Se connecter avec
S'enregistrer | Connectez-vous
Votre question

Edt.exe

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
Partagez
6 Juin 2010 13:00:08

Bonjour,quelqu'un aurait-il l'amabilité de me dire qu'est ce qu'est edt.exe :??: 
je travaillais sur mon ordinateur hors connexion quand il se met à ramer sérieusement à la limite du blocage. mon indicateur d'activité du cpu m'indique une activité du processeur de 100%. Je vais faire un tour dans le gestionnaire des taches et je vois qu'effectivement que "windows explorer" et "edt.exe" se partagent le processus à 50% chacun. ceci ne voulait pas finir jusqu'à ce que je redémarre le pc pour que tout rentre dans l'ordre.
Est-ce que tout cela est normal? merci pour votre patience ;) 

Autres pages sur : edt exe

6 Juin 2010 23:21:04

Bonsoir
On va voir...
1
Télécharge DDS et sauvegarde-le sur ton bureau.
  • Désactive tout script bloquant, tel q'un antivirus, un logiciel comme ad-block, noscript etc.
  • Double-clique sur dds.scr pour lancer l'outil.
  • Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
  • Clique Oui à la prochaine invite Optional Scan.
  • Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.
    2
    Télécharge GMER à partir de ce lien : http://www.gmer.net/files.php - clic sur "Download EXE" et télécharge le fichier sur ton bureau.
    Voir le tutorial GMER, ça peut peut-être t'aider : http://www.malekal.com/tutorial_GMER.php

  • Désactive tes logiciels de protection (antivirus, antispyware etc) et ferme tous les programmes ouverts.
  • Double-clique sur le fichier GMER téléchargé.
    IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
  • Clique sur l'onglet "rootkit"
  • A droite, coche tout.
  • Clique maintenant sur Scan.
  • Lorsque le scan est terminé, clique sur Copy.
  • Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
    Le rapport doit alors apparaître.
  • Enregistre le fichier sur ton Bureau et poste le contenu ici.


    ++++++++++++++++++++++++
    9 Juin 2010 16:43:31

    Bonjour SHAM_ROCK

    C'est sympa de me répondre et je te remercie infiniment.

    Oui j'ai tardé à répondre car le PC dont je parle est à la maison où je ne suis pas connecté. Alors tu vois un peu le travail, je lis et télécharge tout ce que tu me dis au bureau et l'applique at home.
    voila je poste le texte dds et ensuite le rapport GMER (sacrement long mon vieux).


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Administrateur at 23:55:01,92 on 08/06/2010
    Internet Explorer: 6.0.2900.2180
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2039.1555 [GMT 1:00]

    AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
    C:\Program Files\VIDAL\Communs\VIDAL.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WinRoll\winroll.exe
    C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Microsoft Etudes\Microsoft Encarta 2009 - Études DVD\EDICT.EXE
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Administrateur\Bureau\EDT TUTO\dds.scr

    ============== Pseudo HJT Report ===============

    uWindow Title = Windows Internet Explorer
    uInternet Connection Wizard,ShellNext = iexplore
    uURLSearchHooks: Share Accelerator MM Toolbar: {4596013b-6c31-408b-a266-deae5c086dc2} - c:\program files\share_accelerator_mm\tbShar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Share Accelerator MM Toolbar: {4596013b-6c31-408b-a266-deae5c086dc2} - c:\program files\share_accelerator_mm\tbShar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Systran40premi.IEPlugIn: {cfb25594-4d5f-11d6-ab7b-00b0d094b576} - c:\program files\systran\4_0\premium\IEPlugIn.dll
    TB: Share Accelerator MM Toolbar: {4596013b-6c31-408b-a266-deae5c086dc2} - c:\program files\share_accelerator_mm\tbShar.dll
    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
    TB: {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No File
    EB: {9455301C-CF6B-11D3-A266-00C04F689C50} - No File
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\fichiers communs\ahead\lib\NMBgMonitor.exe"
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [WinRoll] c:\program files\winroll\winroll.exe
    uRun: [SkinClock] c:\program files\clock tray skins\ClockTraySkins.exe
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
    uRun: [L09FXLRD_10794625] "c:\program files\microsoft etudes\microsoft encarta 2009 - études dvd\EDICT.EXE" -m
    uRun: [Spn2006] c:\spn\edt.exe stw
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [SkyTel] SkyTel.EXE
    mRun: [AutorunRemover.exe] c:\program files\autorunremover\AutorunRemover.exe -Hide
    mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 7.0\avp.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\fichiers communs\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"
    mRun: [EPSON Stylus C79 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibgp.exe /fu "c:\windows\temp\E_S8B.tmp" /EF "HKLM"
    mRun: [EPSON Stylus C79 Series (Copie 1)] c:\windows\system32\spool\drivers\w32x86\3\e_fatibgp.exe /fu "c:\windows\temp\E_S122.tmp" /EF "HKLM"
    mRun: [USB Antivirus] c:\program files\usb disk security\USBGuard.exe
    mRun: [vdlDeamon] c:\program files\vidal\communs\VIDAL.exe
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    uPolicies-explorer: HonorAutoRunSetting = 0 (0x0)
    mPolicies-explorer: HonorAutoRunSetting = 0 (0x0)
    IE: Ajouter à Kaspersky Anti-Bannière - c:\program files\kaspersky lab\kaspersky internet security 7.0\ie_banner_deny.htm
    IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 7.0\SCIEPlgn.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\fichiers communs\microsoft shared\encarta search bar\ENCSBAR.DLL
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    Notify: igfxcui - igfxdev.dll
    Notify: klogon - c:\windows\system32\klogon.dll
    AppInit_DLLs: c:\progra~1\kasper~1\kasper~1.0\adialhk.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\fichiers communs\lightscribe\LSRunOnce.exe"

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\8955rzy4.default\
    FF - prefs.js: browser.search.selectedEngine - DAEMON Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.GOOGLE.FR
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2007-4-28 110360]
    R1 klif;Klif;c:\windows\system32\drivers\klif.sys [2007-5-18 185616]
    R2 AVP;Kaspersky Internet Security 7.0;c:\program files\kaspersky lab\kaspersky internet security 7.0\avp.exe [2007-5-19 218640]
    R2 LF30FS;LF30FS;c:\program files\everstrike software\lock folder xp 3.6\LF30XP.sys [2004-11-19 101488]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-4-4 24344]
    S2 bzymaojjg;Security Installer;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
    S2 ushecizm;Update Center;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
    S3 jfdcd;jfdcd;\??\c:\docume~1\admini~1\locals~1\temp\jfdcd.sys --> c:\docume~1\admini~1\locals~1\temp\jfdcd.sys [?]

    =============== Created Last 30 ================

    2010-06-06 22:43:24 0 d-----w- c:\program files\Conjugaison
    2010-06-03 22:56:06 3 ----a-w- c:\windows\cfsywin32.sys
    2010-06-03 22:42:34 0 d-----w- C:\Spn
    2010-06-01 21:18:05 0 d-----w- c:\program files\USB Disk Security
    2010-06-01 20:17:38 116 ----a-w- c:\windows\Tiny_Run.ini
    2010-05-31 21:43:32 380928 ----a-w- c:\windows\system32\AviSplitter.ax
    2010-05-31 21:41:03 0 d-----w- c:\program files\MUSK Codec Pack v6
    2010-05-30 22:45:35 0 d-----w- c:\program files\File Restore Professional
    2010-05-30 22:39:43 167 ----a-w- c:\windows\ASYM.ini
    2010-05-30 22:39:32 0 d-----w- c:\windows\Asym
    2010-05-30 22:39:30 0 d-----w- c:\program files\fichiers communs\Borland Shared
    2010-05-30 22:25:38 3932214 ----a-w- c:\windows\Administrateur.bmp
    2010-05-30 21:49:08 0 d-----w- c:\program files\Total Video Converter
    2010-05-28 22:28:00 0 d-----w- c:\program files\world atlas
    2010-05-28 22:23:19 0 d-----w- c:\program files\DAEMON Tools Toolbar
    2010-05-28 22:23:17 0 d-----w- c:\program files\DAEMON Tools Lite
    2010-05-28 20:42:23 27958 ----a-w- c:\windows\system32\SpoonUninstall-dBpowerAMP Musepack Codec.bmp
    2010-05-28 20:42:22 3451 ----a-w- c:\windows\system32\SpoonUninstall-dBpowerAMP Musepack Codec.dat
    2010-05-27 20:29:15 0 d-----w- c:\docume~1\alluse~1\applic~1\Zbshareware Lab
    2010-05-27 10:31:44 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
    2010-05-27 10:31:44 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2010-05-27 10:15:52 0 d-----w- c:\docume~1\alluse~1\applic~1\UDL
    2010-05-27 10:13:10 25 ----a-w- c:\windows\CDE C79ERUK.ini
    2010-05-27 09:44:27 0 d-----w- c:\program files\EPSON
    2010-05-27 09:44:12 49152 ----a-w- c:\windows\system32\E_DCINST.DLL
    2010-05-27 09:44:07 73216 ----a-w- c:\windows\system32\E_FLBBGP.DLL
    2010-05-27 09:44:07 62976 ----a-w- c:\windows\system32\E_FD4BBGP.DLL
    2010-05-26 21:35:46 0 d-----w- c:\program files\CCleaner
    2010-05-18 20:22:10 0 d-----w- c:\program files\Microsoft Etudes
    2010-05-18 20:21:26 0 d-----w- c:\program files\Learning Essentials
    2010-05-12 19:18:44 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
    2010-05-12 19:18:44 32640 ----a-w- c:\windows\system32\drivers\symc8xx.sys
    2010-05-12 09:12:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-05-12 09:12:47 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-05-11 13:12:48 0 d-sha-r- C:\autorun.inf
    2010-05-11 09:46:13 97549 ----a-w- c:\windows\system32\drivers\klick.dat
    2010-05-11 09:46:13 113933 ----a-w- c:\windows\system32\drivers\klin.dat
    2010-05-11 09:45:36 0 d-----w- c:\program files\Kaspersky Lab
    2010-05-11 09:45:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
    2010-05-11 09:45:34 59420 --sha-w- c:\windows\system32\drivers\fidbox2.idx
    2010-05-11 09:45:34 580896 --sha-w- c:\windows\system32\drivers\fidbox2.dat
    2010-05-11 09:45:34 150524 --sha-w- c:\windows\system32\drivers\fidbox.idx
    2010-05-11 09:45:34 10588960 --sha-w- c:\windows\system32\drivers\fidbox.dat
    2010-05-11 09:28:02 0 d-s---w- c:\documents and settings\administrateur\UserData
    2010-05-11 09:13:57 0 d-----w- c:\windows\system32\wbem\Repository
    2010-05-11 09:06:52 0 d-----w- c:\program files\AutorunRemover
    2010-05-11 08:41:25 0 d-----w- C:\UsbFix
    2010-05-11 07:26:16 0 d-----w- c:\program files\AutorunRemover(2)
    2010-05-09 23:42:11 0 d-----w- c:\docume~1\alluse~1\applic~1\ACD Systems(2)
    2010-05-09 23:42:06 0 d-----w- c:\program files\ACD Systems(2)
    2010-05-09 23:31:48 0 d-----w- c:\program files\fichiers communs\ACD Systems

    ==================== Find3M ====================

    2010-05-28 20:42:22 167936 ----a-w- c:\windows\system32\SpoonUninstall.exe
    2010-04-29 21:14:07 4716 ----a-w- c:\windows\gdrv.sys
    2010-03-25 12:40:28 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll

    ============= FINISH: 23:55:18,17 ===============


    Voila maintenant le rapport GMER.

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-06-09 02:48:58
    Windows 5.1.2600 Service Pack 2
    Running: 5rxf7ql9.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdapog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwClose [0xA985C810]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateKey [0xA984F3C0]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcess [0xA985C520]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcessEx [0xA985C6A0]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSection [0xA985D120]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xA985CD90]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateThread [0xA985DA80]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwDeleteKey [0xA984F4E0]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwDeleteValueKey [0xA984F560]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwDuplicateObject [0xA985C960]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateKey [0xA984F5F0]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateValueKey [0xA984F6A0]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwFlushKey [0xA984F750]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwInitializeRegistry [0xA984F7D0]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadDriver [0xA985AD70]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadKey [0xA9850200]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadKey2 [0xA984F7F0]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwNotifyChangeKey [0xA984F8F0]
    SSDT kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) ZwOpenFile [0xBA4BB000]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenKey [0xA984F9D0]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenProcess [0xA985C310]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenSection [0xA985CF60]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryKey [0xA984FAD0]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryMultipleValueKey [0xA984FB80]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQuerySystemInformation [0xA985D730]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryValueKey [0xA984FC30]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwReplaceKey [0xA984FCE0]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwRestoreKey [0xA984FD70]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwResumeThread [0xA985DA30]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSaveKey [0xA984FF70]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetContextThread [0xA985DDA0]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationFile [0xA985E370]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationKey [0xA9850000]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSecurityObject [0xA9859A30]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetValueKey [0xA98500A0]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSuspendThread [0xA985D9E0]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSystemDebugControl [0xA985B0E0]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwTerminateProcess [0xA985D580]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwUnloadKey [0xA98501C0]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwWriteVirtualMemory [0xA985C830]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[284] [0xA9858D80]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[285] [0xA9858D90]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[286] [0xA9858DA0]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[287] [0xA9858DC0]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[288] [0xA9858DE0]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[289] [0xA9858E10]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[290] [0xA9858E20]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[291] [0xA9858E40]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[292] [0xA9858E50]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[293] [0xA9858F10]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[294] [0xA9858FE0]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[295] [0xA9859020]
    SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[296] [0xA9859060]

    INT 0x62 ? 8AA97BF8
    INT 0x63 ? 8A77AF00
    INT 0x73 ? 8A77AF00
    INT 0x82 ? 8AA97BF8
    INT 0x83 ? 8A77AF00
    INT 0xA4 ? 8A77AF00
    INT 0xB4 ? 8A77AF00

    Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) FsRtlCheckLockForReadAccess
    Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) IoIsOperationSynchronous

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAE40 5 Bytes JMP A985E790 \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)
    .text ntkrnlpa.exe!IoIsOperationSynchronous 804EF634 5 Bytes JMP A985EC90 \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)
    ? sphg.sys Le fichier spécifié est introuvable. !
    .text USBPORT.SYS!DllUnload BA20662C 5 Bytes JMP 8A77A4E0
    .text a5oemv6h.SYS BA132386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
    .text a5oemv6h.SYS BA1323AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
    .text a5oemv6h.SYS BA1323C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
    .text a5oemv6h.SYS BA1323C9 1 Byte [2E]
    .text a5oemv6h.SYS BA1323C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
    .text ...

    ---- User code sections - GMER 1.0.15 ----

    ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[300] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[300] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
    .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[300] USER32.dll!VRipOutput + FFFA5010 77D12A78 4 Bytes [70, 11, 88, 00] {JO 0x13; MOV [EAX], AL}
    ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[300] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
    ? C:\WINDOWS\system32\cisvc.exe[360] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    ? C:\WINDOWS\system32\cisvc.exe[360] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
    ? C:\WINDOWS\system32\cisvc.exe[360] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
    ? C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[404] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    ? C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[404] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
    ? C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[404] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
    ? C:\Program Files\Java\jre6\bin\jqs.exe[564] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    ? C:\Program Files\Java\jre6\bin\jqs.exe[564] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
    ? C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe[692] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    ? C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[724] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    ? C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[724] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
    ? C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[724] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
    ? C:\WINDOWS\system32\wdfmgr.exe[792] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    ? C:\PROGRA~1\Systran\4_0\Premium\SYSTRA~1.EXE[1108] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    ? C:\PROGRA~1\Systran\4_0\Premium\SYSTRA~1.EXE[1108] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
    ? C:\PROGRA~1\Systran\4_0\Premium\SYSTRA~1.EXE[1108] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
    ? C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1168] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    ? C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1168] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
    ? C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1168] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1168] SHELL32.dll!StrStrW + FFE2AEDD 7C9D42A8 4 Bytes [F0, 00, 20, 7D]
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1168] SHELL32.dll!StrStrW + FFE2AEE9 7C9D42B4 4 Bytes [60, 01, 20, 7D]
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1168] SHELL32.dll!StrStrW + FFE2D515 7C9D68E0 4 Bytes [00, 04, 20, 7D]
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1168] SHELL32.dll!StrStrW + FFE2D55D 7C9D6928 4 Bytes [90, 03, 20, 7D]
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1168] SHELL32.dll!StrStrW + FFE2DD5D 7C9D7128 4 Bytes [50, 05, 20, 7D]
    .text ...
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1168] SHELL32.dll!SHCreateShellFolderView + 462E 7CA04C9C 4 Bytes [20, 03, 20, 7D]
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1168] SHELL32.dll!SHCreateShellFolderView + 4666 7CA04CD4 4 Bytes [B0, 02, 20, 7D]
    ? C:\WINDOWS\system32\csrss.exe[1180] C:\WINDOWS\system32\KERNEL32.dll time/date stamp mismatch;
    ? C:\WINDOWS\system32\winlogon.exe[1204] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    ? C:\WINDOWS\system32\winlogon.exe[1204] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
    ? C:\WINDOWS\system32\winlogon.exe[1204] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
    ? C:\WINDOWS\system32\services.exe[1272] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    ? C:\WINDOWS\system32\lsass.exe[1284] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    ? C:\WINDOWS\system32\lsass.exe[1284] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
    ? C:\WINDOWS\system32\lsass.exe[1284] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
    ? C:\WINDOWS\system32\svchost.exe[1476] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    ? C:\WINDOWS\system32\svchost.exe[1596] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    ? C:\WINDOWS\system32\svchost.exe[1596] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
    ? C:\WINDOWS\system32\svchost.exe[1596] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
    ? C:\WINDOWS\System32\svchost.exe[1640] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    ? C:\WINDOWS\System32\svchost.exe[1640] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
    ? C:\WINDOWS\System32\svchost.exe[1640] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
    ? C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    ? C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
    ? C:\WINDOWS\system32\svchost.exe[1744] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
    ? C:\WINDOWS\system32\svchost.exe[1800] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    ? C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe[1948] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    ? C:\WINDOWS\system32\spoolsv.exe[2028] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    ? C:\Documents and Settings\Administrateur\Bureau\5rxf7ql9.exe[2076] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    ? C:\Documents and Settings\Administrateur\Bureau\5rxf7ql9.exe[2076] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
    ? C:\WINDOWS\system32\NOTEPAD.EXE[2156] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    ? C:\WINDOWS\system32\NOTEPAD.EXE[2156] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
    ? C:\WINDOWS\system32\NOTEPAD.EXE[2156] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
    ? C:\WINDOWS\system32\cidaemon.exe[2420] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    ? C:\WINDOWS\system32\cidaemon.exe[2420] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
    ? C:\WINDOWS\system32\cidaemon.exe[2420] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
    ? C:\WINDOWS\explorer.exe[2792] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    ? C:\WINDOWS\explorer.exe[2792] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
    ? C:\WINDOWS\explorer.exe[2792] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
    .text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!StrStrW + FFE2AEDD 7C9D42A8 4 Bytes [F0, 00, 20, 7D]
    .text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!StrStrW + FFE2AEE9 7C9D42B4 4 Bytes [60, 01, 20, 7D]
    .text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!StrStrW + FFE2C555 7C9D5920 4 Bytes [40, 09, 20, 7D]
    .text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!StrStrW + FFE2C651 7C9D5A1C 4 Bytes [C0, 05, 35, 02]
    .text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!StrStrW + FFE2C66D 7C9D5A38 4 Bytes [B0, 09, 20, 7D]
    .text ...
    .text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!ILFree + 24F 7C9F2B50 4 Bytes [20, 0A, F3, 00]
    .text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!IsNetDrive + CDD 7C9FAD1C 4 Bytes [A0, 06, 20, 7D]
    .text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!ILFindChild + 195 7C9FB96C 4 Bytes [90, 03, 35, 02]
    .text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!ILFindChild + E7D 7C9FC654 4 Bytes [50, 05, F3, 00]
    .text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!ILFindChild + E99 7C9FC670 4 Bytes [E0, 04, F3, 00]
    .text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!ILFindChild + EE1 7C9FC6B8 4 Bytes [70, 04, F3, 00]
    .text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!ILFindChild + 133D 7C9FCB14 4 Bytes [00, 0B, 35, 02]
    .text ...
    .text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!SHCreateShellFolderView + 460E 7CA04C7C 4 Bytes CALL 9CA59D11
    .text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!SHCreateShellFolderView + 462E 7CA04C9C 4 Bytes [30, 06, 20, 7D]
    .text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!SHCreateShellFolderView + 4666 7CA04CD4 4 Bytes [C0, 05, 20, 7D]
    .text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!DllCanUnloadNow + 32F 7CA118E8 4 Bytes [80, 00, 35, 02]
    .text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!SHTestTokenMembership + E3 7CA21C60 4 Bytes [00, 04, F3, 00]
    .text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!SHPropStgReadMultiple + 472 7CA2A578 4 Bytes [F0, 0E, 20, 7D]
    .text C:\WINDOWS\explorer.exe[2792] SHELL32.dll!SHPropStgReadMultiple + 57E 7CA2A684 4 Bytes [10, 00, F3, 00]
    ? C:\WINDOWS\RTHDCPL.EXE[2868] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    ? C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3068] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    ? C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3068] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
    ? C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3068] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
    ? C:\WINDOWS\system32\wbem\wmiapsrv.exe[3196] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    ? C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe[3220] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    ? C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe[3220] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
    ? C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe[3220] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
    ? C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe[3348] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    ? C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe[3348] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
    ? C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe[3348] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
    ? C:\WINDOWS\System32\alg.exe[3404] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[3864] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[3864] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
    .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[3864] USER32.dll!VRipOutput + FFFA5010 77D12A78 4 Bytes [70, 11, 3F, 00]
    ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[3864] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dll
    ? C:\WINDOWS\system32\ctfmon.exe[3924] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A904
    Contenus similaires
    9 Juin 2010 21:28:30

    re
    le rapport GMER, n'était pas complet... fais attention dans les prochain rapports que je te demanderais. ;) 

    utilise ceci si besoin: http://www.sendspace.com/

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    12 Juin 2010 16:46:13

    bonjour,

    il semblerait que quelqu'un t'espionne, edt.exe est lancé par le logiciel



    "espion pro à distance" va voir ici http://www.marseillesoft.com/


    14 Juin 2010 11:20:08

    bonjour Ducle91 :hello: 

    effectivement c'est espion professionnel à distance qui provoque tout ça, seulement le pc concerné n'est pas connecté au web alors je l'ai désinstalle. je te remercie beaucoup. A+
    14 Juin 2010 11:28:37

    Merci à toi Sham_Rock pour ta disponibilité.

    Le problème edt.exe est apparemment résolu depuis que j'ai désinstallé le logiciel espion professionnel à distance. en effet lors de son installation, il s'exécute sous le nom de edt.exe
    14 Juin 2010 21:11:19

    bonsoir
    fais ce que je te demande... :D 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS