Plus accès à internet / plus de copier-coller....help!

[Tsarinka]

"J'arrive à présent à aller sur l'ordi depuis le 2ème syst d'exploitation "

 

Pardon... je voulais dire : j'arrive à aller sur internet depuis le 2ème syst d'exploitation!

[Tsarinka]

Voici l'analyse de sysprot...

 

SysProt AntiRootkit v1.0.1.0

by swatkat

 

********************************************************************************

**********

********************************************************************************

**********

 

No Hidden Processes found

 

********************************************************************************

**********

********************************************************************************

**********

Kernel Modules:

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys

Service Name: ---

Module Base: B588F000

Module End: B58A7000

Hidden: Yes

 

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS

Service Name: ---

Module Base: BA5E4000

Module End: BA5E6000

Hidden: Yes

 

********************************************************************************

**********

********************************************************************************

**********

SSDT:

Function Name: ZwCreateKey

Address: BA78EC5E

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwCreateThread

Address: BA78EC54

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwDeleteKey

Address: BA78EC63

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwDeleteValueKey

Address: BA78EC6D

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwLoadKey

Address: BA78EC72

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwOpenProcess

Address: BA78EC40

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwOpenThread

Address: BA78EC45

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwReplaceKey

Address: BA78EC7C

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwRestoreKey

Address: BA78EC77

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwSetValueKey

Address: BA78EC68

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwTerminateProcess

Address: BA78EC4F

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

********************************************************************************

**********

********************************************************************************

**********

Kernel Hooks:

Hooked Function: ZwYieldExecution

At Address: 80504ABC

Jump To: B59A47C7

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwUnmapViewOfSection

At Address: 805B1C4C

Jump To: B59A47F3

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwUnloadKey

At Address: 80620F32

Jump To: B59A4906

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwSetInformationProcess

At Address: 805CCBAA

Jump To: B59A4775

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwSetContextThread

At Address: 805D0456

Jump To: B59A4789

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwRenameKey

At Address: 80621FE4

Jump To: B59A4866

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwQueryValueKey

At Address: 80620664

Jump To: B59A48AE

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwQueryMultipleValueKey

At Address: 8062178C

Jump To: B59A48C4

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwQueryKey

At Address: 80623CA0

Jump To: B59A4962

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwProtectVirtualMemory

At Address: 805B7222

Jump To: B59A47B1

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwOpenKey

At Address: 80623960

Jump To: B59A4820

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwNotifyChangeKey

At Address: 806242E0

Jump To: B59A491C

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwMapViewOfSection

At Address: 805B0E3E

Jump To: B59A47DD

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwEnumerateValueKey

At Address: 80623074

Jump To: B59A48DA

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwEnumerateKey

At Address: 80622E0A

Jump To: B59A48F0

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwCreateProcessEx

At Address: 805CFE96

Jump To: B59A475F

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwCreateProcess

At Address: 805CFF4C

Jump To: B59A474B

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwCreateFile

At Address: 80577F76

Jump To: B59A479D

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: PsCreateSystemThread

At Address: 805CFE96

Jump To: B59A475F

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: PsCreateSystemProcess

At Address: 805CFF4C

Jump To: B59A474B

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

********************************************************************************

**********

********************************************************************************

**********

No IRP Hooks found

 

********************************************************************************

**********

********************************************************************************

**********

Ports:

Local Address: DB8FC83J:NETBIOS-SSN

Remote Address: 0.0.0.0:0

Type: TCP

Process: System

State: LISTENING

 

Local Address: DB8FC83J:27015

Remote Address: LOCALHOST:1043

Type: TCP

Process: C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

State: ESTABLISHED

 

Local Address: DB8FC83J:27015

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

State: LISTENING

 

Local Address: DB8FC83J:5354

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Program Files\Bonjour\mDNSResponder.exe

State: LISTENING

 

Local Address: DB8FC83J:4664

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

State: LISTENING

 

Local Address: DB8FC83J:1043

Remote Address: LOCALHOST:27015

Type: TCP

Process: C:\Program Files\iTunes\iTunesHelper.exe

State: ESTABLISHED

 

Local Address: DB8FC83J:1034

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\WINDOWS\system32\alg.exe

State: LISTENING

 

Local Address: DB8FC83J:7002

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

State: LISTENING

 

Local Address: DB8FC83J:7001

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

State: LISTENING

 

Local Address: DB8FC83J:6646

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe

State: LISTENING

 

Local Address: DB8FC83J:6002

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

State: LISTENING

 

Local Address: DB8FC83J:MICROSOFT-DS

Remote Address: 0.0.0.0:0

Type: TCP

Process: System

State: LISTENING

 

Local Address: DB8FC83J:EPMAP

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\WINDOWS\system32\svchost.exe

State: LISTENING

 

Local Address: DB8FC83J:6646

Remote Address: NA

Type: UDP

Process: C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe

State: NA

 

Local Address: DB8FC83J:6001

Remote Address: NA

Type: UDP

Process: C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

State: NA

 

Local Address: DB8FC83J:5353

Remote Address: NA

Type: UDP

Process: C:\Program Files\Bonjour\mDNSResponder.exe

State: NA

 

Local Address: DB8FC83J:1900

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\svchost.exe

State: NA

 

Local Address: DB8FC83J:138

Remote Address: NA

Type: UDP

Process: System

State: NA

 

Local Address: DB8FC83J:NETBIOS-NS

Remote Address: NA

Type: UDP

Process: System

State: NA

 

Local Address: DB8FC83J:123

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\svchost.exe

State: NA

 

Local Address: DB8FC83J:6001

Remote Address: NA

Type: UDP

Process: C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

State: NA

 

Local Address: DB8FC83J:1900

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\svchost.exe

State: NA

 

Local Address: DB8FC83J:1042

Remote Address: NA

Type: UDP

Process: C:\Program Files\Dell Support Center\bin\sprtcmd.exe

State: NA

 

Local Address: DB8FC83J:1040

Remote Address: NA

Type: UDP

Process: C:\Program Files\RiseFly\BestSync 2009\BestSyncApp.exe

State: NA

 

Local Address: DB8FC83J:1030

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\svchost.exe

State: NA

 

Local Address: DB8FC83J:123

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\svchost.exe

State: NA

 

Local Address: DB8FC83J:7001

Remote Address: NA

Type: UDP

Process: C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

State: NA

 

Local Address: DB8FC83J:4500

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\lsass.exe

State: NA

 

Local Address: DB8FC83J:1025

Remote Address: NA

Type: UDP

Process: C:\Program Files\Bonjour\mDNSResponder.exe

State: NA

 

Local Address: DB8FC83J:500

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\lsass.exe

State: NA

 

Local Address: DB8FC83J:MICROSOFT-DS

Remote Address: NA

Type: UDP

Process: System

State: NA

 

********************************************************************************

**********

********************************************************************************

**********

Hidden files/folders:

Object: C:\Documents and Settings\Morgane\Local Settings\Application Data\Microsoft\Messenger\missmorganelaura@hotmail.com\SharingMetadata\hakimb_06@hotmail.com\DFSR\Staging\CS{9D3C4947-CE16-7FF6-2AE2-54E7553A384B}\01\11-{9D3C4947-CE16-7FF6-2AE2-54E7553A384B}-v1-

Status: Hidden

 

Object: C:\Documents and Settings\Morgane\Local Settings\Application Data\Microsoft\Messenger\missmorganelaura@hotmail.com\SharingMetadata\hakimb_06@hotmail.com\DFSR\Staging\CS{9D3C4947-CE16-7FF6-2AE2-54E7553A384B}\11\76-{6BFE343A-10FA-4043-9F8D-9BE49F2A494D}-v11

Status: Hidden

 

Object: C:\System Volume Information\MountPointManagerRemoteDatabase

Status: Access denied

 

Object: C:\System Volume Information\tracking.log

Status: Access denied

 

Object: C:\System Volume Information\_restore{22D99DAC-2107-4F2B-B868-9D4FC8CD04DE}

Status: Access denied

 

Object: C:\System Volume Information\_restore{5F4C7F14-6F8F-4BD9-A14E-521C9B5B15CA}

Status: Access denied

[pear]

Bonjour,

 

Sysprot voit cela:

Hooked Function: ZwYieldExecution

At Address: 80504ABC

Jump To: B59A47C7

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

La recherche sur Google met en cause McAfee dans pratiquement tous les cas.

Je vous suggère de le désinstaller.

Vous pourrez toujours par la suite en installer une version corrigée si vous y tenez(McAfee, ce n'est pas le top)

 

Cela fait, je vois que vous êtes sous Xp sp2.

 

Microsoft rappelle que le support de Windows XP SP2 arrive à échéance le 13 juillet prochain.

Au dela de cette date,il n'y aura donc plus de mises à jour de sécurité pour ce système d'exploitation.

 

Une installation du sp3 (à télécharger chez Microsoft)devrait régler le problème.

Le support en est assuré jusqu'en 2014.

Modifié le 10 mai 2010 par pear