 2009-04-04 05:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\DoctorWeb 2009-04-03 21:55 . 2009-04-04 05:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\DoctorWeb 2009-04-03 08:35 . 2009-04-03 14:08 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\.ABC 2009-04-02 17:20 . 2009-04-05 06:28 <REP> d-------- c:\program files\Sudoku 2009-04-02 16:51 . 2009-04-02 16:51 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Goto.Games 2009-04-02 16:46 . 2009-04-02 16:47 <REP> d-------- c:\program files\Objectif Tarot 2009-04-02 16:46 . 2009-04-02 16:46 150,528 --a------ c:\windows\system32\SpoonUninstall.exe 2009-04-02 16:46 . 2009-04-02 16:46 82,994 --a------ c:\windows\system32\SpoonUninstall-Objectif Tarot.bmp 2009-04-02 16:46 . 2009-04-02 16:46 1,722 --a------ c:\windows\system32\SpoonUninstall-Objectif Tarot.dat 2009-04-02 16:34 . 2009-04-02 16:34 <REP> d-------- c:\documents and settings\HP_Propriétaire\.bztarot 2009-04-02 16:34 . 2009-04-02 16:34 <REP> d-------- c:\documents and settings\HP_Propriétaire\.bztarot 2009-04-02 16:34 . 2009-04-02 16:34 8 --a------ c:\documents and settings\HP_Propriétaire\.bztarotcumul.dat 2009-04-02 16:34 . 2009-04-02 16:34 8 --a------ c:\documents and settings\HP_Propriétaire\.bztarotcumul.dat 2009-04-02 16:28 . 2009-04-03 21:59 98,304 --a------ c:\windows\system32\qttask.exe 2009-04-02 16:24 . 2004-02-17 10:11 53,248 --a------ c:\windows\system32\vp6dec_settings.cpl 2009-04-02 16:23 . 2003-08-18 05:10 122,880 --a------ c:\windows\system32\directx.cpl 2009-04-02 16:23 . 2003-03-25 05:49 106,544 --a------ c:\windows\system32\tweakui.cpl 2009-04-02 16:23 . 2003-03-25 05:49 98,304 --a------ c:\windows\system32\startup.cpl 2009-04-02 16:23 . 2003-03-25 05:49 51,238 --a------ c:\windows\system32\tweakui.hlp 2009-04-02 16:18 . 2004-05-25 16:06 417,792 --a------ c:\windows\system32\ac3filter.cpl 2009-04-02 16:10 . 2009-04-02 16:10 242,176 --a------ c:\windows\~INSX362.EX_ 2009-04-02 15:52 . 2009-04-02 15:52 <REP> d-------- C:\bases 2009-04-02 15:08 . 2009-04-02 15:08 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\vlc 2009-04-02 15:02 . 2009-04-02 15:02 124 --a------ c:\windows\system32\7.tmp 2009-04-02 14:53 . 2009-04-03 20:54 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Ahead 2009-04-02 12:23 . 2009-04-02 12:23 <REP> d-------- c:\windows\system32\fr-fr 2009-04-02 11:58 . 2009-04-02 11:58 <REP> d-------- C:\6761876ae56e766ef0e09bcba4e9d4b7 2009-04-02 11:39 . 2009-04-04 16:26 <REP> d-------- c:\program files\Spamihilator 2009-04-02 11:01 . 2009-04-04 18:43 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Spamihilator 2009-04-02 10:57 . 2009-04-02 10:57 130,813 --a------ C:\F3.tmp 2009-04-02 10:39 . 2009-04-02 10:39 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Microsoft Web Folders 2009-04-02 10:35 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2009-04-02 10:31 . 2001-11-02 15:10 184,320 --a------ c:\windows\system32\PhotoImpression Screen Saver.scr 2009-04-02 09:58 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys 2009-04-02 09:58 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2009-04-02 09:57 . 2003-05-23 03:06 73,869 --a------ c:\windows\system32\EBPMON24.DLL 2009-04-02 09:57 . 2003-05-21 04:27 64,000 --a------ c:\windows\system32\ECBTEG.DLL 2009-04-02 09:57 . 2009-04-03 21:58 39,936 --a------ c:\windows\system32\drivers\CDAC11BA.EXE 2009-04-02 09:57 . 2000-06-07 03:01 34,304 --a------ c:\windows\system32\EBPCHP.DLL 2009-04-02 09:57 . 2001-09-04 04:04 182 --a------ c:\windows\system32\EBPPORT4.DAT 2009-04-02 09:56 . 2009-04-02 09:56 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\ABBYY 2009-04-02 09:54 . 2003-04-02 00:00 217,088 --a------ c:\windows\system32\esdtr.dll 2009-04-02 09:54 . 2001-11-15 00:00 47,104 --a------ c:\windows\system32\escimgd.dll 2009-04-02 09:54 . 2002-06-20 00:00 32,256 --a------ c:\windows\system32\escwiad.dll 2009-04-02 09:54 . 2002-06-20 00:00 22,528 --a------ c:\windows\system32\esccmd.dll 2009-04-02 06:54 . 2009-04-05 21:09 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Orbit 2009-04-02 06:50 . 2009-04-02 06:50 172,032 --a------ c:\windows\system32\AniGIF.ocx 2009-04-02 06:35 . 1997-09-28 14:22 92,672 --a------ c:\windows\system32\COMDLG32.OCX 2009-04-02 06:35 . 1997-09-28 14:22 37,376 --a------ c:\windows\system32\VbVfw.dll 2009-04-02 03:09 . 2009-04-02 03:31 <REP> d-------- c:\windows\system32\CatRoot_bak 2009-04-02 03:06 . 2008-08-14 15:44 2,182,400 --------- c:\windows\system32\dllcache\ntoskrnl.exe 2009-04-02 03:06 . 2008-08-14 15:44 2,138,112 --------- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-04-02 03:06 . 2008-08-14 15:44 2,059,776 --------- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-04-02 03:06 . 2008-08-14 15:44 2,017,792 --------- c:\windows\system32\dllcache\ntkrpamp.exe 2009-04-02 03:03 . 2008-10-24 13:10 453,632 --------- c:\windows\system32\dllcache\mrxsmb.sys 2009-04-02 03:01 . 2006-09-06 16:43 22,752 --a------ c:\windows\system32\spupdsvc.exe 2009-04-02 01:10 . 2008-06-14 19:59 272,768 --------- c:\windows\system32\drivers\bthport.sys 2009-04-02 01:10 . 2008-06-14 19:59 272,768 --------- c:\windows\system32\dllcache\bthport.sys 2009-04-02 01:07 . 2009-04-02 01:07 8,192 --a------ c:\windows\system32\edb.chk 2009-04-02 01:06 . 2005-01-02 03:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\WINDOWS 2009-04-02 01:06 . 2005-01-02 03:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\WINDOWS 2009-04-02 01:06 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage réseau 2009-04-02 01:06 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage réseau 2009-04-02 01:06 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage d'impression 2009-04-02 01:06 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage d'impression 2009-04-02 01:06 . 2009-04-02 08:47 <REP> d-------- c:\documents and settings\HP_Propriétaire\Modèles 2009-04-02 01:06 . 2009-04-02 08:47 <REP> d-------- c:\documents and settings\HP_Propriétaire\Modèles 2009-04-02 01:06 . 2009-04-07 16:30 <REP> dr------- c:\documents and settings\HP_Propriétaire\Mes documents 2009-04-02 01:06 . 2009-04-07 16:30 <REP> dr------- c:\documents and settings\HP_Propriétaire\Mes documents 2009-04-02 01:06 . 2009-04-02 10:38 <REP> d-------- c:\documents and settings\HP_Propriétaire\Menu Démarrer 2009-04-02 01:06 . 2009-04-02 10:38 <REP> d-------- c:\documents and settings\HP_Propriétaire\Menu Démarrer 2009-04-02 01:06 . 2009-04-07 06:54 <REP> dr------- c:\documents and settings\HP_Propriétaire\Favoris 2009-04-02 01:06 . 2009-04-07 06:54 <REP> dr------- c:\documents and settings\HP_Propriétaire\Favoris 2009-04-02 01:06 . 2009-04-07 19:33 <REP> d-------- c:\documents and settings\HP_Propriétaire\Bureau 2009-04-02 01:06 . 2009-04-07 19:33 <REP> d-------- c:\documents and settings\HP_Propriétaire\Bureau 2009-04-02 01:06 . 2005-01-02 04:07 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Symantec 2009-04-02 01:06 . 2005-01-02 03:58 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\SampleView 2009-04-02 01:06 . 2005-01-02 03:47 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Apple Computer 2009-04-02 01:06 . 2009-04-07 16:15 <REP> d-------- c:\documents and settings\HP_Propriétaire 2009-04-02 01:06 . 2004-08-05 20:00 221,184 --a------ c:\windows\system32\wmpns.dll 2009-04-02 01:06 . 2009-04-02 01:06 1,832 -rahs---- c:\windows\system32\drivers\103C_HP_CPC_EC616AA-ABF t3128.fr_YC_0Pavi_QCZC531_E53FRheBLU4_47_IAMETHYST-M_SMSI_V1.0_B3.20_T050708_WXH2_L40C_M383_J160_7AMD_8Sempron_91.79_#060127_N10EC8 139_Z11C1048C_G10025954_OLITE-ON DVDRW SOHW-1633S_DPTS0307.MRK 2009-04-02 01:02 . 2005-01-02 03:48 <REP> d-------- c:\windows\system32\config\systemprofile\WINDOWS 2009-04-02 01:02 . 2005-01-02 04:07 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\Symantec 2009-04-02 01:02 . 2005-01-02 03:58 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\SampleView 2009-04-02 01:02 . 2005-01-02 03:47 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\Apple Computer 2009-04-02 00:50 . 2009-04-03 12:13 94,208 --a------ c:\windows\DUMP98e4.tmp 2009-04-02 00:50 . 2009-04-02 20:32 94,208 --a------ c:\windows\DUMP832a.tmp 2009-04-01 22:06 . 2009-04-03 18:55 <REP> d-------- C:\Copie mes documents 2009-04-01 18:10 . 2009-04-01 18:10 <REP> d-------- c:\windows\ERUNT 2009-04-01 18:09 . 2009-04-04 22:24 130 --a------ c:\windows\adobe.bat 2009-04-01 18:09 . 2009-04-04 19:53 7 --a------ c:\windows\_id.dat 2009-04-01 18:08 . 2005-01-02 03:48 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\WINDOWS 2009-04-01 18:08 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Voisinage réseau 2009-04-01 18:08 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Voisinage d'impression 2009-04-01 18:08 . 2008-10-11 03:30 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Modèles 2009-04-01 18:08 . 2005-01-02 04:16 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Mes documents 2009-04-01 18:08 . 2004-11-25 05:26 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Menu Démarrer 2009-04-01 18:08 . 2008-10-10 19:05 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Favoris . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-04 21:16 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-04-04 14:46 91,744 -c--a-w c:\windows\BPMNT.dll 2009-04-04 14:46 1,213,784 -c--a-w c:\windows\vsapi32.dll 2009-04-04 14:45 69,689 -c--a-w c:\windows\UNZIP.DLL 2009-04-04 14:45 507,904 -c--a-w c:\windows\TMUPDATE.DLL 2009-04-04 10:21 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-04-03 20:00 --------- d-----w c:\program files\DAP 2009-04-03 19:58 57,344 ----a-w c:\windows\ALCXMNTR.EXE 2009-04-03 15:50 --------- d-----w c:\program files\Microsoft Money 2009-04-03 06:35 --------- d-----w c:\program files\ABC 2009-04-03 05:10 --------- d-----w c:\program files\Smart Panel 2009-04-03 05:09 --------- d--h--w c:\program files\InstallShield Installation Information 2009-04-03 04:58 --------- d-----w c:\program files\EPSON 2009-04-02 20:32 --------- d-----w c:\program files\AsfTools 2009-04-02 14:34 --------- d-----w c:\program files\BzTarot 2009-04-02 14:28 --------- d-----w c:\program files\Quicktime 2009-04-02 14:26 --------- d-----w c:\program files\ACE Mega CoDecS Pack 2009-04-02 13:48 --------- d-----w c:\program files\ACD Systems 2009-04-02 13:36 --------- d-----w c:\program files\Microsoft Bootvis 2009-04-02 11:57 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-04-02 09:37 --------- d-----w c:\program files\Orbitdownloader 2009-04-02 08:58 --------- d-----w c:\program files\Eliminate Spam! 2009-04-02 08:38 --------- d-----w c:\program files\microsoft frontpage 2009-04-02 04:57 --------- d-----w c:\program files\A.S.C 2009-04-02 04:36 --------- d-----w c:\program files\PeckJoin 2009-04-02 03:56 --------- d-----w c:\program files\CCleaner 2009-04-02 03:53 --------- d-----w c:\program files\Easy Internet signup 2009-04-01 23:08 --------- d-----w c:\program files\Symantec 2009-04-01 23:08 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-04-01 07:25 71,749 -c--a-w c:\windows\hcextoutput.dll 2009-04-01 07:25 368,709 -c--a-w c:\windows\tsc.exe 2009-04-01 03:45 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-04-01 00:18 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-31 05:50 --------- d-----w c:\program files\eMule 2009-03-28 10:26 --------- d-----w c:\program files\TomTom HOME 2 2009-03-18 15:38 --------- d-----w c:\program files\Tomtomax Maxi-Box 2009-03-18 13:34 --------- d-----w c:\program files\Yahoo! 2009-02-22 09:26 --------- d-----w c:\program files\WinAVI Video Converter 9.0 2009-02-16 14:17 --------- d-----w c:\program files\Video Strip Poker Full Version - NICOLE 2005-05-13 15:12 217,073 --sha-r c:\windows\meta4.exe 2007-01-28 18:20 22 --sha-w c:\windows\SMINST\HPCD.sys 2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll . ------- Sigcheck ------- 2004-08-05 20:00 33280 f2e9e2bb32afa47558ed88a19c00d32a c:\windows\$NtServicePackUninstall$\svchost.exe 2008-04-14 04:34 33280 4d185cc4379906b3131dfeb549a2a27e c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\svchost.exe 2008-04-14 04:34 33280 d938f7919cdae924800ff857482dd052 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\svchost.exe 2004-08-19 16:10 33280 48e130102a691a742cf082e34a39ce8b c:\windows\system32\svchost.exe 2004-08-19 16:10 33280 2eb7705c212597ddd0091c0eaf6a77ea c:\windows\system32\dllcache\svchost.exe 2004-08-19 16:09 1055232 dde1fb7c583310811b326a8563b8eed8 c:\windows\explorer.exe 2007-06-13 15:10 1056256 6e77d2e39fdf839e2475406b0e854d9f c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-05 20:00 1055232 678e4eae8ed8741191bac5743157f12f c:\windows\$NtServicePackUninstall$\explorer.exe 2004-08-05 20:00 1055232 3a52c5525902fb158b435f5dcc9764fe c:\windows\$NtUninstallKB938828$\explorer.exe 2008-04-14 04:34 1056768 58f989c78fcfa836ac446b39a9e49d0c c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\explorer.exe 2008-04-14 04:34 1056768 2a6361367c665bec3f2b31c423af2cf8 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\explorer.exe 2004-08-19 16:09 1055232 6fd85256f32e33ab9d00f892cf0e5aae c:\windows\system32\dllcache\explorer.exe 2004-08-05 20:00 34304 ecf932debc3adb435a516f58ddffec9d c:\windows\$NtServicePackUninstall$\ctfmon.exe 2008-04-14 04:33 34304 8181a7405cfba23178508c8b837e1333 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ctfmon.exe 2008-04-14 04:33 34304 330f39a904e20672ffc4a035fb3e78af c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ctfmon.exe 2004-08-19 16:09 34304 9cecfa76e38e5a0d3860659e93ef8d68 c:\windows\system32\ctfmon.exe 2004-08-19 16:09 34304 9cecfa76e38e5a0d3860659e93ef8d68 c:\windows\system32\dllcache\ctfmon.exe 2005-06-11 02:17 76800 101d417010dee6004a41675dad35b720 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe 2004-08-05 20:00 76800 68167077066c4e7712b48d0268a46130 c:\windows\$NtServicePackUninstall$\spoolsv.exe 2004-08-05 20:00 76800 67a22c54ac31dc3b94a01db45d77b642 c:\windows\$NtUninstallKB896423$\spoolsv.exe 2008-04-14 04:34 76800 59d0d18b7cd8d3811282751758e94372 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\spoolsv.exe 2008-04-14 04:34 76800 9beabc5acd60828b61be65231878f7a5 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\spoolsv.exe 2004-08-19 16:10 76800 ac2a0001265ad3e7cf82e0225bd21cd5 c:\windows\system32\spoolsv.exe 2004-08-19 16:10 76800 4de0f3618f2e858eb0fa355712ca01bb c:\windows\system32\dllcache\spoolsv.exe 2004-08-05 20:00 44032 340283e6986ec63596f2e16d06e21279 c:\windows\$NtServicePackUninstall$\userinit.exe 2008-04-14 04:34 45568 26bf6b49401333ff2d061a47ccfb90f5 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\userinit.exe 2008-04-14 04:34 45568 4cf572364737db447420c278abdfab49 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\userinit.exe 2004-08-05 20:00 44032 7e493f374f6fda57e47bc498a9ba9bf3 c:\windows\system32\userinit.exe 2004-08-19 16:10 44032 8ed7f48c8db4ec01b4ae2a188cfe449d c:\windows\system32\dllcache\userinit.exe . ((((((((((((((((((((((((((((( SnapShot@2009-04-07_16.44.29.48 ))))))))))))))))))))))))))))))))))))))))) . - 2009-04-07 14:41:11 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-04-07 17:26:23 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-04-07 14:41:11 65,536 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2009-04-07 17:26:23 65,536 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat - 2009-04-07 14:41:11 114,688 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-04-07 17:26:23 311,296 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2009-04-06 14:13:58 213,376 ----a-w c:\windows\system32\dllcache\ndis.sys + 2004-08-03 21:14:30 182,912 ----a-w c:\windows\system32\dllcache\ndis.sys - 2009-04-06 14:13:58 213,376 ----a-w c:\windows\system32\drivers\ndis.sys + 2004-08-03 21:14:30 182,912 ----a-w c:\windows\system32\drivers\ndis.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 34304] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2009-04-03 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] c:\documents and settings\Administrateur.CHRIS\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2009-04-03 57344] c:\documents and settings\Administrateur.NOM-EB85C523610.000\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2009-04-03 57344] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\ThunMail\testabd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.iac2"= c:\progra~1\ACEMEG~1\SystemS\Intel\iac25_32.ax "msacm.sl_anet"= c:\progra~1\ACEMEG~1\SystemS\sl_anet.acm "vidc.yv12"= c:\progra~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL "vidc.divx"= c:\progra~1\ACEMEG~1\SystemS\DivX\DivX520.dll "vidc.iyuv"= c:\progra~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll "vidc.yvu9"= c:\progra~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll "msacm.msadpcm"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msadp32.acm "msacm.imaadpcm"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\imaadp32.acm "msacm.msg711"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msg711.acm "msacm.msg723"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msg723.acm "msacm.msgsm610"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msgsm32.acm "vidc.m261"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msh261.drv "vidc.m263"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msh263.drv "vidc.i420"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msh263.drv "vidc.mrle"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msrle32.dll "vidc.uyvy"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msyuv.dll "vidc.yuy2"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msyuv.dll "vidc.yvyu"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msyuv.dll "vidc.msvc"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msvidc32.dll "vidc.cram"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msvidc32.dll "vidc.mpg4"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp41"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp42"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp43"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp4s"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp4v"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.wmv3"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\WMV9VCM.dll "msacm.msaudio1"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msaud32.acm "vidc.vp30"= c:\progra~1\ACEMEG~1\SystemS\ON2TEC~2\vp31vfw.dll "vidc.vp31"= c:\progra~1\ACEMEG~1\SystemS\ON2TEC~2\vp31vfw.dll "vidc.vp60"= c:\progra~1\ACEMEG~1\SystemS\ON2TEC~2\vp6vfw.dll "vidc.vp61"= c:\progra~1\ACEMEG~1\SystemS\ON2TEC~2\vp6vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "avg8emc"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-05 108032] --- Autres Services/Pilotes en mémoire --- *Deregistered* - AFD *Deregistered* - AntiVirSchedulerService *Deregistered* - AntiVirService *Deregistered* - Arp1394 *Deregistered* - Ati HotKey Poller *Deregistered* - audstub *Deregistered* - avgio *Deregistered* - avgntflt *Deregistered* - avipbb *Deregistered* - Beep *Deregistered* - C-DillaCdaC11BA *Deregistered* - Cdfs *Deregistered* - CryptSvc *Deregistered* - Fastfat *Deregistered* - Fips *Deregistered* - FltMgr *Deregistered* - Ftdisk *Deregistered* - Gpc *Deregistered* - IpNat *Deregistered* - IPSec *Deregistered* - KSecDD *Deregistered* - mnmdd *Deregistered* - MountMgr *Deregistered* - MRxDAV *Deregistered* - MRxSmb *Deregistered* - Msfs *Deregistered* - mssmbios *Deregistered* - Mup *Deregistered* - NDIS *Deregistered* - NdisTapi *Deregistered* - Ndisuio *Deregistered* - NdisWan *Deregistered* - NDProxy *Deregistered* - NetBIOS *Deregistered* - NetBT *Deregistered* - Npfs *Deregistered* - Ntfs *Deregistered* - Null *Deregistered* - PartMgr *Deregistered* - Pml Driver HPZ12 *Deregistered* - PptpMiniport *Deregistered* - PSched *Deregistered* - RasAcd *Deregistered* - Rasl2tp *Deregistered* - RasMan *Deregistered* - RasPppoe *Deregistered* - Raspti *Deregistered* - Rdbss *Deregistered* - RDPCDD *Deregistered* - RpcSs *Deregistered* - sr *Deregistered* - ssmdrv *Deregistered* - swenum *Deregistered* - TapiSrv *Deregistered* - Tcpip *Deregistered* - TermDD *Deregistered* - Update *Deregistered* - VgaSave *Deregistered* - VolSnap *Deregistered* - Wanarp . Contenu du dossier 'Tâches planifiées' 2009-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-04-03 c:\windows\Tasks\Maintenance en 1 clic.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.sfr.fr/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htm IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-07 20:00:53 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(532) c:\windows\system32\Ati2evxx.dll c:\windows\system32\WININET.DLL . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\drivers\CDAC11BA.EXE c:\windows\system32\HPZipm12.exe . ************************************************************************** . Heure de fin: 2009-04-07 20:05:17 - La machine a redémarré ComboFix-quarantined-files.txt 2009-04-07 18:05:13 ComboFix2.txt 2009-04-07 16:58:47 ComboFix3.txt 2009-04-07 16:33:13 ComboFix4.txt 2009-04-07 14:45:37 ComboFix5.txt 2009-04-07 17:33:59 Avant-CF: 46 094 757 888 octets libres Après-CF: 45,678,551,040 octets libres 406 --- E O F --- 2009-04-02 07:30:34 Je sens le courage faiblir.... A bientôt
- 
	  SOS Infection (Résolu)catch1 a répondu à un(e) sujet de catch1 dans Analyses et éradication malwares Ai tout fait dans l'ordre. Au début de l'utilisation de DrWeb le PC a redémarré. J'ai dû le relancer ainsi que l'application. Voici le rapport DrWeb : 3605485352.exe c:\documents and settings\hp_propriétaire\local settings\temp Win32.Virut.56 Irréparable.Quarantaine. svchost.exe c:\windows\system32\3361 Probablement BACKDOOR.Trojan Quarantaine. et voici celui de ComboFix : ComboFix 09-04-04.01 - HP_Propriétaire 2009-04-07 16:35:00.9 - NTFSx86 NETWORK Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.382.234 [GMT 2:00] Lancé depuis: c:\documents and settings\HP_Propriétaire\Bureau\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Install.txt c:\windows\system32\5.tmp c:\windows\system32\6to4v32.dll c:\windows\system32\9.tmp c:\windows\system32\afisicx.exe c:\windows\system32\at1394.sys c:\windows\system32\comsa32.sys c:\windows\system32\drivers\str.sys c:\windows\system32\ds43g4nfjkn93.dll c:\windows\system32\Iasv32.dll c:\windows\system32\Install.txt c:\windows\system32\sopidkc.exe c:\windows\system32\tdctxte.exe c:\windows\system32\tpszxyd.sys c:\windows\system32\w.exe c:\windows\temp\2693290560.exe c:\windows\temp\3815590690.exe c:\windows\temp\3815903190.exe c:\windows\temp\3830794206.exe c:\windows\system32\svchost.exe . . . est infecté!! c:\windows\system32\spoolsv.exe . . . est infecté!! c:\windows\explorer.exe . . . est infecté!! . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_AFISICX -------\Legacy_AT1394 -------\Legacy_DHCPSRV -------\Legacy_IAS -------\Legacy_PROTECT -------\Legacy_RESTORE -------\Legacy_SOPIDKC -------\Legacy_SYNSEND -------\Legacy_TDCTXTE -------\Service_afisicx -------\Service_at1394 -------\Service_Ias -------\Service_restore -------\Service_sopidkc -------\Service_synsend -------\Service_tdctxte ((((((((((((((((((((((((((((( Fichiers créés du 2009-03-07 au 2009-04-07 )))))))))))))))))))))))))))))))))))) . 2009-04-07 14:03 . 2009-04-07 14:03 80 --a------ c:\windows\system32\11.tmp 2009-04-07 11:18 . 2009-04-07 11:19 <REP> d-------- C:\gamer 2009-04-07 11:16 . 2009-04-07 11:16 278,161 --a------ C:\gamer.zip 2009-04-07 10:27 . 2009-04-07 10:28 64,512 --a------ c:\windows\system32\12.tmp 2009-04-07 10:27 . 2009-04-07 10:27 84 --a------ c:\windows\system32\D.tmp 2009-04-07 10:24 . 2009-04-07 10:25 64,512 --a------ c:\windows\system32\F.tmp 2009-04-07 10:24 . 2009-04-07 10:24 84 --a------ c:\windows\system32\6.tmp 2009-04-07 07:00 . 2009-04-07 07:00 0 --a------ c:\windows\system32\C.tmp 2009-04-07 06:58 . 2009-04-07 06:58 128 --a------ c:\windows\system32\4.tmp 2009-04-06 18:44 . 2009-04-06 18:44 <REP> d-------- C:\gmer 2009-04-06 18:42 . 2009-04-06 18:42 278,161 --a------ C:\gmer.zip 2009-04-06 18:42 . 2009-04-06 18:42 0 --a------ c:\windows\system32\13.tmp 2009-04-06 18:41 . 2009-04-06 18:42 64,512 --a------ c:\windows\system32\10.tmp 2009-04-06 18:41 . 2009-04-06 18:41 128 --a------ c:\windows\system32\E.tmp 2009-04-06 18:04 . 2009-04-06 18:04 0 --a------ c:\windows\system32\B.tmp 2009-04-06 18:03 . 2009-04-06 18:04 31,454 --a------ c:\windows\system32\A.tmp 2009-04-06 18:03 . 2009-04-06 18:03 128 --a------ c:\windows\system32\8.tmp 2009-04-06 17:13 . 2009-04-07 16:04 94,208 --a------ c:\windows\DUMP66f7.tmp 2009-04-06 17:13 . 2009-04-07 10:22 94,208 --a------ c:\windows\DUMP4352.tmp 2009-04-06 17:13 . 2009-04-06 20:02 90,112 --a------ c:\windows\DUMP32e7.tmp 2009-04-06 16:12 . 2009-04-06 16:13 64,512 --a------ c:\windows\system32\3.tmp 2009-04-06 16:12 . 2009-04-06 16:12 128 --a------ c:\windows\system32\2.tmp 2009-04-06 12:28 . 2009-04-07 16:28 <REP> d-------- c:\windows\system32\3361 2009-04-06 12:28 . 2009-04-07 16:15 <REP> d-------- c:\windows\dhcp 2009-04-06 12:28 . 2009-04-07 06:55 <REP> dr-hs---- c:\program files\ThunMail 2009-04-06 12:28 . 2009-04-06 12:28 108,336 --a------ c:\windows\system32\MSWINSCK.OCX 2009-04-06 12:28 . 2009-04-05 22:51 21,704 --a------ c:\windows\system32\vv.exe 2009-04-06 10:47 . 2009-04-06 10:47 679 --a------ C:\Fich2.bat 2009-04-06 10:46 . 2009-04-06 10:46 127 --a------ C:\Fich1.bat 2009-04-04 21:58 . 2004-08-05 20:00 1,055,232 --a------ c:\windows\explorer.backup 2009-04-04 21:58 . 2004-08-05 20:00 76,800 --a------ c:\windows\system32\spoolsv.backup 2009-04-04 21:57 . 2004-08-05 20:00 33,280 --a------ c:\windows\system32\svchost.backup 2009-04-04 21:54 . 2009-04-05 21:12 <REP> d-------- C:\FR-files 2009-04-04 21:46 . 2009-04-05 21:09 <REP> d-------- C:\WinFileReplace 2009-04-04 19:53 . 2009-04-04 19:53 11,452,389 --a------ c:\windows\services.ex_ 2009-04-04 16:47 . 2009-04-04 16:46 22,722,697 --a------ c:\windows\LPT$VPN.943 2009-04-04 16:46 . 2009-04-04 16:46 <REP> d-------- c:\windows\AU_Temp 2009-04-04 16:46 . 2009-04-04 16:46 22,722,697 --a------ c:\windows\VPTNFILE.943 2009-04-04 08:26 . 2009-02-13 11:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys 2009-04-04 08:25 . 2009-04-04 08:25 <REP> d-------- c:\program files\Avira 2009-04-04 08:25 . 2009-04-04 08:25 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-04-03 21:55 . 2009-04-04 05:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\DoctorWeb 2009-04-03 21:55 . 2009-04-04 05:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\DoctorWeb 2009-04-03 08:35 . 2009-04-03 14:08 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\.ABC 2009-04-02 17:20 . 2009-04-05 06:28 <REP> d-------- c:\program files\Sudoku 2009-04-02 16:51 . 2009-04-02 16:51 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Goto.Games 2009-04-02 16:46 . 2009-04-02 16:47 <REP> d-------- c:\program files\Objectif Tarot 2009-04-02 16:46 . 2009-04-02 16:46 150,528 --a------ c:\windows\system32\SpoonUninstall.exe 2009-04-02 16:46 . 2009-04-02 16:46 82,994 --a------ c:\windows\system32\SpoonUninstall-Objectif Tarot.bmp 2009-04-02 16:46 . 2009-04-02 16:46 1,722 --a------ c:\windows\system32\SpoonUninstall-Objectif Tarot.dat 2009-04-02 16:34 . 2009-04-02 16:34 <REP> d-------- c:\documents and settings\HP_Propriétaire\.bztarot 2009-04-02 16:34 . 2009-04-02 16:34 <REP> d-------- c:\documents and settings\HP_Propriétaire\.bztarot 2009-04-02 16:34 . 2009-04-02 16:34 8 --a------ c:\documents and settings\HP_Propriétaire\.bztarotcumul.dat 2009-04-02 16:34 . 2009-04-02 16:34 8 --a------ c:\documents and settings\HP_Propriétaire\.bztarotcumul.dat 2009-04-02 16:28 . 2009-04-03 21:59 98,304 --a------ c:\windows\system32\qttask.exe 2009-04-02 16:24 . 2004-02-17 10:11 53,248 --a------ c:\windows\system32\vp6dec_settings.cpl 2009-04-02 16:23 . 2003-08-18 05:10 122,880 --a------ c:\windows\system32\directx.cpl 2009-04-02 16:23 . 2003-03-25 05:49 106,544 --a------ c:\windows\system32\tweakui.cpl 2009-04-02 16:23 . 2003-03-25 05:49 98,304 --a------ c:\windows\system32\startup.cpl 2009-04-02 16:23 . 2003-03-25 05:49 51,238 --a------ c:\windows\system32\tweakui.hlp 2009-04-02 16:18 . 2004-05-25 16:06 417,792 --a------ c:\windows\system32\ac3filter.cpl 2009-04-02 16:10 . 2009-04-02 16:10 242,176 --a------ c:\windows\~INSX362.EX_ 2009-04-02 15:52 . 2009-04-02 15:52 <REP> d-------- C:\bases 2009-04-02 15:08 . 2009-04-02 15:08 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\vlc 2009-04-02 15:02 . 2009-04-02 15:02 124 --a------ c:\windows\system32\7.tmp 2009-04-02 14:53 . 2009-04-03 20:54 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Ahead 2009-04-02 12:23 . 2009-04-02 12:23 <REP> d-------- c:\windows\system32\fr-fr 2009-04-02 11:58 . 2009-04-02 11:58 <REP> d-------- C:\6761876ae56e766ef0e09bcba4e9d4b7 2009-04-02 11:39 . 2009-04-04 16:26 <REP> d-------- c:\program files\Spamihilator 2009-04-02 11:01 . 2009-04-04 18:43 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Spamihilator 2009-04-02 10:57 . 2009-04-02 10:57 130,813 --a------ C:\F3.tmp 2009-04-02 10:39 . 2009-04-02 10:39 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Microsoft Web Folders 2009-04-02 10:35 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2009-04-02 10:31 . 2001-11-02 15:10 184,320 --a------ c:\windows\system32\PhotoImpression Screen Saver.scr 2009-04-02 09:58 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys 2009-04-02 09:58 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2009-04-02 09:57 . 2003-05-23 03:06 73,869 --a------ c:\windows\system32\EBPMON24.DLL 2009-04-02 09:57 . 2003-05-21 04:27 64,000 --a------ c:\windows\system32\ECBTEG.DLL 2009-04-02 09:57 . 2009-04-03 21:58 39,936 --a------ c:\windows\system32\drivers\CDAC11BA.EXE 2009-04-02 09:57 . 2000-06-07 03:01 34,304 --a------ c:\windows\system32\EBPCHP.DLL 2009-04-02 09:57 . 2001-09-04 04:04 182 --a------ c:\windows\system32\EBPPORT4.DAT 2009-04-02 09:56 . 2009-04-02 09:56 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\ABBYY 2009-04-02 09:54 . 2003-04-02 00:00 217,088 --a------ c:\windows\system32\esdtr.dll 2009-04-02 09:54 . 2001-11-15 00:00 47,104 --a------ c:\windows\system32\escimgd.dll 2009-04-02 09:54 . 2002-06-20 00:00 32,256 --a------ c:\windows\system32\escwiad.dll 2009-04-02 09:54 . 2002-06-20 00:00 22,528 --a------ c:\windows\system32\esccmd.dll 2009-04-02 06:54 . 2009-04-05 21:09 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Orbit 2009-04-02 06:50 . 2009-04-02 06:50 172,032 --a------ c:\windows\system32\AniGIF.ocx 2009-04-02 06:35 . 1997-09-28 14:22 92,672 --a------ c:\windows\system32\COMDLG32.OCX 2009-04-02 06:35 . 1997-09-28 14:22 37,376 --a------ c:\windows\system32\VbVfw.dll 2009-04-02 03:09 . 2009-04-02 03:31 <REP> d-------- c:\windows\system32\CatRoot_bak 2009-04-02 03:06 . 2008-08-14 15:44 2,182,400 --------- c:\windows\system32\dllcache\ntoskrnl.exe 2009-04-02 03:06 . 2008-08-14 15:44 2,138,112 --------- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-04-02 03:06 . 2008-08-14 15:44 2,059,776 --------- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-04-02 03:06 . 2008-08-14 15:44 2,017,792 --------- c:\windows\system32\dllcache\ntkrpamp.exe 2009-04-02 03:03 . 2008-10-24 13:10 453,632 --------- c:\windows\system32\dllcache\mrxsmb.sys 2009-04-02 03:01 . 2006-09-06 16:43 22,752 --a------ c:\windows\system32\spupdsvc.exe 2009-04-02 01:10 . 2008-06-14 19:59 272,768 --------- c:\windows\system32\drivers\bthport.sys 2009-04-02 01:10 . 2008-06-14 19:59 272,768 --------- c:\windows\system32\dllcache\bthport.sys 2009-04-02 01:07 . 2009-04-02 01:07 8,192 --a------ c:\windows\system32\edb.chk 2009-04-02 01:06 . 2005-01-02 03:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\WINDOWS 2009-04-02 01:06 . 2005-01-02 03:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\WINDOWS 2009-04-02 01:06 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage réseau 2009-04-02 01:06 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage réseau 2009-04-02 01:06 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage d'impression 2009-04-02 01:06 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage d'impression 2009-04-02 01:06 . 2009-04-02 08:47 <REP> d-------- c:\documents and settings\HP_Propriétaire\Modèles 2009-04-02 01:06 . 2009-04-02 08:47 <REP> d-------- c:\documents and settings\HP_Propriétaire\Modèles 2009-04-02 01:06 . 2009-04-07 16:30 <REP> dr------- c:\documents and settings\HP_Propriétaire\Mes documents 2009-04-02 01:06 . 2009-04-07 16:30 <REP> dr------- c:\documents and settings\HP_Propriétaire\Mes documents 2009-04-02 01:06 . 2009-04-02 10:38 <REP> d-------- c:\documents and settings\HP_Propriétaire\Menu Démarrer 2009-04-02 01:06 . 2009-04-02 10:38 <REP> d-------- c:\documents and settings\HP_Propriétaire\Menu Démarrer 2009-04-02 01:06 . 2009-04-07 06:54 <REP> dr------- c:\documents and settings\HP_Propriétaire\Favoris 2009-04-02 01:06 . 2009-04-07 06:54 <REP> dr------- c:\documents and settings\HP_Propriétaire\Favoris 2009-04-02 01:06 . 2009-04-07 16:30 <REP> d-------- c:\documents and settings\HP_Propriétaire\Bureau 2009-04-02 01:06 . 2009-04-07 16:30 <REP> d-------- c:\documents and settings\HP_Propriétaire\Bureau 2009-04-02 01:06 . 2005-01-02 04:07 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Symantec 2009-04-02 01:06 . 2005-01-02 03:58 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\SampleView 2009-04-02 01:06 . 2005-01-02 03:47 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Apple Computer 2009-04-02 01:06 . 2009-04-07 16:15 <REP> d-------- c:\documents and settings\HP_Propriétaire 2009-04-02 01:06 . 2004-08-05 20:00 221,184 --a------ c:\windows\system32\wmpns.dll 2009-04-02 01:06 . 2009-04-02 01:06 1,832 -rahs---- c:\windows\system32\drivers\103C_HP_CPC_EC616AA-ABF t3128.fr_YC_0Pavi_QCZC531_E53FRheBLU4_47_IAMETHYST-M_SMSI_V1.0_B3.20_T050708_WXH2_L40C_M383_J160_7AMD_8Sempron_91.79_#060127_N10EC8 139_Z11C1048C_G10025954_OLITE-ON DVDRW SOHW-1633S_DPTS0307.MRK 2009-04-02 01:02 . 2005-01-02 03:48 <REP> d-------- c:\windows\system32\config\systemprofile\WINDOWS 2009-04-02 01:02 . 2005-01-02 04:07 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\Symantec 2009-04-02 01:02 . 2005-01-02 03:58 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\SampleView . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-07 14:15 1,055,232 ----a-w c:\windows\explorer.exe 2009-04-06 14:13 213,376 ----a-w c:\windows\system32\drivers\ndis.sys 2009-04-04 21:16 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-04-04 14:46 91,744 -c--a-w c:\windows\BPMNT.dll 2009-04-04 14:46 1,213,784 -c--a-w c:\windows\vsapi32.dll 2009-04-04 14:45 69,689 -c--a-w c:\windows\UNZIP.DLL 2009-04-04 14:45 507,904 -c--a-w c:\windows\TMUPDATE.DLL 2009-04-04 10:21 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-04-03 20:00 --------- d-----w c:\program files\DAP 2009-04-03 19:58 57,344 ----a-w c:\windows\ALCXMNTR.EXE 2009-04-03 15:50 --------- d-----w c:\program files\Microsoft Money 2009-04-03 06:35 --------- d-----w c:\program files\ABC 2009-04-03 05:10 --------- d-----w c:\program files\Smart Panel 2009-04-03 05:09 --------- d--h--w c:\program files\InstallShield Installation Information 2009-04-03 04:58 --------- d-----w c:\program files\EPSON 2009-04-02 20:32 --------- d-----w c:\program files\AsfTools 2009-04-02 14:34 --------- d-----w c:\program files\BzTarot 2009-04-02 14:28 --------- d-----w c:\program files\Quicktime 2009-04-02 14:26 --------- d-----w c:\program files\ACE Mega CoDecS Pack 2009-04-02 13:48 --------- d-----w c:\program files\ACD Systems 2009-04-02 13:36 --------- d-----w c:\program files\Microsoft Bootvis 2009-04-02 11:57 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-04-02 09:37 --------- d-----w c:\program files\Orbitdownloader 2009-04-02 08:58 --------- d-----w c:\program files\Eliminate Spam! 2009-04-02 08:38 --------- d-----w c:\program files\microsoft frontpage 2009-04-02 04:57 --------- d-----w c:\program files\A.S.C 2009-04-02 04:36 --------- d-----w c:\program files\PeckJoin 2009-04-02 03:56 --------- d-----w c:\program files\CCleaner 2009-04-02 03:53 --------- d-----w c:\program files\Easy Internet signup 2009-04-01 23:08 --------- d-----w c:\program files\Symantec 2009-04-01 23:08 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-04-01 07:25 71,749 -c--a-w c:\windows\hcextoutput.dll 2009-04-01 07:25 368,709 -c--a-w c:\windows\tsc.exe 2009-04-01 03:45 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-04-01 00:18 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-31 05:50 --------- d-----w c:\program files\eMule 2009-03-28 10:26 --------- d-----w c:\program files\TomTom HOME 2 2009-03-18 15:38 --------- d-----w c:\program files\Tomtomax Maxi-Box 2009-03-18 13:34 --------- d-----w c:\program files\Yahoo! 2009-02-22 09:26 --------- d-----w c:\program files\WinAVI Video Converter 9.0 2009-02-16 14:17 --------- d-----w c:\program files\Video Strip Poker Full Version - NICOLE 2005-05-13 15:12 217,073 --sha-r c:\windows\meta4.exe 2007-01-28 18:20 22 --sha-w c:\windows\SMINST\HPCD.sys 2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll . ------- Sigcheck ------- 2004-08-05 20:00 33280 f2e9e2bb32afa47558ed88a19c00d32a c:\windows\$NtServicePackUninstall$\svchost.exe 2008-04-14 04:34 33280 4d185cc4379906b3131dfeb549a2a27e c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\svchost.exe 2008-04-14 04:34 33280 d938f7919cdae924800ff857482dd052 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\svchost.exe 2009-04-07 16:16 33280 e073bdd9f0d227e937d359f6d318ab14 c:\windows\system32\svchost.exe 2004-08-19 16:10 33280 48e130102a691a742cf082e34a39ce8b c:\windows\system32\dllcache\svchost.exe 2004-08-05 20:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$\ndis.sys 2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ndis.sys 2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ndis.sys 2009-04-06 16:13 213376 ff85ebd2ad3679254cf251136c62d764 c:\windows\system32\dllcache\ndis.sys 2009-04-06 16:13 213376 ff85ebd2ad3679254cf251136c62d764 c:\windows\system32\drivers\ndis.sys 2009-04-07 16:15 1055232 e1837536d4d0c12d328ec68b4b238750 c:\windows\explorer.exe 2007-06-13 15:10 1056256 6e77d2e39fdf839e2475406b0e854d9f c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-05 20:00 1055232 678e4eae8ed8741191bac5743157f12f c:\windows\$NtServicePackUninstall$\explorer.exe 2004-08-05 20:00 1055232 3a52c5525902fb158b435f5dcc9764fe c:\windows\$NtUninstallKB938828$\explorer.exe 2008-04-14 04:34 1056768 58f989c78fcfa836ac446b39a9e49d0c c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\explorer.exe 2008-04-14 04:34 1056768 2a6361367c665bec3f2b31c423af2cf8 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\explorer.exe 2004-08-19 16:09 1055232 dde1fb7c583310811b326a8563b8eed8 c:\windows\system32\dllcache\explorer.exe 2004-08-05 20:00 34304 ecf932debc3adb435a516f58ddffec9d c:\windows\$NtServicePackUninstall$\ctfmon.exe 2008-04-14 04:33 34304 8181a7405cfba23178508c8b837e1333 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ctfmon.exe 2008-04-14 04:33 34304 330f39a904e20672ffc4a035fb3e78af c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ctfmon.exe 2009-04-03 21:58 15360 14f3132dc8d481eba108ba9e2cf1389e c:\windows\system32\ctfmon.exe 2004-08-05 20:00 34304 9b8145273b153cba00630a03f3ffd31c c:\windows\system32\dllcache\ctfmon.exe 2005-06-11 02:17 76800 101d417010dee6004a41675dad35b720 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe 2004-08-05 20:00 76800 68167077066c4e7712b48d0268a46130 c:\windows\$NtServicePackUninstall$\spoolsv.exe 2004-08-05 20:00 76800 67a22c54ac31dc3b94a01db45d77b642 c:\windows\$NtUninstallKB896423$\spoolsv.exe 2008-04-14 04:34 76800 59d0d18b7cd8d3811282751758e94372 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\spoolsv.exe 2008-04-14 04:34 76800 9beabc5acd60828b61be65231878f7a5 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\spoolsv.exe 2009-04-07 16:16 57856 9d10cde0735ca583eaeb7ec4bacb0839 c:\windows\system32\spoolsv.exe 2004-08-19 16:10 76800 ac2a0001265ad3e7cf82e0225bd21cd5 c:\windows\system32\dllcache\spoolsv.exe 2004-08-05 20:00 44032 340283e6986ec63596f2e16d06e21279 c:\windows\$NtServicePackUninstall$\userinit.exe 2008-04-14 04:34 45568 26bf6b49401333ff2d061a47ccfb90f5 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\userinit.exe 2008-04-14 04:34 45568 4cf572364737db447420c278abdfab49 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\userinit.exe 2009-04-03 21:59 25088 1fa37ceb2e7eb9fc851d14ad1a56a335 c:\windows\system32\userinit.exe 2004-08-05 20:00 44032 7e493f374f6fda57e47bc498a9ba9bf3 c:\windows\system32\dllcache\userinit.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-04-03 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2009-04-03 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] c:\documents and settings\Administrateur.CHRIS\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2009-04-03 57344] c:\documents and settings\Administrateur.NOM-EB85C523610.000\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2009-04-03 57344] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\ThunMail\testabd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.iac2"= c:\progra~1\ACEMEG~1\SystemS\Intel\iac25_32.ax "msacm.sl_anet"= c:\progra~1\ACEMEG~1\SystemS\sl_anet.acm "vidc.yv12"= c:\progra~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL "vidc.divx"= c:\progra~1\ACEMEG~1\SystemS\DivX\DivX520.dll "vidc.iyuv"= c:\progra~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll "vidc.yvu9"= c:\progra~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll "msacm.msadpcm"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msadp32.acm "msacm.imaadpcm"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\imaadp32.acm "msacm.msg711"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msg711.acm "msacm.msg723"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msg723.acm "msacm.msgsm610"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msgsm32.acm "vidc.m261"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msh261.drv "vidc.m263"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msh263.drv "vidc.i420"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msh263.drv "vidc.mrle"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msrle32.dll "vidc.uyvy"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msyuv.dll "vidc.yuy2"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msyuv.dll "vidc.yvyu"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msyuv.dll "vidc.msvc"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msvidc32.dll "vidc.cram"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msvidc32.dll "vidc.mpg4"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp41"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp42"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp43"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp4s"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp4v"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.wmv3"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\WMV9VCM.dll "msacm.msaudio1"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msaud32.acm "vidc.vp30"= c:\progra~1\ACEMEG~1\SystemS\ON2TEC~2\vp31vfw.dll "vidc.vp31"= c:\progra~1\ACEMEG~1\SystemS\ON2TEC~2\vp31vfw.dll "vidc.vp60"= c:\progra~1\ACEMEG~1\SystemS\ON2TEC~2\vp6vfw.dll "vidc.vp61"= c:\progra~1\ACEMEG~1\SystemS\ON2TEC~2\vp6vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "avg8emc"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-04 108032] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - SYNSEND . Contenu du dossier 'Tâches planifiées' 2009-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-04-03 c:\windows\Tasks\Maintenance en 1 clic.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [] . - - - - ORPHELINS SUPPRIMES - - - - BHO-{D5BF49A0-94F3-42BD-F434-3604812C8955} - c:\windows\system32\ds43g4nfjkn93.dll HKLM-Run-10699 - c:\windows\system32\5.tmp.exe HKU-Default-Run-svc - c:\program files\ThunMail\testabd.exe HKU-Default-Run-Windows Resurections - c:\windows\TEMP\cdeje2y.exe HKU-Default-Run-Diagnostic Manager - c:\windows\TEMP\3510478060.exe SharedTaskScheduler-{D5BF49A0-94F3-42BD-F434-3604812C8955} - c:\windows\system32\ds43g4nfjkn93.dll . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.sfr.fr/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htm IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-07 16:40:53 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwOpenFile Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... c:\windows\system32\drivers\dywbxpcpqbzpkzn.sys 47232 bytes executable c:\windows\system32\drivers\str.sys 69765 bytes Scan terminé avec succès Fichiers cachés: 2 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qcsmdwvf] "ImagePath"="\??\c:\windows\system32\drivers\dywbxpcpqbzpkzn.sys" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(536) c:\windows\system32\Ati2evxx.dll c:\windows\system32\WININET.DLL . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\drivers\CDAC11BA.EXE c:\windows\system32\HPZipm12.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wscntfy.exe c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe c:\program files\Internet Explorer\iexplore.exe . ************************************************************************** . Heure de fin: 2009-04-07 16:45:31 - La machine a redémarré ComboFix-quarantined-files.txt 2009-04-07 14:45:26 ComboFix2.txt 2009-04-06 08:21:00 Avant-CF: 46 177 206 272 octets libres Après-CF: 45,750,624,256 octets libres 393 --- E O F --- 2009-04-02 07:30:34
- 
	  SOS Infection (Résolu)catch1 a répondu à un(e) sujet de catch1 dans Analyses et éradication malwares Voici le log de Gmer(Gamer) : il a retrouve les lignes IAT, mais par les "hidden process". Serait-il possible qu'ils aient été supprimés? GMER 1.0.15.14966 - http://www.gmer.net Rootkit scan 2009-04-07 13:17:46 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.15 ---- Code 8291E4D0 pIofCallDriver ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[136] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[136] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[136] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[136] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[136] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .rsrc C:\WINDOWS\dhcp\svchost.exe[188] C:\WINDOWS\dhcp\svchost.exe section is executable [0x00482000, 0x7000, 0xE0000040] .rsrc C:\WINDOWS\dhcp\svchost.exe[188] C:\WINDOWS\dhcp\svchost.exe entry point in ".rsrc" section [0x00483328] .text C:\WINDOWS\dhcp\svchost.exe[188] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\dhcp\svchost.exe[188] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\dhcp\svchost.exe[188] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\dhcp\svchost.exe[188] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\dhcp\svchost.exe[188] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .text C:\WINDOWS\system32\HPZipm12.exe[248] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\system32\HPZipm12.exe[248] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\system32\HPZipm12.exe[248] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\system32\HPZipm12.exe[248] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\system32\HPZipm12.exe[248] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .text C:\WINDOWS\system32\sopidkc.exe[332] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\system32\sopidkc.exe[332] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\system32\sopidkc.exe[332] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\system32\sopidkc.exe[332] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\system32\sopidkc.exe[332] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .text C:\WINDOWS\system32\winlogon.exe[528] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\system32\winlogon.exe[528] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\system32\winlogon.exe[528] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\system32\winlogon.exe[528] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\system32\winlogon.exe[528] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E ? C:\WINDOWS\System32\svchost.exe[548] number of sections mismatch; time/date stamp mismatch; .text C:\WINDOWS\System32\svchost.exe[548] C:\WINDOWS\System32\svchost.exe section is writeable [0x00401000, 0x2C00, 0xE0000060] .rsrc C:\WINDOWS\System32\svchost.exe[548] C:\WINDOWS\System32\svchost.exe section is executable [0x00405000, 0x6600, 0xE0000040] .text C:\WINDOWS\System32\svchost.exe[548] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\System32\svchost.exe[548] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\System32\svchost.exe[548] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\System32\svchost.exe[548] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\System32\svchost.exe[548] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .text C:\WINDOWS\system32\services.exe[572] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\system32\services.exe[572] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\system32\services.exe[572] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\system32\services.exe[572] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\system32\services.exe[572] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .text C:\WINDOWS\system32\lsass.exe[588] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\system32\lsass.exe[588] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\system32\lsass.exe[588] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\system32\lsass.exe[588] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\system32\lsass.exe[588] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E ? C:\WINDOWS\System32\svchost.exe[700] number of sections mismatch; time/date stamp mismatch; .text C:\WINDOWS\System32\svchost.exe[700] C:\WINDOWS\System32\svchost.exe section is writeable [0x00401000, 0x2C00, 0xE0000060] .rsrc C:\WINDOWS\System32\svchost.exe[700] C:\WINDOWS\System32\svchost.exe section is executable [0x00405000, 0x6600, 0xE0000040] .text C:\WINDOWS\System32\svchost.exe[700] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\System32\svchost.exe[700] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\System32\svchost.exe[700] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\System32\svchost.exe[700] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\System32\svchost.exe[700] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .text C:\WINDOWS\system32\Ati2evxx.exe[748] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\system32\Ati2evxx.exe[748] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\system32\Ati2evxx.exe[748] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\system32\Ati2evxx.exe[748] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\system32\Ati2evxx.exe[748] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .text C:\WINDOWS\system32\svchost.exe[760] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060] .rsrc C:\WINDOWS\system32\svchost.exe[760] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x6600, 0xE0000040] .text C:\WINDOWS\system32\svchost.exe[760] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\system32\svchost.exe[760] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\system32\svchost.exe[760] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\system32\svchost.exe[760] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\system32\svchost.exe[760] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .text C:\WINDOWS\system32\svchost.exe[852] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060] .rsrc C:\WINDOWS\system32\svchost.exe[852] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x6600, 0xE0000040] .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E ? C:\WINDOWS\System32\svchost.exe[896] number of sections mismatch; time/date stamp mismatch; .text C:\WINDOWS\System32\svchost.exe[896] C:\WINDOWS\System32\svchost.exe section is writeable [0x00401000, 0x2C00, 0xE0000060] .rsrc C:\WINDOWS\System32\svchost.exe[896] C:\WINDOWS\System32\svchost.exe section is executable [0x00405000, 0x6600, 0xE0000040] .text C:\WINDOWS\System32\svchost.exe[896] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\System32\svchost.exe[896] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\System32\svchost.exe[896] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\System32\svchost.exe[896] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\System32\svchost.exe[896] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .text C:\WINDOWS\System32\svchost.exe[916] C:\WINDOWS\System32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060] .rsrc C:\WINDOWS\System32\svchost.exe[916] C:\WINDOWS\System32\svchost.exe section is executable [0x01005000, 0x6600, 0xE0000040] .text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .text C:\WINDOWS\system32\svchost.exe[980] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060] .rsrc C:\WINDOWS\system32\svchost.exe[980] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x6600, 0xE0000040] .text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .text C:\WINDOWS\system32\svchost.exe[1072] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060] .rsrc C:\WINDOWS\system32\svchost.exe[1072] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x6600, 0xE0000040] .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .text C:\WINDOWS\system32\Ati2evxx.exe[1260] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\system32\Ati2evxx.exe[1260] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\system32\Ati2evxx.exe[1260] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\system32\Ati2evxx.exe[1260] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\system32\Ati2evxx.exe[1260] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .text C:\WINDOWS\Explorer.EXE[1388] Explorer.EXE 0101E26B 4 Bytes [FF, 15, 98, 10] .text C:\WINDOWS\Explorer.EXE[1388] C:\WINDOWS\Explorer.EXE section is writeable [0x01001000, 0x44689, 0xE0000060] .reloc C:\WINDOWS\Explorer.EXE[1388] C:\WINDOWS\Explorer.EXE section is executable [0x010FC000, 0x9800, 0xE2000040] .text C:\WINDOWS\Explorer.EXE[1388] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\Explorer.EXE[1388] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\Explorer.EXE[1388] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\Explorer.EXE[1388] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\Explorer.EXE[1388] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .text C:\WINDOWS\system32\spoolsv.exe[1416] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\system32\spoolsv.exe[1416] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\system32\spoolsv.exe[1416] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\system32\spoolsv.exe[1416] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\system32\spoolsv.exe[1416] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .rsrc C:\WINDOWS\system32\3361\svchost.exe[1696] C:\WINDOWS\system32\3361\svchost.exe section is executable [0x00411000, 0x7000, 0xE0000040] .rsrc C:\WINDOWS\system32\3361\svchost.exe[1696] C:\WINDOWS\system32\3361\svchost.exe entry point in ".rsrc" section [0x00412249] .text C:\WINDOWS\system32\3361\svchost.exe[1696] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\system32\3361\svchost.exe[1696] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\system32\3361\svchost.exe[1696] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\system32\3361\svchost.exe[1696] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\system32\3361\svchost.exe[1696] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .text C:\WINDOWS\System32\reader_s.exe[1844] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\System32\reader_s.exe[1844] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\System32\reader_s.exe[1844] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\System32\reader_s.exe[1844] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\System32\reader_s.exe[1844] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .text C:\WINDOWS\system32\afisicx.exe[1884] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\system32\afisicx.exe[1884] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\system32\afisicx.exe[1884] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\system32\afisicx.exe[1884] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\system32\afisicx.exe[1884] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .text C:\WINDOWS\system32\ctfmon.exe[1900] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\system32\ctfmon.exe[1900] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\system32\ctfmon.exe[1900] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\system32\ctfmon.exe[1900] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\system32\ctfmon.exe[1900] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .text C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe[1912] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe[1912] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe[1912] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe[1912] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe[1912] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .text C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\2818290560.exe[1936] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\2818290560.exe[1936] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\2818290560.exe[1936] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\2818290560.exe[1936] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\2818290560.exe[1936] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .text C:\Documents and Settings\HP_Propriétaire\reader_s.exe[1948] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\Documents and Settings\HP_Propriétaire\reader_s.exe[1948] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\Documents and Settings\HP_Propriétaire\reader_s.exe[1948] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\Documents and Settings\HP_Propriétaire\reader_s.exe[1948] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\Documents and Settings\HP_Propriétaire\reader_s.exe[1948] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1972] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1972] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1972] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1972] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1972] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .text C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe[2044] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe[2044] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe[2044] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe[2044] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe[2044] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E ? C:\WINDOWS\System32\svchost.exe[2240] number of sections mismatch; time/date stamp mismatch; unknown module: gdiplus.dllunknown module: OLEAUT32.dll .text C:\WINDOWS\System32\svchost.exe[2240] C:\WINDOWS\System32\svchost.exe section is writeable [0x13141000, 0x2C00, 0xE0000060] .rsrc C:\WINDOWS\System32\svchost.exe[2240] C:\WINDOWS\System32\svchost.exe section is executable [0x13145000, 0x6600, 0xE0000040] .text C:\WINDOWS\System32\svchost.exe[2240] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\System32\svchost.exe[2240] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\System32\svchost.exe[2240] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\System32\svchost.exe[2240] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\System32\svchost.exe[2240] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .text C:\WINDOWS\system32\svchost.exe[2260] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060] .rsrc C:\WINDOWS\system32\svchost.exe[2260] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x6600, 0xE0000040] .text C:\WINDOWS\system32\svchost.exe[2260] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\system32\svchost.exe[2260] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\system32\svchost.exe[2260] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\system32\svchost.exe[2260] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\system32\svchost.exe[2260] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .text C:\WINDOWS\system32\tdctxte.exe[2276] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\system32\tdctxte.exe[2276] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\system32\tdctxte.exe[2276] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\system32\tdctxte.exe[2276] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\system32\tdctxte.exe[2276] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .text C:\WINDOWS\system32\wdfmgr.exe[2312] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\system32\wdfmgr.exe[2312] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\system32\wdfmgr.exe[2312] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\system32\wdfmgr.exe[2312] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\system32\wdfmgr.exe[2312] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E ? C:\WINDOWS\System32\svchost.exe[2416] number of sections mismatch; time/date stamp mismatch; unknown module: gdiplus.dllunknown module: OLEAUT32.dll .text C:\WINDOWS\System32\svchost.exe[2416] C:\WINDOWS\System32\svchost.exe section is writeable [0x13141000, 0x2C00, 0xE0000060] .rsrc C:\WINDOWS\System32\svchost.exe[2416] C:\WINDOWS\System32\svchost.exe section is executable [0x13145000, 0x6600, 0xE0000040] .text C:\WINDOWS\System32\svchost.exe[2416] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\System32\svchost.exe[2416] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\System32\svchost.exe[2416] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\System32\svchost.exe[2416] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\System32\svchost.exe[2416] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .text C:\WINDOWS\system32\wscntfy.exe[3012] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\system32\wscntfy.exe[3012] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\system32\wscntfy.exe[3012] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\system32\wscntfy.exe[3012] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\system32\wscntfy.exe[3012] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .text C:\gamer\gamer.exe[3128] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\gamer\gamer.exe[3128] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\gamer\gamer.exe[3128] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\gamer\gamer.exe[3128] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\gamer\gamer.exe[3128] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .text C:\WINDOWS\System32\alg.exe[3212] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\System32\alg.exe[3212] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\System32\alg.exe[3212] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\System32\alg.exe[3212] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\System32\alg.exe[3212] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .text C:\WINDOWS\System32\svchost.exe[3860] C:\WINDOWS\System32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060] .rsrc C:\WINDOWS\System32\svchost.exe[3860] C:\WINDOWS\System32\svchost.exe section is executable [0x01005000, 0x6600, 0xE0000040] .text C:\WINDOWS\System32\svchost.exe[3860] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\System32\svchost.exe[3860] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\System32\svchost.exe[3860] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\System32\svchost.exe[3860] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\System32\svchost.exe[3860] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] CB8401C7 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 0BE90043 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560001D4 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [0043CB84] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01D3FDE8 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] D4CCE856 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 8B55C300 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 1475FFEC IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] FF1075FF IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 10C48308 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 8B55C35D IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 1475FFEC IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] FF1075FF IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 75FF0C75 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] D9C8E808 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 458B0001 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 2270E800 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] F18B0002 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] E8F07589 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 0001D2CB IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 00FC6583 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 8D0875FF IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 06C70C4E IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [0043CB90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 001C9AE8 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] E8C68B00 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 00022322 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 560004C2 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 006AF18B IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 4E8D016A IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 9006C70C IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] E80043CB IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 000021DB IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] E95ECE8B IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 0001D35E IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] E8F18B56 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] FFFFFFDB IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 082444F6 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 56077401 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 01D425E8 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 0004C25E IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] CB9C01C7 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] BCE90043 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 56FFFFFF IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 06C7F18B IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [0043CB9C] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFAEE8 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 2444F6FF IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 07740108 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] D3F8E856 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 8B590001 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 04C25EC6 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] B8046A00 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [00436DDD] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 0221D5E8 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 89F18B00 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 7D8BF075 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] A3E85708 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 830001D2 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8300FC65 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 06C70C4E IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [0043CB90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 001BFAE8 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] E8C68B00 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 00022282 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 830004C2 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 60830020 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 0A8B0004 IAT C:\WINDOWS\System32\svchost.exe[548] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 04728B56 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] CB8401C7 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 0BE90043 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560001D4 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [0043CB84] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01D3FDE8 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] D4CCE856 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 8B55C300 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 1475FFEC IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] FF1075FF IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 10C48308 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 8B55C35D IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 1475FFEC IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] FF1075FF IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 75FF0C75 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] D9C8E808 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 458B0001 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 2270E800 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] F18B0002 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] E8F07589 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 0001D2CB IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 00FC6583 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 8D0875FF IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 06C70C4E IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [0043CB90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 001C9AE8 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] E8C68B00 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 00022322 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 560004C2 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 006AF18B IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 4E8D016A IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 9006C70C IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] E80043CB IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 000021DB IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] E95ECE8B IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 0001D35E IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] E8F18B56 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] FFFFFFDB IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 082444F6 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 56077401 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 01D425E8 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 0004C25E IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] CB9C01C7 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] BCE90043 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 56FFFFFF IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 06C7F18B IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [0043CB9C] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFAEE8 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 2444F6FF IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 07740108 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] D3F8E856 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 8B590001 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 04C25EC6 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] B8046A00 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [00436DDD] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 0221D5E8 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 89F18B00 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 7D8BF075 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] A3E85708 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 830001D2 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8300FC65 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 06C70C4E IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [0043CB90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 001BFAE8 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] E8C68B00 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 00022282 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 830004C2 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 60830020 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 0A8B0004 IAT C:\WINDOWS\System32\svchost.exe[700] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 04728B56 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] CB8401C7 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 0BE90043 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560001D4 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [0043CB84] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01D3FDE8 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] D4CCE856 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 8B55C300 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 1475FFEC IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] FF1075FF IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 10C48308 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 8B55C35D IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 1475FFEC IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] FF1075FF IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 75FF0C75 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] D9C8E808 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 458B0001 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 2270E800 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] F18B0002 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] E8F07589 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 0001D2CB IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 00FC6583 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 8D0875FF IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 06C70C4E IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [0043CB90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 001C9AE8 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] E8C68B00 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 00022322 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 560004C2 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 006AF18B IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 4E8D016A IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 9006C70C IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] E80043CB IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 000021DB IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] E95ECE8B IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 0001D35E IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] E8F18B56 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] FFFFFFDB IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 082444F6 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 56077401 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 01D425E8 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 0004C25E IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] CB9C01C7 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] BCE90043 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 56FFFFFF IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 06C7F18B IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [0043CB9C] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFAEE8 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 2444F6FF IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 07740108 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] D3F8E856 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 8B590001 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 04C25EC6 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] B8046A00 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [00436DDD] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 0221D5E8 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 89F18B00 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 7D8BF075 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] A3E85708 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 830001D2 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8300FC65 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 06C70C4E IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [0043CB90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 001BFAE8 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] E8C68B00 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 00022282 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 830004C2 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 60830020 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 0A8B0004 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 04728B56 IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DAEAF4] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DA6A78] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DA6FC8] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DAD7CC] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DCC8C1] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DCC1B5] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DA7883] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [77DAEBE7] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [77DCC123] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [77DA6BF0] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [77DA761B] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 00000000 IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [7C80D47E] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [7C809A81] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C812BE6] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C812E03] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C80E00D] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C801E16] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C80B357] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C812CA9] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C810386] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C809750] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C80B529] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C80B859] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C812851] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C947A40] C:\WINDOWS\system32\ntdll.dll (DLL Couche NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C832E2B] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C80CEC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C838CB9] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C81CAA2] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C80C729] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C810311] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C812C8D] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C8114AB] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C802530] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C81082F] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C809C4C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C81E4BD] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C80EB3F] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C802442] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C809B77] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C80EC1B] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C9110ED] C:\WINDOWS\system32\ntdll.dll (DLL Couche NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C911005] C:\WINDOWS\system32\ntdll.dll (DLL Couche NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C809FA1] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C809C28] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [7C8097AD] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [7C838FB9] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [7C81EE79] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [7C8092AC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [7C80C9C1] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7C80A480] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [7C80B929] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [7C8097C6] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [7C81486A] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [7C81E92A] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [7C862849] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7C80220F] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [7C809AA2] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7C8021CC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [7C838EEB] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7C802367] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] [7C8024A7] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [7C80180E] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [7C810C8F] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [7C920331] C:\WINDOWS\system32\ntdll.dll (DLL Couche NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [7C810F9F] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [7C810976] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [7C81114A] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [7C81E5E9] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [7C80A0C7] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [7C809A39] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [7C809CAD] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2240] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [7C81EAE1] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DAEAF4] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DA6A78] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DA6FC8] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DAD7CC] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DCC8C1] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DCC1B5] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DA7883] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [77DAEBE7] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [77DCC123] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [77DA6BF0] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [77DA761B] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 00000000 IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [7C80D47E] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [7C809A81] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C812BE6] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C812E03] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C80E00D] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C801E16] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C80B357] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C812CA9] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C810386] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C809750] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C80B529] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C80B859] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C947A40] C:\WINDOWS\system32\ntdll.dll (DLL Couche NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C832E2B] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C80CEC4] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C838CB9] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C80A480] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C81CAA2] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C80C729] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C810311] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C812C8D] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C8114AB] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C802530] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C81082F] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C809C4C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C81E4BD] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C80EB3F] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C802442] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C809B77] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C80EC1B] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C9110ED] C:\WINDOWS\system32\ntdll.dll (DLL Couche NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C911005] C:\WINDOWS\system32\ntdll.dll (DLL Couche NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C809FA1] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C809C28] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [7C8097AD] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [7C838FB9] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [7C81EE79] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [7C8092AC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [7C80C9C1] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7C80B929] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [7C8097C6] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [7C81486A] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [7C81E92A] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [7C862849] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [7C80220F] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7C809AA2] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [7C8021CC] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7C838EEB] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [7C802367] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7C8024A7] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] [7C80180E] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [7C810C8F] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [7C801A24] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [7C810F9F] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [7C810976] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [7C81114A] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [7C81E5E9] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [7C80A0C7] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [7C809A39] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [7C809CAD] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [7C81EAE1] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2416] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [7C80A859] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \Driver\NDIS \Device\Ndis [828F8982] NDIS.sys[.reloc] AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\All Users\Application Data\Adobe\Updater5\AdobeESDGlobalApps.xml 285 bytes File C:\WINDOWS\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ndis.sys (size mismatch) 182656/182912 bytes executable File C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ndis.sys (size mismatch) 182656/182912 bytes executable File C:\WINDOWS\system32\drivers\ndis.sys (size mismatch) 213376/182912 bytes executable File C:\WINDOWS\system32\dllcache\ndis.sys (size mismatch) 213376/182912 bytes executable File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000179.query 184 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000084.query 314 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000096.query 778 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000b4.query 534 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000c7.query 5378 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e4.query 476 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000fb.query 5456 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000106.query 7128 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000119.query 990 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000137.query 7340 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000148.query 218 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000168.query 252 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000007f.query 8966 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000080.query 222 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000082.query 0 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000083.query 11954 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000085.query 2950 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000086.query 2950 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000088.query 284 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000008a.query 17578 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000008b.query 17578 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000008c.query 570 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000008d.query 1926 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000008e.query 1926 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000090.query 214 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000092.query 3626 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000093.query 3626 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000094.query 300 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000095.query 778 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000098.query 198 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000009a.query 2968 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000009b.query 2968 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000009c.query 264 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000009e.query 5536 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000009f.query 5536 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000a0.query 296 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000a2.query 1994 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000a3.query 1994 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000a4.query 298 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000a6.query 2934 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000a7.query 2934 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000a8.query 212 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000aa.query 2866 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ab.query 2866 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ac.query 200 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ae.query 3786 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000af.query 3786 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000b0.query 194 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000b1.query 1062 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000b2.query 1062 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000b5.query 3718 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000b6.query 3718 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000b8.query 182 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ba.query 7326 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000bb.query 7326 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000bc.query 202 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000be.query 4324 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000bf.query 4324 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000c0.query 190 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000c2.query 3660 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000c3.query 3660 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000c4.query 222 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000c6.query 5378 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000c8.query 276 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ca.query 3976 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000cb.query 3976 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000cc.query 254 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ce.query 14864 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000cf.query 14864 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000d0.query 204 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000d2.query 5480 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000d3.query 5480 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000d4.query 200 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000d6.query 3256 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000d7.query 3256 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000d8.query 194 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000da.query 1892 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000db.query 1892 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000dc.query 368 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000dd.query 514 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000de.query 514 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e0.query 236 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e1.query 378 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e2.query 6314 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e3.query 5944 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e5.query 1312 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e6.query 1312 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e8.query 284 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ea.query 8102 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000eb.query 8102 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ec.query 266 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ee.query 8042 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ef.query 8042 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000f0.query 276 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000f2.query 4150 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000f3.query 4150 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000f4.query 536 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000f5.query 2360 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000f6.query 2360 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000f8.query 328 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000fa.query 5456 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000fc.query 318 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000fe.query 3766 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ff.query 3766 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000100.query 340 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000101.query 506 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000102.query 4902 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000103.query 4404 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000104.query 348 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001f1.query 1214 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001f2.query 2054 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001f3.query 848 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001f4.query 496 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001f8.query 246 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001fc.query 244 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000200.query 252 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000204.query 84 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000205.query 476 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000206.query 476 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000208.query 160 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000107.query 7128 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000108.query 266 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000010a.query 1480 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000010b.query 1480 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000010c.query 356 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000110.query 452 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000111.query 942 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000112.query 942 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000114.query 194 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000115.query 2246 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000116.query 2246 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000118.query 518 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000011a.query 990 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000011c.query 278 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000011d.query 2078 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000011e.query 2078 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000120.query 338 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000121.query 1086 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000122.query 1086 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000124.query 246 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000126.query 7702 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000127.query 7702 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000128.query 152 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000012a.query 296 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000012b.query 296 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000012c.query 444 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000012d.query 4082 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000012e.query 4082 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000130.query 238 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000132.query 9370 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000133.query 9370 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000134.query 306 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000136.query 7340 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000138.query 258 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000013a.query 5652 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000013b.query 5652 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000013c.query 232 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000013e.query 7606 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000013f.query 7606 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000140.query 348 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000142.query 9044 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000143.query 9044 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000144.query 294 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000146.query 8426 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000147.query 8426 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000014a.query 6942 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000014b.query 6942 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000014c.query 226 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000014e.query 7550 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000014f.query 7550 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000150.query 274 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000152.query 5448 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000153.query 5448 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000154.query 340 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000156.query 11238 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000157.query 11238 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000158.query 478 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000015c.query 504 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000160.query 462 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000162.query 4968 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000163.query 4968 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000164.query 388 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000165.query 3626 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000166.query 3626 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000016a.query 19148 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000016b.query 19148 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000016c.query 196 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000016e.query 7594 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000016f.query 7594 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000170.query 168 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000172.query 3420 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000173.query 3420 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000174.query 124 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000176.query 10956 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000177.query 10956 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000178.query 134 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000017a.query 2642 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000017b.query 2466 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000017c.query 156 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000017e.query 6006 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000017f.query 6006 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000180.query 234 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000182.query 21404 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000183.query 21404 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000184.query 258 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000186.query 9900 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000187.query 9900 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000188.query 204 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000018a.query 4206 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000018b.query 4206 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000018c.query 282 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000018d.query 546 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000018e.query 1050 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000018f.query 512 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000190.query 252 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000191.query 598 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000192.query 598 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000194.query 210 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000196.query 1960 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000197.query 1960 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000198.query 216 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000019a.query 19024 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000019b.query 19024 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000019c.query 188 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000019e.query 6536 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000019f.query 6536 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001a0.query 202 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001a3.query 9952 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001a4.query 432 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001a8.query 246 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001aa.query 5456 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ab.query 5456 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ac.query 364 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ad.query 3866 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ae.query 3866 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001b0.query 194 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001b2.query 17598 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001b3.query 17598 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001b4.query 262 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001b6.query 7244 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001b7.query 7244 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001b8.query 258 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ba.query 11944 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001a2.query 9952 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001bb.query 11944 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001d4.query 326 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001f0.query 694 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000020a.query 3892 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000227.query 2284 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000239.query 1520 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000256.query 2218 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000269.query 972 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000285.query 974 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000299.query 2044 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001bc.query 264 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001be.query 2004 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001bf.query 2004 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001c0.query 242 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001c2.query 18050 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001c3.query 18050 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001c4.query 194 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001c6.query 7300 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001c7.query 7300 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001c8.query 274 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ca.query 7884 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001cb.query 7884 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001cc.query 292 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ce.query 24326 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001cf.query 24326 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001d0.query 242 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001d2.query 4332 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001d3.query 4332 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000020b.query 3892 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000020c.query 230 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000210.query 102 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000212.query 1420 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000213.query 1420 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000214.query 84 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000215.query 2102 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000216.query 2102 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000218.query 244 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000219.query 2246 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000021a.query 2246 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000021c.query 174 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000021d.query 1670 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000021e.query 1670 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000220.query 172 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000221.query 2330 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000222.query 2330 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000224.query 208 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000226.query 2284 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000228.query 264 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000229.query 354 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000022a.query 4378 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000022b.query 4032 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000022c.query 202 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000022d.query 1884 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000022e.query 1884 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000230.query 206 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000231.query 3184 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000232.query 3184 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000234.query 218 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000236.query 5838 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000237.query 5838 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000238.query 282 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000023a.query 1520 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000023c.query 446 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000023d.query 2444 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000023e.query 2444 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000240.query 146 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000241.query 1592 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000242.query 1592 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000244.query 210 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000246.query 1780 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000247.query 1780 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000248.query 216 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000024a.query 2154 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000024b.query 2154 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000024c.query 200 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000024e.query 3142 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000024f.query 3142 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000250.query 278 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000252.query 3586 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000253.query 3586 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000254.query 244 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000255.query 2218 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000258.query 162 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000025a.query 3562 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000025b.query 3562 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000025c.query 202 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000025e.query 664 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000025f.query 664 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000260.query 216 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000261.query 562 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000262.query 562 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000264.query 202 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000266.query 3514 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000267.query 3514 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000268.query 184 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000026a.query 972 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000026c.query 156 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000026e.query 2260 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000026f.query 2260 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000270.query 184 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000272.query 4014 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000273.query 4014 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000274.query 156 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000276.query 904 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000277.query 904 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000278.query 220 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000027a.query 1018 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000027b.query 1018 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000027c.query 214 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000027e.query 5064 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000027f.query 5064 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000280.query 216 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000282.query 2858 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000283.query 2858 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000284.query 194 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000286.query 974 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000288.query 264 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000289.query 322 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000028a.query 322 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000028c.query 196 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000028d.query 976 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000028e.query 976 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000290.query 134 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000292.query 278 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000293.query 278 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000294.query 146 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000296.query 5174 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000297.query 5174 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000298.query 364 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000029a.query 2044 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000029c.query 350 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000029e.query 1458 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000029f.query 1458 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002a0.query 402 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002a2.query 1996 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002a3.query 1996 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002a4.query 216 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002a6.query 1968 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002a7.query 1968 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002a8.query 258 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002aa.query 1180 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002ab.query 1180 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002ac.query 222 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002ad.query 614 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002ae.query 1628 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002af.query 1022 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002b0.query 230 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002b2.query 3174 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002b3.query 3174 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002b4.query 214 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002b6.query 3162 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002b7.query 3162 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002b8.query 208 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002ba.query 2542 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002bb.query 2542 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001d6.query 8208 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001d7.query 8208 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001d8.query 204 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001da.query 6792 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001db.query 6792 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001dc.query 516 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001e0.query 440 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001e2.query 4792 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001e3.query 4792 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001e4.query 262 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001e6.query 5648 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001e7.query 5648 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001e8.query 564 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ec.query 82 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ed.query 694 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ee.query 694 bytes ---- EOF - GMER 1.0.15 ---- Espérons que les renseignements trouvés soient suffisants.
- 
	  SOS Infection (Résolu)catch1 a répondu à un(e) sujet de catch1 dans Analyses et éradication malwares Bonjour, En cas de gros problème ou de perte de contact, il existe 2 possibilités : réinstaller Windows sur lui même sans perdre les ficiers installés sur C ou carrément réinstaller le total en effaçant tout. Si problème, je songe d'abord à essayer la première solution ; elle ne nécessite ensuite que la réinstallation des programmes dont je possède les CD d'installation.
- 
	  SOS Infection (Résolu)catch1 a répondu à un(e) sujet de catch1 dans Analyses et éradication malwares Bonsoir, J'ai eu quelques soucis avec Gmer. Il s'est lancé normalement et a trouve 9 hidden process ( en rouge dans le log), puis il s'est arrête. J'ai voulu enregistrer le log en faisant copy et en ouvrant le bloc-notes. Impossible (j'etais en mode normal et Windows envoyait des messages d'erreur). J'ai redémarré en mode sans échec et relancé Gmer. Au milieu du scan, tout s'est arrêté et le PC a redémarré. Je suis revenu en mode sans échec et j'ai relancé Gmer pour la troisième fois. J'ai enregistré le log, le voici : GMER 1.0.15.14966 - http://www.gmer.net Rootkit scan 2009-04-06 21:47:18 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.15 ---- Code 82B5B4D0 pIofCallDriver ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\winlogon.exe[432] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FF94491 .text C:\WINDOWS\system32\winlogon.exe[432] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FF94520 .text C:\WINDOWS\system32\winlogon.exe[432] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FF9452D .text C:\WINDOWS\system32\winlogon.exe[432] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FF94516 .text C:\WINDOWS\system32\winlogon.exe[432] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FF9456E .text C:\WINDOWS\system32\services.exe[476] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FF94491 .text C:\WINDOWS\system32\services.exe[476] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FF94520 .text C:\WINDOWS\system32\services.exe[476] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FF9452D .text C:\WINDOWS\system32\services.exe[476] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FF94516 .text C:\WINDOWS\system32\services.exe[476] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FF9456E .text C:\WINDOWS\system32\lsass.exe[500] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FF94491 .text C:\WINDOWS\system32\lsass.exe[500] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FF94520 .text C:\WINDOWS\system32\lsass.exe[500] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FF9452D .text C:\WINDOWS\system32\lsass.exe[500] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FF94516 .text C:\WINDOWS\system32\lsass.exe[500] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FF9456E .text C:\WINDOWS\system32\svchost.exe[648] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060] .rsrc C:\WINDOWS\system32\svchost.exe[648] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x6600, 0xE0000040] .text C:\WINDOWS\system32\svchost.exe[648] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\system32\svchost.exe[648] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\system32\svchost.exe[648] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\system32\svchost.exe[648] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\system32\svchost.exe[648] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .text C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060] .rsrc C:\WINDOWS\system32\svchost.exe[700] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x6600, 0xE0000040] .text C:\WINDOWS\system32\svchost.exe[700] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\system32\svchost.exe[700] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\system32\svchost.exe[700] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\system32\svchost.exe[700] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\system32\svchost.exe[700] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .text C:\WINDOWS\system32\svchost.exe[756] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060] .rsrc C:\WINDOWS\system32\svchost.exe[756] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x6600, 0xE0000040] .text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FF94491 .text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FF94520 .text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FF9452D .text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FF94516 .text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FF9456E .text C:\WINDOWS\system32\svchost.exe[788] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060] .rsrc C:\WINDOWS\system32\svchost.exe[788] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x6600, 0xE0000040] .text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .text C:\WINDOWS\system32\svchost.exe[820] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060] .rsrc C:\WINDOWS\system32\svchost.exe[820] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x6600, 0xE0000040] .text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .text C:\WINDOWS\Explorer.EXE[1288] Explorer.EXE 0101E26B 4 Bytes [FF, 15, 98, 10] .text C:\WINDOWS\Explorer.EXE[1288] C:\WINDOWS\Explorer.EXE section is writeable [0x01001000, 0x44689, 0xE0000060] .reloc C:\WINDOWS\Explorer.EXE[1288] C:\WINDOWS\Explorer.EXE section is executable [0x010FC000, 0x9800, 0xE2000040] .text C:\WINDOWS\Explorer.EXE[1288] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\Explorer.EXE[1288] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\Explorer.EXE[1288] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\Explorer.EXE[1288] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\Explorer.EXE[1288] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .text C:\WINDOWS\system32\ctfmon.exe[1632] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\WINDOWS\system32\ctfmon.exe[1632] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\WINDOWS\system32\ctfmon.exe[1632] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\WINDOWS\system32\ctfmon.exe[1632] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\WINDOWS\system32\ctfmon.exe[1632] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E .text C:\gmer\gmer.exe[1720] ntdll.dll!NtCreateFile 7C91D682 5 Bytes CALL 7FFA4491 .text C:\gmer\gmer.exe[1720] ntdll.dll!NtCreateProcess 7C91D754 5 Bytes CALL 7FFA4520 .text C:\gmer\gmer.exe[1720] ntdll.dll!NtCreateProcessEx 7C91D769 5 Bytes CALL 7FFA452D .text C:\gmer\gmer.exe[1720] ntdll.dll!NtOpenFile 7C91DCFD 5 Bytes CALL 7FFA4516 .text C:\gmer\gmer.exe[1720] ntdll.dll!NtQueryInformationProcess 7C91E01B 5 Bytes CALL 7FFA456E ---- Devices - GMER 1.0.15 ---- Device \Driver\NDIS \Device\Ndis [82AF1982] NDIS.sys[.reloc] ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\All Users\Application Data\Adobe\Updater5\AdobeESDGlobalApps.xml 285 bytes File C:\WINDOWS\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ndis.sys (size mismatch) 182656/182912 bytes executable File C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ndis.sys (size mismatch) 182656/182912 bytes executable File C:\WINDOWS\system32\drivers\ndis.sys (size mismatch) 213376/182912 bytes executable File C:\WINDOWS\system32\dllcache\ndis.sys (size mismatch) 213376/182912 bytes executable File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000179.query 184 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000084.query 314 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000096.query 778 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000b4.query 534 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000c7.query 5378 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e4.query 476 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000fb.query 5456 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000106.query 7128 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000119.query 990 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000137.query 7340 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000148.query 218 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000168.query 252 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000007f.query 8966 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000080.query 222 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000082.query 0 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000083.query 11954 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000085.query 2950 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000086.query 2950 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000088.query 284 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000008a.query 17578 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000008b.query 17578 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000008c.query 570 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000008d.query 1926 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000008e.query 1926 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000090.query 214 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000092.query 3626 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000093.query 3626 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000094.query 300 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000095.query 778 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000098.query 198 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000009a.query 2968 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000009b.query 2968 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000009c.query 264 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000009e.query 5536 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000009f.query 5536 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000a0.query 296 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000a2.query 1994 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000a3.query 1994 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000a4.query 298 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000a6.query 2934 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000a7.query 2934 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000a8.query 212 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000aa.query 2866 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ab.query 2866 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ac.query 200 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ae.query 3786 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000af.query 3786 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000b0.query 194 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000b1.query 1062 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000b2.query 1062 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000b5.query 3718 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000b6.query 3718 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000b8.query 182 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ba.query 7326 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000bb.query 7326 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000bc.query 202 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000be.query 4324 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000bf.query 4324 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000c0.query 190 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000c2.query 3660 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000c3.query 3660 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000c4.query 222 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000c6.query 5378 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000c8.query 276 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ca.query 3976 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000cb.query 3976 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000cc.query 254 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ce.query 14864 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000cf.query 14864 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000d0.query 204 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000d2.query 5480 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000d3.query 5480 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000d4.query 200 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000d6.query 3256 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000d7.query 3256 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000d8.query 194 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000da.query 1892 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000db.query 1892 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000dc.query 368 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000dd.query 514 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000de.query 514 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e0.query 236 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e1.query 378 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e2.query 6314 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e3.query 5944 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e5.query 1312 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e6.query 1312 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000e8.query 284 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ea.query 8102 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000eb.query 8102 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ec.query 266 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ee.query 8042 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ef.query 8042 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000f0.query 276 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000f2.query 4150 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000f3.query 4150 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000f4.query 536 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000f5.query 2360 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000f6.query 2360 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000f8.query 328 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000fa.query 5456 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000fc.query 318 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000fe.query 3766 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000000ff.query 3766 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000100.query 340 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000101.query 506 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000102.query 4902 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000103.query 4404 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000104.query 348 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001f1.query 1214 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001f2.query 2054 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001f3.query 848 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001f4.query 496 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001f8.query 246 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001fc.query 244 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000200.query 252 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000204.query 84 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000205.query 476 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000206.query 476 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000208.query 160 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000107.query 7128 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000108.query 266 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000010a.query 1480 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000010b.query 1480 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000010c.query 356 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000110.query 452 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000111.query 942 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000112.query 942 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000114.query 194 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000115.query 2246 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000116.query 2246 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000118.query 518 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000011a.query 990 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000011c.query 278 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000011d.query 2078 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000011e.query 2078 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000120.query 338 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000121.query 1086 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000122.query 1086 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000124.query 246 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000126.query 7702 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000127.query 7702 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000128.query 152 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000012a.query 296 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000012b.query 296 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000012c.query 444 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000012d.query 4082 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000012e.query 4082 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000130.query 238 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000132.query 9370 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000133.query 9370 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000134.query 306 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000136.query 7340 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000138.query 258 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000013a.query 5652 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000013b.query 5652 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000013c.query 232 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000013e.query 7606 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000013f.query 7606 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000140.query 348 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000142.query 9044 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000143.query 9044 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000144.query 294 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000146.query 8426 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000147.query 8426 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000014a.query 6942 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000014b.query 6942 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000014c.query 226 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000014e.query 7550 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000014f.query 7550 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000150.query 274 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000152.query 5448 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000153.query 5448 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000154.query 340 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000156.query 11238 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000157.query 11238 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000158.query 478 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000015c.query 504 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000160.query 462 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000162.query 4968 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000163.query 4968 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000164.query 388 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000165.query 3626 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000166.query 3626 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000016a.query 19148 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000016b.query 19148 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000016c.query 196 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000016e.query 7594 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000016f.query 7594 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000170.query 168 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000172.query 3420 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000173.query 3420 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000174.query 124 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000176.query 10956 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000177.query 10956 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000178.query 134 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000017a.query 2642 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000017b.query 2466 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000017c.query 156 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000017e.query 6006 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000017f.query 6006 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000180.query 234 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000182.query 21404 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000183.query 21404 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000184.query 258 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000186.query 9900 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000187.query 9900 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000188.query 204 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000018a.query 4206 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000018b.query 4206 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000018c.query 282 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000018d.query 546 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000018e.query 1050 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000018f.query 512 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000190.query 252 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000191.query 598 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000192.query 598 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000194.query 210 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000196.query 1960 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000197.query 1960 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000198.query 216 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000019a.query 19024 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000019b.query 19024 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000019c.query 188 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000019e.query 6536 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000019f.query 6536 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001a0.query 202 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001a3.query 9952 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001a4.query 432 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001a8.query 246 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001aa.query 5456 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ab.query 5456 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ac.query 364 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ad.query 3866 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ae.query 3866 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001b0.query 194 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001b2.query 17598 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001b3.query 17598 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001b4.query 262 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001b6.query 7244 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001b7.query 7244 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001b8.query 258 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ba.query 11944 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001a2.query 9952 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001bb.query 11944 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001d4.query 326 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001f0.query 694 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000020a.query 3892 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000227.query 2284 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000239.query 1520 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000256.query 2218 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000269.query 972 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000285.query 974 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000299.query 2044 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001bc.query 264 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001be.query 2004 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001bf.query 2004 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001c0.query 242 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001c2.query 18050 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001c3.query 18050 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001c4.query 194 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001c6.query 7300 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001c7.query 7300 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001c8.query 274 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ca.query 7884 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001cb.query 7884 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001cc.query 292 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ce.query 24326 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001cf.query 24326 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001d0.query 242 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001d2.query 4332 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001d3.query 4332 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000020b.query 3892 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000020c.query 230 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000210.query 102 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000212.query 1420 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000213.query 1420 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000214.query 84 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000215.query 2102 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000216.query 2102 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000218.query 244 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000219.query 2246 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000021a.query 2246 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000021c.query 174 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000021d.query 1670 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000021e.query 1670 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000220.query 172 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000221.query 2330 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000222.query 2330 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000224.query 208 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000226.query 2284 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000228.query 264 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000229.query 354 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000022a.query 4378 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000022b.query 4032 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000022c.query 202 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000022d.query 1884 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000022e.query 1884 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000230.query 206 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000231.query 3184 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000232.query 3184 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000234.query 218 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000236.query 5838 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000237.query 5838 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000238.query 282 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000023a.query 1520 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000023c.query 446 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000023d.query 2444 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000023e.query 2444 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000240.query 146 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000241.query 1592 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000242.query 1592 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000244.query 210 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000246.query 1780 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000247.query 1780 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000248.query 216 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000024a.query 2154 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000024b.query 2154 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000024c.query 200 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000024e.query 3142 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000024f.query 3142 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000250.query 278 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000252.query 3586 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000253.query 3586 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000254.query 244 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000255.query 2218 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000258.query 162 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000025a.query 3562 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000025b.query 3562 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000025c.query 202 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000025e.query 664 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000025f.query 664 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000260.query 216 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000261.query 562 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000262.query 562 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000264.query 202 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000266.query 3514 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000267.query 3514 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000268.query 184 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000026a.query 972 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000026c.query 156 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000026e.query 2260 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000026f.query 2260 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000270.query 184 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000272.query 4014 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000273.query 4014 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000274.query 156 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000276.query 904 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000277.query 904 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000278.query 220 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000027a.query 1018 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000027b.query 1018 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000027c.query 214 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000027e.query 5064 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000027f.query 5064 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000280.query 216 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000282.query 2858 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000283.query 2858 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000284.query 194 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000286.query 974 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000288.query 264 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000289.query 322 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000028a.query 322 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000028c.query 196 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000028d.query 976 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000028e.query 976 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000290.query 134 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000292.query 278 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000293.query 278 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000294.query 146 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000296.query 5174 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000297.query 5174 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\00000298.query 364 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000029a.query 2044 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000029c.query 350 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000029e.query 1458 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\0000029f.query 1458 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002a0.query 402 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002a2.query 1996 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002a3.query 1996 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002a4.query 216 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002a6.query 1968 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002a7.query 1968 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002a8.query 258 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002aa.query 1180 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002ab.query 1180 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002ac.query 222 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002ad.query 614 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002ae.query 1628 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002af.query 1022 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002b0.query 230 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002b2.query 3174 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002b3.query 3174 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002b4.query 214 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002b6.query 3162 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002b7.query 3162 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002b8.query 208 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002ba.query 2542 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000002bb.query 2542 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001d6.query 8208 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001d7.query 8208 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001d8.query 204 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001da.query 6792 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001db.query 6792 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001dc.query 516 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001e0.query 440 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001e2.query 4792 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001e3.query 4792 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001e4.query 262 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001e6.query 5648 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001e7.query 5648 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001e8.query 564 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ec.query 82 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ed.query 694 bytes File C:\WINDOWS\pchealth\helpctr\OfflineCache\Personal_32#040c\000001ee.query 694 bytes ---- EOF - GMER 1.0.15 ---- Compte tenu de ces difficultés, je ne sais pas si ce sera très utile. Merci et bonsoir.
- 
	  SOS Infection (Résolu)catch1 a répondu à un(e) sujet de catch1 dans Analyses et éradication malwares Ai désinstallé ComboFix comme demandé. Ai supprimé Winreplace par mise à la poubelle à partir du bureau : il n'existait pas dans ajoût/suppression de programmes, ni dans cc cleaner. Ai appliqué cc cleaner comme demandé. Quand je lance lance console par F8 au démarrage, puis mode sans échec avec prise en charge réseau, la page suivante demande si je veux windows normal ou la console. Je choisis la console. Elle se lance; je dois choisir ensuite entre 3 options 2 sur D et la n°3 sur C; Je choisis 3. J'arrive à C:>windows. j'entre Set et J'obtiens 4 lignes : les 3 allow et nocopy, rien d'autre. Je passe les 3 valeurs allow et noCopy en true. Ensuite je tape batch c:\fich1.bat et là, il me répond : commande inconnue, bien que BATCH figure dans la liste des commandes obtenue par Help. J'en suis là.
- 
	  SOS Infection (Résolu)catch1 a répondu à un(e) sujet de catch1 dans Analyses et éradication malwares Ai fait, sans doute,une bêtise. Je ne sais pas comment désinstaller ComboFix et WinFileReplace. Ces 2 applications sont sur le bureau et sont lancées directement par là. Avais cc cleaner installé. Ai coché toutes les cases de gauche sauf avancé, mais ai oublié de décocher dans options la case : nettoyer les fichiers temporaire >24heures. On peut encore le faire. Ai essayé de lancer la console. Toujours le même problème pour batch : commande inconnue ou fichier inconnu. Que faire?
- 
	  SOS Infection (Résolu)catch1 a répondu à un(e) sujet de catch1 dans Analyses et éradication malwares Problème : tout va bien au départ, mais quand j'arrive à Taper Batch c:\Fich1.bat, Il me répond commande inconnue. Si je fais help : BATCH figure dans la liste des commandes. que dois-je faire?. La manoeuvre doit-elle se faire en mode normal ou sans échec?
- 
	  SOS Infection (Résolu)catch1 a répondu à un(e) sujet de catch1 dans Analyses et éradication malwares Bonjour, Ai créé les fichiers .bat dans C. Je n'ai pas de CD d'installation Windows. Le programme se relance à partir d'une partition cachée sur le disque dur, je ne sais pas où. J'ai seulement un DVD de sauvegarde fait par moi-même à la première mise en route du PC. Je ne sais pas si ça suffit. en général, quand je veux démarrer en mode sans échec, on me propose de démarrer à partir de la console. Je ne sais pas comment vérifier les options boot dans le Bios. Que veut dire en fin de message. Est-ce à taper quelque part? Je suis un très mauvais utilisateur de MS-DOS. Je n'y connais rien. Pas très confiant dans mes capacités, j'attends les précisions avant de faire quoi que ce soit. Et je n'ai pas la possibilité d'imprimer vos consignes. Aie!
- 
	  SOS Infection (Résolu)catch1 a répondu à un(e) sujet de catch1 dans Analyses et éradication malwares Bonjour, Ai pris la liberté de repasser DrWeb en attendant : Voici le rapport: nmindexstoresvr.exe c:\program files\fichiers communs\ahead\lib Win32.Virut.56 Désinfecté. wmiprvse.exe c:\windows\system32\wbem Win32.Virut.56 Désinfecté. A bientôt
- 
	  SOS Infection (Résolu)catch1 a répondu à un(e) sujet de catch1 dans Analyses et éradication malwares Bonsoir, Le virus fait de la résistance. Dois-je télécharger un nouvel antivirus? Après la désinstallation de Combofix, j'ai récupéré une connection normale. Je l'ai reperdue par la suite après les nouveaux passages de ComboFix. Je joins les 4 logs générés : ComboFix 09-04-04.01 - HP_Propriétaire 2009-04-05 20:36:01.4 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.382.132 [GMT 2:00] Lancé depuis: c:\documents and settings\HP_Propriétaire\Bureau\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\svchost.exe . . . est infecté!! c:\windows\system32\spoolsv.exe . . . est infecté!! c:\windows\explorer.exe . . . est infecté!! . ((((((((((((((((((((((((((((( Fichiers créés du 2009-03-05 au 2009-04-05 )))))))))))))))))))))))))))))))))))) . 2009-04-04 21:58 . 2004-08-05 20:00 1,055,232 --a------ c:\windows\explorer.backup 2009-04-04 21:58 . 2004-08-05 20:00 76,800 --a------ c:\windows\system32\spoolsv.backup 2009-04-04 21:57 . 2004-08-05 20:00 33,280 --a------ c:\windows\system32\svchost.backup 2009-04-04 21:54 . 2009-04-04 22:24 <REP> d-------- C:\FR-files 2009-04-04 21:46 . 2009-04-04 21:58 <REP> d-------- C:\WinFileReplace 2009-04-04 19:53 . 2009-04-04 19:53 11,452,389 --a------ c:\windows\services.ex_ 2009-04-04 16:47 . 2009-04-04 16:46 22,722,697 --a------ c:\windows\LPT$VPN.943 2009-04-04 16:46 . 2009-04-04 16:46 <REP> d-------- c:\windows\AU_Temp 2009-04-04 16:46 . 2009-04-04 16:46 22,722,697 --a------ c:\windows\VPTNFILE.943 2009-04-04 08:26 . 2009-02-13 11:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys 2009-04-04 08:25 . 2009-04-04 08:25 <REP> d-------- c:\program files\Avira 2009-04-04 08:25 . 2009-04-04 08:25 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-04-03 21:55 . 2009-04-04 05:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\DoctorWeb 2009-04-03 21:55 . 2009-04-04 05:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\DoctorWeb 2009-04-03 08:35 . 2009-04-03 14:08 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\.ABC 2009-04-02 17:20 . 2009-04-05 06:28 <REP> d-------- c:\program files\Sudoku 2009-04-02 16:51 . 2009-04-02 16:51 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Goto.Games 2009-04-02 16:46 . 2009-04-02 16:47 <REP> d-------- c:\program files\Objectif Tarot 2009-04-02 16:46 . 2009-04-02 16:46 150,528 --a------ c:\windows\system32\SpoonUninstall.exe 2009-04-02 16:46 . 2009-04-02 16:46 82,994 --a------ c:\windows\system32\SpoonUninstall-Objectif Tarot.bmp 2009-04-02 16:46 . 2009-04-02 16:46 1,722 --a------ c:\windows\system32\SpoonUninstall-Objectif Tarot.dat 2009-04-02 16:34 . 2009-04-02 16:34 <REP> d-------- c:\documents and settings\HP_Propriétaire\.bztarot 2009-04-02 16:34 . 2009-04-02 16:34 <REP> d-------- c:\documents and settings\HP_Propriétaire\.bztarot 2009-04-02 16:34 . 2009-04-02 16:34 8 --a------ c:\documents and settings\HP_Propriétaire\.bztarotcumul.dat 2009-04-02 16:34 . 2009-04-02 16:34 8 --a------ c:\documents and settings\HP_Propriétaire\.bztarotcumul.dat 2009-04-02 16:28 . 2009-04-03 21:59 98,304 --a------ c:\windows\system32\qttask.exe 2009-04-02 16:24 . 2004-02-17 10:11 53,248 --a------ c:\windows\system32\vp6dec_settings.cpl 2009-04-02 16:23 . 2003-08-18 05:10 122,880 --a------ c:\windows\system32\directx.cpl 2009-04-02 16:23 . 2003-03-25 05:49 106,544 --a------ c:\windows\system32\tweakui.cpl 2009-04-02 16:23 . 2003-03-25 05:49 98,304 --a------ c:\windows\system32\startup.cpl 2009-04-02 16:23 . 2003-03-25 05:49 51,238 --a------ c:\windows\system32\tweakui.hlp 2009-04-02 16:18 . 2004-05-25 16:06 417,792 --a------ c:\windows\system32\ac3filter.cpl 2009-04-02 16:10 . 2009-04-02 16:10 242,176 --a------ c:\windows\~INSX362.EX_ 2009-04-02 15:52 . 2009-04-02 15:52 <REP> d-------- C:\bases 2009-04-02 15:08 . 2009-04-02 15:08 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\vlc 2009-04-02 15:02 . 2009-04-02 15:02 124 --a------ c:\windows\system32\7.tmp 2009-04-02 14:53 . 2009-04-03 20:54 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Ahead 2009-04-02 12:23 . 2009-04-02 12:23 <REP> d-------- c:\windows\system32\fr-fr 2009-04-02 11:58 . 2009-04-02 11:58 <REP> d-------- C:\6761876ae56e766ef0e09bcba4e9d4b7 2009-04-02 11:39 . 2009-04-04 16:26 <REP> d-------- c:\program files\Spamihilator 2009-04-02 11:01 . 2009-04-04 18:43 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Spamihilator 2009-04-02 10:57 . 2009-04-02 10:57 130,813 --a------ C:\F3.tmp 2009-04-02 10:39 . 2009-04-02 10:39 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Microsoft Web Folders 2009-04-02 10:35 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2009-04-02 10:31 . 2001-11-02 15:10 184,320 --a------ c:\windows\system32\PhotoImpression Screen Saver.scr 2009-04-02 09:58 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys 2009-04-02 09:58 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2009-04-02 09:57 . 2003-05-23 03:06 73,869 --a------ c:\windows\system32\EBPMON24.DLL 2009-04-02 09:57 . 2003-05-21 04:27 64,000 --a------ c:\windows\system32\ECBTEG.DLL 2009-04-02 09:57 . 2009-04-03 21:58 39,936 --a------ c:\windows\system32\drivers\CDAC11BA.EXE 2009-04-02 09:57 . 2000-06-07 03:01 34,304 --a------ c:\windows\system32\EBPCHP.DLL 2009-04-02 09:57 . 2001-09-04 04:04 182 --a------ c:\windows\system32\EBPPORT4.DAT 2009-04-02 09:56 . 2009-04-02 09:56 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\ABBYY 2009-04-02 09:54 . 2003-04-02 00:00 217,088 --a------ c:\windows\system32\esdtr.dll 2009-04-02 09:54 . 2001-11-15 00:00 47,104 --a------ c:\windows\system32\escimgd.dll 2009-04-02 09:54 . 2002-06-20 00:00 32,256 --a------ c:\windows\system32\escwiad.dll 2009-04-02 09:54 . 2002-06-20 00:00 22,528 --a------ c:\windows\system32\esccmd.dll 2009-04-02 06:54 . 2009-04-04 21:49 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Orbit 2009-04-02 06:50 . 2009-04-02 06:50 172,032 --a------ c:\windows\system32\AniGIF.ocx 2009-04-02 06:35 . 1997-09-28 14:22 92,672 --a------ c:\windows\system32\COMDLG32.OCX 2009-04-02 06:35 . 1997-09-28 14:22 37,376 --a------ c:\windows\system32\VbVfw.dll 2009-04-02 03:09 . 2009-04-02 03:31 <REP> d-------- c:\windows\system32\CatRoot_bak 2009-04-02 03:06 . 2008-08-14 15:44 2,182,400 --------- c:\windows\system32\dllcache\ntoskrnl.exe 2009-04-02 03:06 . 2008-08-14 15:44 2,138,112 --------- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-04-02 03:06 . 2008-08-14 15:44 2,059,776 --------- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-04-02 03:06 . 2008-08-14 15:44 2,017,792 --------- c:\windows\system32\dllcache\ntkrpamp.exe 2009-04-02 03:03 . 2008-10-24 13:10 453,632 --------- c:\windows\system32\dllcache\mrxsmb.sys 2009-04-02 03:01 . 2006-09-06 16:43 22,752 --a------ c:\windows\system32\spupdsvc.exe 2009-04-02 01:10 . 2008-06-14 19:59 272,768 --------- c:\windows\system32\drivers\bthport.sys 2009-04-02 01:10 . 2008-06-14 19:59 272,768 --------- c:\windows\system32\dllcache\bthport.sys 2009-04-02 01:07 . 2009-04-02 01:07 8,192 --a------ c:\windows\system32\edb.chk 2009-04-02 01:06 . 2005-01-02 03:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\WINDOWS 2009-04-02 01:06 . 2005-01-02 03:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\WINDOWS 2009-04-02 01:06 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage réseau 2009-04-02 01:06 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage réseau 2009-04-02 01:06 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage d'impression 2009-04-02 01:06 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage d'impression 2009-04-02 01:06 . 2009-04-02 08:47 <REP> d-------- c:\documents and settings\HP_Propriétaire\Modèles 2009-04-02 01:06 . 2009-04-02 08:47 <REP> d-------- c:\documents and settings\HP_Propriétaire\Modèles 2009-04-02 01:06 . 2009-04-05 11:05 <REP> dr------- c:\documents and settings\HP_Propriétaire\Mes documents 2009-04-02 01:06 . 2009-04-05 11:05 <REP> dr------- c:\documents and settings\HP_Propriétaire\Mes documents 2009-04-02 01:06 . 2009-04-02 10:38 <REP> d-------- c:\documents and settings\HP_Propriétaire\Menu Démarrer 2009-04-02 01:06 . 2009-04-02 10:38 <REP> d-------- c:\documents and settings\HP_Propriétaire\Menu Démarrer 2009-04-02 01:06 . 2009-04-04 23:37 <REP> dr------- c:\documents and settings\HP_Propriétaire\Favoris 2009-04-02 01:06 . 2009-04-04 23:37 <REP> dr------- c:\documents and settings\HP_Propriétaire\Favoris 2009-04-02 01:06 . 2009-04-05 20:29 <REP> d-------- c:\documents and settings\HP_Propriétaire\Bureau 2009-04-02 01:06 . 2009-04-05 20:29 <REP> d-------- c:\documents and settings\HP_Propriétaire\Bureau 2009-04-02 01:06 . 2005-01-02 04:07 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Symantec 2009-04-02 01:06 . 2005-01-02 03:58 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\SampleView 2009-04-02 01:06 . 2005-01-02 03:47 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Apple Computer 2009-04-02 01:06 . 2009-04-04 22:29 <REP> d-------- c:\documents and settings\HP_Propriétaire 2009-04-02 01:06 . 2004-08-05 20:00 221,184 --a------ c:\windows\system32\wmpns.dll 2009-04-02 01:06 . 2009-04-02 01:06 1,832 -rahs---- c:\windows\system32\drivers\103C_HP_CPC_EC616AA-ABF t3128.fr_YC_0Pavi_QCZC531_E53FRheBLU4_47_IAMETHYST-M_SMSI_V1.0_B3.20_T050708_WXH2_L40C_M383_J160_7AMD_8Sempron_91.79_#060127_N10EC8 139_Z11C1048C_G10025954_OLITE-ON DVDRW SOHW-1633S_DPTS0307.MRK 2009-04-02 01:02 . 2005-01-02 03:48 <REP> d-------- c:\windows\system32\config\systemprofile\WINDOWS 2009-04-02 01:02 . 2005-01-02 04:07 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\Symantec 2009-04-02 01:02 . 2005-01-02 03:58 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\SampleView 2009-04-02 01:02 . 2005-01-02 03:47 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\Apple Computer 2009-04-02 00:50 . 2009-04-03 12:13 94,208 --a------ c:\windows\DUMP98e4.tmp 2009-04-02 00:50 . 2009-04-02 20:32 94,208 --a------ c:\windows\DUMP832a.tmp 2009-04-01 22:06 . 2009-04-03 18:55 <REP> d-------- C:\Copie mes documents 2009-04-01 18:10 . 2009-04-01 18:10 <REP> d-------- c:\windows\ERUNT 2009-04-01 18:09 . 2009-04-04 22:24 130 --a------ c:\windows\adobe.bat 2009-04-01 18:09 . 2009-04-04 19:53 7 --a------ c:\windows\_id.dat 2009-04-01 18:08 . 2005-01-02 03:48 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\WINDOWS 2009-04-01 18:08 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Voisinage réseau 2009-04-01 18:08 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Voisinage d'impression 2009-04-01 18:08 . 2008-10-11 03:30 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Modèles 2009-04-01 18:08 . 2005-01-02 04:16 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Mes documents 2009-04-01 18:08 . 2004-11-25 05:26 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Menu Démarrer 2009-04-01 18:08 . 2008-10-10 19:05 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Favoris 2009-04-01 18:08 . 2005-01-02 03:51 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Bureau 2009-04-01 18:08 . 2005-01-02 04:07 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Application Data\Symantec 2009-04-01 18:08 . 2005-01-02 03:58 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Application Data\SampleView 2009-04-01 18:08 . 2005-01-02 03:47 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Application Data\Apple Computer 2009-04-01 18:08 . 2009-04-01 21:35 <REP> d-------- c:\documents and settings\Administrateur.CHRIS 2009-04-01 10:06 . 2009-04-01 10:06 0 --a------ C:\F.tmp 2009-04-01 09:52 . 2009-04-01 09:52 <REP> d-------- c:\program files\CleanUp! 2009-04-01 08:13 . 2009-04-01 08:13 0 --a------ C:\C.tmp 2009-04-01 08:10 . 2009-04-01 08:10 0 --a------ C:\B.tmp 2009-03-31 06:03 . 2009-03-31 06:10 <REP> d-------- c:\windows\vf_hip 2009-03-31 06:03 . 2009-03-31 08:52 <REP> d-------- c:\program files\Hide IP Platinum 2009-03-31 05:07 . 2009-03-31 05:07 <REP> d-------- c:\program files\Tetris 2009-03-31 05:07 . 2009-03-31 05:07 <REP> d-------- c:\program files\Intelore 2009-03-31 04:44 . 2009-03-31 05:07 <REP> d-------- c:\windows\vf_hip(2) 2009-03-31 04:44 . 2009-03-31 05:07 <REP> d-------- c:\program files\Hide IP Platinum(2) . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-05 09:27 57,856 ----a-w c:\windows\system32\spoolsv.exe 2009-04-05 09:27 33,280 ----a-w c:\windows\system32\svchost.exe 2009-04-05 09:27 1,055,232 ----a-w c:\windows\explorer.exe 2009-04-04 21:16 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-04-04 20:26 182,912 ----a-w c:\windows\system32\drivers\ndis.sys 2009-04-04 17:53 213,376 ----a-w c:\windows\system32\dllcache\ndis.sys 2009-04-04 14:46 91,744 -c--a-w c:\windows\BPMNT.dll 2009-04-04 14:46 1,213,784 -c--a-w c:\windows\vsapi32.dll 2009-04-04 14:45 69,689 -c--a-w c:\windows\UNZIP.DLL 2009-04-04 14:45 507,904 -c--a-w c:\windows\TMUPDATE.DLL 2009-04-04 10:21 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-04-03 20:00 38,912 ----a-w c:\windows\system32\wdfmgr.exe 2009-04-03 20:00 295,424 ----a-w c:\windows\system32\vssvc.exe 2009-04-03 20:00 --------- d-----w c:\program files\DAP 2009-04-03 19:58 69,632 ----a-w c:\windows\system32\HPZipm12.exe 2009-04-03 19:58 659,456 ----a-w c:\windows\system32\hphmon06.exe 2009-04-03 19:58 57,344 ----a-w c:\windows\ALCXMNTR.EXE 2009-04-03 19:58 5,632 ----a-w c:\windows\system32\cisvc.exe 2009-04-03 19:58 44,544 ----a-w c:\windows\system32\alg.exe 2009-04-03 19:58 400,896 ----a-w c:\windows\system32\cmd.exe 2009-04-03 19:58 364,544 ----a-w c:\windows\system32\ati2evxx.exe 2009-04-03 19:58 33,280 ----a-w c:\windows\system32\clipsrv.exe 2009-04-03 19:58 268,800 ----a-w c:\windows\system32\fxssvc.exe 2009-04-03 19:58 225,280 ----a-w c:\windows\system32\dmadmin.exe 2009-04-03 19:58 15,360 ----a-w c:\windows\system32\ctfmon.exe 2009-04-03 19:58 10,752 ----a-w c:\windows\system32\dumprep.exe 2009-04-03 15:50 --------- d-----w c:\program files\Microsoft Money 2009-04-03 06:35 --------- d-----w c:\program files\ABC 2009-04-03 05:10 --------- d-----w c:\program files\Smart Panel 2009-04-03 05:09 --------- d--h--w c:\program files\InstallShield Installation Information 2009-04-03 04:58 --------- d-----w c:\program files\EPSON 2009-04-02 20:32 --------- d-----w c:\program files\AsfTools 2009-04-02 14:34 --------- d-----w c:\program files\BzTarot 2009-04-02 14:28 --------- d-----w c:\program files\Quicktime 2009-04-02 14:26 --------- d-----w c:\program files\ACE Mega CoDecS Pack 2009-04-02 13:48 --------- d-----w c:\program files\ACD Systems 2009-04-02 13:36 --------- d-----w c:\program files\Microsoft Bootvis 2009-04-02 11:57 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-04-02 09:37 --------- d-----w c:\program files\Orbitdownloader 2009-04-02 08:58 --------- d-----w c:\program files\Eliminate Spam! 2009-04-02 08:38 --------- d-----w c:\program files\microsoft frontpage 2009-04-02 04:57 --------- d-----w c:\program files\A.S.C 2009-04-02 04:36 --------- d-----w c:\program files\PeckJoin 2009-04-02 03:56 --------- d-----w c:\program files\CCleaner 2009-04-02 03:53 --------- d-----w c:\program files\Easy Internet signup 2009-04-01 23:08 --------- d-----w c:\program files\Symantec 2009-04-01 23:08 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-04-01 07:25 71,749 -c--a-w c:\windows\hcextoutput.dll 2009-04-01 07:25 368,709 -c--a-w c:\windows\tsc.exe 2009-04-01 03:45 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-04-01 00:18 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-31 05:50 --------- d-----w c:\program files\eMule 2009-03-28 10:26 --------- d-----w c:\program files\TomTom HOME 2 2009-03-18 15:38 --------- d-----w c:\program files\Tomtomax Maxi-Box 2009-03-18 13:34 --------- d-----w c:\program files\Yahoo! 2009-02-22 09:26 --------- d-----w c:\program files\WinAVI Video Converter 9.0 2009-02-16 14:17 --------- d-----w c:\program files\Video Strip Poker Full Version - NICOLE 2009-02-09 14:17 1,846,400 ----a-w c:\windows\system32\win32k.sys 2009-02-09 14:17 1,846,400 ----a-w c:\windows\system32\dllcache\win32k.sys 2005-05-13 15:12 217,073 --sha-r c:\windows\meta4.exe 2007-01-28 18:20 22 --sha-w c:\windows\SMINST\HPCD.sys 2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll . ------- Sigcheck ------- 2004-08-05 20:00 33280 f2e9e2bb32afa47558ed88a19c00d32a c:\windows\$NtServicePackUninstall$\svchost.exe 2008-04-14 04:34 33280 4d185cc4379906b3131dfeb549a2a27e c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\svchost.exe 2008-04-14 04:34 33280 d938f7919cdae924800ff857482dd052 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\svchost.exe 2009-04-05 11:27 33280 aa2b6ae9c0c23e7362fd6366b73c6361 c:\windows\system32\svchost.exe 2004-08-19 16:10 33280 e76f08a97b7a2bda73b45cabf4d0da61 c:\windows\system32\dllcache\svchost.exe 2009-04-05 11:27 1055232 279c6db506073019ec5672431e6b034c c:\windows\explorer.exe 2007-06-13 15:10 1056256 6e77d2e39fdf839e2475406b0e854d9f c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-05 20:00 1055232 678e4eae8ed8741191bac5743157f12f c:\windows\$NtServicePackUninstall$\explorer.exe 2004-08-05 20:00 1055232 3a52c5525902fb158b435f5dcc9764fe c:\windows\$NtUninstallKB938828$\explorer.exe 2008-04-14 04:34 1056768 58f989c78fcfa836ac446b39a9e49d0c c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\explorer.exe 2008-04-14 04:34 1056768 2a6361367c665bec3f2b31c423af2cf8 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\explorer.exe 2004-08-19 16:09 1055232 25ab848cad24b4e7ce74167edf1aefc8 c:\windows\system32\dllcache\explorer.exe 2004-08-05 20:00 34304 ecf932debc3adb435a516f58ddffec9d c:\windows\$NtServicePackUninstall$\ctfmon.exe 2008-04-14 04:33 34304 8181a7405cfba23178508c8b837e1333 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ctfmon.exe 2008-04-14 04:33 34304 330f39a904e20672ffc4a035fb3e78af c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ctfmon.exe 2009-04-03 21:58 15360 14f3132dc8d481eba108ba9e2cf1389e c:\windows\system32\ctfmon.exe 2004-08-05 20:00 34304 9b8145273b153cba00630a03f3ffd31c c:\windows\system32\dllcache\ctfmon.exe 2005-06-11 02:17 76800 101d417010dee6004a41675dad35b720 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe 2004-08-05 20:00 76800 68167077066c4e7712b48d0268a46130 c:\windows\$NtServicePackUninstall$\spoolsv.exe 2004-08-05 20:00 76800 67a22c54ac31dc3b94a01db45d77b642 c:\windows\$NtUninstallKB896423$\spoolsv.exe 2008-04-14 04:34 76800 59d0d18b7cd8d3811282751758e94372 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\spoolsv.exe 2008-04-14 04:34 76800 9beabc5acd60828b61be65231878f7a5 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\spoolsv.exe 2009-04-05 11:27 57856 5a25b5dbe254692021d638ad1b6960e0 c:\windows\system32\spoolsv.exe 2004-08-19 16:10 76800 ab2ca4a6307c714213ea4be8d0da93d3 c:\windows\system32\dllcache\spoolsv.exe 2004-08-05 20:00 44032 340283e6986ec63596f2e16d06e21279 c:\windows\$NtServicePackUninstall$\userinit.exe 2008-04-14 04:34 45568 26bf6b49401333ff2d061a47ccfb90f5 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\userinit.exe 2008-04-14 04:34 45568 4cf572364737db447420c278abdfab49 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\userinit.exe 2009-04-03 21:59 25088 1fa37ceb2e7eb9fc851d14ad1a56a335 c:\windows\system32\userinit.exe 2004-08-05 20:00 44032 7e493f374f6fda57e47bc498a9ba9bf3 c:\windows\system32\dllcache\userinit.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-04-03 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2009-04-03 139264] c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2009-04-03 57344] c:\documents and settings\Administrateur.CHRIS\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2009-04-03 57344] c:\documents and settings\Administrateur.NOM-EB85C523610.000\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2009-04-03 57344] c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2009-04-03 57344] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.iac2"= c:\progra~1\ACEMEG~1\SystemS\Intel\iac25_32.ax "msacm.sl_anet"= c:\progra~1\ACEMEG~1\SystemS\sl_anet.acm "vidc.yv12"= c:\progra~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL "vidc.divx"= c:\progra~1\ACEMEG~1\SystemS\DivX\DivX520.dll "vidc.iyuv"= c:\progra~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll "vidc.yvu9"= c:\progra~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll "msacm.msadpcm"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msadp32.acm "msacm.imaadpcm"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\imaadp32.acm "msacm.msg711"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msg711.acm "msacm.msg723"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msg723.acm "msacm.msgsm610"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msgsm32.acm "vidc.m261"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msh261.drv "vidc.m263"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msh263.drv "vidc.i420"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msh263.drv "vidc.mrle"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msrle32.dll "vidc.uyvy"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msyuv.dll "vidc.yuy2"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msyuv.dll "vidc.yvyu"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msyuv.dll "vidc.msvc"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msvidc32.dll "vidc.cram"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msvidc32.dll "vidc.mpg4"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp41"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp42"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp43"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp4s"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp4v"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.wmv3"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\WMV9VCM.dll "msacm.msaudio1"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msaud32.acm "vidc.vp30"= c:\progra~1\ACEMEG~1\SystemS\ON2TEC~2\vp31vfw.dll "vidc.vp31"= c:\progra~1\ACEMEG~1\SystemS\ON2TEC~2\vp31vfw.dll "vidc.vp60"= c:\progra~1\ACEMEG~1\SystemS\ON2TEC~2\vp6vfw.dll "vidc.vp61"= c:\progra~1\ACEMEG~1\SystemS\ON2TEC~2\vp6vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "avg8emc"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= S1 ethbsxni;ethbsxni;c:\windows\system32\drivers\ethbsxni.sys --> c:\windows\system32\drivers\ethbsxni.sys [?] S1 ethzqbeq;ethzqbeq;c:\windows\system32\drivers\ethzqbeq.sys --> c:\windows\system32\drivers\ethzqbeq.sys [?] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-04 108032] . Contenu du dossier 'Tâches planifiées' 2009-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-04-03 c:\windows\Tasks\Maintenance en 1 clic.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.sfr.fr/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htm IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-05 20:41:13 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwOpenFile Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(528) c:\windows\system32\Ati2evxx.dll c:\windows\system32\WININET.DLL . Heure de fin: 2009-04-05 20:44:15 ComboFix-quarantined-files.txt 2009-04-05 18:44:13 ComboFix2.txt 2009-04-05 09:21:23 Avant-CF: 45 762 531 328 octets libres Après-CF: 45,756,542,976 octets libres 346 --- E O F --- 2009-04-02 07:30:34 ComboFix 2 :ComboFix 09-04-04.01 - HP_Propriétaire 2009-04-05 20:51:02.5 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.382.112 [GMT 2:00] Lancé depuis: c:\documents and settings\HP_Propriétaire\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\HP_Propriétaire\Bureau\CFScript.txt.txt AV: AntiVir Desktop *On-access scanning disabled* (Outdated) * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\svchost.exe . . . est infecté!! c:\windows\system32\spoolsv.exe . . . est infecté!! c:\windows\explorer.exe . . . est infecté!! . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_ethbsxni -------\Service_ethzqbeq ((((((((((((((((((((((((((((( Fichiers créés du 2009-03-05 au 2009-04-05 )))))))))))))))))))))))))))))))))))) . 2009-04-04 21:58 . 2004-08-05 20:00 1,055,232 --a------ c:\windows\explorer.backup 2009-04-04 21:58 . 2004-08-05 20:00 76,800 --a------ c:\windows\system32\spoolsv.backup 2009-04-04 21:57 . 2004-08-05 20:00 33,280 --a------ c:\windows\system32\svchost.backup 2009-04-04 21:54 . 2009-04-04 22:24 <REP> d-------- C:\FR-files 2009-04-04 21:46 . 2009-04-04 21:58 <REP> d-------- C:\WinFileReplace 2009-04-04 19:53 . 2009-04-04 19:53 11,452,389 --a------ c:\windows\services.ex_ 2009-04-04 16:47 . 2009-04-04 16:46 22,722,697 --a------ c:\windows\LPT$VPN.943 2009-04-04 16:46 . 2009-04-04 16:46 <REP> d-------- c:\windows\AU_Temp 2009-04-04 16:46 . 2009-04-04 16:46 22,722,697 --a------ c:\windows\VPTNFILE.943 2009-04-04 08:26 . 2009-02-13 11:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys 2009-04-04 08:25 . 2009-04-04 08:25 <REP> d-------- c:\program files\Avira 2009-04-04 08:25 . 2009-04-04 08:25 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-04-03 21:55 . 2009-04-04 05:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\DoctorWeb 2009-04-03 21:55 . 2009-04-04 05:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\DoctorWeb 2009-04-03 08:35 . 2009-04-03 14:08 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\.ABC 2009-04-02 17:20 . 2009-04-05 06:28 <REP> d-------- c:\program files\Sudoku 2009-04-02 16:51 . 2009-04-02 16:51 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Goto.Games 2009-04-02 16:46 . 2009-04-02 16:47 <REP> d-------- c:\program files\Objectif Tarot 2009-04-02 16:46 . 2009-04-02 16:46 150,528 --a------ c:\windows\system32\SpoonUninstall.exe 2009-04-02 16:46 . 2009-04-02 16:46 82,994 --a------ c:\windows\system32\SpoonUninstall-Objectif Tarot.bmp 2009-04-02 16:46 . 2009-04-02 16:46 1,722 --a------ c:\windows\system32\SpoonUninstall-Objectif Tarot.dat 2009-04-02 16:34 . 2009-04-02 16:34 <REP> d-------- c:\documents and settings\HP_Propriétaire\.bztarot 2009-04-02 16:34 . 2009-04-02 16:34 <REP> d-------- c:\documents and settings\HP_Propriétaire\.bztarot 2009-04-02 16:34 . 2009-04-02 16:34 8 --a------ c:\documents and settings\HP_Propriétaire\.bztarotcumul.dat 2009-04-02 16:34 . 2009-04-02 16:34 8 --a------ c:\documents and settings\HP_Propriétaire\.bztarotcumul.dat 2009-04-02 16:28 . 2009-04-03 21:59 98,304 --a------ c:\windows\system32\qttask.exe 2009-04-02 16:24 . 2004-02-17 10:11 53,248 --a------ c:\windows\system32\vp6dec_settings.cpl 2009-04-02 16:23 . 2003-08-18 05:10 122,880 --a------ c:\windows\system32\directx.cpl 2009-04-02 16:23 . 2003-03-25 05:49 106,544 --a------ c:\windows\system32\tweakui.cpl 2009-04-02 16:23 . 2003-03-25 05:49 98,304 --a------ c:\windows\system32\startup.cpl 2009-04-02 16:23 . 2003-03-25 05:49 51,238 --a------ c:\windows\system32\tweakui.hlp 2009-04-02 16:18 . 2004-05-25 16:06 417,792 --a------ c:\windows\system32\ac3filter.cpl 2009-04-02 16:10 . 2009-04-02 16:10 242,176 --a------ c:\windows\~INSX362.EX_ 2009-04-02 15:52 . 2009-04-02 15:52 <REP> d-------- C:\bases 2009-04-02 15:08 . 2009-04-02 15:08 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\vlc 2009-04-02 15:02 . 2009-04-02 15:02 124 --a------ c:\windows\system32\7.tmp 2009-04-02 14:53 . 2009-04-03 20:54 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Ahead 2009-04-02 12:23 . 2009-04-02 12:23 <REP> d-------- c:\windows\system32\fr-fr 2009-04-02 11:58 . 2009-04-02 11:58 <REP> d-------- C:\6761876ae56e766ef0e09bcba4e9d4b7 2009-04-02 11:39 . 2009-04-04 16:26 <REP> d-------- c:\program files\Spamihilator 2009-04-02 11:01 . 2009-04-04 18:43 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Spamihilator 2009-04-02 10:57 . 2009-04-02 10:57 130,813 --a------ C:\F3.tmp 2009-04-02 10:39 . 2009-04-02 10:39 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Microsoft Web Folders 2009-04-02 10:35 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2009-04-02 10:31 . 2001-11-02 15:10 184,320 --a------ c:\windows\system32\PhotoImpression Screen Saver.scr 2009-04-02 09:58 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys 2009-04-02 09:58 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2009-04-02 09:57 . 2003-05-23 03:06 73,869 --a------ c:\windows\system32\EBPMON24.DLL 2009-04-02 09:57 . 2003-05-21 04:27 64,000 --a------ c:\windows\system32\ECBTEG.DLL 2009-04-02 09:57 . 2009-04-03 21:58 39,936 --a------ c:\windows\system32\drivers\CDAC11BA.EXE 2009-04-02 09:57 . 2000-06-07 03:01 34,304 --a------ c:\windows\system32\EBPCHP.DLL 2009-04-02 09:57 . 2001-09-04 04:04 182 --a------ c:\windows\system32\EBPPORT4.DAT 2009-04-02 09:56 . 2009-04-02 09:56 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\ABBYY 2009-04-02 09:54 . 2003-04-02 00:00 217,088 --a------ c:\windows\system32\esdtr.dll 2009-04-02 09:54 . 2001-11-15 00:00 47,104 --a------ c:\windows\system32\escimgd.dll 2009-04-02 09:54 . 2002-06-20 00:00 32,256 --a------ c:\windows\system32\escwiad.dll 2009-04-02 09:54 . 2002-06-20 00:00 22,528 --a------ c:\windows\system32\esccmd.dll 2009-04-02 06:54 . 2009-04-04 21:49 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Orbit 2009-04-02 06:50 . 2009-04-02 06:50 172,032 --a------ c:\windows\system32\AniGIF.ocx 2009-04-02 06:35 . 1997-09-28 14:22 92,672 --a------ c:\windows\system32\COMDLG32.OCX 2009-04-02 06:35 . 1997-09-28 14:22 37,376 --a------ c:\windows\system32\VbVfw.dll 2009-04-02 03:09 . 2009-04-02 03:31 <REP> d-------- c:\windows\system32\CatRoot_bak 2009-04-02 03:06 . 2008-08-14 15:44 2,182,400 --------- c:\windows\system32\dllcache\ntoskrnl.exe 2009-04-02 03:06 . 2008-08-14 15:44 2,138,112 --------- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-04-02 03:06 . 2008-08-14 15:44 2,059,776 --------- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-04-02 03:06 . 2008-08-14 15:44 2,017,792 --------- c:\windows\system32\dllcache\ntkrpamp.exe 2009-04-02 03:03 . 2008-10-24 13:10 453,632 --------- c:\windows\system32\dllcache\mrxsmb.sys 2009-04-02 03:01 . 2006-09-06 16:43 22,752 --a------ c:\windows\system32\spupdsvc.exe 2009-04-02 01:10 . 2008-06-14 19:59 272,768 --------- c:\windows\system32\drivers\bthport.sys 2009-04-02 01:10 . 2008-06-14 19:59 272,768 --------- c:\windows\system32\dllcache\bthport.sys 2009-04-02 01:07 . 2009-04-02 01:07 8,192 --a------ c:\windows\system32\edb.chk 2009-04-02 01:06 . 2005-01-02 03:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\WINDOWS 2009-04-02 01:06 . 2005-01-02 03:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\WINDOWS 2009-04-02 01:06 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage réseau 2009-04-02 01:06 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage réseau 2009-04-02 01:06 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage d'impression 2009-04-02 01:06 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage d'impression 2009-04-02 01:06 . 2009-04-02 08:47 <REP> d-------- c:\documents and settings\HP_Propriétaire\Modèles 2009-04-02 01:06 . 2009-04-02 08:47 <REP> d-------- c:\documents and settings\HP_Propriétaire\Modèles 2009-04-02 01:06 . 2009-04-05 11:05 <REP> dr------- c:\documents and settings\HP_Propriétaire\Mes documents 2009-04-02 01:06 . 2009-04-05 11:05 <REP> dr------- c:\documents and settings\HP_Propriétaire\Mes documents 2009-04-02 01:06 . 2009-04-02 10:38 <REP> d-------- c:\documents and settings\HP_Propriétaire\Menu Démarrer 2009-04-02 01:06 . 2009-04-02 10:38 <REP> d-------- c:\documents and settings\HP_Propriétaire\Menu Démarrer 2009-04-02 01:06 . 2009-04-04 23:37 <REP> dr------- c:\documents and settings\HP_Propriétaire\Favoris 2009-04-02 01:06 . 2009-04-04 23:37 <REP> dr------- c:\documents and settings\HP_Propriétaire\Favoris 2009-04-02 01:06 . 2009-04-05 20:50 <REP> d-------- c:\documents and settings\HP_Propriétaire\Bureau 2009-04-02 01:06 . 2009-04-05 20:50 <REP> d-------- c:\documents and settings\HP_Propriétaire\Bureau 2009-04-02 01:06 . 2005-01-02 04:07 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Symantec 2009-04-02 01:06 . 2005-01-02 03:58 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\SampleView 2009-04-02 01:06 . 2005-01-02 03:47 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Apple Computer 2009-04-02 01:06 . 2009-04-04 22:29 <REP> d-------- c:\documents and settings\HP_Propriétaire 2009-04-02 01:06 . 2004-08-05 20:00 221,184 --a------ c:\windows\system32\wmpns.dll 2009-04-02 01:06 . 2009-04-02 01:06 1,832 -rahs---- c:\windows\system32\drivers\103C_HP_CPC_EC616AA-ABF t3128.fr_YC_0Pavi_QCZC531_E53FRheBLU4_47_IAMETHYST-M_SMSI_V1.0_B3.20_T050708_WXH2_L40C_M383_J160_7AMD_8Sempron_91.79_#060127_N10EC8 139_Z11C1048C_G10025954_OLITE-ON DVDRW SOHW-1633S_DPTS0307.MRK 2009-04-02 01:02 . 2005-01-02 03:48 <REP> d-------- c:\windows\system32\config\systemprofile\WINDOWS 2009-04-02 01:02 . 2005-01-02 04:07 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\Symantec 2009-04-02 01:02 . 2005-01-02 03:58 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\SampleView 2009-04-02 01:02 . 2005-01-02 03:47 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\Apple Computer 2009-04-02 00:50 . 2009-04-03 12:13 94,208 --a------ c:\windows\DUMP98e4.tmp 2009-04-02 00:50 . 2009-04-02 20:32 94,208 --a------ c:\windows\DUMP832a.tmp 2009-04-01 22:06 . 2009-04-03 18:55 <REP> d-------- C:\Copie mes documents 2009-04-01 18:10 . 2009-04-01 18:10 <REP> d-------- c:\windows\ERUNT 2009-04-01 18:09 . 2009-04-04 22:24 130 --a------ c:\windows\adobe.bat 2009-04-01 18:09 . 2009-04-04 19:53 7 --a------ c:\windows\_id.dat 2009-04-01 18:08 . 2005-01-02 03:48 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\WINDOWS 2009-04-01 18:08 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Voisinage réseau 2009-04-01 18:08 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Voisinage d'impression 2009-04-01 18:08 . 2008-10-11 03:30 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Modèles 2009-04-01 18:08 . 2005-01-02 04:16 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Mes documents 2009-04-01 18:08 . 2004-11-25 05:26 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Menu Démarrer 2009-04-01 18:08 . 2008-10-10 19:05 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Favoris 2009-04-01 18:08 . 2005-01-02 03:51 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Bureau 2009-04-01 18:08 . 2005-01-02 04:07 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Application Data\Symantec 2009-04-01 18:08 . 2005-01-02 03:58 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Application Data\SampleView 2009-04-01 18:08 . 2005-01-02 03:47 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Application Data\Apple Computer 2009-04-01 18:08 . 2009-04-01 21:35 <REP> d-------- c:\documents and settings\Administrateur.CHRIS 2009-04-01 10:06 . 2009-04-01 10:06 0 --a------ C:\F.tmp 2009-04-01 09:52 . 2009-04-01 09:52 <REP> d-------- c:\program files\CleanUp! 2009-04-01 08:13 . 2009-04-01 08:13 0 --a------ C:\C.tmp 2009-04-01 08:10 . 2009-04-01 08:10 0 --a------ C:\B.tmp 2009-03-31 06:03 . 2009-03-31 06:10 <REP> d-------- c:\windows\vf_hip 2009-03-31 06:03 . 2009-03-31 08:52 <REP> d-------- c:\program files\Hide IP Platinum 2009-03-31 05:07 . 2009-03-31 05:07 <REP> d-------- c:\program files\Tetris 2009-03-31 05:07 . 2009-03-31 05:07 <REP> d-------- c:\program files\Intelore 2009-03-31 04:44 . 2009-03-31 05:07 <REP> d-------- c:\windows\vf_hip(2) 2009-03-31 04:44 . 2009-03-31 05:07 <REP> d-------- c:\program files\Hide IP Platinum(2) . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-05 09:27 1,055,232 ----a-w c:\windows\explorer.exe 2009-04-04 21:16 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-04-04 20:26 182,912 ----a-w c:\windows\system32\drivers\ndis.sys 2009-04-04 14:46 91,744 -c--a-w c:\windows\BPMNT.dll 2009-04-04 14:46 1,213,784 -c--a-w c:\windows\vsapi32.dll 2009-04-04 14:45 69,689 -c--a-w c:\windows\UNZIP.DLL 2009-04-04 14:45 507,904 -c--a-w c:\windows\TMUPDATE.DLL 2009-04-04 10:21 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-04-03 20:00 --------- d-----w c:\program files\DAP 2009-04-03 19:58 57,344 ----a-w c:\windows\ALCXMNTR.EXE 2009-04-03 15:50 --------- d-----w c:\program files\Microsoft Money 2009-04-03 06:35 --------- d-----w c:\program files\ABC 2009-04-03 05:10 --------- d-----w c:\program files\Smart Panel 2009-04-03 05:09 --------- d--h--w c:\program files\InstallShield Installation Information 2009-04-03 04:58 --------- d-----w c:\program files\EPSON 2009-04-02 20:32 --------- d-----w c:\program files\AsfTools 2009-04-02 14:34 --------- d-----w c:\program files\BzTarot 2009-04-02 14:28 --------- d-----w c:\program files\Quicktime 2009-04-02 14:26 --------- d-----w c:\program files\ACE Mega CoDecS Pack 2009-04-02 13:48 --------- d-----w c:\program files\ACD Systems 2009-04-02 13:36 --------- d-----w c:\program files\Microsoft Bootvis 2009-04-02 11:57 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-04-02 09:37 --------- d-----w c:\program files\Orbitdownloader 2009-04-02 08:58 --------- d-----w c:\program files\Eliminate Spam! 2009-04-02 08:38 --------- d-----w c:\program files\microsoft frontpage 2009-04-02 04:57 --------- d-----w c:\program files\A.S.C 2009-04-02 04:36 --------- d-----w c:\program files\PeckJoin 2009-04-02 03:56 --------- d-----w c:\program files\CCleaner 2009-04-02 03:53 --------- d-----w c:\program files\Easy Internet signup 2009-04-01 23:08 --------- d-----w c:\program files\Symantec 2009-04-01 23:08 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-04-01 07:25 71,749 -c--a-w c:\windows\hcextoutput.dll 2009-04-01 07:25 368,709 -c--a-w c:\windows\tsc.exe 2009-04-01 03:45 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-04-01 00:18 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-31 05:50 --------- d-----w c:\program files\eMule 2009-03-28 10:26 --------- d-----w c:\program files\TomTom HOME 2 2009-03-18 15:38 --------- d-----w c:\program files\Tomtomax Maxi-Box 2009-03-18 13:34 --------- d-----w c:\program files\Yahoo! 2009-02-22 09:26 --------- d-----w c:\program files\WinAVI Video Converter 9.0 2009-02-16 14:17 --------- d-----w c:\program files\Video Strip Poker Full Version - NICOLE 2005-05-13 15:12 217,073 --sha-r c:\windows\meta4.exe 2007-01-28 18:20 22 --sha-w c:\windows\SMINST\HPCD.sys 2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll . ------- Sigcheck ------- 2004-08-05 20:00 33280 f2e9e2bb32afa47558ed88a19c00d32a c:\windows\$NtServicePackUninstall$\svchost.exe 2008-04-14 04:34 33280 4d185cc4379906b3131dfeb549a2a27e c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\svchost.exe 2008-04-14 04:34 33280 d938f7919cdae924800ff857482dd052 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\svchost.exe 2009-04-05 11:27 33280 aa2b6ae9c0c23e7362fd6366b73c6361 c:\windows\system32\svchost.exe 2004-08-19 16:10 33280 e76f08a97b7a2bda73b45cabf4d0da61 c:\windows\system32\dllcache\svchost.exe 2009-04-05 11:27 1055232 279c6db506073019ec5672431e6b034c c:\windows\explorer.exe 2007-06-13 15:10 1056256 6e77d2e39fdf839e2475406b0e854d9f c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-05 20:00 1055232 678e4eae8ed8741191bac5743157f12f c:\windows\$NtServicePackUninstall$\explorer.exe 2004-08-05 20:00 1055232 3a52c5525902fb158b435f5dcc9764fe c:\windows\$NtUninstallKB938828$\explorer.exe 2008-04-14 04:34 1056768 58f989c78fcfa836ac446b39a9e49d0c c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\explorer.exe 2008-04-14 04:34 1056768 2a6361367c665bec3f2b31c423af2cf8 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\explorer.exe 2004-08-19 16:09 1055232 25ab848cad24b4e7ce74167edf1aefc8 c:\windows\system32\dllcache\explorer.exe 2004-08-05 20:00 34304 ecf932debc3adb435a516f58ddffec9d c:\windows\$NtServicePackUninstall$\ctfmon.exe 2008-04-14 04:33 34304 8181a7405cfba23178508c8b837e1333 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ctfmon.exe 2008-04-14 04:33 34304 330f39a904e20672ffc4a035fb3e78af c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ctfmon.exe 2009-04-03 21:58 15360 14f3132dc8d481eba108ba9e2cf1389e c:\windows\system32\ctfmon.exe 2004-08-05 20:00 34304 9b8145273b153cba00630a03f3ffd31c c:\windows\system32\dllcache\ctfmon.exe 2005-06-11 02:17 76800 101d417010dee6004a41675dad35b720 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe 2004-08-05 20:00 76800 68167077066c4e7712b48d0268a46130 c:\windows\$NtServicePackUninstall$\spoolsv.exe 2004-08-05 20:00 76800 67a22c54ac31dc3b94a01db45d77b642 c:\windows\$NtUninstallKB896423$\spoolsv.exe 2008-04-14 04:34 76800 59d0d18b7cd8d3811282751758e94372 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\spoolsv.exe 2008-04-14 04:34 76800 9beabc5acd60828b61be65231878f7a5 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\spoolsv.exe 2009-04-05 11:27 57856 5a25b5dbe254692021d638ad1b6960e0 c:\windows\system32\spoolsv.exe 2004-08-19 16:10 76800 ab2ca4a6307c714213ea4be8d0da93d3 c:\windows\system32\dllcache\spoolsv.exe 2004-08-05 20:00 44032 340283e6986ec63596f2e16d06e21279 c:\windows\$NtServicePackUninstall$\userinit.exe 2008-04-14 04:34 45568 26bf6b49401333ff2d061a47ccfb90f5 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\userinit.exe 2008-04-14 04:34 45568 4cf572364737db447420c278abdfab49 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\userinit.exe 2009-04-03 21:59 25088 1fa37ceb2e7eb9fc851d14ad1a56a335 c:\windows\system32\userinit.exe 2004-08-05 20:00 44032 7e493f374f6fda57e47bc498a9ba9bf3 c:\windows\system32\dllcache\userinit.exe . ((((((((((((((((((((((((((((( SnapShot@2009-04-05_20.43.19,59 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 18:02:28 185,856 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-04-03 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2009-04-03 139264] c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2009-04-03 57344] c:\documents and settings\Administrateur.CHRIS\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2009-04-03 57344] c:\documents and settings\Administrateur.NOM-EB85C523610.000\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2009-04-03 57344] c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2009-04-03 57344] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.iac2"= c:\progra~1\ACEMEG~1\SystemS\Intel\iac25_32.ax "msacm.sl_anet"= c:\progra~1\ACEMEG~1\SystemS\sl_anet.acm "vidc.yv12"= c:\progra~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL "vidc.divx"= c:\progra~1\ACEMEG~1\SystemS\DivX\DivX520.dll "vidc.iyuv"= c:\progra~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll "vidc.yvu9"= c:\progra~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll "msacm.msadpcm"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msadp32.acm "msacm.imaadpcm"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\imaadp32.acm "msacm.msg711"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msg711.acm "msacm.msg723"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msg723.acm "msacm.msgsm610"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msgsm32.acm "vidc.m261"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msh261.drv "vidc.m263"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msh263.drv "vidc.i420"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msh263.drv "vidc.mrle"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msrle32.dll "vidc.uyvy"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msyuv.dll "vidc.yuy2"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msyuv.dll "vidc.yvyu"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msyuv.dll "vidc.msvc"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msvidc32.dll "vidc.cram"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msvidc32.dll "vidc.mpg4"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp41"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp42"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp43"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp4s"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp4v"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.wmv3"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\WMV9VCM.dll "msacm.msaudio1"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msaud32.acm "vidc.vp30"= c:\progra~1\ACEMEG~1\SystemS\ON2TEC~2\vp31vfw.dll "vidc.vp31"= c:\progra~1\ACEMEG~1\SystemS\ON2TEC~2\vp31vfw.dll "vidc.vp60"= c:\progra~1\ACEMEG~1\SystemS\ON2TEC~2\vp6vfw.dll "vidc.vp61"= c:\progra~1\ACEMEG~1\SystemS\ON2TEC~2\vp6vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "avg8emc"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-04 108032] . Contenu du dossier 'Tâches planifiées' 2009-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-04-03 c:\windows\Tasks\Maintenance en 1 clic.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.sfr.fr/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htm IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-05 20:57:48 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwOpenFile Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(536) c:\windows\system32\Ati2evxx.dll c:\windows\system32\WININET.DLL . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\drivers\CDAC11BA.EXE c:\windows\system32\HPZipm12.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wscntfy.exe c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe . ************************************************************************** . Heure de fin: 2009-04-05 21:02:18 - La machine a redémarré ComboFix-quarantined-files.txt 2009-04-05 19:02:15 ComboFix2.txt 2009-04-05 18:44:16 ComboFix3.txt 2009-04-05 09:21:23 Avant-CF: 45 742 379 008 octets libres Après-CF: 45,695,553,536 octets libres 348 --- E O F --- 2009-04-02 07:30:34 WFR : WinFileRep - ver : 1.00 - by Loup blanc --------------------------- Microsoft Windows XP Service Pack 2 Français --------------------------- ============ Comparaison des fichiers avant remplacement ============ --------- Les fichiers "c:\WINDOWS\system32\svchost.exe" et "C:\FR-files\svchost.exe" sont différents... ----------- Les fichiers "c:\WINDOWS\system32\spoolsv.exe" et "C:\FR-files\spoolsv.exe" sont différents... ----------- Les fichiers "c:\WINDOWS\explorer.exe" et "C:\FR-files\explorer.exe" sont différents... ----------- ============ Comparaison après remplacement ============ ----------- Les fichiers "c:\WINDOWS\system32\svchost.exe" et "C:\FR-files\svchost.exe" sont identiques... Fichier "c:\WINDOWS\system32\svchost.backup" présent... Remplacement réussi ----------- Les fichiers "c:\WINDOWS\system32\spoolsv.exe" et "C:\FR-files\spoolsv.exe" sont identiques... Fichier "c:\WINDOWS\system32\spoolsv.backup" présent... Remplacement réussi ----------- Les fichiers "c:\WINDOWS\explorer.exe" et "C:\FR-files\explorer.exe" sont identiques... Fichier "c:\WINDOWS\explorer.backup" présent... Remplacement réussi ----------- Combofix 3 : ComboFix 09-04-04.01 - HP_Propriétaire 2009-04-05 21:14:04.6 - NTFSx86 Lancé depuis: c:\documents and settings\HP_Propriétaire\Bureau\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\svchost.exe . . . est infecté!! c:\windows\system32\spoolsv.exe . . . est infecté!! c:\windows\explorer.exe . . . est infecté!! . ((((((((((((((((((((((((((((( Fichiers créés du 2009-03-05 au 2009-04-05 )))))))))))))))))))))))))))))))))))) . 2009-04-04 21:58 . 2004-08-05 20:00 1,055,232 --a------ c:\windows\explorer.backup 2009-04-04 21:58 . 2004-08-05 20:00 76,800 --a------ c:\windows\system32\spoolsv.backup 2009-04-04 21:57 . 2004-08-05 20:00 33,280 --a------ c:\windows\system32\svchost.backup 2009-04-04 21:54 . 2009-04-05 21:12 <REP> d-------- C:\FR-files 2009-04-04 21:46 . 2009-04-05 21:09 <REP> d-------- C:\WinFileReplace 2009-04-04 19:53 . 2009-04-04 19:53 11,452,389 --a------ c:\windows\services.ex_ 2009-04-04 16:47 . 2009-04-04 16:46 22,722,697 --a------ c:\windows\LPT$VPN.943 2009-04-04 16:46 . 2009-04-04 16:46 <REP> d-------- c:\windows\AU_Temp 2009-04-04 16:46 . 2009-04-04 16:46 22,722,697 --a------ c:\windows\VPTNFILE.943 2009-04-04 08:26 . 2009-02-13 11:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys 2009-04-04 08:25 . 2009-04-04 08:25 <REP> d-------- c:\program files\Avira 2009-04-04 08:25 . 2009-04-04 08:25 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-04-03 21:55 . 2009-04-04 05:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\DoctorWeb 2009-04-03 21:55 . 2009-04-04 05:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\DoctorWeb 2009-04-03 08:35 . 2009-04-03 14:08 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\.ABC 2009-04-02 17:20 . 2009-04-05 06:28 <REP> d-------- c:\program files\Sudoku 2009-04-02 16:51 . 2009-04-02 16:51 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Goto.Games 2009-04-02 16:46 . 2009-04-02 16:47 <REP> d-------- c:\program files\Objectif Tarot 2009-04-02 16:46 . 2009-04-02 16:46 150,528 --a------ c:\windows\system32\SpoonUninstall.exe 2009-04-02 16:46 . 2009-04-02 16:46 82,994 --a------ c:\windows\system32\SpoonUninstall-Objectif Tarot.bmp 2009-04-02 16:46 . 2009-04-02 16:46 1,722 --a------ c:\windows\system32\SpoonUninstall-Objectif Tarot.dat 2009-04-02 16:34 . 2009-04-02 16:34 <REP> d-------- c:\documents and settings\HP_Propriétaire\.bztarot 2009-04-02 16:34 . 2009-04-02 16:34 <REP> d-------- c:\documents and settings\HP_Propriétaire\.bztarot 2009-04-02 16:34 . 2009-04-02 16:34 8 --a------ c:\documents and settings\HP_Propriétaire\.bztarotcumul.dat 2009-04-02 16:34 . 2009-04-02 16:34 8 --a------ c:\documents and settings\HP_Propriétaire\.bztarotcumul.dat 2009-04-02 16:28 . 2009-04-03 21:59 98,304 --a------ c:\windows\system32\qttask.exe 2009-04-02 16:24 . 2004-02-17 10:11 53,248 --a------ c:\windows\system32\vp6dec_settings.cpl 2009-04-02 16:23 . 2003-08-18 05:10 122,880 --a------ c:\windows\system32\directx.cpl 2009-04-02 16:23 . 2003-03-25 05:49 106,544 --a------ c:\windows\system32\tweakui.cpl 2009-04-02 16:23 . 2003-03-25 05:49 98,304 --a------ c:\windows\system32\startup.cpl 2009-04-02 16:23 . 2003-03-25 05:49 51,238 --a------ c:\windows\system32\tweakui.hlp 2009-04-02 16:18 . 2004-05-25 16:06 417,792 --a------ c:\windows\system32\ac3filter.cpl 2009-04-02 16:10 . 2009-04-02 16:10 242,176 --a------ c:\windows\~INSX362.EX_ 2009-04-02 15:52 . 2009-04-02 15:52 <REP> d-------- C:\bases 2009-04-02 15:08 . 2009-04-02 15:08 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\vlc 2009-04-02 15:02 . 2009-04-02 15:02 124 --a------ c:\windows\system32\7.tmp 2009-04-02 14:53 . 2009-04-03 20:54 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Ahead 2009-04-02 12:23 . 2009-04-02 12:23 <REP> d-------- c:\windows\system32\fr-fr 2009-04-02 11:58 . 2009-04-02 11:58 <REP> d-------- C:\6761876ae56e766ef0e09bcba4e9d4b7 2009-04-02 11:39 . 2009-04-04 16:26 <REP> d-------- c:\program files\Spamihilator 2009-04-02 11:01 . 2009-04-04 18:43 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Spamihilator 2009-04-02 10:57 . 2009-04-02 10:57 130,813 --a------ C:\F3.tmp 2009-04-02 10:39 . 2009-04-02 10:39 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Microsoft Web Folders 2009-04-02 10:35 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2009-04-02 10:31 . 2001-11-02 15:10 184,320 --a------ c:\windows\system32\PhotoImpression Screen Saver.scr 2009-04-02 09:58 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys 2009-04-02 09:58 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2009-04-02 09:57 . 2003-05-23 03:06 73,869 --a------ c:\windows\system32\EBPMON24.DLL 2009-04-02 09:57 . 2003-05-21 04:27 64,000 --a------ c:\windows\system32\ECBTEG.DLL 2009-04-02 09:57 . 2009-04-03 21:58 39,936 --a------ c:\windows\system32\drivers\CDAC11BA.EXE 2009-04-02 09:57 . 2000-06-07 03:01 34,304 --a------ c:\windows\system32\EBPCHP.DLL 2009-04-02 09:57 . 2001-09-04 04:04 182 --a------ c:\windows\system32\EBPPORT4.DAT 2009-04-02 09:56 . 2009-04-02 09:56 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\ABBYY 2009-04-02 09:54 . 2003-04-02 00:00 217,088 --a------ c:\windows\system32\esdtr.dll 2009-04-02 09:54 . 2001-11-15 00:00 47,104 --a------ c:\windows\system32\escimgd.dll 2009-04-02 09:54 . 2002-06-20 00:00 32,256 --a------ c:\windows\system32\escwiad.dll 2009-04-02 09:54 . 2002-06-20 00:00 22,528 --a------ c:\windows\system32\esccmd.dll 2009-04-02 06:54 . 2009-04-05 21:09 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Orbit 2009-04-02 06:50 . 2009-04-02 06:50 172,032 --a------ c:\windows\system32\AniGIF.ocx 2009-04-02 06:35 . 1997-09-28 14:22 92,672 --a------ c:\windows\system32\COMDLG32.OCX 2009-04-02 06:35 . 1997-09-28 14:22 37,376 --a------ c:\windows\system32\VbVfw.dll 2009-04-02 03:09 . 2009-04-02 03:31 <REP> d-------- c:\windows\system32\CatRoot_bak 2009-04-02 03:06 . 2008-08-14 15:44 2,182,400 --------- c:\windows\system32\dllcache\ntoskrnl.exe 2009-04-02 03:06 . 2008-08-14 15:44 2,138,112 --------- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-04-02 03:06 . 2008-08-14 15:44 2,059,776 --------- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-04-02 03:06 . 2008-08-14 15:44 2,017,792 --------- c:\windows\system32\dllcache\ntkrpamp.exe 2009-04-02 03:03 . 2008-10-24 13:10 453,632 --------- c:\windows\system32\dllcache\mrxsmb.sys 2009-04-02 03:01 . 2006-09-06 16:43 22,752 --a------ c:\windows\system32\spupdsvc.exe 2009-04-02 01:10 . 2008-06-14 19:59 272,768 --------- c:\windows\system32\drivers\bthport.sys 2009-04-02 01:10 . 2008-06-14 19:59 272,768 --------- c:\windows\system32\dllcache\bthport.sys 2009-04-02 01:07 . 2009-04-02 01:07 8,192 --a------ c:\windows\system32\edb.chk 2009-04-02 01:06 . 2005-01-02 03:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\WINDOWS 2009-04-02 01:06 . 2005-01-02 03:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\WINDOWS 2009-04-02 01:06 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage réseau 2009-04-02 01:06 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage réseau 2009-04-02 01:06 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage d'impression 2009-04-02 01:06 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage d'impression 2009-04-02 01:06 . 2009-04-02 08:47 <REP> d-------- c:\documents and settings\HP_Propriétaire\Modèles 2009-04-02 01:06 . 2009-04-02 08:47 <REP> d-------- c:\documents and settings\HP_Propriétaire\Modèles 2009-04-02 01:06 . 2009-04-05 11:05 <REP> dr------- c:\documents and settings\HP_Propriétaire\Mes documents 2009-04-02 01:06 . 2009-04-05 11:05 <REP> dr------- c:\documents and settings\HP_Propriétaire\Mes documents 2009-04-02 01:06 . 2009-04-02 10:38 <REP> d-------- c:\documents and settings\HP_Propriétaire\Menu Démarrer 2009-04-02 01:06 . 2009-04-02 10:38 <REP> d-------- c:\documents and settings\HP_Propriétaire\Menu Démarrer 2009-04-02 01:06 . 2009-04-04 23:37 <REP> dr------- c:\documents and settings\HP_Propriétaire\Favoris 2009-04-02 01:06 . 2009-04-04 23:37 <REP> dr------- c:\documents and settings\HP_Propriétaire\Favoris 2009-04-02 01:06 . 2009-04-05 21:12 <REP> d-------- c:\documents and settings\HP_Propriétaire\Bureau 2009-04-02 01:06 . 2009-04-05 21:12 <REP> d-------- c:\documents and settings\HP_Propriétaire\Bureau 2009-04-02 01:06 . 2005-01-02 04:07 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Symantec 2009-04-02 01:06 . 2005-01-02 03:58 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\SampleView 2009-04-02 01:06 . 2005-01-02 03:47 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Apple Computer 2009-04-02 01:06 . 2009-04-04 22:29 <REP> d-------- c:\documents and settings\HP_Propriétaire 2009-04-02 01:06 . 2004-08-05 20:00 221,184 --a------ c:\windows\system32\wmpns.dll 2009-04-02 01:06 . 2009-04-02 01:06 1,832 -rahs---- c:\windows\system32\drivers\103C_HP_CPC_EC616AA-ABF t3128.fr_YC_0Pavi_QCZC531_E53FRheBLU4_47_IAMETHYST-M_SMSI_V1.0_B3.20_T050708_WXH2_L40C_M383_J160_7AMD_8Sempron_91.79_#060127_N10EC8 139_Z11C1048C_G10025954_OLITE-ON DVDRW SOHW-1633S_DPTS0307.MRK 2009-04-02 01:02 . 2005-01-02 03:48 <REP> d-------- c:\windows\system32\config\systemprofile\WINDOWS 2009-04-02 01:02 . 2005-01-02 04:07 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\Symantec 2009-04-02 01:02 . 2005-01-02 03:58 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\SampleView 2009-04-02 01:02 . 2005-01-02 03:47 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\Apple Computer 2009-04-02 00:50 . 2009-04-03 12:13 94,208 --a------ c:\windows\DUMP98e4.tmp 2009-04-02 00:50 . 2009-04-02 20:32 94,208 --a------ c:\windows\DUMP832a.tmp 2009-04-01 22:06 . 2009-04-03 18:55 <REP> d-------- C:\Copie mes documents 2009-04-01 18:10 . 2009-04-01 18:10 <REP> d-------- c:\windows\ERUNT 2009-04-01 18:09 . 2009-04-04 22:24 130 --a------ c:\windows\adobe.bat 2009-04-01 18:09 . 2009-04-04 19:53 7 --a------ c:\windows\_id.dat 2009-04-01 18:08 . 2005-01-02 03:48 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\WINDOWS 2009-04-01 18:08 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Voisinage réseau 2009-04-01 18:08 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Voisinage d'impression 2009-04-01 18:08 . 2008-10-11 03:30 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Modèles 2009-04-01 18:08 . 2005-01-02 04:16 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Mes documents 2009-04-01 18:08 . 2004-11-25 05:26 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Menu Démarrer 2009-04-01 18:08 . 2008-10-10 19:05 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Favoris 2009-04-01 18:08 . 2005-01-02 03:51 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Bureau 2009-04-01 18:08 . 2005-01-02 04:07 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Application Data\Symantec 2009-04-01 18:08 . 2005-01-02 03:58 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Application Data\SampleView 2009-04-01 18:08 . 2005-01-02 03:47 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Application Data\Apple Computer 2009-04-01 18:08 . 2009-04-01 21:35 <REP> d-------- c:\documents and settings\Administrateur.CHRIS 2009-04-01 10:06 . 2009-04-01 10:06 0 --a------ C:\F.tmp 2009-04-01 09:52 . 2009-04-01 09:52 <REP> d-------- c:\program files\CleanUp! 2009-04-01 08:13 . 2009-04-01 08:13 0 --a------ C:\C.tmp 2009-04-01 08:10 . 2009-04-01 08:10 0 --a------ C:\B.tmp 2009-03-31 06:03 . 2009-03-31 06:10 <REP> d-------- c:\windows\vf_hip 2009-03-31 06:03 . 2009-03-31 08:52 <REP> d-------- c:\program files\Hide IP Platinum 2009-03-31 05:07 . 2009-03-31 05:07 <REP> d-------- c:\program files\Tetris 2009-03-31 05:07 . 2009-03-31 05:07 <REP> d-------- c:\program files\Intelore 2009-03-31 04:44 . 2009-03-31 05:07 <REP> d-------- c:\windows\vf_hip(2) 2009-03-31 04:44 . 2009-03-31 05:07 <REP> d-------- c:\program files\Hide IP Platinum(2) . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-04 21:16 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-04-04 20:26 182,912 ----a-w c:\windows\system32\drivers\ndis.sys 2009-04-04 14:46 91,744 -c--a-w c:\windows\BPMNT.dll 2009-04-04 14:46 1,213,784 -c--a-w c:\windows\vsapi32.dll 2009-04-04 14:45 69,689 -c--a-w c:\windows\UNZIP.DLL 2009-04-04 14:45 507,904 -c--a-w c:\windows\TMUPDATE.DLL 2009-04-04 10:21 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-04-03 20:00 --------- d-----w c:\program files\DAP 2009-04-03 19:58 57,344 ----a-w c:\windows\ALCXMNTR.EXE 2009-04-03 15:50 --------- d-----w c:\program files\Microsoft Money 2009-04-03 06:35 --------- d-----w c:\program files\ABC 2009-04-03 05:10 --------- d-----w c:\program files\Smart Panel 2009-04-03 05:09 --------- d--h--w c:\program files\InstallShield Installation Information 2009-04-03 04:58 --------- d-----w c:\program files\EPSON 2009-04-02 20:32 --------- d-----w c:\program files\AsfTools 2009-04-02 14:34 --------- d-----w c:\program files\BzTarot 2009-04-02 14:28 --------- d-----w c:\program files\Quicktime 2009-04-02 14:26 --------- d-----w c:\program files\ACE Mega CoDecS Pack 2009-04-02 13:48 --------- d-----w c:\program files\ACD Systems 2009-04-02 13:36 --------- d-----w c:\program files\Microsoft Bootvis 2009-04-02 11:57 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-04-02 09:37 --------- d-----w c:\program files\Orbitdownloader 2009-04-02 08:58 --------- d-----w c:\program files\Eliminate Spam! 2009-04-02 08:38 --------- d-----w c:\program files\microsoft frontpage 2009-04-02 04:57 --------- d-----w c:\program files\A.S.C 2009-04-02 04:36 --------- d-----w c:\program files\PeckJoin 2009-04-02 03:56 --------- d-----w c:\program files\CCleaner 2009-04-02 03:53 --------- d-----w c:\program files\Easy Internet signup 2009-04-01 23:08 --------- d-----w c:\program files\Symantec 2009-04-01 23:08 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-04-01 07:25 71,749 -c--a-w c:\windows\hcextoutput.dll 2009-04-01 07:25 368,709 -c--a-w c:\windows\tsc.exe 2009-04-01 03:45 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-04-01 00:18 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-31 05:50 --------- d-----w c:\program files\eMule 2009-03-28 10:26 --------- d-----w c:\program files\TomTom HOME 2 2009-03-18 15:38 --------- d-----w c:\program files\Tomtomax Maxi-Box 2009-03-18 13:34 --------- d-----w c:\program files\Yahoo! 2009-02-22 09:26 --------- d-----w c:\program files\WinAVI Video Converter 9.0 2009-02-16 14:17 --------- d-----w c:\program files\Video Strip Poker Full Version - NICOLE 2005-05-13 15:12 217,073 --sha-r c:\windows\meta4.exe 2007-01-28 18:20 22 --sha-w c:\windows\SMINST\HPCD.sys 2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll . ------- Sigcheck ------- 2004-08-05 20:00 33280 f2e9e2bb32afa47558ed88a19c00d32a c:\windows\$NtServicePackUninstall$\svchost.exe 2008-04-14 04:34 33280 4d185cc4379906b3131dfeb549a2a27e c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\svchost.exe 2008-04-14 04:34 33280 d938f7919cdae924800ff857482dd052 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\svchost.exe 2004-08-19 16:10 33280 e76f08a97b7a2bda73b45cabf4d0da61 c:\windows\system32\svchost.exe 2004-08-19 16:10 33280 48e130102a691a742cf082e34a39ce8b c:\windows\system32\dllcache\svchost.exe 2004-08-19 16:09 1055232 25ab848cad24b4e7ce74167edf1aefc8 c:\windows\explorer.exe 2007-06-13 15:10 1056256 6e77d2e39fdf839e2475406b0e854d9f c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-05 20:00 1055232 678e4eae8ed8741191bac5743157f12f c:\windows\$NtServicePackUninstall$\explorer.exe 2004-08-05 20:00 1055232 3a52c5525902fb158b435f5dcc9764fe c:\windows\$NtUninstallKB938828$\explorer.exe 2008-04-14 04:34 1056768 58f989c78fcfa836ac446b39a9e49d0c c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\explorer.exe 2008-04-14 04:34 1056768 2a6361367c665bec3f2b31c423af2cf8 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\explorer.exe 2004-08-19 16:09 1055232 dde1fb7c583310811b326a8563b8eed8 c:\windows\system32\dllcache\explorer.exe 2004-08-05 20:00 34304 ecf932debc3adb435a516f58ddffec9d c:\windows\$NtServicePackUninstall$\ctfmon.exe 2008-04-14 04:33 34304 8181a7405cfba23178508c8b837e1333 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ctfmon.exe 2008-04-14 04:33 34304 330f39a904e20672ffc4a035fb3e78af c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ctfmon.exe 2009-04-03 21:58 15360 14f3132dc8d481eba108ba9e2cf1389e c:\windows\system32\ctfmon.exe 2004-08-05 20:00 34304 9b8145273b153cba00630a03f3ffd31c c:\windows\system32\dllcache\ctfmon.exe 2005-06-11 02:17 76800 101d417010dee6004a41675dad35b720 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe 2004-08-05 20:00 76800 68167077066c4e7712b48d0268a46130 c:\windows\$NtServicePackUninstall$\spoolsv.exe 2004-08-05 20:00 76800 67a22c54ac31dc3b94a01db45d77b642 c:\windows\$NtUninstallKB896423$\spoolsv.exe 2008-04-14 04:34 76800 59d0d18b7cd8d3811282751758e94372 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\spoolsv.exe 2008-04-14 04:34 76800 9beabc5acd60828b61be65231878f7a5 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\spoolsv.exe 2004-08-19 16:10 76800 ab2ca4a6307c714213ea4be8d0da93d3 c:\windows\system32\spoolsv.exe 2004-08-19 16:10 76800 ac2a0001265ad3e7cf82e0225bd21cd5 c:\windows\system32\dllcache\spoolsv.exe 2004-08-05 20:00 44032 340283e6986ec63596f2e16d06e21279 c:\windows\$NtServicePackUninstall$\userinit.exe 2008-04-14 04:34 45568 26bf6b49401333ff2d061a47ccfb90f5 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\userinit.exe 2008-04-14 04:34 45568 4cf572364737db447420c278abdfab49 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\userinit.exe 2009-04-03 21:59 25088 1fa37ceb2e7eb9fc851d14ad1a56a335 c:\windows\system32\userinit.exe 2004-08-05 20:00 44032 7e493f374f6fda57e47bc498a9ba9bf3 c:\windows\system32\dllcache\userinit.exe . ((((((((((((((((((((((((((((( SnapShot@2009-04-05_20.43.19,59 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 18:02:28 185,856 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-04-03 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2009-04-03 139264] c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2009-04-03 57344] c:\documents and settings\Administrateur.CHRIS\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2009-04-03 57344] c:\documents and settings\Administrateur.NOM-EB85C523610.000\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2009-04-03 57344] c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2009-04-03 57344] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.iac2"= c:\progra~1\ACEMEG~1\SystemS\Intel\iac25_32.ax "msacm.sl_anet"= c:\progra~1\ACEMEG~1\SystemS\sl_anet.acm "vidc.yv12"= c:\progra~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL "vidc.divx"= c:\progra~1\ACEMEG~1\SystemS\DivX\DivX520.dll "vidc.iyuv"= c:\progra~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll "vidc.yvu9"= c:\progra~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll "msacm.msadpcm"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msadp32.acm "msacm.imaadpcm"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\imaadp32.acm "msacm.msg711"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msg711.acm "msacm.msg723"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msg723.acm "msacm.msgsm610"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msgsm32.acm "vidc.m261"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msh261.drv "vidc.m263"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msh263.drv "vidc.i420"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msh263.drv "vidc.mrle"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msrle32.dll "vidc.uyvy"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msyuv.dll "vidc.yuy2"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msyuv.dll "vidc.yvyu"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msyuv.dll "vidc.msvc"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msvidc32.dll "vidc.cram"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msvidc32.dll "vidc.mpg4"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp41"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp42"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp43"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp4s"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp4v"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.wmv3"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\WMV9VCM.dll "msacm.msaudio1"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msaud32.acm "vidc.vp30"= c:\progra~1\ACEMEG~1\SystemS\ON2TEC~2\vp31vfw.dll "vidc.vp31"= c:\progra~1\ACEMEG~1\SystemS\ON2TEC~2\vp31vfw.dll "vidc.vp60"= c:\progra~1\ACEMEG~1\SystemS\ON2TEC~2\vp6vfw.dll "vidc.vp61"= c:\progra~1\ACEMEG~1\SystemS\ON2TEC~2\vp6vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "avg8emc"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-05 108032] --- Autres Services/Pilotes en mémoire --- *Deregistered* - AFD *Deregistered* - AntiVirSchedulerService *Deregistered* - AntiVirService *Deregistered* - Arp1394 *Deregistered* - Ati HotKey Poller *Deregistered* - audstub *Deregistered* - avgio *Deregistered* - avgntflt *Deregistered* - avipbb *Deregistered* - Beep *Deregistered* - Browser *Deregistered* - C-DillaCdaC11BA *Deregistered* - Cdfs *Deregistered* - CryptSvc *Deregistered* - Fastfat *Deregistered* - FastUserSwitchingCompatibility *Deregistered* - Fips *Deregistered* - FltMgr *Deregistered* - Ftdisk *Deregistered* - Gpc *Deregistered* - IpNat *Deregistered* - IPSec *Deregistered* - KSecDD *Deregistered* - lanmanserver *Deregistered* - lanmanworkstation *Deregistered* - LmHosts *Deregistered* - mnmdd *Deregistered* - MountMgr *Deregistered* - MRxDAV *Deregistered* - MRxSmb *Deregistered* - Msfs *Deregistered* - mssmbios *Deregistered* - Mup *Deregistered* - NDIS *Deregistered* - NdisTapi *Deregistered* - Ndisuio *Deregistered* - NdisWan *Deregistered* - NDProxy *Deregistered* - NetBIOS *Deregistered* - NetBT *Deregistered* - Nla *Deregistered* - Npfs *Deregistered* - Ntfs *Deregistered* - Null *Deregistered* - PartMgr *Deregistered* - Pml Driver HPZ12 *Deregistered* - PptpMiniport *Deregistered* - PSched *Deregistered* - RasAcd *Deregistered* - Rasl2tp *Deregistered* - RasMan *Deregistered* - RasPppoe *Deregistered* - Raspti *Deregistered* - Rdbss *Deregistered* - RDPCDD *Deregistered* - RpcSs *Deregistered* - seclogon *Deregistered* - sr *Deregistered* - Srv *Deregistered* - ssmdrv *Deregistered* - swenum *Deregistered* - TapiSrv *Deregistered* - Tcpip *Deregistered* - TermDD *Deregistered* - TermService *Deregistered* - Update *Deregistered* - VgaSave *Deregistered* - VolSnap *Deregistered* - W32Time *Deregistered* - Wanarp *Deregistered* - WebClient *Deregistered* - wuauserv . Contenu du dossier 'Tâches planifiées' 2009-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-04-03 c:\windows\Tasks\Maintenance en 1 clic.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.sfr.fr/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htm IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-05 21:19:56 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwOpenFile Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(536) c:\windows\system32\Ati2evxx.dll c:\windows\system32\WININET.DLL . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\drivers\CDAC11BA.EXE c:\windows\system32\HPZipm12.exe . ************************************************************************** . Heure de fin: 2009-04-05 21:25:01 - La machine a redémarré ComboFix-quarantined-files.txt 2009-04-05 19:24:57 ComboFix2.txt 2009-04-05 19:02:21 ComboFix3.txt 2009-04-05 18:44:16 ComboFix4.txt 2009-04-05 09:21:23 Avant-CF: 45 700 272 128 octets libres Après-CF: 45,684,228,096 octets libres 410 --- E O F --- 2009-04-02 07:30:34 J'ai l'impression que ça ne va pas être facile de remplacer les fichiers infectés. Merci et à bientôt
- 
	  SOS Infection (Résolu)catch1 a répondu à un(e) sujet de catch1 dans Analyses et éradication malwares Tout d'abord, quelques précisions : Dans les manips, pour être sûr que l'antivirus ne gêne pas, il est complètement désinstallé. Dois-je le réinstaller? Si nous devons réinstaller Windows, il existe d'origine une copie de Windows spécialement pour ça sur une partition spéciale accessibble par démarrage+f10. J'ai aussi 2 CD de sauvegarde créés à l'origine de la mise en service du PC. J'ai appliqué ComboFix avec le script, puis,CureIt. Il semble que la situation s'améliore. CureIt ne détecte plus que 6 fois Virut. Voici les rapports : ComboFix 09-04-03.01 - HP_Propriétaire 2009-04-05 11:09:56.3 - NTFSx86 Lancé depuis: c:\documents and settings\HP_Propriétaire\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\HP_Propriétaire\Bureau\CFScript.txt FILE :: C:\19.tmp C:\1A.tmp C:\1B.tmp C:\1C.tmp C:\C3.tmp C:\D.tmp c:\documents and settings\HP_Propriétaire\Application Data\.ABC C:\E.tmp C:\EF.tmp C:\F0.tmp C:\F1.tmp c:\windows\ADE.DLL c:\windows\Ade001.bin c:\windows\EPSTPLOG.BAK c:\windows\SlantAdj.dll c:\windows\system32\10.tmp c:\windows\system32\11.tmp c:\windows\system32\12.tmp c:\windows\system32\13.tmp c:\windows\system32\14.tmp c:\windows\system32\15.tmp c:\windows\system32\16.tmp c:\windows\system32\17.tmp c:\windows\system32\18.tmp c:\windows\system32\2.tmp c:\windows\system32\3.tmp c:\windows\system32\4.tmp c:\windows\system32\5.tmp c:\windows\system32\6.tmp c:\windows\system32\6F.tmp c:\windows\system32\72.tmp c:\windows\system32\7F.tmp c:\windows\system32\8.tmp c:\windows\system32\99.tmp c:\windows\system32\9D.tmp c:\windows\system32\A.tmp c:\windows\system32\B.tmp c:\windows\system32\D.tmp c:\windows\system32\E.tmp c:\windows\system32\EB.tmp c:\windows\system32\EE.tmp c:\windows\system32\Epcmlib.dll c:\windows\system32\epDPE.ini c:\windows\system32\F.tmp c:\windows\Tasks\el.job c:\windows\Tasks\elu.job . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\19.tmp C:\1A.tmp C:\1B.tmp C:\1C.tmp C:\C3.tmp C:\D.tmp C:\E.tmp C:\EF.tmp C:\F0.tmp C:\F1.tmp c:\windows\ADE.DLL c:\windows\Ade001.bin c:\windows\EPSTPLOG.BAK c:\windows\SlantAdj.dll c:\windows\system32\10.tmp c:\windows\system32\11.tmp c:\windows\system32\12.tmp c:\windows\system32\13.tmp c:\windows\system32\14.tmp c:\windows\system32\15.tmp c:\windows\system32\16.tmp c:\windows\system32\17.tmp c:\windows\system32\18.tmp c:\windows\system32\2.tmp c:\windows\system32\3.tmp c:\windows\system32\4.tmp c:\windows\system32\5.tmp c:\windows\system32\6.tmp c:\windows\system32\6F.tmp c:\windows\system32\72.tmp c:\windows\system32\7F.tmp c:\windows\system32\8.tmp c:\windows\system32\99.tmp c:\windows\system32\9D.tmp c:\windows\system32\A.tmp c:\windows\system32\B.tmp c:\windows\system32\D.tmp c:\windows\system32\E.tmp c:\windows\system32\EB.tmp c:\windows\system32\EE.tmp c:\windows\system32\Epcmlib.dll c:\windows\system32\epDPE.ini c:\windows\system32\F.tmp c:\windows\Tasks\el.job c:\windows\Tasks\elu.job c:\windows\system32\svchost.exe . . . est infecté!! c:\windows\system32\spoolsv.exe . . . est infecté!! c:\windows\explorer.exe . . . est infecté!! . ((((((((((((((((((((((((((((( Fichiers créés du 2009-03-05 au 2009-04-05 )))))))))))))))))))))))))))))))))))) . 2009-04-04 21:58 . 2004-08-05 20:00 1,055,232 --a------ c:\windows\explorer.backup 2009-04-04 21:58 . 2004-08-05 20:00 76,800 --a------ c:\windows\system32\spoolsv.backup 2009-04-04 21:57 . 2004-08-05 20:00 33,280 --a------ c:\windows\system32\svchost.backup 2009-04-04 21:54 . 2009-04-04 22:24 <REP> d-------- C:\FR-files 2009-04-04 21:46 . 2009-04-04 21:58 <REP> d-------- C:\WinFileReplace 2009-04-04 19:53 . 2009-04-04 19:53 11,452,389 --a------ c:\windows\services.ex_ 2009-04-04 16:47 . 2009-04-04 16:46 22,722,697 --a------ c:\windows\LPT$VPN.943 2009-04-04 16:46 . 2009-04-04 16:46 <REP> d-------- c:\windows\AU_Temp 2009-04-04 16:46 . 2009-04-04 16:46 22,722,697 --a------ c:\windows\VPTNFILE.943 2009-04-04 08:26 . 2009-02-13 11:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys 2009-04-04 08:25 . 2009-04-04 08:25 <REP> d-------- c:\program files\Avira 2009-04-04 08:25 . 2009-04-04 08:25 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-04-03 21:55 . 2009-04-04 05:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\DoctorWeb 2009-04-03 21:55 . 2009-04-04 05:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\DoctorWeb 2009-04-03 08:35 . 2009-04-03 14:08 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\.ABC 2009-04-02 17:20 . 2009-04-05 06:28 <REP> d-------- c:\program files\Sudoku 2009-04-02 16:51 . 2009-04-02 16:51 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Goto.Games 2009-04-02 16:46 . 2009-04-02 16:47 <REP> d-------- c:\program files\Objectif Tarot 2009-04-02 16:46 . 2009-04-02 16:46 150,528 --a------ c:\windows\system32\SpoonUninstall.exe 2009-04-02 16:46 . 2009-04-02 16:46 82,994 --a------ c:\windows\system32\SpoonUninstall-Objectif Tarot.bmp 2009-04-02 16:46 . 2009-04-02 16:46 1,722 --a------ c:\windows\system32\SpoonUninstall-Objectif Tarot.dat 2009-04-02 16:34 . 2009-04-02 16:34 <REP> d-------- c:\documents and settings\HP_Propriétaire\.bztarot 2009-04-02 16:34 . 2009-04-02 16:34 <REP> d-------- c:\documents and settings\HP_Propriétaire\.bztarot 2009-04-02 16:34 . 2009-04-02 16:34 8 --a------ c:\documents and settings\HP_Propriétaire\.bztarotcumul.dat 2009-04-02 16:34 . 2009-04-02 16:34 8 --a------ c:\documents and settings\HP_Propriétaire\.bztarotcumul.dat 2009-04-02 16:28 . 2009-04-03 21:59 98,304 --a------ c:\windows\system32\qttask.exe 2009-04-02 16:24 . 2004-02-17 10:11 53,248 --a------ c:\windows\system32\vp6dec_settings.cpl 2009-04-02 16:23 . 2003-08-18 05:10 122,880 --a------ c:\windows\system32\directx.cpl 2009-04-02 16:23 . 2003-03-25 05:49 106,544 --a------ c:\windows\system32\tweakui.cpl 2009-04-02 16:23 . 2003-03-25 05:49 98,304 --a------ c:\windows\system32\startup.cpl 2009-04-02 16:23 . 2003-03-25 05:49 51,238 --a------ c:\windows\system32\tweakui.hlp 2009-04-02 16:18 . 2004-05-25 16:06 417,792 --a------ c:\windows\system32\ac3filter.cpl 2009-04-02 16:10 . 2009-04-02 16:10 242,176 --a------ c:\windows\~INSX362.EX_ 2009-04-02 15:52 . 2009-04-02 15:52 <REP> d-------- C:\bases 2009-04-02 15:08 . 2009-04-02 15:08 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\vlc 2009-04-02 15:02 . 2009-04-02 15:02 124 --a------ c:\windows\system32\7.tmp 2009-04-02 14:53 . 2009-04-03 20:54 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Ahead 2009-04-02 12:23 . 2009-04-02 12:23 <REP> d-------- c:\windows\system32\fr-fr 2009-04-02 11:58 . 2009-04-02 11:58 <REP> d-------- C:\6761876ae56e766ef0e09bcba4e9d4b7 2009-04-02 11:39 . 2009-04-04 16:26 <REP> d-------- c:\program files\Spamihilator 2009-04-02 11:01 . 2009-04-04 18:43 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Spamihilator 2009-04-02 10:57 . 2009-04-02 10:57 130,813 --a------ C:\F3.tmp 2009-04-02 10:39 . 2009-04-02 10:39 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Microsoft Web Folders 2009-04-02 10:35 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2009-04-02 10:31 . 2001-11-02 15:10 184,320 --a------ c:\windows\system32\PhotoImpression Screen Saver.scr 2009-04-02 09:58 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys 2009-04-02 09:58 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2009-04-02 09:57 . 2003-05-23 03:06 73,869 --a------ c:\windows\system32\EBPMON24.DLL 2009-04-02 09:57 . 2003-05-21 04:27 64,000 --a------ c:\windows\system32\ECBTEG.DLL 2009-04-02 09:57 . 2009-04-03 21:58 39,936 --a------ c:\windows\system32\drivers\CDAC11BA.EXE 2009-04-02 09:57 . 2000-06-07 03:01 34,304 --a------ c:\windows\system32\EBPCHP.DLL 2009-04-02 09:57 . 2001-09-04 04:04 182 --a------ c:\windows\system32\EBPPORT4.DAT 2009-04-02 09:56 . 2009-04-02 09:56 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\ABBYY 2009-04-02 09:54 . 2003-04-02 00:00 217,088 --a------ c:\windows\system32\esdtr.dll 2009-04-02 09:54 . 2001-11-15 00:00 47,104 --a------ c:\windows\system32\escimgd.dll 2009-04-02 09:54 . 2002-06-20 00:00 32,256 --a------ c:\windows\system32\escwiad.dll 2009-04-02 09:54 . 2002-06-20 00:00 22,528 --a------ c:\windows\system32\esccmd.dll 2009-04-02 06:54 . 2009-04-04 21:49 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Orbit 2009-04-02 06:50 . 2009-04-02 06:50 172,032 --a------ c:\windows\system32\AniGIF.ocx 2009-04-02 06:35 . 1997-09-28 14:22 92,672 --a------ c:\windows\system32\COMDLG32.OCX 2009-04-02 06:35 . 1997-09-28 14:22 37,376 --a------ c:\windows\system32\VbVfw.dll 2009-04-02 03:09 . 2009-04-02 03:31 <REP> d-------- c:\windows\system32\CatRoot_bak 2009-04-02 03:06 . 2008-08-14 15:44 2,182,400 --------- c:\windows\system32\dllcache\ntoskrnl.exe 2009-04-02 03:06 . 2008-08-14 15:44 2,138,112 --------- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-04-02 03:06 . 2008-08-14 15:44 2,059,776 --------- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-04-02 03:06 . 2008-08-14 15:44 2,017,792 --------- c:\windows\system32\dllcache\ntkrpamp.exe 2009-04-02 03:03 . 2008-10-24 13:10 453,632 --------- c:\windows\system32\dllcache\mrxsmb.sys 2009-04-02 03:01 . 2006-09-06 16:43 22,752 --a------ c:\windows\system32\spupdsvc.exe 2009-04-02 01:10 . 2008-06-14 19:59 272,768 --------- c:\windows\system32\drivers\bthport.sys 2009-04-02 01:10 . 2008-06-14 19:59 272,768 --------- c:\windows\system32\dllcache\bthport.sys 2009-04-02 01:07 . 2009-04-02 01:07 8,192 --a------ c:\windows\system32\edb.chk 2009-04-02 01:06 . 2005-01-02 03:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\WINDOWS 2009-04-02 01:06 . 2005-01-02 03:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\WINDOWS 2009-04-02 01:06 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage réseau 2009-04-02 01:06 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage réseau 2009-04-02 01:06 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage d'impression 2009-04-02 01:06 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage d'impression 2009-04-02 01:06 . 2009-04-02 08:47 <REP> d-------- c:\documents and settings\HP_Propriétaire\Modèles 2009-04-02 01:06 . 2009-04-02 08:47 <REP> d-------- c:\documents and settings\HP_Propriétaire\Modèles 2009-04-02 01:06 . 2009-04-05 11:05 <REP> dr------- c:\documents and settings\HP_Propriétaire\Mes documents 2009-04-02 01:06 . 2009-04-05 11:05 <REP> dr------- c:\documents and settings\HP_Propriétaire\Mes documents 2009-04-02 01:06 . 2009-04-02 10:38 <REP> d-------- c:\documents and settings\HP_Propriétaire\Menu Démarrer 2009-04-02 01:06 . 2009-04-02 10:38 <REP> d-------- c:\documents and settings\HP_Propriétaire\Menu Démarrer 2009-04-02 01:06 . 2009-04-04 23:37 <REP> dr------- c:\documents and settings\HP_Propriétaire\Favoris 2009-04-02 01:06 . 2009-04-04 23:37 <REP> dr------- c:\documents and settings\HP_Propriétaire\Favoris 2009-04-02 01:06 . 2009-04-05 11:09 <REP> d-------- c:\documents and settings\HP_Propriétaire\Bureau 2009-04-02 01:06 . 2009-04-05 11:09 <REP> d-------- c:\documents and settings\HP_Propriétaire\Bureau 2009-04-02 01:06 . 2005-01-02 04:07 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Symantec 2009-04-02 01:06 . 2005-01-02 03:58 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\SampleView 2009-04-02 01:06 . 2005-01-02 03:47 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Apple Computer 2009-04-02 01:06 . 2009-04-04 22:29 <REP> d-------- c:\documents and settings\HP_Propriétaire 2009-04-02 01:06 . 2004-08-05 20:00 221,184 --a------ c:\windows\system32\wmpns.dll 2009-04-02 01:06 . 2009-04-02 01:06 1,832 -rahs---- c:\windows\system32\drivers\103C_HP_CPC_EC616AA-ABF t3128.fr_YC_0Pavi_QCZC531_E53FRheBLU4_47_IAMETHYST-M_SMSI_V1.0_B3.20_T050708_WXH2_L40C_M383_J160_7AMD_8Sempron_91.79_#060127_N10EC8 139_Z11C1048C_G10025954_OLITE-ON DVDRW SOHW-1633S_DPTS0307.MRK 2009-04-02 01:02 . 2005-01-02 03:48 <REP> d-------- c:\windows\system32\config\systemprofile\WINDOWS 2009-04-02 01:02 . 2005-01-02 04:07 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\Symantec 2009-04-02 01:02 . 2005-01-02 03:58 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\SampleView 2009-04-02 01:02 . 2005-01-02 03:47 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\Apple Computer 2009-04-02 00:50 . 2009-04-03 12:13 94,208 --a------ c:\windows\DUMP98e4.tmp 2009-04-02 00:50 . 2009-04-02 20:32 94,208 --a------ c:\windows\DUMP832a.tmp 2009-04-01 22:06 . 2009-04-03 18:55 <REP> d-------- C:\Copie mes documents 2009-04-01 18:10 . 2009-04-01 18:10 <REP> d-------- c:\windows\ERUNT 2009-04-01 18:09 . 2009-04-04 22:24 130 --a------ c:\windows\adobe.bat 2009-04-01 18:09 . 2009-04-04 19:53 7 --a------ c:\windows\_id.dat 2009-04-01 18:08 . 2005-01-02 03:48 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\WINDOWS 2009-04-01 18:08 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Voisinage réseau 2009-04-01 18:08 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Voisinage d'impression 2009-04-01 18:08 . 2008-10-11 03:30 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Modèles 2009-04-01 18:08 . 2005-01-02 04:16 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Mes documents 2009-04-01 18:08 . 2004-11-25 05:26 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Menu Démarrer 2009-04-01 18:08 . 2008-10-10 19:05 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Favoris 2009-04-01 18:08 . 2005-01-02 03:51 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Bureau 2009-04-01 18:08 . 2005-01-02 04:07 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Application Data\Symantec 2009-04-01 18:08 . 2005-01-02 03:58 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Application Data\SampleView 2009-04-01 18:08 . 2005-01-02 03:47 <REP> d-------- c:\documents and settings\Administrateur.CHRIS\Application Data\Apple Computer 2009-04-01 18:08 . 2009-04-01 21:35 <REP> d-------- c:\documents and settings\Administrateur.CHRIS 2009-04-01 15:58 . 2009-04-01 18:55 <REP> d-------- C:\SDFix 2009-04-01 10:06 . 2009-04-01 10:06 0 --a------ C:\F.tmp 2009-04-01 09:52 . 2009-04-01 09:52 <REP> d-------- c:\program files\CleanUp! 2009-04-01 08:13 . 2009-04-01 08:13 0 --a------ C:\C.tmp 2009-04-01 08:10 . 2009-04-01 08:10 0 --a------ C:\B.tmp 2009-03-31 06:03 . 2009-03-31 06:10 <REP> d-------- c:\windows\vf_hip 2009-03-31 06:03 . 2009-03-31 08:52 <REP> d-------- c:\program files\Hide IP Platinum 2009-03-31 05:07 . 2009-03-31 05:07 <REP> d-------- c:\program files\Tetris 2009-03-31 05:07 . 2009-03-31 05:07 <REP> d-------- c:\program files\Intelore 2009-03-31 04:44 . 2009-03-31 05:07 <REP> d-------- c:\windows\vf_hip(2) . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-04 21:16 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-04-04 20:26 182,912 ----a-w c:\windows\system32\drivers\ndis.sys 2009-04-04 14:46 91,744 -c--a-w c:\windows\BPMNT.dll 2009-04-04 14:46 1,213,784 -c--a-w c:\windows\vsapi32.dll 2009-04-04 14:45 69,689 -c--a-w c:\windows\UNZIP.DLL 2009-04-04 14:45 507,904 -c--a-w c:\windows\TMUPDATE.DLL 2009-04-04 10:21 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-04-03 20:00 --------- d-----w c:\program files\DAP 2009-04-03 19:58 57,344 ----a-w c:\windows\ALCXMNTR.EXE 2009-04-03 15:50 --------- d-----w c:\program files\Microsoft Money 2009-04-03 06:35 --------- d-----w c:\program files\ABC 2009-04-03 05:10 --------- d-----w c:\program files\Smart Panel 2009-04-03 05:09 --------- d--h--w c:\program files\InstallShield Installation Information 2009-04-03 04:58 --------- d-----w c:\program files\EPSON 2009-04-02 20:32 --------- d-----w c:\program files\AsfTools 2009-04-02 14:34 --------- d-----w c:\program files\BzTarot 2009-04-02 14:28 --------- d-----w c:\program files\Quicktime 2009-04-02 14:26 --------- d-----w c:\program files\ACE Mega CoDecS Pack 2009-04-02 13:48 --------- d-----w c:\program files\ACD Systems 2009-04-02 13:36 --------- d-----w c:\program files\Microsoft Bootvis 2009-04-02 11:57 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-04-02 09:37 --------- d-----w c:\program files\Orbitdownloader 2009-04-02 08:58 --------- d-----w c:\program files\Eliminate Spam! 2009-04-02 08:38 --------- d-----w c:\program files\microsoft frontpage 2009-04-02 04:57 --------- d-----w c:\program files\A.S.C 2009-04-02 04:36 --------- d-----w c:\program files\PeckJoin 2009-04-02 03:56 --------- d-----w c:\program files\CCleaner 2009-04-02 03:53 --------- d-----w c:\program files\Easy Internet signup 2009-04-01 23:08 --------- d-----w c:\program files\Symantec 2009-04-01 23:08 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-04-01 07:25 71,749 -c--a-w c:\windows\hcextoutput.dll 2009-04-01 07:25 368,709 -c--a-w c:\windows\tsc.exe 2009-04-01 03:45 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-04-01 00:18 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-31 05:50 --------- d-----w c:\program files\eMule 2009-03-28 10:26 --------- d-----w c:\program files\TomTom HOME 2 2009-03-18 15:38 --------- d-----w c:\program files\Tomtomax Maxi-Box 2009-03-18 13:34 --------- d-----w c:\program files\Yahoo! 2009-02-22 09:26 --------- d-----w c:\program files\WinAVI Video Converter 9.0 2009-02-16 14:17 --------- d-----w c:\program files\Video Strip Poker Full Version - NICOLE 2005-05-13 15:12 217,073 --sha-r c:\windows\meta4.exe 2007-01-28 18:20 22 --sha-w c:\windows\SMINST\HPCD.sys 2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll . ------- Sigcheck ------- 2004-08-05 20:00 33280 f2e9e2bb32afa47558ed88a19c00d32a c:\windows\$NtServicePackUninstall$\svchost.exe 2008-04-14 04:34 33280 4d185cc4379906b3131dfeb549a2a27e c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\svchost.exe 2008-04-14 04:34 33280 d938f7919cdae924800ff857482dd052 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\svchost.exe 2004-08-05 20:00 33280 b64728c2d7811feafca419971a66e77a c:\windows\system32\svchost.exe 2004-08-19 16:10 33280 e76f08a97b7a2bda73b45cabf4d0da61 c:\windows\system32\dllcache\svchost.exe 2004-08-05 20:00 1055232 1106938394d8b4ff93a3e39ac94de537 c:\windows\explorer.exe 2007-06-13 15:10 1056256 6e77d2e39fdf839e2475406b0e854d9f c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-05 20:00 1055232 678e4eae8ed8741191bac5743157f12f c:\windows\$NtServicePackUninstall$\explorer.exe 2004-08-05 20:00 1055232 3a52c5525902fb158b435f5dcc9764fe c:\windows\$NtUninstallKB938828$\explorer.exe 2008-04-14 04:34 1056768 58f989c78fcfa836ac446b39a9e49d0c c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\explorer.exe 2008-04-14 04:34 1056768 2a6361367c665bec3f2b31c423af2cf8 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\explorer.exe 2004-08-19 16:09 1055232 25ab848cad24b4e7ce74167edf1aefc8 c:\windows\system32\dllcache\explorer.exe 2004-08-05 20:00 34304 ecf932debc3adb435a516f58ddffec9d c:\windows\$NtServicePackUninstall$\ctfmon.exe 2008-04-14 04:33 34304 8181a7405cfba23178508c8b837e1333 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ctfmon.exe 2008-04-14 04:33 34304 330f39a904e20672ffc4a035fb3e78af c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ctfmon.exe 2009-04-03 21:58 15360 14f3132dc8d481eba108ba9e2cf1389e c:\windows\system32\ctfmon.exe 2004-08-05 20:00 34304 9b8145273b153cba00630a03f3ffd31c c:\windows\system32\dllcache\ctfmon.exe 2005-06-11 02:17 76800 101d417010dee6004a41675dad35b720 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe 2004-08-05 20:00 76800 68167077066c4e7712b48d0268a46130 c:\windows\$NtServicePackUninstall$\spoolsv.exe 2004-08-05 20:00 76800 67a22c54ac31dc3b94a01db45d77b642 c:\windows\$NtUninstallKB896423$\spoolsv.exe 2008-04-14 04:34 76800 59d0d18b7cd8d3811282751758e94372 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\spoolsv.exe 2008-04-14 04:34 76800 9beabc5acd60828b61be65231878f7a5 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\spoolsv.exe 2004-08-05 20:00 76800 72a3d83bbf4465545e482a8de7cb68d1 c:\windows\system32\spoolsv.exe 2004-08-19 16:10 76800 ab2ca4a6307c714213ea4be8d0da93d3 c:\windows\system32\dllcache\spoolsv.exe 2004-08-05 20:00 44032 340283e6986ec63596f2e16d06e21279 c:\windows\$NtServicePackUninstall$\userinit.exe 2008-04-14 04:34 45568 26bf6b49401333ff2d061a47ccfb90f5 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\userinit.exe 2008-04-14 04:34 45568 4cf572364737db447420c278abdfab49 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\userinit.exe 2009-04-03 21:59 25088 1fa37ceb2e7eb9fc851d14ad1a56a335 c:\windows\system32\userinit.exe 2004-08-05 20:00 44032 7e493f374f6fda57e47bc498a9ba9bf3 c:\windows\system32\dllcache\userinit.exe . ((((((((((((((((((((((((((((( SnapShot@2009-04-04_19.07.46.53 ))))))))))))))))))))))))))))))))))))))))) . - 2009-04-04 16:47:55 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-04-05 08:51:48 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-04-04 16:47:55 49,152 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2009-04-05 08:51:48 49,152 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat - 2009-04-04 16:47:55 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012009040420090405\index.dat + 2009-04-04 20:17:33 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012009040420090405\index.dat - 2009-04-02 14:08:17 213,376 ----a-w c:\windows\system32\dllcache\ndis.sys + 2009-04-04 17:53:17 213,376 ----a-w c:\windows\system32\dllcache\ndis.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-04-03 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2009-04-03 139264] c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2009-04-03 57344] c:\documents and settings\Administrateur.CHRIS\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2009-04-03 57344] c:\documents and settings\Administrateur.NOM-EB85C523610.000\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2009-04-03 57344] c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2009-04-03 57344] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.iac2"= c:\progra~1\ACEMEG~1\SystemS\Intel\iac25_32.ax "msacm.sl_anet"= c:\progra~1\ACEMEG~1\SystemS\sl_anet.acm "vidc.yv12"= c:\progra~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL "vidc.divx"= c:\progra~1\ACEMEG~1\SystemS\DivX\DivX520.dll "vidc.iyuv"= c:\progra~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll "vidc.yvu9"= c:\progra~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll "msacm.msadpcm"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msadp32.acm "msacm.imaadpcm"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\imaadp32.acm "msacm.msg711"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msg711.acm "msacm.msg723"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msg723.acm "msacm.msgsm610"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msgsm32.acm "vidc.m261"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msh261.drv "vidc.m263"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msh263.drv "vidc.i420"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msh263.drv "vidc.mrle"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msrle32.dll "vidc.uyvy"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msyuv.dll "vidc.yuy2"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msyuv.dll "vidc.yvyu"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msyuv.dll "vidc.msvc"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msvidc32.dll "vidc.cram"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msvidc32.dll "vidc.mpg4"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp41"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp42"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp43"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp4s"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp4v"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.wmv3"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\WMV9VCM.dll "msacm.msaudio1"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msaud32.acm "vidc.vp30"= c:\progra~1\ACEMEG~1\SystemS\ON2TEC~2\vp31vfw.dll "vidc.vp31"= c:\progra~1\ACEMEG~1\SystemS\ON2TEC~2\vp31vfw.dll "vidc.vp60"= c:\progra~1\ACEMEG~1\SystemS\ON2TEC~2\vp6vfw.dll "vidc.vp61"= c:\progra~1\ACEMEG~1\SystemS\ON2TEC~2\vp6vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "avg8emc"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= R1 ethbsxni;ethbsxni; [x] R1 ethzqbeq;ethzqbeq; [x] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-05 127233] --- Autres Services/Pilotes en mémoire --- *Deregistered* - AFD *Deregistered* - AntiVirSchedulerService *Deregistered* - AntiVirService *Deregistered* - Arp1394 *Deregistered* - Ati HotKey Poller *Deregistered* - audstub *Deregistered* - avgio *Deregistered* - avgntflt *Deregistered* - avipbb *Deregistered* - Beep *Deregistered* - Browser *Deregistered* - C-DillaCdaC11BA *Deregistered* - Cdfs *Deregistered* - CryptSvc *Deregistered* - Fastfat *Deregistered* - FastUserSwitchingCompatibility *Deregistered* - Fips *Deregistered* - FltMgr *Deregistered* - Ftdisk *Deregistered* - Gpc *Deregistered* - IpNat *Deregistered* - IPSec *Deregistered* - KSecDD *Deregistered* - lanmanserver *Deregistered* - lanmanworkstation *Deregistered* - LmHosts *Deregistered* - mnmdd *Deregistered* - MountMgr *Deregistered* - MRxDAV *Deregistered* - MRxSmb *Deregistered* - Msfs *Deregistered* - mssmbios *Deregistered* - Mup *Deregistered* - NDIS *Deregistered* - NdisTapi *Deregistered* - Ndisuio *Deregistered* - NdisWan *Deregistered* - NDProxy *Deregistered* - NetBIOS *Deregistered* - NetBT *Deregistered* - Nla *Deregistered* - Npfs *Deregistered* - Ntfs *Deregistered* - Null *Deregistered* - PartMgr *Deregistered* - Pml Driver HPZ12 *Deregistered* - PptpMiniport *Deregistered* - PSched *Deregistered* - RasAcd *Deregistered* - Rasl2tp *Deregistered* - RasMan *Deregistered* - RasPppoe *Deregistered* - Raspti *Deregistered* - Rdbss *Deregistered* - RDPCDD *Deregistered* - RpcSs *Deregistered* - seclogon *Deregistered* - sr *Deregistered* - Srv *Deregistered* - ssmdrv *Deregistered* - swenum *Deregistered* - TapiSrv *Deregistered* - Tcpip *Deregistered* - TermDD *Deregistered* - TermService *Deregistered* - Update *Deregistered* - VgaSave *Deregistered* - VolSnap *Deregistered* - W32Time *Deregistered* - Wanarp *Deregistered* - WebClient *Deregistered* - wuauserv . Contenu du dossier 'Tâches planifiées' 2009-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-04-03 c:\windows\Tasks\Maintenance en 1 clic.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.sfr.fr/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htm IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-05 11:16:14 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwOpenFile Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(532) c:\windows\system32\Ati2evxx.dll c:\windows\system32\WININET.DLL . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\drivers\CDAC11BA.EXE c:\windows\system32\HPZipm12.exe . ************************************************************************** . Heure de fin: 2009-04-05 11:21:21 - La machine a redémarré ComboFix-quarantined-files.txt 2009-04-05 09:21:18 ComboFix2.txt 2009-04-04 20:43:45 Avant-CF: 42 105 761 792 octets libres Après-CF: 42,099,924,992 octets libres 510 --- E O F --- 2009-04-02 07:30:34 puis CureIt : avguard.exe c:\program files\avira\antivir desktop Win32.Virut.56 Désinfecté. sched.exe c:\program files\avira\antivir desktop Win32.Virut.56 Désinfecté. iexplore.exe c:\program files\internet explorer Win32.Virut.56 Désinfecté. explorer.exe c:\windows Win32.Virut.56 Désinfecté. spoolsv.exe c:\windows\system32 Win32.Virut.56 Désinfecté. svchost.exe c:\windows\system32 Win32.Virut.56 Désinfecté. Que dois-je faire pour l'antivirus? A bientôt
- 
	  SOS Infection (Résolu)catch1 a répondu à un(e) sujet de catch1 dans Analyses et éradication malwares Ai oublié de dire que tout fonctionne sans antivirus. Cela pose-t-il un problème?
- 
	  SOS Infection (Résolu)catch1 a répondu à un(e) sujet de catch1 dans Analyses et éradication malwares Bonjour, En mode normal les connections réseau n'existent plus. D'autre part, la barre des tâches(près de l'horloge) est pratiquement vide et de couleur grise(avant elle était bleue). Est-ce une indication utile?
- 
	  SOS Infection (Résolu)catch1 a répondu à un(e) sujet de catch1 dans Analyses et éradication malwares Bonsoir, Voici le rapport de WinFile Replace : WinFileRep - ver : 1.00 - by Loup blanc --------------------------- Microsoft Windows XP Service Pack 2 Français --------------------------- ============ Comparaison des fichiers avant remplacement ============ --------- Les fichiers "c:\WINDOWS\system32\svchost.exe" et "C:\FR-files\svchost.exe" sont différents... ----------- Les fichiers "c:\WINDOWS\system32\spoolsv.exe" et "C:\FR-files\spoolsv.exe" sont différents... ----------- Les fichiers "c:\WINDOWS\explorer.exe" et "C:\FR-files\explorer.exe" sont différents... ----------- ============ Comparaison après remplacement ============ ----------- Les fichiers "c:\WINDOWS\system32\svchost.exe" et "C:\FR-files\svchost.exe" sont identiques... Fichier "c:\WINDOWS\system32\svchost.backup" présent... Remplacement réussi ----------- Les fichiers "c:\WINDOWS\system32\spoolsv.exe" et "C:\FR-files\spoolsv.exe" sont identiques... Fichier "c:\WINDOWS\system32\spoolsv.backup" présent... Remplacement réussi ----------- Les fichiers "c:\WINDOWS\explorer.exe" et "C:\FR-files\explorer.exe" sont identiques... Fichier "c:\WINDOWS\explorer.backup" présent... Remplacement réussi ----------- Et voici celui de ComboFix : ComboFix 09-04-03.01 - HP_Propriétaire 2009-04-04 22:27:07.2 - NTFSx86 Lancé depuis: c:\documents and settings\HP_Propriétaire\Bureau\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\HP_Propriétaire\reader_s.exe c:\windows\services.exe c:\windows\system32\9.tmp c:\windows\system32\C.tmp c:\windows\system32\drivers\protect.sys c:\windows\system32\ndetect.exe c:\windows\system32\reader_s.exe c:\windows\system32\windres.exe c:\windows\system32\svchost.exe . . . est infecté!! c:\windows\system32\spoolsv.exe . . . est infecté!! c:\windows\explorer.exe . . . est infecté!! Une copie infectée de c:\windows\system32\drivers\ndis.sys a été trouvée et désinfectée opie restaurée à partir de - . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_PROTECT -------\Legacy_RESTORE -------\Service_protect -------\Service_restore ((((((((((((((((((((((((((((( Fichiers créés du 2009-03-04 au 2009-04-04 )))))))))))))))))))))))))))))))))))) . 2009-04-04 22:17 . 2009-04-04 22:17 64,512 --a------ c:\windows\system32\18.tmp 2009-04-04 22:17 . 2009-04-04 22:17 20,480 --a------ c:\windows\system32\17.tmp 2009-04-04 22:17 . 2009-04-04 22:17 164 --a------ c:\windows\system32\15.tmp 2009-04-04 21:58 . 2004-08-05 20:00 1,055,232 --a------ c:\windows\explorer.backup 2009-04-04 21:58 . 2004-08-05 20:00 76,800 --a------ c:\windows\system32\spoolsv.backup 2009-04-04 21:57 . 2004-08-05 20:00 33,280 --a------ c:\windows\system32\svchost.backup 2009-04-04 21:54 . 2009-04-04 22:24 <REP> d-------- C:\FR-files 2009-04-04 21:46 . 2009-04-04 21:58 <REP> d-------- C:\WinFileReplace 2009-04-04 20:26 . 2009-04-04 20:26 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR 2009-04-04 19:53 . 2009-04-04 19:53 11,452,389 --a------ c:\windows\services.ex_ 2009-04-04 19:51 . 2009-04-04 20:37 <REP> d-------- c:\windows\system32\drivers\Avg 2009-04-04 19:51 . 2009-04-04 20:45 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\AVGTOOLBAR 2009-04-04 19:51 . 2009-04-04 19:51 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys 2009-04-04 19:51 . 2009-04-04 19:51 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys 2009-04-04 19:51 . 2009-04-04 19:52 64,512 --a------ c:\windows\system32\13.tmp 2009-04-04 19:51 . 2009-04-04 19:51 10,520 --a------ c:\windows\system32\avgrsstx.dll 2009-04-04 16:47 . 2009-04-04 16:46 22,722,697 --a------ c:\windows\LPT$VPN.943 2009-04-04 16:46 . 2009-04-04 16:46 <REP> d-------- c:\windows\AU_Temp 2009-04-04 16:46 . 2009-04-04 16:46 22,722,697 --a------ c:\windows\VPTNFILE.943 2009-04-04 08:26 . 2009-02-13 11:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys 2009-04-04 08:25 . 2009-04-04 08:25 <REP> d-------- c:\program files\Avira 2009-04-04 08:25 . 2009-04-04 08:25 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-04-03 21:55 . 2009-04-04 05:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\DoctorWeb 2009-04-03 21:55 . 2009-04-04 05:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\DoctorWeb 2009-04-03 21:46 . 2009-04-03 21:46 0 --a------ C:\1C.tmp 2009-04-03 21:44 . 2009-04-03 21:44 0 --a------ C:\1B.tmp 2009-04-03 21:42 . 2009-04-03 21:42 0 --a------ C:\1A.tmp 2009-04-03 21:41 . 2009-04-03 21:44 153,088 --a------ C:\19.tmp 2009-04-03 21:40 . 2009-04-03 21:40 31,744 --a------ c:\windows\system32\12.tmp 2009-04-03 21:40 . 2009-04-03 21:40 124 --a------ c:\windows\system32\D.tmp 2009-04-03 08:35 . 2009-04-03 14:08 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\.ABC 2009-04-03 07:49 . 2009-04-03 07:49 29,696 --a------ c:\windows\system32\72.tmp 2009-04-03 07:49 . 2009-04-03 07:49 124 --a------ c:\windows\system32\6F.tmp 2009-04-03 07:24 . 2009-04-03 07:24 29,696 --a------ c:\windows\system32\10.tmp 2009-04-03 07:24 . 2009-04-03 07:24 124 --a------ c:\windows\system32\8.tmp 2009-04-03 07:18 . 2009-04-03 07:18 0 --a------ C:\F1.tmp 2009-04-03 07:16 . 2009-04-03 07:16 0 --a------ C:\F0.tmp 2009-04-03 07:15 . 2009-04-03 07:17 58,253 --a------ C:\EF.tmp 2009-04-03 07:14 . 2009-04-03 07:14 29,696 --a------ c:\windows\system32\EE.tmp 2009-04-03 07:14 . 2009-04-03 07:14 124 --a------ c:\windows\system32\EB.tmp 2009-04-03 07:07 . 1999-06-15 11:31 96,768 --a------ c:\windows\SlantAdj.dll 2009-04-03 07:07 . 1999-12-07 02:03 73,216 --a------ c:\windows\ADE.DLL 2009-04-03 07:07 . 1999-04-27 00:17 3,136 --a------ c:\windows\Ade001.bin 2009-04-03 07:07 . 2000-09-08 13:31 72 --------- c:\windows\system32\epDPE.ini 2009-04-03 06:58 . 2009-04-03 07:00 16,902 --a------ c:\windows\EPSTPLOG.BAK 2009-04-03 04:32 . 2009-04-03 04:32 123,613 --a------ C:\E.tmp 2009-04-03 04:31 . 2009-04-03 04:31 124 --a------ c:\windows\system32\6.tmp 2009-04-02 21:18 . 2009-04-02 21:18 124 --a------ c:\windows\system32\14.tmp 2009-04-02 20:41 . 2009-04-02 20:41 124 --a------ c:\windows\system32\11.tmp 2009-04-02 17:59 . 2009-04-02 17:59 124 --a------ c:\windows\system32\E.tmp 2009-04-02 17:20 . 2009-04-02 17:20 <REP> d-------- c:\program files\Sudoku 2009-04-02 16:51 . 2009-04-02 16:51 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Goto.Games 2009-04-02 16:46 . 2009-04-02 16:47 <REP> d-------- c:\program files\Objectif Tarot 2009-04-02 16:46 . 2009-04-02 16:46 150,528 --a------ c:\windows\system32\SpoonUninstall.exe 2009-04-02 16:46 . 2009-04-02 16:46 82,994 --a------ c:\windows\system32\SpoonUninstall-Objectif Tarot.bmp 2009-04-02 16:46 . 2009-04-02 16:46 1,722 --a------ c:\windows\system32\SpoonUninstall-Objectif Tarot.dat 2009-04-02 16:34 . 2009-04-02 16:34 <REP> d-------- c:\documents and settings\HP_Propriétaire\.bztarot 2009-04-02 16:34 . 2009-04-02 16:34 <REP> d-------- c:\documents and settings\HP_Propriétaire\.bztarot 2009-04-02 16:34 . 2009-04-02 16:34 8 --a------ c:\documents and settings\HP_Propriétaire\.bztarotcumul.dat 2009-04-02 16:34 . 2009-04-02 16:34 8 --a------ c:\documents and settings\HP_Propriétaire\.bztarotcumul.dat 2009-04-02 16:28 . 2009-04-03 21:59 98,304 --a------ c:\windows\system32\qttask.exe 2009-04-02 16:24 . 2004-02-17 10:11 53,248 --a------ c:\windows\system32\vp6dec_settings.cpl 2009-04-02 16:23 . 2003-08-18 05:10 122,880 --a------ c:\windows\system32\directx.cpl 2009-04-02 16:23 . 2003-03-25 05:49 106,544 --a------ c:\windows\system32\tweakui.cpl 2009-04-02 16:23 . 2003-03-25 05:49 98,304 --a------ c:\windows\system32\startup.cpl 2009-04-02 16:23 . 2003-03-25 05:49 51,238 --a------ c:\windows\system32\tweakui.hlp 2009-04-02 16:18 . 2004-05-25 16:06 417,792 --a------ c:\windows\system32\ac3filter.cpl 2009-04-02 16:10 . 2009-04-02 16:10 242,176 --a------ c:\windows\~INSX362.EX_ 2009-04-02 16:08 . 2009-04-02 16:08 124 --a------ c:\windows\system32\16.tmp 2009-04-02 16:07 . 2009-04-02 16:07 124 --a------ c:\windows\system32\B.tmp 2009-04-02 15:52 . 2009-04-02 15:52 <REP> d-------- C:\bases 2009-04-02 15:23 . 2009-04-02 15:23 124 --a------ c:\windows\system32\7F.tmp 2009-04-02 15:08 . 2009-04-02 15:08 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\vlc 2009-04-02 15:02 . 2009-04-02 15:02 124 --a------ c:\windows\system32\7.tmp 2009-04-02 14:53 . 2009-04-03 20:54 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Ahead 2009-04-02 12:50 . 2009-04-02 12:50 124 --a------ c:\windows\system32\5.tmp 2009-04-02 12:33 . 2009-04-02 12:33 124 --a------ c:\windows\system32\A.tmp 2009-04-02 12:23 . 2009-04-02 12:23 <REP> d-------- c:\windows\system32\fr-fr 2009-04-02 11:58 . 2009-04-02 11:58 <REP> d-------- C:\6761876ae56e766ef0e09bcba4e9d4b7 2009-04-02 11:43 . 2009-04-02 11:43 124 --a------ c:\windows\system32\2.tmp 2009-04-02 11:39 . 2009-04-04 16:26 <REP> d-------- c:\program files\Spamihilator 2009-04-02 11:24 . 2009-04-02 11:25 124 --a------ c:\windows\system32\4.tmp 2009-04-02 11:11 . 2009-04-02 11:11 0 --a------ C:\D.tmp 2009-04-02 11:07 . 2009-04-02 11:07 124 --a------ c:\windows\system32\3.tmp 2009-04-02 11:01 . 2009-04-04 18:43 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Spamihilator 2009-04-02 10:57 . 2009-04-02 10:57 130,813 --a------ C:\F3.tmp 2009-04-02 10:39 . 2009-04-02 10:39 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Microsoft Web Folders 2009-04-02 10:35 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2009-04-02 10:32 . 2003-05-14 01:00 131,072 --a------ c:\windows\system32\Epcmlib.dll 2009-04-02 10:31 . 2001-11-02 15:10 184,320 --a------ c:\windows\system32\PhotoImpression Screen Saver.scr 2009-04-02 09:58 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys 2009-04-02 09:58 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2009-04-02 09:57 . 2003-05-23 03:06 73,869 --a------ c:\windows\system32\EBPMON24.DLL 2009-04-02 09:57 . 2003-05-21 04:27 64,000 --a------ c:\windows\system32\ECBTEG.DLL 2009-04-02 09:57 . 2009-04-03 21:58 39,936 --a------ c:\windows\system32\drivers\CDAC11BA.EXE 2009-04-02 09:57 . 2000-06-07 03:01 34,304 --a------ c:\windows\system32\EBPCHP.DLL 2009-04-02 09:57 . 2001-09-04 04:04 182 --a------ c:\windows\system32\EBPPORT4.DAT 2009-04-02 09:56 . 2009-04-02 09:56 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\ABBYY 2009-04-02 09:54 . 2003-04-02 00:00 217,088 --a------ c:\windows\system32\esdtr.dll 2009-04-02 09:54 . 2001-11-15 00:00 47,104 --a------ c:\windows\system32\escimgd.dll 2009-04-02 09:54 . 2002-06-20 00:00 32,256 --a------ c:\windows\system32\escwiad.dll 2009-04-02 09:54 . 2002-06-20 00:00 22,528 --a------ c:\windows\system32\esccmd.dll 2009-04-02 09:47 . 2009-04-02 09:47 124 --a------ c:\windows\system32\F.tmp 2009-04-02 07:43 . 2009-04-02 07:43 0 --a------ C:\C3.tmp 2009-04-02 06:54 . 2009-04-04 21:49 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Orbit 2009-04-02 06:50 . 2009-04-02 06:50 172,032 --a------ c:\windows\system32\AniGIF.ocx 2009-04-02 06:36 . 2009-04-02 06:36 124 --a------ c:\windows\system32\99.tmp 2009-04-02 06:36 . 2009-04-02 06:36 0 --a------ c:\windows\system32\9D.tmp 2009-04-02 06:35 . 1997-09-28 14:22 92,672 --a------ c:\windows\system32\COMDLG32.OCX 2009-04-02 06:35 . 1997-09-28 14:22 37,376 --a------ c:\windows\system32\VbVfw.dll 2009-04-02 03:09 . 2009-04-02 03:31 <REP> d-------- c:\windows\system32\CatRoot_bak 2009-04-02 03:06 . 2008-08-14 15:44 2,182,400 --------- c:\windows\system32\dllcache\ntoskrnl.exe 2009-04-02 03:06 . 2008-08-14 15:44 2,138,112 --------- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-04-02 03:06 . 2008-08-14 15:44 2,059,776 --------- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-04-02 03:06 . 2008-08-14 15:44 2,017,792 --------- c:\windows\system32\dllcache\ntkrpamp.exe 2009-04-02 03:03 . 2008-10-24 13:10 453,632 --------- c:\windows\system32\dllcache\mrxsmb.sys 2009-04-02 03:01 . 2006-09-06 16:43 22,752 --a------ c:\windows\system32\spupdsvc.exe 2009-04-02 01:10 . 2008-06-14 19:59 272,768 --------- c:\windows\system32\drivers\bthport.sys 2009-04-02 01:10 . 2008-06-14 19:59 272,768 --------- c:\windows\system32\dllcache\bthport.sys 2009-04-02 01:07 . 2009-04-02 01:07 8,192 --a------ c:\windows\system32\edb.chk 2009-04-02 01:06 . 2005-01-02 03:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\WINDOWS 2009-04-02 01:06 . 2005-01-02 03:48 <REP> d-------- c:\documents and settings\HP_Propriétaire\WINDOWS 2009-04-02 01:06 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage réseau 2009-04-02 01:06 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage réseau 2009-04-02 01:06 . 2004-11-24 03:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Voisinage d'impression . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-04 20:26 182,912 ----a-w c:\windows\system32\drivers\ndis.sys 2009-04-04 18:33 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-04-04 14:46 91,744 -c--a-w c:\windows\BPMNT.dll 2009-04-04 14:46 1,213,784 -c--a-w c:\windows\vsapi32.dll 2009-04-04 14:45 69,689 -c--a-w c:\windows\UNZIP.DLL 2009-04-04 14:45 507,904 -c--a-w c:\windows\TMUPDATE.DLL 2009-04-04 10:21 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-04-03 20:00 --------- d-----w c:\program files\DAP 2009-04-03 19:58 57,344 ----a-w c:\windows\ALCXMNTR.EXE 2009-04-03 15:50 --------- d-----w c:\program files\Microsoft Money 2009-04-03 06:35 --------- d-----w c:\program files\ABC 2009-04-03 05:10 --------- d-----w c:\program files\Smart Panel 2009-04-03 05:09 --------- d--h--w c:\program files\InstallShield Installation Information 2009-04-03 04:58 --------- d-----w c:\program files\EPSON 2009-04-02 20:32 --------- d-----w c:\program files\AsfTools 2009-04-02 14:34 --------- d-----w c:\program files\BzTarot 2009-04-02 14:28 --------- d-----w c:\program files\Quicktime 2009-04-02 14:26 --------- d-----w c:\program files\ACE Mega CoDecS Pack 2009-04-02 13:48 --------- d-----w c:\program files\ACD Systems 2009-04-02 13:36 --------- d-----w c:\program files\Microsoft Bootvis 2009-04-02 11:57 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-04-02 09:37 --------- d-----w c:\program files\Orbitdownloader 2009-04-02 08:58 --------- d-----w c:\program files\Eliminate Spam! 2009-04-02 08:38 --------- d-----w c:\program files\microsoft frontpage 2009-04-02 04:57 --------- d-----w c:\program files\A.S.C 2009-04-02 04:36 --------- d-----w c:\program files\PeckJoin 2009-04-02 03:56 --------- d-----w c:\program files\CCleaner 2009-04-02 03:53 --------- d-----w c:\program files\Easy Internet signup 2009-04-01 23:08 --------- d-----w c:\program files\Symantec 2009-04-01 23:08 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-04-01 07:25 71,749 -c--a-w c:\windows\hcextoutput.dll 2009-04-01 07:25 368,709 -c--a-w c:\windows\tsc.exe 2009-04-01 03:45 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-04-01 00:18 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-31 05:50 --------- d-----w c:\program files\eMule 2009-03-28 10:26 --------- d-----w c:\program files\TomTom HOME 2 2009-03-18 15:38 --------- d-----w c:\program files\Tomtomax Maxi-Box 2009-03-18 13:34 --------- d-----w c:\program files\Yahoo! 2009-02-22 09:26 --------- d-----w c:\program files\WinAVI Video Converter 9.0 2009-02-16 14:17 --------- d-----w c:\program files\Video Strip Poker Full Version - NICOLE 2005-05-13 15:12 217,073 --sha-r c:\windows\meta4.exe 2007-01-28 18:20 22 --sha-w c:\windows\SMINST\HPCD.sys 2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll . ------- Sigcheck ------- 2004-08-05 20:00 33280 f2e9e2bb32afa47558ed88a19c00d32a c:\windows\$NtServicePackUninstall$\svchost.exe 2008-04-14 04:34 33280 4d185cc4379906b3131dfeb549a2a27e c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\svchost.exe 2008-04-14 04:34 33280 d938f7919cdae924800ff857482dd052 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\svchost.exe 2004-08-05 20:00 33280 b64728c2d7811feafca419971a66e77a c:\windows\system32\svchost.exe 2004-08-19 16:10 33280 e76f08a97b7a2bda73b45cabf4d0da61 c:\windows\system32\dllcache\svchost.exe 2004-08-05 20:00 1055232 1106938394d8b4ff93a3e39ac94de537 c:\windows\explorer.exe 2007-06-13 15:10 1056256 6e77d2e39fdf839e2475406b0e854d9f c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-05 20:00 1055232 678e4eae8ed8741191bac5743157f12f c:\windows\$NtServicePackUninstall$\explorer.exe 2004-08-05 20:00 1055232 3a52c5525902fb158b435f5dcc9764fe c:\windows\$NtUninstallKB938828$\explorer.exe 2008-04-14 04:34 1056768 58f989c78fcfa836ac446b39a9e49d0c c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\explorer.exe 2008-04-14 04:34 1056768 2a6361367c665bec3f2b31c423af2cf8 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\explorer.exe 2004-08-19 16:09 1055232 25ab848cad24b4e7ce74167edf1aefc8 c:\windows\system32\dllcache\explorer.exe 2004-08-05 20:00 34304 ecf932debc3adb435a516f58ddffec9d c:\windows\$NtServicePackUninstall$\ctfmon.exe 2008-04-14 04:33 34304 8181a7405cfba23178508c8b837e1333 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ctfmon.exe 2008-04-14 04:33 34304 330f39a904e20672ffc4a035fb3e78af c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ctfmon.exe 2009-04-03 21:58 15360 14f3132dc8d481eba108ba9e2cf1389e c:\windows\system32\ctfmon.exe 2004-08-05 20:00 34304 9b8145273b153cba00630a03f3ffd31c c:\windows\system32\dllcache\ctfmon.exe 2005-06-11 02:17 76800 101d417010dee6004a41675dad35b720 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe 2004-08-05 20:00 76800 68167077066c4e7712b48d0268a46130 c:\windows\$NtServicePackUninstall$\spoolsv.exe 2004-08-05 20:00 76800 67a22c54ac31dc3b94a01db45d77b642 c:\windows\$NtUninstallKB896423$\spoolsv.exe 2008-04-14 04:34 76800 59d0d18b7cd8d3811282751758e94372 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\spoolsv.exe 2008-04-14 04:34 76800 9beabc5acd60828b61be65231878f7a5 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\spoolsv.exe 2004-08-05 20:00 76800 72a3d83bbf4465545e482a8de7cb68d1 c:\windows\system32\spoolsv.exe 2004-08-19 16:10 76800 ab2ca4a6307c714213ea4be8d0da93d3 c:\windows\system32\dllcache\spoolsv.exe 2004-08-05 20:00 44032 340283e6986ec63596f2e16d06e21279 c:\windows\$NtServicePackUninstall$\userinit.exe 2008-04-14 04:34 45568 26bf6b49401333ff2d061a47ccfb90f5 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\userinit.exe 2008-04-14 04:34 45568 4cf572364737db447420c278abdfab49 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\userinit.exe 2009-04-03 21:59 25088 1fa37ceb2e7eb9fc851d14ad1a56a335 c:\windows\system32\userinit.exe 2004-08-05 20:00 44032 7e493f374f6fda57e47bc498a9ba9bf3 c:\windows\system32\dllcache\userinit.exe . ((((((((((((((((((((((((((((( SnapShot@2009-04-04_19.07.46.53 ))))))))))))))))))))))))))))))))))))))))) . - 2009-04-04 16:47:55 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-04-04 20:17:33 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-04-04 16:47:55 49,152 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2009-04-04 20:17:33 49,152 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat - 2009-04-04 16:47:55 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012009040420090405\index.dat + 2009-04-04 20:17:33 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012009040420090405\index.dat - 2009-04-02 14:08:17 213,376 ----a-w c:\windows\system32\dllcache\ndis.sys + 2009-04-04 17:53:17 213,376 ----a-w c:\windows\system32\dllcache\ndis.sys + 2009-04-04 17:51:25 27,656 ----a-w c:\windows\system32\drivers\avgmfx86.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-04-03 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2009-04-03 139264] c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2009-04-03 57344] c:\documents and settings\Administrateur.CHRIS\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2009-04-03 57344] c:\documents and settings\Administrateur.NOM-EB85C523610.000\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2009-04-03 57344] c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2009-04-03 57344] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-04-04 19:51 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.iac2"= c:\progra~1\ACEMEG~1\SystemS\Intel\iac25_32.ax "msacm.sl_anet"= c:\progra~1\ACEMEG~1\SystemS\sl_anet.acm "vidc.yv12"= c:\progra~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL "vidc.divx"= c:\progra~1\ACEMEG~1\SystemS\DivX\DivX520.dll "vidc.iyuv"= c:\progra~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll "vidc.yvu9"= c:\progra~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll "msacm.msadpcm"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msadp32.acm "msacm.imaadpcm"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\imaadp32.acm "msacm.msg711"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msg711.acm "msacm.msg723"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msg723.acm "msacm.msgsm610"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msgsm32.acm "vidc.m261"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msh261.drv "vidc.m263"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msh263.drv "vidc.i420"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msh263.drv "vidc.mrle"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msrle32.dll "vidc.uyvy"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msyuv.dll "vidc.yuy2"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msyuv.dll "vidc.yvyu"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msyuv.dll "vidc.msvc"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msvidc32.dll "vidc.cram"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msvidc32.dll "vidc.mpg4"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp41"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp42"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp43"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp4s"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.mp4v"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\mpg4c32.dll "vidc.wmv3"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\WMV9VCM.dll "msacm.msaudio1"= c:\progra~1\ACEMEG~1\SystemS\MICROS~2\msaud32.acm "vidc.vp30"= c:\progra~1\ACEMEG~1\SystemS\ON2TEC~2\vp31vfw.dll "vidc.vp31"= c:\progra~1\ACEMEG~1\SystemS\ON2TEC~2\vp31vfw.dll "vidc.vp60"= c:\progra~1\ACEMEG~1\SystemS\ON2TEC~2\vp6vfw.dll "vidc.vp61"= c:\progra~1\ACEMEG~1\SystemS\ON2TEC~2\vp6vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY] --a------ 2009-04-04 19:51 1932568 c:\progra~1\AVG\AVG8\avgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "avg8wd"=2 (0x2) "avg8emc"=2 (0x2) "AntiVirService"=2 (0x2) "AntiVirSchedulerService"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= R1 ethbsxni;ethbsxni; [x] R1 ethzqbeq;ethzqbeq; [x] R4 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289] R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-04 298264] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-04 325640] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-04 107912] --- Autres Services/Pilotes en mémoire --- *Deregistered* - AFD *Deregistered* - Arp1394 *Deregistered* - Ati HotKey Poller *Deregistered* - audstub *Deregistered* - avgio *Deregistered* - AvgLdx86 *Deregistered* - AvgMfx86 *Deregistered* - avgntflt *Deregistered* - AvgTdiX *Deregistered* - avipbb *Deregistered* - Beep *Deregistered* - Browser *Deregistered* - C-DillaCdaC11BA *Deregistered* - Cdfs *Deregistered* - CryptSvc *Deregistered* - Fastfat *Deregistered* - FastUserSwitchingCompatibility *Deregistered* - Fips *Deregistered* - FltMgr *Deregistered* - Ftdisk *Deregistered* - Gpc *Deregistered* - IpNat *Deregistered* - IPSec *Deregistered* - KSecDD *Deregistered* - lanmanserver *Deregistered* - lanmanworkstation *Deregistered* - LmHosts *Deregistered* - mnmdd *Deregistered* - MountMgr *Deregistered* - MRxDAV *Deregistered* - MRxSmb *Deregistered* - Msfs *Deregistered* - mssmbios *Deregistered* - Mup *Deregistered* - NDIS *Deregistered* - NdisTapi *Deregistered* - Ndisuio *Deregistered* - NdisWan *Deregistered* - NDProxy *Deregistered* - NetBIOS *Deregistered* - NetBT *Deregistered* - Npfs *Deregistered* - Ntfs *Deregistered* - Null *Deregistered* - PartMgr *Deregistered* - Pml Driver HPZ12 *Deregistered* - PptpMiniport *Deregistered* - PSched *Deregistered* - RasAcd *Deregistered* - Rasl2tp *Deregistered* - RasMan *Deregistered* - RasPppoe *Deregistered* - Raspti *Deregistered* - Rdbss *Deregistered* - RDPCDD *Deregistered* - RpcSs *Deregistered* - seclogon *Deregistered* - sr *Deregistered* - Srv *Deregistered* - ssmdrv *Deregistered* - swenum *Deregistered* - TapiSrv *Deregistered* - Tcpip *Deregistered* - TermDD *Deregistered* - TermService *Deregistered* - Update *Deregistered* - VgaSave *Deregistered* - VolSnap *Deregistered* - W32Time *Deregistered* - Wanarp *Deregistered* - WebClient *Deregistered* - wuauserv . Contenu du dossier 'Tâches planifiées' 2009-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-04-04 c:\windows\Tasks\el.job - c:\windows\system32\regsvr32.exe [2009-04-03 21:59] 2009-04-04 c:\windows\Tasks\elu.job - c:\windows\system32\cmd.exe [2009-04-03 21:58] 2009-04-03 c:\windows\Tasks\Maintenance en 1 clic.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [] . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-services - c:\windows\services.exe HKLM-Run-1257 - c:\windows\system32\17.tmp.exe HKU-Default-Run-reader_s - c:\documents and settings\HP_Propriétaire\reader_s.exe HKU-Default-Run-services - c:\windows\services.exe HKLM-Explorer_Run-services - c:\windows\services.exe HKCU-Explorer_Run-services - c:\windows\services.exe HKU-Default-Explorer_Run-services - c:\windows\services.exe . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.sfr.fr/kit/adsl/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htm IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-04 22:38:25 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwOpenFile Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(536) c:\windows\system32\Ati2evxx.dll c:\windows\system32\WININET.DLL . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\drivers\CDAC11BA.EXE c:\windows\system32\HPZipm12.exe . ************************************************************************** . Heure de fin: 2009-04-04 22:43:44 - La machine a redémarré ComboFix-quarantined-files.txt 2009-04-04 20:43:40 Avant-CF: 42 088 071 168 octets libres Après-CF: 42,078,277,632 octets libres 457 --- E O F --- 2009-04-02 07:30:34 A part ça, pour l'instant j'ai perdu la connection internet en mode normal. Pour envoyer ce message, je fonctionne en mode sans échec avec prise en charge réseau. Bonne nuit
