Se connecter / S'enregistrer
Votre question

Problème d'epace disque qui disparaît... Au secours !

Tags :
  • Memoire physique
  • Sécurité
Dernière réponse : dans Sécurité et virus
11 Août 2008 15:45:42

Bonjour tout le monde !
Voilà mon problème : il y a 2 jours, j'avais encore environ 20 % d'espace disque disponible. Je n'ai pas installé de logiciel depuis. Hier, quand j'ai allumé mon PC, je n'en avais plus que 10 %, et aujourd'hui, je me retrouve avec moins de 5 % (les propriétés de C: disent 342 Mo sur 6 Go ). Mais quand je vais dans Informations système, il indique 77,27 Mo de mémoire physique disponible pour 288,00 Mo de mémoire physique totale, et 1,96 Go de mémoire virtuelle dispo et 2,00 Go de mémoire virtuelle totale.
Mon antivirus (E Trust) a détecté quelques menaces qu'il a supprimées, et je viens d'exécuter un antivirus en ligne (HouseCall sur Secuser.com) qui ne trouve rien non plus.
Je ne peux pas formater le DD parce que je n'ai plus le CD d'installation Windows (je suis sur XP Pro).
Qu'est-ce qu'il faut que je fasse ? J'ai absolument besoin de mon PC dans l'immédiat.
Sauvez-moi !

Autres pages sur : probleme epace disque disparait secours

11 Août 2008 19:47:01

Bon, OK, je me suis un peu emballé.
HouseCall a détecté 5 infections :
WORM VB.FAZ dans C:\\WINDOWS\system32\cftmons.exe
WORM VB.FAZ dans C:\\WINDOWS\system32\mssql.exe
WORM VB.FAZ dans C:\\WINDOWS\system32\work.exe
Mal NSAnti-1 dans C:\\32e2.com
WORM AUTORUN.ATR dans C:\\knupkb.com
J'ai redémarré Windows en mode sans échec et exécuté E Trust, il a indiqué avoir désinfecté les 3 premiers fichiers, mais quand j'ai redémarré, ils ont réapparu. mssql.exe apparaît dans msconfig, je l'ai décoché, mais à chaque nouveau redémarrage il se recoche tout seul.
L'antivirus n'a rien détecté dans 32e2.com et knupkb.com danc je les ai carrément supprimés.
J'ai exécuté HiJack This mais ça n'a rien changé. Je suis à court d'idée, je ne trouve rien qui m'aide sur Internet.
S'il-vous-plaît, aidez-moi !
11 Août 2008 22:01:58

bonsoir

Citation :
J'ai exécuté HiJack This mais ça n'a rien changé.


tu peux me poster le rapport stp

~Lance Hijackthis.exe "do a system scan & save log file",et fais un copier coller du rapport généré dans ton prochain post.
Contenus similaires
12 Août 2008 10:19:27

Merci de bien vouloir m'aider.
Voilà le rapport :
Logfile of HijackThis v1.99.1
Scan saved at 10:12:40, on 12/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe work.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [TrackPointSrv] ___tp4mon.exe
O4 - HKLM\..\Run: [Modem Update Reminder] ____C:\WINDOWS\MWW32\manager\mwremind.exe autorun
O4 - HKLM\..\Run: [Microsoft IIS] ____C:\WINDOWS\SYSTEM32\syshost.exe
O4 - HKLM\..\Run: [amegkssdgm] c:\windows\system32\amegkssdgm.exe amegkssdgm
O4 - HKLM\..\Run: [Once Less Close Hole] C:\Documents and Settings\All Users\Application Data\Trans draw once less\Gpl trust.exe
O4 - HKLM\..\Run: [Dvd play scr hole] C:\Documents and Settings\All Users\Application Data\bend team hole trans\Deaf Hold Aim.exe
O4 - HKLM\..\Run: [eAVTrial] C:\Program Files\CA\eTrust Antivirus\eAVTrial.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MSMSGS] ___"C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [mswindws] mssql.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Serveur RPC eTrust Antivirus (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: Serveur eTrust Antivirus Temps réel (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: Serveur de jobs eTrust Antivirus (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: ThinkPad Modem Service (ThinkPadModemService) - IBM Corporation - C:\WINDOWS\MWW32\MANAGER\MWMDMSVC.EXE
12 Août 2008 21:21:26

bonsoir
bien infecté :/ 

1

Télécharge Lop S&D.exe sur ton bureau

  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
  • Séléctionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré ( C:\lopR.txt )

    ( Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )


    2

    Cette procédure doit être imprimée pour que tu puisses l’avoir sous les yeux quand tu seras en mode sans échec.

    Télécharge SDFix(créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    ***Si le lien ne fonctionne pas, essaie celui-ci : http://download.bleepingcomputer.com/andymanchesta/SDFi... ***

    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
  • Redémarre ton ordinateur
  • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
  • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
  • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
  • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
    12 Août 2008 22:35:33

    Voici le rapport de Lop S&D :
    --------------------\\ Lop S&D 4.2.2-7 XP / Vista

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : stella ] [ "C:\Lop SD" ] [ Selection : 1 ]
    [ 12/08/2008 | 22:12:42 ] [ PC : CYRILLE (Proc:x86)]
    [ MAJ : 12-08-2008 | 17:58 ]

    --------------------\\ Listing des dossiers dans APPLIC~1






    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [09/08/2008 16:36][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [12/08/2008 21:48][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [28/08/2001 14:00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing des dossiers dans C:\Program Files

    [04/08/2008|15:01] C:\Program Files\Adobe
    [07/08/2008|14:43] C:\Program Files\Apple Software Update
    [11/08/2008|19:19] C:\Program Files\backups
    [06/09/2007|09:23] C:\Program Files\BDE5Setup
    [06/09/2007|09:23] C:\Program Files\Borland
    [19/06/2007|14:17] C:\Program Files\CA
    [19/12/2005|21:43] C:\Program Files\Common Files
    [30/04/2004|22:56] C:\Program Files\ComPlus Applications
    [06/08/2008|15:42] C:\Program Files\DivX
    [05/08/2008|18:50] C:\Program Files\Fichiers communs
    [04/08/2008|14:24] C:\Program Files\Free
    [04/08/2008|19:01] C:\Program Files\Google
    [17/04/2005|13:09] C:\Program Files\Grisoft
    [24/07/2008|18:10] C:\Program Files\HappyCollection_2.1
    [16/02/2005|11:06] C:\Program Files\HijackThis.exe
    [12/08/2008|22:06] C:\Program Files\hijackthis.log
    [27/03/2006|14:08] C:\Program Files\HySnapDX
    [04/08/2008|15:05] C:\Program Files\InstallShield Installation Information
    [10/08/2008|14:21] C:\Program Files\Internet Explorer
    [07/05/2008|16:30] C:\Program Files\IVT Corporation
    [05/08/2008|19:13] C:\Program Files\Java
    [01/01/2006|16:15] C:\Program Files\JavaSoft
    [17/04/2005|13:17] C:\Program Files\Kerio
    [09/08/2008|01:30] C:\Program Files\messenger
    [30/04/2004|23:16] C:\Program Files\microsoft frontpage
    [04/05/2004|19:16] C:\Program Files\Microsoft Office
    [18/10/2007|16:06] C:\Program Files\Movie Maker
    [12/08/2008|22:07] C:\Program Files\Mozilla Firefox
    [30/04/2004|22:54] C:\Program Files\MSN Gaming Zone
    [09/08/2008|01:20] C:\Program Files\MSXML 4.0
    [18/10/2007|15:55] C:\Program Files\NetMeeting
    [03/01/2006|14:08] C:\Program Files\OfficeUpdate11
    [09/08/2008|01:22] C:\Program Files\Outlook Express
    [25/02/2008|19:15] C:\Program Files\Panasonic
    [26/12/2005|14:56] C:\Program Files\PDFCreator
    [07/08/2008|14:49] C:\Program Files\QuickTime
    [19/06/2007|14:13] C:\Program Files\RALINK
    [07/05/2007|10:16] C:\Program Files\Softwin
    [11/08/2008|22:30] C:\Program Files\Spybot - Search & Destroy
    [19/12/2005|21:43] C:\Program Files\Uninstall Information
    [07/08/2008|17:12] C:\Program Files\Winamp
    [18/10/2007|16:06] C:\Program Files\Windows Media Player
    [06/08/2008|14:07] C:\Program Files\Windows NT
    [21/12/2005|21:36] C:\Program Files\WindowsUpdate
    [20/04/2005|16:10] C:\Program Files\WinZip
    [30/04/2004|23:16] C:\Program Files\xerox

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [04/08/2008|15:01] C:\Program Files\Fichiers communs\Adobe
    [04/05/2004|19:16] C:\Program Files\Fichiers communs\DESIGNER
    [22/02/2008|22:37] C:\Program Files\Fichiers communs\InstallShield
    [05/08/2008|18:50] C:\Program Files\Fichiers communs\Java
    [11/08/2008|00:27] C:\Program Files\Fichiers communs\Microsoft Shared
    [30/04/2004|23:01] C:\Program Files\Fichiers communs\MSSoap
    [30/04/2004|22:32] C:\Program Files\Fichiers communs\ODBC
    [30/04/2004|23:01] C:\Program Files\Fichiers communs\Services
    [14/06/2007|14:26] C:\Program Files\Fichiers communs\Softwin
    [30/04/2004|22:32] C:\Program Files\Fichiers communs\SpeechEngines
    [09/08/2008|01:22] C:\Program Files\Fichiers communs\System

    --------------------\\ Process

    ( 31 Processus )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trans draw once less

    --------------------\\ Verification du Registre

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Once Less Close Hole"="C:\\Documents and Settings\\All Users\\Application Data\\Trans draw once less\\Gpl trust.exe"

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE


    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-12 22:18:56
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    ? [3220]
    scanning hidden files ...
    scan completed successfully
    hidden processes: 1
    hidden files: 16

    --------------------\\ Recherche d'autres infections

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "amegkssdgm"="c:\\windows\\system32\\amegkssdgm.exe amegkssdgm"

    C:\WINDOWS\Pack.epk

    C:\WINDOWS\System32\socdkbymtf_navtmp.dat
    C:\WINDOWS\System32\useai.dat
    C:\WINDOWS\System32\useai.exe
    C:\WINDOWS\System32\useai_nav.dat
    C:\WINDOWS\System32\useai_navps.dat
    ==> EGDACCESS <==



    [F:3][D:7]-> C:\DOCUME~1\cy\LOCALS~1\Temp
    [F:10][D:0]-> C:\DOCUME~1\cy\Cookies
    [F:1021][D:4]-> C:\DOCUME~1\cy\LOCALS~1\TEMPOR~1\content.IE5



    Le rapport SDFix :

    SDFix: Version 1.215
    Run by stella on 12/08/2008 at 21:40

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\Documents and Settings\cy\Bureau\SDFix

    Checking Services :


    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\WINDOWS\system32\TFTP1144 - Deleted
    C:\WINDOWS\system32\TFTP1852 - Deleted
    C:\WINDOWS\system32\TFTP3716 - Deleted





    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-12 21:54:32
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
    "C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe"="C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe:*:Enabled:InocIT"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    Remaining Files :


    File Backups: - C:\DOCUME~1\cy\Bureau\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
    Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    Mon 7 Jul 2008 2,156,368 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    Sun 10 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\405ae8e48aa46e265982686e1678047b\BIT3.tmp"
    Mon 11 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT9.tmp"
    Fri 8 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9a57e2a6d580705a96ff50eb33fc9c65\BIT2.tmp"

    Finished!

    Et enfin le rapport HiJack This :
    Logfile of HijackThis v1.99.1
    Scan saved at 22:31:22, on 12/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: Shell=Explorer.exe work.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
    O4 - HKLM\..\Run: [TrackPointSrv] ___tp4mon.exe
    O4 - HKLM\..\Run: [Modem Update Reminder] ____C:\WINDOWS\MWW32\manager\mwremind.exe autorun
    O4 - HKLM\..\Run: [Microsoft IIS] ____C:\WINDOWS\SYSTEM32\syshost.exe
    O4 - HKLM\..\Run: [amegkssdgm] c:\windows\system32\amegkssdgm.exe amegkssdgm
    O4 - HKLM\..\Run: [Once Less Close Hole] C:\Documents and Settings\All Users\Application Data\Trans draw once less\Gpl trust.exe
    O4 - HKLM\..\Run: [Dvd play scr hole] C:\Documents and Settings\All Users\Application Data\bend team hole trans\Deaf Hold Aim.exe
    O4 - HKLM\..\Run: [eAVTrial] C:\Program Files\CA\eTrust Antivirus\eAVTrial.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [MSMSGS] ___"C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [mswindws] mssql.exe
    O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.secuser.com
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Serveur RPC eTrust Antivirus (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: Serveur eTrust Antivirus Temps réel (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: Serveur de jobs eTrust Antivirus (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: ThinkPad Modem Service (ThinkPadModemService) - IBM Corporation - C:\WINDOWS\MWW32\MANAGER\MWMDMSVC.EXE


    Merci !
    12 Août 2008 22:42:17

    re

    1
    Relance Lop S&D

  • Choisis cette fois ci l'Option 2 ( Suppression )
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré ( C:\lopR.txt )

    ( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )

    2
    Télécharge Navilog1.exe (IL-MAFIOSO)
    Enregistre-le sur ton Bureau.
    Lance l'installation en double cliquant sur navilog.exe.
    Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
    (Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

    Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
    [#ff0000]! N'utilise pas l'option 2, 3 et 4 sans notre accord ![/#f]
    Patiente jusqu'à l'apparition de ce message :
    "*** Analyse Termine le ..... ***"
    Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :

    -> Edition / Sélectionner tout
    -> Edition / Copier
    -> Clique-Droit / Coller dans ta réponse


    NOTE : Le rapport se trouve également ici : C:\fixnavi.txt

    12 Août 2008 23:24:29

    Voici le rapport Lop S&D :

    --------------------\\ Lop S&D 4.2.2-7 XP / Vista

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : stella ] [ "C:\Lop SD" ] [ Selection : 2 ]
    [ 12/08/2008 | 22:52:05 ] [ PC : CYRILLE (Proc:x86)]
    [ MAJ : 12-08-2008 | 17:58 ]


    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trans draw once less
    [ Fichier Hosts ]

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


    --------------------\\ Listing des dossiers dans APPLIC~1






    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [09/08/2008 16:36][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [12/08/2008 21:48][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [28/08/2001 14:00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing des dossiers dans C:\Program Files

    [04/08/2008|15:01] C:\Program Files\Adobe
    [07/08/2008|14:43] C:\Program Files\Apple Software Update
    [11/08/2008|19:19] C:\Program Files\backups
    [06/09/2007|09:23] C:\Program Files\BDE5Setup
    [06/09/2007|09:23] C:\Program Files\Borland
    [19/06/2007|14:17] C:\Program Files\CA
    [19/12/2005|21:43] C:\Program Files\Common Files
    [30/04/2004|22:56] C:\Program Files\ComPlus Applications
    [06/08/2008|15:42] C:\Program Files\DivX
    [05/08/2008|18:50] C:\Program Files\Fichiers communs
    [04/08/2008|14:24] C:\Program Files\Free
    [04/08/2008|19:01] C:\Program Files\Google
    [17/04/2005|13:09] C:\Program Files\Grisoft
    [24/07/2008|18:10] C:\Program Files\HappyCollection_2.1
    [16/02/2005|11:06] C:\Program Files\HijackThis.exe
    [12/08/2008|22:31] C:\Program Files\hijackthis.log
    [27/03/2006|14:08] C:\Program Files\HySnapDX
    [04/08/2008|15:05] C:\Program Files\InstallShield Installation Information
    [10/08/2008|14:21] C:\Program Files\Internet Explorer
    [07/05/2008|16:30] C:\Program Files\IVT Corporation
    [05/08/2008|19:13] C:\Program Files\Java
    [01/01/2006|16:15] C:\Program Files\JavaSoft
    [17/04/2005|13:17] C:\Program Files\Kerio
    [09/08/2008|01:30] C:\Program Files\messenger
    [30/04/2004|23:16] C:\Program Files\microsoft frontpage
    [04/05/2004|19:16] C:\Program Files\Microsoft Office
    [18/10/2007|16:06] C:\Program Files\Movie Maker
    [12/08/2008|22:17] C:\Program Files\Mozilla Firefox
    [30/04/2004|22:54] C:\Program Files\MSN Gaming Zone
    [09/08/2008|01:20] C:\Program Files\MSXML 4.0
    [12/08/2008|22:51] C:\Program Files\Navilog1
    [18/10/2007|15:55] C:\Program Files\NetMeeting
    [03/01/2006|14:08] C:\Program Files\OfficeUpdate11
    [09/08/2008|01:22] C:\Program Files\Outlook Express
    [25/02/2008|19:15] C:\Program Files\Panasonic
    [26/12/2005|14:56] C:\Program Files\PDFCreator
    [07/08/2008|14:49] C:\Program Files\QuickTime
    [19/06/2007|14:13] C:\Program Files\RALINK
    [07/05/2007|10:16] C:\Program Files\Softwin
    [19/12/2005|21:43] C:\Program Files\Uninstall Information
    [07/08/2008|17:12] C:\Program Files\Winamp
    [18/10/2007|16:06] C:\Program Files\Windows Media Player
    [06/08/2008|14:07] C:\Program Files\Windows NT
    [21/12/2005|21:36] C:\Program Files\WindowsUpdate
    [20/04/2005|16:10] C:\Program Files\WinZip
    [30/04/2004|23:16] C:\Program Files\xerox

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [04/08/2008|15:01] C:\Program Files\Fichiers communs\Adobe
    [04/05/2004|19:16] C:\Program Files\Fichiers communs\DESIGNER
    [22/02/2008|22:37] C:\Program Files\Fichiers communs\InstallShield
    [05/08/2008|18:50] C:\Program Files\Fichiers communs\Java
    [11/08/2008|00:27] C:\Program Files\Fichiers communs\Microsoft Shared
    [30/04/2004|23:01] C:\Program Files\Fichiers communs\MSSoap
    [30/04/2004|22:32] C:\Program Files\Fichiers communs\ODBC
    [30/04/2004|23:01] C:\Program Files\Fichiers communs\Services
    [14/06/2007|14:26] C:\Program Files\Fichiers communs\Softwin
    [30/04/2004|22:32] C:\Program Files\Fichiers communs\SpeechEngines
    [09/08/2008|01:22] C:\Program Files\Fichiers communs\System

    --------------------\\ Process

    ( 29 Processus )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE


    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-12 22:56:23
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    ? [3220]
    scanning hidden files ...
    scan completed successfully
    hidden processes: 1
    hidden files: 16

    --------------------\\ Recherche d'autres infections

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "amegkssdgm"="c:\\windows\\system32\\amegkssdgm.exe amegkssdgm"

    C:\WINDOWS\Pack.epk

    C:\WINDOWS\System32\socdkbymtf_navtmp.dat
    C:\WINDOWS\System32\useai.dat
    C:\WINDOWS\System32\useai.exe
    C:\WINDOWS\System32\useai_nav.dat
    C:\WINDOWS\System32\useai_navps.dat
    ==> EGDACCESS <==



    [F:4][D:7]-> C:\DOCUME~1\cy\LOCALS~1\Temp
    [F:10][D:0]-> C:\DOCUME~1\cy\Cookies
    [F:1025][D:4]-> C:\DOCUME~1\cy\LOCALS~1\TEMPOR~1\content.IE5

    --------------------\\ Fin du rapport a 23:00:06,80


    Voici le rapport Navilog1 :
    Search Navipromo version 3.6.3 commencé le 12/08/2008 à 23:02:02,68

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Session actuelle : "stella"

    Mise à jour le 09.08.2008 à 18h00 par IL-MAFIOSO


    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 6.0.2900.2180
    Système de fichiers : NTFS

    Recherche executé en mode normal

    *** Recherche Programmes installés ***


    *** Recherche dossiers dans "C:\WINDOWS" ***


    *** Recherche dossiers dans "C:\Program Files" ***


    *** Recherche dossiers dans "C:\DOCUME~1\ALLUSE~1\menudm~1\progra~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\ALLUSE~1\menudm~1" ***


    *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\cy\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\cy\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\cy\locals~1\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\cy\locals~1\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\cy\menudm~1\progra~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\cy\menudm~1\progra~1" ***


    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    Fichier(s) caché(s) :

    C:\WINDOWS\system32\useai.dat
    C:\WINDOWS\system32\useai.exe
    C:\WINDOWS\system32\useai_nav.dat
    C:\WINDOWS\system32\useai_navps.dat


    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans "C:\WINDOWS\system32" *

    * Recherche dans "C:\DOCUME~1\cy\locals~1\applic~1" *

    * Recherche dans "C:\DOCUME~1\cy\locals~1\applic~1" *



    *** Recherche fichiers ***


    C:\WINDOWS\pack.epk trouvé !

    *** Recherche clés spécifiques dans le Registre ***

    HKEY_CURRENT_USER\Software\Lanconfig trouvé !

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :


    2)Recherche Heuristique :

    * Dans "C:\WINDOWS\system32" :

    socdkbymtf_navtmp.dat trouvé !
    useai.dat trouvé !

    * Dans "C:\DOCUME~1\cy\locals~1\applic~1" :


    * Dans "C:\DOCUME~1\cy\locals~1\applic~1" :


    3)Recherche Certificats :

    Certificat Egroup trouvé !
    Certificat Electronic-Group trouvé !
    Certificat Montorgueil absent !
    Certificat OOO-Favorit trouvé !
    Certificat Sunny-Day-Design-Ltd absent !

    4)Recherche fichiers connus :



    *** Analyse terminée le 12/08/2008 à 23:17:49,35 ***
    13 Août 2008 14:17:49

    bonjour
    Double clique sur le raccourci de Navilog1 présent sur ton Bureau.
    Suis les instructions. Choisis ensuite l'option 2 puis valide.
    Laisse toi guider et réponds aux questions éventuelles.

    L'utilitaire va t'informer qu'il va redémarrer l'ordinateur.
    [#ff0000]**Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts**[/#f]
    Appuie maintenant sur une touche, comme demandé.
    (si ton PC ne redémarre pas automatiquement, fais-le manuellement)

    Patiente jusqu'à l'apparition de ce message :
    "*** Nettoyage Termine le ..... ***"

    Le Bloc-notes va s'ouvrir.
    Sauvegarde le rapport de manière à le retrouver.
    Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

    NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
    Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
    Tape explorer puis valide.

    Poste le rapport sauvegardé auparavant (C:\cleannavi.txt)
    Ainsi qu'un nouveau rapport Hijackthis.

    Ferme Internet Explorer puis Démarrer/Panneau de Configuration/Options Internet.
    Choisis l'onglet Contenu puis onglet Certificats.
    Si tu trouves les programmes suivant (en particulier dans Editeurs approuvés), Dis-le moi :

    VIP
    13 Août 2008 15:03:12

    Bonjour
    Voici le rapport Navilog1 :
    Clean Navipromo version 3.6.3 commencé le 13/08/2008 à 14:46:29,17

    Outil exécuté depuis C:\Program Files\navilog1
    Session actuelle : "stella"

    Mise à jour le 09.08.2008 à 18h00 par IL-MAFIOSO


    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 6.0.2900.2180
    Système de fichiers : NTFS

    Mode suppression automatique
    avec prise en charge résultats Catchme et GNS


    Nettoyage exécuté au redémarrage de l'ordinateur

    *** Creation backups fichiers trouvés par Catchme ***

    Copie vers "C:\Program Files\navilog1\Backupnavi"

    Copie C:\WINDOWS\system32\useai.dat réalisée avec succès !
    Copie C:\WINDOWS\system32\useai.exe réalisée avec succès !
    Copie C:\WINDOWS\system32\useai_nav.dat réalisée avec succès !
    Copie C:\WINDOWS\system32\useai_navps.dat réalisée avec succès !

    *** Suppression des fichiers trouvés avec Catchme ***

    C:\WINDOWS\system32\useai.dat supprimé !
    C:\WINDOWS\system32\useai.exe supprimé !
    C:\WINDOWS\system32\useai_nav.dat supprimé !
    C:\WINDOWS\system32\useai_navps.dat supprimé !

    ** 2ème passage avec résultats Catchme **

    * Dans "C:\WINDOWS\system32" *



    * Dans "C:\Documents and Settings\cy\locals~1\applic~1" *



    *** Suppression avec sauvegardes résultats GenericNaviSearch ***

    * Suppression dans "C:\WINDOWS\System32" *


    * Suppression dans "C:\Documents and Settings\cy\locals~1\applic~1" *


    * Suppression dans "C:\DOCUME~1\cy\locals~1\applic~1" *


    *** Suppression dossiers dans "C:\WINDOWS" ***


    *** Suppression dossiers dans "C:\Program Files" ***


    *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


    *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\cy\applic~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\cy\applic~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\cy\locals~1\applic~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\cy\locals~1\applic~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\cy\menudm~1\progra~1" ***


    *** Suppression dossiers dans "C:\DOCUME~1\cy\menudm~1\progra~1" ***



    *** Suppression fichiers ***

    C:\WINDOWS\pack.epk supprimé !

    *** Suppression fichiers temporaires ***

    Nettoyage contenu C:\WINDOWS\Temp effectué !
    Nettoyage contenu C:\Documents and Settings\cy\locals~1\Temp effectué !

    *** Traitement Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

    2)Recherche, création sauvegardes et suppression Heuristique :


    * Dans "C:\WINDOWS\system32" *


    socdkbymtf_navtmp.dat trouvé !
    Copie socdkbymtf_navtmp.dat réalisée avec succès !
    socdkbymtf_navtmp.dat supprimé !


    * Dans "C:\Documents and Settings\cy\locals~1\applic~1" *


    * Dans "C:\DOCUME~1\cy\locals~1\applic~1" *


    *** Sauvegarde du Registre vers dossier Safebackup ***

    sauvegarde du Registre réalisée avec succès !

    *** Nettoyage Registre ***

    Nettoyage Registre Ok


    *** Certificats ***

    Certificat Egroup supprimé !
    Certificat Electronic-Group supprimé !
    Certificat Montorgueil absent !
    Certificat OOO-Favorit supprimé !
    Certificat Sunny-Day-Design-Ltdt absent !

    *** Clés RUN orphelines Navipromo ***
    !! Résultats temporairement non pris en charge !!
    !! Les clés trouvées ne sont pas forcément infectées !!

    Clés trouvés :

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "amegkssdgm"="c:\\windows\\system32\\amegkssdgm.exe amegkssdgm"


    *** Nettoyage terminé le 13/08/2008 à 14:56:10,24 ***



    Voici le rapport Hijack This :
    Logfile of HijackThis v1.99.1
    Scan saved at 14:57:37, on 13/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: Shell=Explorer.exe work.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
    O4 - HKLM\..\Run: [TrackPointSrv] ___tp4mon.exe
    O4 - HKLM\..\Run: [Modem Update Reminder] ____C:\WINDOWS\MWW32\manager\mwremind.exe autorun
    O4 - HKLM\..\Run: [Microsoft IIS] ____C:\WINDOWS\SYSTEM32\syshost.exe
    O4 - HKLM\..\Run: [amegkssdgm] c:\windows\system32\amegkssdgm.exe amegkssdgm
    O4 - HKLM\..\Run: [Dvd play scr hole] C:\Documents and Settings\All Users\Application Data\bend team hole trans\Deaf Hold Aim.exe
    O4 - HKLM\..\Run: [eAVTrial] C:\Program Files\CA\eTrust Antivirus\eAVTrial.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [MSMSGS] ___"C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [mswindws] mssql.exe
    O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.secuser.com
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Serveur RPC eTrust Antivirus (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: Serveur eTrust Antivirus Temps réel (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: Serveur de jobs eTrust Antivirus (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: ThinkPad Modem Service (ThinkPadModemService) - IBM Corporation - C:\WINDOWS\MWW32\MANAGER\MWMDMSVC.EXE

    13 Août 2008 15:09:35

    Et pas de trace de VIP dans Certificats.
    13 Août 2008 23:47:24

    re

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    ajoute un nouveau rapport Hijackthis.

    14 Août 2008 01:22:48

    Bonsoir,
    Voici le rapport ComboFix :
    ComboFix 08-08-12.01 - stella 2008-08-14 0:45:09.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.164 [GMT 2:00]
    Endroit: C:\Documents and Settings\cy\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\work.exe
    C:\WINDOWS\ufdata2000.log

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-13 to 2008-08-13 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-14 00:54 . 2008-08-14 00:55 53,248 --a------ C:\WINDOWS\system32\work.exe
    2008-08-12 22:51 . 2008-08-13 14:56 <REP> d-------- C:\Program Files\Navilog1
    2008-08-12 22:11 . 2008-08-12 23:00 <REP> d-------- C:\Lop SD
    2008-08-12 21:32 . 2008-08-12 21:33 <REP> d-------- C:\WINDOWS\ERUNT
    2008-08-11 22:28 . 2008-08-12 22:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-08-11 19:19 . 2008-08-11 19:19 <REP> d-------- C:\Program Files\backups
    2008-08-11 18:27 . 2008-08-11 18:27 53,248 --a------ C:\WINDOWS\system32\mssql.exe
    2008-08-11 18:27 . 2008-08-11 18:27 53,248 --a------ C:\WINDOWS\system32\cftmons.exe
    2008-08-11 13:06 . 2008-08-11 13:06 <REP> d-------- C:\WINDOWS\report
    2008-08-11 13:05 . 2008-08-11 13:04 26,409,657 --a------ C:\WINDOWS\LPT$VPN.467
    2008-08-11 13:04 . 2008-08-11 13:04 <REP> d-------- C:\WINDOWS\AU_Backup
    2008-08-11 13:04 . 2008-08-11 13:04 1,963,957 --a------ C:\WINDOWS\tsc.ptn
    2008-08-11 13:04 . 2008-08-11 13:04 1,213,784 --a------ C:\WINDOWS\vsapi32.dll
    2008-08-11 13:04 . 2008-08-11 13:04 333,576 --a------ C:\WINDOWS\TSC.exe
    2008-08-11 13:04 . 2008-08-11 13:04 91,744 --a------ C:\WINDOWS\BPMNT.dll
    2008-08-11 13:04 . 2008-08-11 13:04 71,749 --a------ C:\WINDOWS\hcextoutput.dll
    2008-08-11 13:03 . 2008-08-11 13:04 26,409,657 --a------ C:\WINDOWS\VPTNFILE.467
    2008-08-11 13:00 . 2008-08-11 13:04 <REP> d-------- C:\WINDOWS\AU_Temp
    2008-08-10 13:46 . 2008-08-10 13:46 663,040 --a------ C:\WINDOWS\isRS-000.tmp
    2008-08-09 01:20 . 2008-08-09 01:20 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-08-08 18:49 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2008-08-07 14:46 . 2008-08-07 14:49 <REP> d-------- C:\Program Files\QuickTime
    2008-08-07 14:43 . 2008-08-07 14:43 <REP> d-------- C:\Program Files\Apple Software Update
    2008-08-07 14:43 . 2008-08-07 14:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2008-08-06 14:19 . 2001-08-28 14:00 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe
    2008-08-06 14:19 . 2001-08-28 14:00 139,264 --a--c--- C:\WINDOWS\system32\dllcache\sndvol32.exe
    2008-08-06 14:19 . 2004-08-20 01:10 133,120 --a------ C:\WINDOWS\system32\sndrec32.exe
    2008-08-06 14:19 . 2004-08-20 01:10 133,120 --a--c--- C:\WINDOWS\system32\dllcache\sndrec32.exe
    2008-08-05 20:55 . 2008-07-23 18:50 129,784 --------- C:\WINDOWS\system32\pxafs.dll
    2008-08-05 20:55 . 2008-07-23 18:50 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
    2008-08-05 20:55 . 2008-07-23 18:50 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
    2008-08-05 20:55 . 2008-07-23 18:50 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
    2008-08-05 20:55 . 2008-07-23 18:50 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2008-08-05 20:46 . 2008-08-05 20:46 <REP> d-------- C:\WINDOWS\Sun
    2008-08-05 19:14 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-08-05 19:11 . 2008-08-05 19:11 1,160 --a------ C:\WINDOWS\mozver.dat
    2008-08-05 18:50 . 2008-08-05 19:13 <REP> d-------- C:\Program Files\Java
    2008-08-05 18:50 . 2008-08-05 18:50 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-08-05 17:41 . 2008-08-07 17:12 <REP> d-------- C:\Program Files\Winamp
    2008-08-05 09:47 . 2008-08-05 09:46 88,848 -r-hs---- C:\tpfbusg.cmd
    2008-08-04 20:48 . 2008-08-07 12:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-08-04 20:48 . 2008-08-04 20:48 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-08-04 19:28 . 2008-08-04 19:28 <REP> d-------- C:\Documents and Settings\cy\Application Data\Talkback
    2008-08-04 19:10 . 2008-08-11 18:46 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-08-04 19:00 . 2008-08-12 12:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-08-04 17:11 . 2008-08-04 17:11 21 --a------ C:\WINDOWS\kit.ini
    2008-08-04 14:41 . 2008-08-04 14:41 <REP> d-------- C:\Documents and Settings\cy\Application Data\AdobeUM
    2008-08-04 14:24 . 2008-08-04 14:24 <REP> d--hs---- C:\WINDOWS\ftpcache
    2008-08-04 14:24 . 2008-08-04 14:24 <REP> d-------- C:\Program Files\Free
    2008-07-25 10:36 . 2008-07-25 10:36 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
    2008-07-25 10:36 . 2008-07-25 10:36 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
    2008-07-23 18:50 . 2008-07-23 18:50 3,596,288 --a--c--- C:\WINDOWS\system32\qt-dx331.dll
    2008-07-23 18:50 . 2008-07-23 18:50 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
    2008-07-23 18:48 . 2008-07-23 18:48 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
    2008-07-23 18:48 . 2008-07-23 18:48 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2008-07-23 18:47 . 2008-07-23 18:47 634,880 --a------ C:\WINDOWS\system32\divxdec.ax
    2008-07-23 18:47 . 2008-07-23 18:47 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
    2008-07-23 18:47 . 2008-07-23 18:47 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
    2008-07-23 18:47 . 2008-07-23 18:47 3,067 --a--c--- C:\WINDOWS\system32\dtu_fr.qm
    2008-07-23 18:47 . 2008-07-23 18:47 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
    2008-07-23 18:47 . 2008-07-23 18:47 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
    2008-07-23 18:46 . 2008-07-23 18:46 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-13 12:57 5,022 ----a-w C:\Program Files\hijackthis.log
    2008-08-11 11:00 69,689 -c--a-w C:\WINDOWS\UNZIP.DLL
    2008-08-11 11:00 507,904 -c--a-w C:\WINDOWS\TMUPDATE.DLL
    2008-08-11 11:00 286,720 -c--a-w C:\WINDOWS\PATCH.EXE
    2008-08-07 12:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-08-06 13:42 --------- d-----w C:\Program Files\DivX
    2008-08-04 17:01 --------- d-----w C:\Program Files\Google
    2008-08-04 13:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-04 13:01 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-07-24 16:10 --------- d-----w C:\Program Files\HappyCollection_2.1
    2008-07-23 16:50 43,528 -c----w C:\WINDOWS\system32\drivers\PxHelp20.sys
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2005-02-16 09:06 218,112 ----a-w C:\Program Files\HijackThis.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-04 19:01 68856]
    "mswindws"="mssql.exe" [2008-08-11 18:27 53248 C:\WINDOWS\system32\mssql.exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-06-26 00:17 504080]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Shell"="Explorer.exe work.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mswindws]
    --a------ 2008-08-11 18:27 53248 C:\WINDOWS\system32\mssql.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "XCOMM"=2 (0x2)
    "VSSERV"=2 (0x2)
    "LIVESRV"=2 (0x2)
    "bdss"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe"=

    R3 cwbmidi_device;Pilote UART Crystal WDM MPU-401;C:\WINDOWS\system32\drivers\cwbmidi.sys [2001-08-17 21:19]
    R3 cwbwdm_device;Pilote du codec audio Crystal WDM;C:\WINDOWS\system32\drivers\cwbwdm.sys [2001-08-17 21:19]
    R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23]
    R3 neo20xx;neo20xx;C:\WINDOWS\system32\DRIVERS\neo20xx.sys [2001-08-17 21:50]
    R3 ThinkPadDSP;ThinkPad DSP Driver Service;C:\WINDOWS\system32\DRIVERS\mwwdm.sys [1999-09-24 12:10]
    S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05]
    S3 EL3C574;Pilote de périphérique carte réseau PC Card FE574B-3Com 10/100;C:\WINDOWS\system32\DRIVERS\el574nd4.sys [2001-08-17 21:10]
    S3 el575nd5;Pilote de carte réseau PC Card 3Com Megahertz 10/100 CardBus;C:\WINDOWS\system32\DRIVERS\el575nd5.sys [2001-08-17 20:10]
    S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\System32\ZDCndis5.SYS []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f728570-e263-11dc-a137-8d41a7e3ff6d}]
    \Shell\Auto\command - E:\printer.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e6b2ae0-6388-11dc-a0bc-84a66e69066d}]
    \Shell\Auto\command - E:\printer.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{558c5c20-e518-11dc-a13f-d5e6f37c716c}]
    \Shell\Auto\command - E:\printer.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abcb4810-cc1a-11dc-a126-eb650fbfb56c}]
    \Shell\Auto\command - E:\printer.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9032c10-8995-11da-9f98-c3e73f54626a}]
    \Shell\Auto\command - E:\printer.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5c785d0-42e8-11dd-a17b-101111111111}]
    \Shell\AutoRun\command - E:\32e2.com
    \Shell\explore\Command - E:\32e2.com
    \Shell\open\Command - E:\32e2.com
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-msnmsgr - C:\Program Files\MSN Messenger\msnmsgr.exe
    HKCU-Run-WOOKIT - C:\PROGRA~1\Wanadoo\Shell.exe
    HKCU-Run-MSMSGS - ___C:\Program Files\Messenger\msmsgs.exe
    HKLM-Run-Modem Update Reminder - ____C:\WINDOWS\MWW32\manager\mwremind.exe
    HKLM-Run-Microsoft IIS - ____C:\WINDOWS\SYSTEM32\syshost.exe
    HKLM-Run-Dvd play scr hole - C:\Documents and Settings\All Users\Application Data\bend team hole trans\Deaf Hold Aim.exe
    HKLM-Run-eAVTrial - C:\Program Files\CA\eTrust Antivirus\eAVTrial.exe
    HKLM-Run-TrackPointSrv - ___tp4mon.exe
    Notify-WgaLogon - (no file)


    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\cy\Application Data\Mozilla\Firefox\Profiles\tuzlie92.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.orange.fr


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-14 00:55:36
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    C:\WINDOWS\system32\cftmons.exe [868] 0x81A2D8B0
    C:\WINDOWS\system32\alg.exe [2864] 0x81B338B0
    C:\WINDOWS\system32\wuauclt.exe [3396] 0x812EC600
    C:\WINDOWS\system32\wscntfy.exe [3940] 0x812EA6C8
    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\WINDOWS\system32\wdfmgr.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-14 1:09:27 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-08-13 23:09:05

    Pre-Run: 244,977,664 octets libres


    Et le rapport Hijack This :
    Logfile of HijackThis v1.99.1
    Scan saved at 01:13, on 2008-08-14
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: Shell=Explorer.exe work.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
    O4 - HKLM\..\Run: [TrackPointSrv] ___tp4mon.exe
    O4 - HKLM\..\Run: [Modem Update Reminder] ____C:\WINDOWS\MWW32\manager\mwremind.exe autorun
    O4 - HKLM\..\Run: [Microsoft IIS] ____C:\WINDOWS\SYSTEM32\syshost.exe
    O4 - HKLM\..\Run: [Dvd play scr hole] C:\Documents and Settings\All Users\Application Data\bend team hole trans\Deaf Hold Aim.exe
    O4 - HKLM\..\Run: [eAVTrial] C:\Program Files\CA\eTrust Antivirus\eAVTrial.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [MSMSGS] ___"C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [mswindws] mssql.exe
    O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.secuser.com
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Serveur RPC eTrust Antivirus (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: Serveur eTrust Antivirus Temps réel (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: Serveur de jobs eTrust Antivirus (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: ThinkPad Modem Service (ThinkPadModemService) - IBM Corporation - C:\WINDOWS\MWW32\MANAGER\MWMDMSVC.EXE

    Encore merci de votre aide.
    14 Août 2008 02:16:04

    re

    Copie (Ctrl+C) le texte ci-dessous :
    Driver::
    ZDCndis5

    File::
    C:\WINDOWS\system32\work.exe
    C:\WINDOWS\system32\mssql.exe
    C:\WINDOWS\system32\cftmons.exe

    Folder::


    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "mswindws"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mswindws]



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    14 Août 2008 11:22:03

    Bonjour,
    Voici le rapport :
    ComboFix 08-08-13.02 - stella 2008-08-14 10:45:49.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.138 [GMT 2:00]
    Endroit: C:\Documents and Settings\cy\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\cy\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\system32\cftmons.exe
    C:\WINDOWS\system32\mssql.exe
    C:\WINDOWS\system32\work.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\cftmons.exe
    C:\WINDOWS\system32\work.exe
    C:\WINDOWS\ufdata2000.log
    .
    ---- Previous Run -------
    .
    C:\WINDOWS\system32\work.exe
    C:\WINDOWS\ufdata2000.log

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_ZDCndis5


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-14 to 2008-08-14 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-12 22:51 . 2008-08-13 14:56 <REP> d-------- C:\Program Files\Navilog1
    2008-08-12 22:11 . 2008-08-14 10:42 <REP> d-------- C:\Lop SD
    2008-08-12 21:32 . 2008-08-12 21:33 <REP> d-------- C:\WINDOWS\ERUNT
    2008-08-11 19:19 . 2008-08-11 19:19 <REP> d-------- C:\Program Files\backups
    2008-08-11 13:06 . 2008-08-11 13:06 <REP> d-------- C:\WINDOWS\report
    2008-08-11 13:05 . 2008-08-11 13:04 26,409,657 --a------ C:\WINDOWS\LPT$VPN.467
    2008-08-11 13:04 . 2008-08-11 13:04 <REP> d-------- C:\WINDOWS\AU_Backup
    2008-08-11 13:04 . 2008-08-11 13:04 1,963,957 --a------ C:\WINDOWS\tsc.ptn
    2008-08-11 13:04 . 2008-08-11 13:04 1,213,784 --a------ C:\WINDOWS\vsapi32.dll
    2008-08-11 13:04 . 2008-08-11 13:04 333,576 --a------ C:\WINDOWS\TSC.exe
    2008-08-11 13:04 . 2008-08-11 13:04 91,744 --a------ C:\WINDOWS\BPMNT.dll
    2008-08-11 13:04 . 2008-08-11 13:04 71,749 --a------ C:\WINDOWS\hcextoutput.dll
    2008-08-11 13:03 . 2008-08-11 13:04 26,409,657 --a------ C:\WINDOWS\VPTNFILE.467
    2008-08-11 13:00 . 2008-08-11 13:04 <REP> d-------- C:\WINDOWS\AU_Temp
    2008-08-10 13:46 . 2008-08-10 13:46 663,040 --a------ C:\WINDOWS\isRS-000.tmp
    2008-08-09 01:20 . 2008-08-09 01:20 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-08-08 18:49 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2008-08-07 14:46 . 2008-08-07 14:49 <REP> d-------- C:\Program Files\QuickTime
    2008-08-07 14:43 . 2008-08-07 14:43 <REP> d-------- C:\Program Files\Apple Software Update
    2008-08-07 14:43 . 2008-08-07 14:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2008-08-06 14:19 . 2001-08-28 14:00 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe
    2008-08-06 14:19 . 2001-08-28 14:00 139,264 --a--c--- C:\WINDOWS\system32\dllcache\sndvol32.exe
    2008-08-06 14:19 . 2004-08-20 01:10 133,120 --a------ C:\WINDOWS\system32\sndrec32.exe
    2008-08-06 14:19 . 2004-08-20 01:10 133,120 --a--c--- C:\WINDOWS\system32\dllcache\sndrec32.exe
    2008-08-05 20:55 . 2008-07-23 18:50 129,784 --------- C:\WINDOWS\system32\pxafs.dll
    2008-08-05 20:55 . 2008-07-23 18:50 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
    2008-08-05 20:55 . 2008-07-23 18:50 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
    2008-08-05 20:55 . 2008-07-23 18:50 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
    2008-08-05 20:55 . 2008-07-23 18:50 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2008-08-05 20:46 . 2008-08-05 20:46 <REP> d-------- C:\WINDOWS\Sun
    2008-08-05 19:14 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-08-05 19:11 . 2008-08-05 19:11 1,160 --a------ C:\WINDOWS\mozver.dat
    2008-08-05 18:50 . 2008-08-05 19:13 <REP> d-------- C:\Program Files\Java
    2008-08-05 18:50 . 2008-08-05 18:50 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-08-05 17:41 . 2008-08-07 17:12 <REP> d-------- C:\Program Files\Winamp
    2008-08-05 09:47 . 2008-08-05 09:46 88,848 -r-hs---- C:\tpfbusg.cmd
    2008-08-04 20:48 . 2008-08-07 12:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-08-04 20:48 . 2008-08-04 20:48 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-08-04 19:28 . 2008-08-04 19:28 <REP> d-------- C:\Documents and Settings\cy\Application Data\Talkback
    2008-08-04 19:10 . 2008-08-11 18:46 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-08-04 19:00 . 2008-08-12 12:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-08-04 17:11 . 2008-08-04 17:11 21 --a------ C:\WINDOWS\kit.ini
    2008-08-04 14:41 . 2008-08-04 14:41 <REP> d-------- C:\Documents and Settings\cy\Application Data\AdobeUM
    2008-08-04 14:24 . 2008-08-04 14:24 <REP> d--hs---- C:\WINDOWS\ftpcache
    2008-08-04 14:24 . 2008-08-04 14:24 <REP> d-------- C:\Program Files\Free
    2008-07-25 10:36 . 2008-07-25 10:36 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
    2008-07-25 10:36 . 2008-07-25 10:36 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
    2008-07-23 18:50 . 2008-07-23 18:50 3,596,288 --a--c--- C:\WINDOWS\system32\qt-dx331.dll
    2008-07-23 18:50 . 2008-07-23 18:50 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
    2008-07-23 18:48 . 2008-07-23 18:48 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
    2008-07-23 18:48 . 2008-07-23 18:48 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2008-07-23 18:47 . 2008-07-23 18:47 634,880 --a------ C:\WINDOWS\system32\divxdec.ax
    2008-07-23 18:47 . 2008-07-23 18:47 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
    2008-07-23 18:47 . 2008-07-23 18:47 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
    2008-07-23 18:47 . 2008-07-23 18:47 3,067 --a--c--- C:\WINDOWS\system32\dtu_fr.qm
    2008-07-23 18:47 . 2008-07-23 18:47 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
    2008-07-23 18:47 . 2008-07-23 18:47 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
    2008-07-23 18:46 . 2008-07-23 18:46 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-13 23:13 4,909 ----a-w C:\Program Files\hijackthis.log
    2008-08-11 11:00 69,689 -c--a-w C:\WINDOWS\UNZIP.DLL
    2008-08-11 11:00 507,904 -c--a-w C:\WINDOWS\TMUPDATE.DLL
    2008-08-11 11:00 286,720 -c--a-w C:\WINDOWS\PATCH.EXE
    2008-08-07 12:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-08-06 13:42 --------- d-----w C:\Program Files\DivX
    2008-08-04 17:01 --------- d-----w C:\Program Files\Google
    2008-08-04 13:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-04 13:01 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-07-24 16:10 --------- d-----w C:\Program Files\HappyCollection_2.1
    2008-07-23 16:50 43,528 -c----w C:\WINDOWS\system32\drivers\PxHelp20.sys
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2005-02-16 09:06 218,112 ----a-w C:\Program Files\HijackThis.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-08-14_ 1.06.19.02 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [BU]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [BU]
    "MSMSGS"="___C:\Program Files\Messenger\msmsgs.exe" [BU]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-04 19:01 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-06-26 00:17 504080]
    "Modem Update Reminder"="____C:\WINDOWS\MWW32\manager\mwremind.exe" [BU]
    "Microsoft IIS"="____C:\WINDOWS\SYSTEM32\syshost.exe" [BU]
    "Dvd play scr hole"="C:\Documents and Settings\All Users\Application Data\bend team hole trans\Deaf Hold Aim.exe" [BU]
    "eAVTrial"="C:\Program Files\CA\eTrust Antivirus\eAVTrial.exe" [BU]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
    "TrackPointSrv"="___tp4mon.exe" [BU]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
    [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "XCOMM"=2 (0x2)
    "VSSERV"=2 (0x2)
    "LIVESRV"=2 (0x2)
    "bdss"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe"=

    R3 cwbmidi_device;Pilote UART Crystal WDM MPU-401;C:\WINDOWS\system32\drivers\cwbmidi.sys [2001-08-17 21:19]
    R3 cwbwdm_device;Pilote du codec audio Crystal WDM;C:\WINDOWS\system32\drivers\cwbwdm.sys [2001-08-17 21:19]
    R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23]
    R3 neo20xx;neo20xx;C:\WINDOWS\system32\DRIVERS\neo20xx.sys [2001-08-17 21:50]
    R3 ThinkPadDSP;ThinkPad DSP Driver Service;C:\WINDOWS\system32\DRIVERS\mwwdm.sys [1999-09-24 12:10]
    S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05]
    S3 EL3C574;Pilote de périphérique carte réseau PC Card FE574B-3Com 10/100;C:\WINDOWS\system32\DRIVERS\el574nd4.sys [2001-08-17 21:10]
    S3 el575nd5;Pilote de carte réseau PC Card 3Com Megahertz 10/100 CardBus;C:\WINDOWS\system32\DRIVERS\el575nd5.sys [2001-08-17 20:10]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f728570-e263-11dc-a137-8d41a7e3ff6d}]
    \Shell\Auto\command - E:\printer.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e6b2ae0-6388-11dc-a0bc-84a66e69066d}]
    \Shell\Auto\command - E:\printer.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{558c5c20-e518-11dc-a13f-d5e6f37c716c}]
    \Shell\Auto\command - E:\printer.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abcb4810-cc1a-11dc-a126-eb650fbfb56c}]
    \Shell\Auto\command - E:\printer.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9032c10-8995-11da-9f98-c3e73f54626a}]
    \Shell\Auto\command - E:\printer.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5c785d0-42e8-11dd-a17b-101111111111}]
    \Shell\AutoRun\command - E:\32e2.com
    \Shell\explore\Command - E:\32e2.com
    \Shell\open\Command - E:\32e2.com
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

    2008-08-09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-14 10:59:03
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\WINDOWS\system32\wdfmgr.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-14 11:09:24 - machine was rebooted [stella]
    ComboFix-quarantined-files.txt 2008-08-14 09:09:00

    Pre-Run: 185,516,032 octets libres
    Post-Run: 124,174,336 octets libres

    199 --- E O F --- 2008-08-12 22:45:12
    14 Août 2008 18:45:00

    bonjour

    reposte un log hijackthis stp
    14 Août 2008 19:22:14

    Logfile of HijackThis v1.99.1
    Scan saved at 19:20:29, on 14/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\All Users\Application Data\Google Updater\cache\installers_ci_ar_fr_8.1.2.0_setup.exe
    C:\Program Files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
    O4 - HKLM\..\Run: [TrackPointSrv] ___tp4mon.exe
    O4 - HKLM\..\Run: [Modem Update Reminder] ____C:\WINDOWS\MWW32\manager\mwremind.exe autorun
    O4 - HKLM\..\Run: [Microsoft IIS] ____C:\WINDOWS\SYSTEM32\syshost.exe
    O4 - HKLM\..\Run: [Dvd play scr hole] C:\Documents and Settings\All Users\Application Data\bend team hole trans\Deaf Hold Aim.exe
    O4 - HKLM\..\Run: [eAVTrial] C:\Program Files\CA\eTrust Antivirus\eAVTrial.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [MSMSGS] ___"C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.secuser.com
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Serveur RPC eTrust Antivirus (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: Serveur eTrust Antivirus Temps réel (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: Serveur de jobs eTrust Antivirus (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: ThinkPad Modem Service (ThinkPadModemService) - IBM Corporation - C:\WINDOWS\MWW32\MANAGER\MWMDMSVC.EXE

    14 Août 2008 21:07:54

    bonsoir



    ~Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.

    ~Lance Hijackthis “Do a system scan only”.
    Coche les lignes qui suivent si encore présentes et uniquement celles-là.

    O4 - HKLM\..\Run: [Microsoft IIS] ____C:\WINDOWS\SYSTEM32\syshost.exe
    O4 - HKLM\..\Run: [Dvd play scr hole] C:\Documents and Settings\All Users\Application Data\bend team hole trans\Deaf Hold Aim.exe

    Clique sur Fix checked (en bas à gauche)


    Sélectionne TOUS les emplacements en gras ci-dessous :

    C:\WINDOWS\SYSTEM32\syshost.exe
    C:\Documents and Settings\All Users\Application Data\bend team hole trans


    ---> Clique-droit puis Copier (ou Ctrl+C)

    Double-clique sur OTMoveIt.exe afin de le lancer.
    Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
    Clique maintenant sur MoveIt![/#f]

    [#ff0e00]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.

    Accepte en cliquant sur YES.

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log



    14 Août 2008 21:25:31

    Voici le rapport MoveIt :
    File/Folder C:\WINDOWS\SYSTEM32\syshost.exe not found.
    C:\Documents and Settings\All Users\Application Data\bend team hole trans moved successfully.

    OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08142008_212146


    Et un autre rapport Hijack This (au cas où) :
    Logfile of HijackThis v1.99.1
    Scan saved at 21:24:23, on 14/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\All Users\Application Data\Google Updater\cache\installers_ci_ar_fr_8.1.2.0_setup.exe
    C:\Program Files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
    O4 - HKLM\..\Run: [TrackPointSrv] ___tp4mon.exe
    O4 - HKLM\..\Run: [Modem Update Reminder] ____C:\WINDOWS\MWW32\manager\mwremind.exe autorun
    O4 - HKLM\..\Run: [eAVTrial] C:\Program Files\CA\eTrust Antivirus\eAVTrial.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [MSMSGS] ___"C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.secuser.com
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Serveur RPC eTrust Antivirus (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: Serveur eTrust Antivirus Temps réel (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: Serveur de jobs eTrust Antivirus (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: ThinkPad Modem Service (ThinkPadModemService) - IBM Corporation - C:\WINDOWS\MWW32\MANAGER\MWMDMSVC.EXE

    14 Août 2008 21:35:34

    bien :) 

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    14 Août 2008 22:59:06

    MalwareByte's Anti-Malware n'a rien trouvé.
    Je poste quand-même le rapport :
    Malwarebytes' Anti-Malware 1.24
    Version de la base de données: 1053
    Windows 5.1.2600 Service Pack 2

    22:46:56 14/08/2008
    mbam-log-8-14-2008 (22-46-56).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 62840
    Temps écoulé: 51 minute(s), 2 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)


    Je ne comprends pas, si mon PC n'est plus infecté, où est passé tout cet espace disque ?
    14 Août 2008 23:04:25

    Et E Trust vient de m'alerter :
    Win32/Cacfu.L a été détecté dans C:\QOOBOX\QUARANTINE\CATCHME2008-08-14_ 05052,73.ZIP.
    Ordinateur : *****,Utilisateur : *****\stella.
    Etat du fichier : Échec de la désinfection, fichier restauré.
    14 Août 2008 23:35:58

    re
    ton antivirus agit un peu tard... :lol: 

    C:\QOOBOX est la quarantaine de ComboFix.
    ça ne nous sert plus, donc fait ceci:
    Désinstalle combofix en suivant cette procédure:

  • Menu démarrer puis exécuter
  • Tape maintenant Combofix /u dans la fenêtre que apparaît puis valide par OK. Veille à bien laisser un espace entre le X et le /U, car cela est nécessaire ici.


    ++++++++++++++

    ~Fais une analyse antivirus en ligne sur le site de Kaspersky
    http://www.kaspersky.com/kos/eng/partner/default/kavweb...

    * Clique sur Accept
    * Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
    * clique une nouvelle fois sur "Accept"
    * Les bases de mises à jour vont s'installer, patiente un moment
    * Clique sur Next.
    * Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

    Tuto du scan en ligne
    15 Août 2008 09:59:24

    Voilà le rapport de Kaspersky :
    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Friday, August 15, 2008
    Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Thursday, August 14, 2008 23:17:05
    Records in database: 1093987
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    A:\
    C:\
    D:\

    Scan statistics:
    Files scanned: 31655
    Threat name: 2
    Infected objects: 2
    Suspicious objects: 0
    Duration of the scan: 08:41:20


    File name / Threat name / Threats count
    C:\DATA\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
    C:\tpfbusg.cmd Infected: Worm.Win32.AutoRun.lmq 1

    The selected area was scanned.
    15 Août 2008 21:53:31

    bonsoir

    supprime:
    C:\tpfbusg.cmd

    d'autres soucis?
    15 Août 2008 22:35:52

    Merci infiniment pour ton aide, mais oui, j'ai encore quelques questions :
    1. comment je récupère mon espace disque ?
    2. Est-ce qu'il est possible que ma clé USB soit infestée ?
    16 Août 2008 17:59:58

    bonjour

    en effet, c'est curieux
    kaspersky aurait du réagir sur E:\32e2.com
    comme sur ce topic
    http://www.developpez.net/forums/d509347/hardware-syste...
    Citation :
    C:\32e2.com Infecté : Trojan-PSW.Win32.OnLineGames.uek ignoré


    Télécharge Flash Disinfector
    Connectes tes supports amovibles sur ton PC. (lecteur mp3, DD externe, clé USB...)
    Connecte tous les périphériques externes ( DD , USB , ..... )
    Double clique sur Flash Disinfector et laisse toi guider

    repasse Combofix et poste le nouveau rapport

    16 Août 2008 19:01:19

    Merci. Voici le rapport :
    ComboFix 08-08-15.04 - stella 2008-08-16 18:43:53.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.118 [GMT 2:00]
    Endroit: C:\Documents and Settings\cy\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-07-16 to 2008-08-16 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-14 21:48 . 2008-08-14 21:48 <REP> d-------- C:\Documents and Settings\cy\Application Data\Malwarebytes
    2008-08-14 21:47 . 2008-08-14 21:48 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-14 21:47 . 2008-08-14 21:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-14 21:47 . 2008-07-30 20:15 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-14 21:47 . 2008-07-30 20:15 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-11 19:19 . 2008-08-14 21:19 <REP> d-------- C:\Program Files\backups
    2008-08-11 13:05 . 2008-08-11 13:04 26,409,657 --a------ C:\WINDOWS\LPT$VPN.467
    2008-08-11 13:04 . 2008-08-11 13:04 <REP> d-------- C:\WINDOWS\AU_Backup
    2008-08-11 13:04 . 2008-08-11 13:04 1,963,957 --a------ C:\WINDOWS\tsc.ptn
    2008-08-11 13:04 . 2008-08-11 13:04 1,213,784 --a------ C:\WINDOWS\vsapi32.dll
    2008-08-11 13:04 . 2008-08-11 13:04 333,576 --a------ C:\WINDOWS\TSC.exe
    2008-08-11 13:04 . 2008-08-11 13:04 91,744 --a------ C:\WINDOWS\BPMNT.dll
    2008-08-11 13:04 . 2008-08-11 13:04 71,749 --a------ C:\WINDOWS\hcextoutput.dll
    2008-08-11 13:03 . 2008-08-11 13:04 26,409,657 --a------ C:\WINDOWS\VPTNFILE.467
    2008-08-11 13:00 . 2008-08-11 13:04 <REP> d-------- C:\WINDOWS\AU_Temp
    2008-08-11 00:16 . 2008-08-16 01:22 1,374 --a------ C:\WINDOWS\imsins.BAK
    2008-08-09 01:20 . 2008-08-09 01:20 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-08-08 18:49 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2008-08-07 14:46 . 2008-08-07 14:49 <REP> d-------- C:\Program Files\QuickTime
    2008-08-07 14:43 . 2008-08-07 14:43 <REP> d-------- C:\Program Files\Apple Software Update
    2008-08-07 14:43 . 2008-08-07 14:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2008-08-06 14:19 . 2001-08-28 14:00 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe
    2008-08-06 14:19 . 2001-08-28 14:00 139,264 --a--c--- C:\WINDOWS\system32\dllcache\sndvol32.exe
    2008-08-06 14:19 . 2004-08-20 01:10 133,120 --a------ C:\WINDOWS\system32\sndrec32.exe
    2008-08-06 14:19 . 2004-08-20 01:10 133,120 --a--c--- C:\WINDOWS\system32\dllcache\sndrec32.exe
    2008-08-05 20:55 . 2008-07-23 18:50 129,784 --------- C:\WINDOWS\system32\pxafs.dll
    2008-08-05 20:55 . 2008-07-23 18:50 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
    2008-08-05 20:55 . 2008-07-23 18:50 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
    2008-08-05 20:55 . 2008-07-23 18:50 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
    2008-08-05 20:55 . 2008-07-23 18:50 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2008-08-05 20:46 . 2008-08-05 20:46 <REP> d-------- C:\WINDOWS\Sun
    2008-08-05 19:14 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-08-05 19:11 . 2008-08-05 19:11 1,160 --a------ C:\WINDOWS\mozver.dat
    2008-08-05 18:50 . 2008-08-05 19:13 <REP> d-------- C:\Program Files\Java
    2008-08-05 18:50 . 2008-08-05 18:50 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-08-05 17:41 . 2008-08-07 17:12 <REP> d-------- C:\Program Files\Winamp
    2008-08-04 20:48 . 2008-08-07 12:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-08-04 20:48 . 2008-08-04 20:48 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-08-04 19:28 . 2008-08-04 19:28 <REP> d-------- C:\Documents and Settings\cy\Application Data\Talkback
    2008-08-04 19:10 . 2008-08-11 18:46 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-08-04 19:00 . 2008-08-15 18:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-08-04 17:11 . 2008-08-04 17:11 21 --a------ C:\WINDOWS\kit.ini
    2008-08-04 14:41 . 2008-08-04 14:41 <REP> d-------- C:\Documents and Settings\cy\Application Data\AdobeUM
    2008-08-04 14:24 . 2008-08-04 14:24 <REP> d--hs---- C:\WINDOWS\ftpcache
    2008-08-04 14:24 . 2008-08-04 14:24 <REP> d-------- C:\Program Files\Free
    2008-07-25 10:36 . 2008-07-25 10:36 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
    2008-07-25 10:36 . 2008-07-25 10:36 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
    2008-07-23 18:50 . 2008-07-23 18:50 3,596,288 --a--c--- C:\WINDOWS\system32\qt-dx331.dll
    2008-07-23 18:50 . 2008-07-23 18:50 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
    2008-07-23 18:48 . 2008-07-23 18:48 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
    2008-07-23 18:48 . 2008-07-23 18:48 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2008-07-23 18:47 . 2008-07-23 18:47 634,880 --a------ C:\WINDOWS\system32\divxdec.ax
    2008-07-23 18:47 . 2008-07-23 18:47 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
    2008-07-23 18:47 . 2008-07-23 18:47 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
    2008-07-23 18:47 . 2008-07-23 18:47 3,067 --a--c--- C:\WINDOWS\system32\dtu_fr.qm
    2008-07-23 18:47 . 2008-07-23 18:47 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
    2008-07-23 18:47 . 2008-07-23 18:47 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
    2008-07-23 18:46 . 2008-07-23 18:46 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-11 11:00 69,689 -c--a-w C:\WINDOWS\UNZIP.DLL
    2008-08-11 11:00 507,904 -c--a-w C:\WINDOWS\TMUPDATE.DLL
    2008-08-11 11:00 286,720 -c--a-w C:\WINDOWS\PATCH.EXE
    2008-08-07 12:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-08-06 13:42 --------- d-----w C:\Program Files\DivX
    2008-08-04 17:01 --------- d-----w C:\Program Files\Google
    2008-08-04 13:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-04 13:01 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-07-24 16:10 --------- d-----w C:\Program Files\HappyCollection_2.1
    2008-07-23 16:50 43,528 -c----w C:\WINDOWS\system32\drivers\PxHelp20.sys
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-05-18 15:25 4,230,520 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-04 19:01 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-06-26 00:17 504080]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "XCOMM"=2 (0x2)
    "VSSERV"=2 (0x2)
    "LIVESRV"=2 (0x2)
    "bdss"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

    R3 cwbmidi_device;Pilote UART Crystal WDM MPU-401;C:\WINDOWS\system32\drivers\cwbmidi.sys [2001-08-17 21:19]
    R3 cwbwdm_device;Pilote du codec audio Crystal WDM;C:\WINDOWS\system32\drivers\cwbwdm.sys [2001-08-17 21:19]
    R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23]
    R3 neo20xx;neo20xx;C:\WINDOWS\system32\DRIVERS\neo20xx.sys [2001-08-17 21:50]
    R3 ThinkPadDSP;ThinkPad DSP Driver Service;C:\WINDOWS\system32\DRIVERS\mwwdm.sys [1999-09-24 12:10]
    S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05]
    S3 EL3C574;Pilote de périphérique carte réseau PC Card FE574B-3Com 10/100;C:\WINDOWS\system32\DRIVERS\el574nd4.sys [2001-08-17 21:10]
    S3 el575nd5;Pilote de carte réseau PC Card 3Com Megahertz 10/100 CardBus;C:\WINDOWS\system32\DRIVERS\el575nd5.sys [2001-08-17 20:10]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{558c5c20-e518-11dc-a13f-d5e6f37c716c}]
    \Shell\Auto\command - E:\printer.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abcb4810-cc1a-11dc-a126-eb650fbfb56c}]
    \Shell\Auto\command - E:\printer.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9032c10-8995-11da-9f98-c3e73f54626a}]
    \Shell\Auto\command - E:\printer.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5c785d0-42e8-11dd-a17b-101111111111}]
    \Shell\AutoRun\command - E:\32e2.com
    \Shell\explore\Command - E:\32e2.com
    \Shell\open\Command - E:\32e2.com

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

    2008-08-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-msnmsgr - C:\Program Files\MSN Messenger\msnmsgr.exe
    HKCU-Run-WOOKIT - C:\PROGRA~1\Wanadoo\Shell.exe
    HKCU-Run-MSMSGS - ___C:\Program Files\Messenger\msmsgs.exe
    HKLM-Run-Modem Update Reminder - ____C:\WINDOWS\MWW32\manager\mwremind.exe
    HKLM-Run-eAVTrial - C:\Program Files\CA\eTrust Antivirus\eAVTrial.exe
    HKLM-Run-TrackPointSrv - ___tp4mon.exe
    Notify-WgaLogon - (no file)


    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\cy\Application Data\Mozilla\Firefox\Profiles\tuzlie92.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.orange.fr


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-16 18:49:32
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-16 18:54:18
    ComboFix-quarantined-files.txt 2008-08-16 16:53:55

    Pre-Run: 292,347,904 octets libres
    Post-Run: 283,561,984 octets libres

    168 --- E O F --- 2008-08-15 23:23:16
    16 Août 2008 21:17:36

    re

    Rends toi sur ce lien : Virus Total
  • Clique sur Parcourir
  • Rends toi jusque sur ce fichier si tu le trouves :

    E:\printer.exe

  • Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image :
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.
    Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
    Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.
    16 Août 2008 21:46:23

    Je n'ai pas de disque E:\. C'est l'emplacement de mon port USB. J'ai fait une recherche sur C:\ pour trouver le fichier printer.exe, mais je n'ai rien trouvé.
    16 Août 2008 22:52:08

    le fichier devait être sur ta clé...
    essaye de le retrouver en insérant ta clé.
    17 Août 2008 00:12:35

    Effectivement, il était sur ma clé. E Trust l'a supprimé automatiquement. Mais ça ne me rend pas mon espace disque. Je ne comprends pas où tous ces gigas sont passés.
    17 Août 2008 17:30:29

    re

    ton antivirus a-til supprimé E:\32e2.com aussi?

    insère ta clé usb avant cette manip.


    Copie (Ctrl+C) le texte ci-dessous :
    File::
    E:\printer.exe
    E:\32e2.com

    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{558c5c20-e518-11dc-a13f-d5e6f37c716c}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abcb4810-cc1a-11dc-a126-eb650fbfb56c}
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9032c10-8995-11da-9f98-c3e73f54626a}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5c785d0-42e8-11dd-a17b-101111111111}]



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    17 Août 2008 19:18:51

    Bonjour,
    Merci beaucoup. J'ai effectué la procédure sur mon baladeur MP3 en plus de ma clé.
    Voici le rapport du MP3 :
    ComboFix 08-08-16.01 - stella 2008-08-17 18:38:35.4 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.62 [GMT 2:00]
    Endroit: C:\Documents and Settings\cy\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\cy\Bureau\CFScript.txt

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    E:\32e2.com
    E:\printer.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\cy\Application Data\Microsoft\SystemCertificates\My
    C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My
    C:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-07-17 to 2008-08-17 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-17 13:39 . 2008-08-17 13:39 <REP> d-------- C:\WINDOWS\SxsCaPendDel
    2008-08-17 13:25 . 2008-08-17 13:28 <REP> d-------- C:\Documents and Settings\cy\Application Data\Mobipocket
    2008-08-14 21:48 . 2008-08-14 21:48 <REP> d-------- C:\Documents and Settings\cy\Application Data\Malwarebytes
    2008-08-14 21:47 . 2008-08-14 21:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-11 19:19 . 2008-08-14 21:19 <REP> d-------- C:\Program Files\backups
    2008-08-11 13:05 . 2008-08-11 13:04 26,409,657 --a------ C:\WINDOWS\LPT$VPN.467
    2008-08-11 13:04 . 2008-08-11 13:04 <REP> d-------- C:\WINDOWS\AU_Backup
    2008-08-11 13:04 . 2008-08-11 13:04 1,963,957 --a------ C:\WINDOWS\tsc.ptn
    2008-08-11 13:04 . 2008-08-11 13:04 1,213,784 --a------ C:\WINDOWS\vsapi32.dll
    2008-08-11 13:04 . 2008-08-11 13:04 333,576 --a------ C:\WINDOWS\TSC.exe
    2008-08-11 13:04 . 2008-08-11 13:04 91,744 --a------ C:\WINDOWS\BPMNT.dll
    2008-08-11 13:04 . 2008-08-11 13:04 71,749 --a------ C:\WINDOWS\hcextoutput.dll
    2008-08-11 13:03 . 2008-08-11 13:04 26,409,657 --a------ C:\WINDOWS\VPTNFILE.467
    2008-08-11 13:00 . 2008-08-11 13:04 <REP> d-------- C:\WINDOWS\AU_Temp
    2008-08-11 00:16 . 2008-08-16 01:22 1,374 --a------ C:\WINDOWS\imsins.BAK
    2008-08-09 01:20 . 2008-08-09 01:20 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-08-08 18:49 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2008-08-07 14:46 . 2008-08-07 14:49 <REP> d-------- C:\Program Files\QuickTime
    2008-08-07 14:43 . 2008-08-07 14:43 <REP> d-------- C:\Program Files\Apple Software Update
    2008-08-07 14:43 . 2008-08-07 14:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2008-08-06 14:19 . 2001-08-28 14:00 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe
    2008-08-06 14:19 . 2001-08-28 14:00 139,264 --a--c--- C:\WINDOWS\system32\dllcache\sndvol32.exe
    2008-08-06 14:19 . 2004-08-20 01:10 133,120 --a------ C:\WINDOWS\system32\sndrec32.exe
    2008-08-06 14:19 . 2004-08-20 01:10 133,120 --a--c--- C:\WINDOWS\system32\dllcache\sndrec32.exe
    2008-08-05 20:55 . 2008-07-23 18:50 129,784 --------- C:\WINDOWS\system32\pxafs.dll
    2008-08-05 20:55 . 2008-07-23 18:50 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
    2008-08-05 20:55 . 2008-07-23 18:50 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
    2008-08-05 20:55 . 2008-07-23 18:50 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
    2008-08-05 20:55 . 2008-07-23 18:50 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2008-08-05 20:46 . 2008-08-05 20:46 <REP> d-------- C:\WINDOWS\Sun
    2008-08-05 19:14 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-08-05 19:11 . 2008-08-05 19:11 1,160 --a------ C:\WINDOWS\mozver.dat
    2008-08-05 18:50 . 2008-08-05 19:13 <REP> d-------- C:\Program Files\Java
    2008-08-05 18:50 . 2008-08-05 18:50 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-08-05 17:41 . 2008-08-07 17:12 <REP> d-------- C:\Program Files\Winamp
    2008-08-04 20:48 . 2008-08-07 12:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-08-04 20:48 . 2008-08-04 20:48 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-08-04 19:28 . 2008-08-04 19:28 <REP> d-------- C:\Documents and Settings\cy\Application Data\Talkback
    2008-08-04 19:10 . 2008-08-11 18:46 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-08-04 19:00 . 2008-08-16 19:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-08-04 17:11 . 2008-08-04 17:11 21 --a------ C:\WINDOWS\kit.ini
    2008-08-04 14:41 . 2008-08-04 14:41 <REP> d-------- C:\Documents and Settings\cy\Application Data\AdobeUM
    2008-08-04 14:24 . 2008-08-04 14:24 <REP> d--hs---- C:\WINDOWS\ftpcache
    2008-08-04 14:24 . 2008-08-04 14:24 <REP> d-------- C:\Program Files\Free
    2008-07-25 10:36 . 2008-07-25 10:36 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
    2008-07-25 10:36 . 2008-07-25 10:36 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
    2008-07-23 18:50 . 2008-07-23 18:50 3,596,288 --a--c--- C:\WINDOWS\system32\qt-dx331.dll
    2008-07-23 18:50 . 2008-07-23 18:50 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
    2008-07-23 18:48 . 2008-07-23 18:48 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
    2008-07-23 18:48 . 2008-07-23 18:48 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2008-07-23 18:47 . 2008-07-23 18:47 634,880 --a------ C:\WINDOWS\system32\divxdec.ax
    2008-07-23 18:47 . 2008-07-23 18:47 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
    2008-07-23 18:47 . 2008-07-23 18:47 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
    2008-07-23 18:47 . 2008-07-23 18:47 3,067 --a--c--- C:\WINDOWS\system32\dtu_fr.qm
    2008-07-23 18:47 . 2008-07-23 18:47 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
    2008-07-23 18:47 . 2008-07-23 18:47 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
    2008-07-23 18:46 . 2008-07-23 18:46 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-11 11:00 69,689 -c--a-w C:\WINDOWS\UNZIP.DLL
    2008-08-11 11:00 507,904 -c--a-w C:\WINDOWS\TMUPDATE.DLL
    2008-08-11 11:00 286,720 -c--a-w C:\WINDOWS\PATCH.EXE
    2008-08-07 12:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-08-06 13:42 --------- d-----w C:\Program Files\DivX
    2008-08-04 17:01 --------- d-----w C:\Program Files\Google
    2008-08-04 13:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-04 13:01 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-07-24 16:10 --------- d-----w C:\Program Files\HappyCollection_2.1
    2008-07-23 16:50 43,528 -c----w C:\WINDOWS\system32\drivers\PxHelp20.sys
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-05-18 15:25 4,230,520 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-04 19:01 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-06-26 00:17 504080]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "XCOMM"=2 (0x2)
    "VSSERV"=2 (0x2)
    "LIVESRV"=2 (0x2)
    "bdss"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

    R3 cwbmidi_device;Pilote UART Crystal WDM MPU-401;C:\WINDOWS\system32\drivers\cwbmidi.sys [2001-08-17 21:19]
    R3 cwbwdm_device;Pilote du codec audio Crystal WDM;C:\WINDOWS\system32\drivers\cwbwdm.sys [2001-08-17 21:19]
    R3 neo20xx;neo20xx;C:\WINDOWS\system32\DRIVERS\neo20xx.sys [2001-08-17 21:50]
    R3 ThinkPadDSP;ThinkPad DSP Driver Service;C:\WINDOWS\system32\DRIVERS\mwwdm.sys [1999-09-24 12:10]
    S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05]
    S3 EL3C574;Pilote de périphérique carte réseau PC Card FE574B-3Com 10/100;C:\WINDOWS\system32\DRIVERS\el574nd4.sys [2001-08-17 21:10]
    S3 el575nd5;Pilote de carte réseau PC Card 3Com Megahertz 10/100 CardBus;C:\WINDOWS\system32\DRIVERS\el575nd5.sys [2001-08-17 20:10]
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abcb4810-cc1a-11dc-a126-eb650fbfb56c}]
    \Shell\Auto\command - E:\printer.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

    2008-08-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-17 18:46:28
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-17 18:53:18
    ComboFix-quarantined-files.txt 2008-08-17 16:53:04

    Pre-Run: 442,859,520 octets libres
    Post-Run: 431,677,440 octets libres

    152 --- E O F --- 2008-08-15 23:23:16



    Voici le rapport de la clé :
    ComboFix 08-08-16.01 - stella 2008-08-17 18:58:19.5 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.55 [GMT 2:00]
    Endroit: C:\Documents and Settings\cy\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\cy\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    E:\32e2.com
    E:\printer.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\cy\Application Data\Microsoft\SystemCertificates\My

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-07-17 to 2008-08-17 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-17 13:39 . 2008-08-17 13:39 <REP> d-------- C:\WINDOWS\SxsCaPendDel
    2008-08-17 13:25 . 2008-08-17 13:28 <REP> d-------- C:\Documents and Settings\cy\Application Data\Mobipocket
    2008-08-14 21:48 . 2008-08-14 21:48 <REP> d-------- C:\Documents and Settings\cy\Application Data\Malwarebytes
    2008-08-14 21:47 . 2008-08-14 21:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-11 19:19 . 2008-08-14 21:19 <REP> d-------- C:\Program Files\backups
    2008-08-11 13:05 . 2008-08-11 13:04 26,409,657 --a------ C:\WINDOWS\LPT$VPN.467
    2008-08-11 13:04 . 2008-08-11 13:04 <REP> d-------- C:\WINDOWS\AU_Backup
    2008-08-11 13:04 . 2008-08-11 13:04 1,963,957 --a------ C:\WINDOWS\tsc.ptn
    2008-08-11 13:04 . 2008-08-11 13:04 1,213,784 --a------ C:\WINDOWS\vsapi32.dll
    2008-08-11 13:04 . 2008-08-11 13:04 333,576 --a------ C:\WINDOWS\TSC.exe
    2008-08-11 13:04 . 2008-08-11 13:04 91,744 --a------ C:\WINDOWS\BPMNT.dll
    2008-08-11 13:04 . 2008-08-11 13:04 71,749 --a------ C:\WINDOWS\hcextoutput.dll
    2008-08-11 13:03 . 2008-08-11 13:04 26,409,657 --a------ C:\WINDOWS\VPTNFILE.467
    2008-08-11 13:00 . 2008-08-11 13:04 <REP> d-------- C:\WINDOWS\AU_Temp
    2008-08-11 00:16 . 2008-08-16 01:22 1,374 --a------ C:\WINDOWS\imsins.BAK
    2008-08-09 01:20 . 2008-08-09 01:20 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-08-08 18:49 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2008-08-07 14:46 . 2008-08-07 14:49 <REP> d-------- C:\Program Files\QuickTime
    2008-08-07 14:43 . 2008-08-07 14:43 <REP> d-------- C:\Program Files\Apple Software Update
    2008-08-07 14:43 . 2008-08-07 14:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2008-08-06 14:19 . 2001-08-28 14:00 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe
    2008-08-06 14:19 . 2001-08-28 14:00 139,264 --a--c--- C:\WINDOWS\system32\dllcache\sndvol32.exe
    2008-08-06 14:19 . 2004-08-20 01:10 133,120 --a------ C:\WINDOWS\system32\sndrec32.exe
    2008-08-06 14:19 . 2004-08-20 01:10 133,120 --a--c--- C:\WINDOWS\system32\dllcache\sndrec32.exe
    2008-08-05 20:55 . 2008-07-23 18:50 129,784 --------- C:\WINDOWS\system32\pxafs.dll
    2008-08-05 20:55 . 2008-07-23 18:50 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
    2008-08-05 20:55 . 2008-07-23 18:50 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
    2008-08-05 20:55 . 2008-07-23 18:50 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
    2008-08-05 20:55 . 2008-07-23 18:50 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2008-08-05 20:46 . 2008-08-05 20:46 <REP> d-------- C:\WINDOWS\Sun
    2008-08-05 19:14 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-08-05 19:11 . 2008-08-05 19:11 1,160 --a------ C:\WINDOWS\mozver.dat
    2008-08-05 18:50 . 2008-08-05 19:13 <REP> d-------- C:\Program Files\Java
    2008-08-05 18:50 . 2008-08-05 18:50 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-08-05 17:41 . 2008-08-07 17:12 <REP> d-------- C:\Program Files\Winamp
    2008-08-04 20:48 . 2008-08-07 12:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-08-04 20:48 . 2008-08-04 20:48 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-08-04 19:28 . 2008-08-04 19:28 <REP> d-------- C:\Documents and Settings\cy\Application Data\Talkback
    2008-08-04 19:10 . 2008-08-11 18:46 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-08-04 19:00 . 2008-08-16 19:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-08-04 17:11 . 2008-08-04 17:11 21 --a------ C:\WINDOWS\kit.ini
    2008-08-04 14:41 . 2008-08-04 14:41 <REP> d-------- C:\Documents and Settings\cy\Application Data\AdobeUM
    2008-08-04 14:24 . 2008-08-04 14:24 <REP> d--hs---- C:\WINDOWS\ftpcache
    2008-08-04 14:24 . 2008-08-04 14:24 <REP> d-------- C:\Program Files\Free
    2008-07-25 10:36 . 2008-07-25 10:36 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
    2008-07-25 10:36 . 2008-07-25 10:36 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
    2008-07-23 18:50 . 2008-07-23 18:50 3,596,288 --a--c--- C:\WINDOWS\system32\qt-dx331.dll
    2008-07-23 18:50 . 2008-07-23 18:50 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
    2008-07-23 18:48 . 2008-07-23 18:48 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
    2008-07-23 18:48 . 2008-07-23 18:48 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2008-07-23 18:47 . 2008-07-23 18:47 634,880 --a------ C:\WINDOWS\system32\divxdec.ax
    2008-07-23 18:47 . 2008-07-23 18:47 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
    2008-07-23 18:47 . 2008-07-23 18:47 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
    2008-07-23 18:47 . 2008-07-23 18:47 3,067 --a--c--- C:\WINDOWS\system32\dtu_fr.qm
    2008-07-23 18:47 . 2008-07-23 18:47 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
    2008-07-23 18:47 . 2008-07-23 18:47 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
    2008-07-23 18:46 . 2008-07-23 18:46 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-11 11:00 69,689 -c--a-w C:\WINDOWS\UNZIP.DLL
    2008-08-11 11:00 507,904 -c--a-w C:\WINDOWS\TMUPDATE.DLL
    2008-08-11 11:00 286,720 -c--a-w C:\WINDOWS\PATCH.EXE
    2008-08-07 12:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-08-06 13:42 --------- d-----w C:\Program Files\DivX
    2008-08-04 17:01 --------- d-----w C:\Program Files\Google
    2008-08-04 13:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-04 13:01 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-07-24 16:10 --------- d-----w C:\Program Files\HappyCollection_2.1
    2008-07-23 16:50 43,528 -c----w C:\WINDOWS\system32\drivers\PxHelp20.sys
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-05-18 15:25 4,230,520 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-04 19:01 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-06-26 00:17 504080]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "XCOMM"=2 (0x2)
    "VSSERV"=2 (0x2)
    "LIVESRV"=2 (0x2)
    "bdss"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

    R3 cwbmidi_device;Pilote UART Crystal WDM MPU-401;C:\WINDOWS\system32\drivers\cwbmidi.sys [2001-08-17 21:19]
    R3 cwbwdm_device;Pilote du codec audio Crystal WDM;C:\WINDOWS\system32\drivers\cwbwdm.sys [2001-08-17 21:19]
    R3 neo20xx;neo20xx;C:\WINDOWS\system32\DRIVERS\neo20xx.sys [2001-08-17 21:50]
    R3 ThinkPadDSP;ThinkPad DSP Driver Service;C:\WINDOWS\system32\DRIVERS\mwwdm.sys [1999-09-24 12:10]
    S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05]
    S3 EL3C574;Pilote de périphérique carte réseau PC Card FE574B-3Com 10/100;C:\WINDOWS\system32\DRIVERS\el574nd4.sys [2001-08-17 21:10]
    S3 el575nd5;Pilote de carte réseau PC Card 3Com Megahertz 10/100 CardBus;C:\WINDOWS\system32\DRIVERS\el575nd5.sys [2001-08-17 20:10]
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abcb4810-cc1a-11dc-a126-eb650fbfb56c}]
    \Shell\Auto\command - E:\printer.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

    2008-08-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-17 19:05:47
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-17 19:12:54
    ComboFix-quarantined-files.txt 2008-08-17 17:12:37
    ComboFix2.txt 2008-08-17 16:53:23

    Pre-Run: 419,381,248 octets libres
    Post-Run: 407,035,904 octets libres

    152 --- E O F --- 2008-08-15 23:23:16
    17 Août 2008 21:26:03

    curieux...
    vérifie que
    E:\printer.exe n'est plus présent.
    17 Août 2008 22:21:16

    Effectivement, il était sur une clé USB que je croyais n'avoir pas utilisée depuis des mois. E Trust l'a supprimé, et j'ai répété l'opération avec ComboFix.
    Voici le rapport :
    ComboFix 08-08-16.01 - stella 2008-08-17 22:03:37.6 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.99 [GMT 2:00]
    Endroit: C:\Documents and Settings\cy\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\cy\Bureau\CFScript.txt

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    E:\32e2.com
    E:\printer.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\cy\Application Data\Microsoft\SystemCertificates\My

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-07-17 to 2008-08-17 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-17 13:39 . 2008-08-17 13:39 <REP> d-------- C:\WINDOWS\SxsCaPendDel
    2008-08-17 13:25 . 2008-08-17 13:28 <REP> d-------- C:\Documents and Settings\cy\Application Data\Mobipocket
    2008-08-14 21:48 . 2008-08-14 21:48 <REP> d-------- C:\Documents and Settings\cy\Application Data\Malwarebytes
    2008-08-14 21:47 . 2008-08-14 21:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-11 19:19 . 2008-08-14 21:19 <REP> d-------- C:\Program Files\backups
    2008-08-11 13:05 . 2008-08-11 13:04 26,409,657 --a------ C:\WINDOWS\LPT$VPN.467
    2008-08-11 13:04 . 2008-08-11 13:04 <REP> d-------- C:\WINDOWS\AU_Backup
    2008-08-11 13:04 . 2008-08-11 13:04 1,963,957 --a------ C:\WINDOWS\tsc.ptn
    2008-08-11 13:04 . 2008-08-11 13:04 1,213,784 --a------ C:\WINDOWS\vsapi32.dll
    2008-08-11 13:04 . 2008-08-11 13:04 333,576 --a------ C:\WINDOWS\TSC.exe
    2008-08-11 13:04 . 2008-08-11 13:04 91,744 --a------ C:\WINDOWS\BPMNT.dll
    2008-08-11 13:04 . 2008-08-11 13:04 71,749 --a------ C:\WINDOWS\hcextoutput.dll
    2008-08-11 13:03 . 2008-08-11 13:04 26,409,657 --a------ C:\WINDOWS\VPTNFILE.467
    2008-08-11 13:00 . 2008-08-11 13:04 <REP> d-------- C:\WINDOWS\AU_Temp
    2008-08-11 00:16 . 2008-08-16 01:22 1,374 --a------ C:\WINDOWS\imsins.BAK
    2008-08-09 01:20 . 2008-08-09 01:20 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-08-08 18:49 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2008-08-07 14:46 . 2008-08-07 14:49 <REP> d-------- C:\Program Files\QuickTime
    2008-08-07 14:43 . 2008-08-07 14:43 <REP> d-------- C:\Program Files\Apple Software Update
    2008-08-07 14:43 . 2008-08-07 14:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2008-08-06 14:19 . 2001-08-28 14:00 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe
    2008-08-06 14:19 . 2001-08-28 14:00 139,264 --a--c--- C:\WINDOWS\system32\dllcache\sndvol32.exe
    2008-08-06 14:19 . 2004-08-20 01:10 133,120 --a------ C:\WINDOWS\system32\sndrec32.exe
    2008-08-06 14:19 . 2004-08-20 01:10 133,120 --a--c--- C:\WINDOWS\system32\dllcache\sndrec32.exe
    2008-08-05 20:55 . 2008-07-23 18:50 129,784 --------- C:\WINDOWS\system32\pxafs.dll
    2008-08-05 20:55 . 2008-07-23 18:50 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
    2008-08-05 20:55 . 2008-07-23 18:50 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
    2008-08-05 20:55 . 2008-07-23 18:50 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
    2008-08-05 20:55 . 2008-07-23 18:50 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2008-08-05 20:46 . 2008-08-05 20:46 <REP> d-------- C:\WINDOWS\Sun
    2008-08-05 19:14 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-08-05 19:11 . 2008-08-05 19:11 1,160 --a------ C:\WINDOWS\mozver.dat
    2008-08-05 18:50 . 2008-08-05 19:13 <REP> d-------- C:\Program Files\Java
    2008-08-05 18:50 . 2008-08-05 18:50 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-08-05 17:41 . 2008-08-07 17:12 <REP> d-------- C:\Program Files\Winamp
    2008-08-04 20:48 . 2008-08-07 12:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-08-04 20:48 . 2008-08-04 20:48 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-08-04 19:28 . 2008-08-04 19:28 <REP> d-------- C:\Documents and Settings\cy\Application Data\Talkback
    2008-08-04 19:10 . 2008-08-11 18:46 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-08-04 19:00 . 2008-08-17 20:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-08-04 17:11 . 2008-08-04 17:11 21 --a------ C:\WINDOWS\kit.ini
    2008-08-04 14:41 . 2008-08-04 14:41 <REP> d-------- C:\Documents and Settings\cy\Application Data\AdobeUM
    2008-08-04 14:24 . 2008-08-04 14:24 <REP> d--hs---- C:\WINDOWS\ftpcache
    2008-08-04 14:24 . 2008-08-04 14:24 <REP> d-------- C:\Program Files\Free
    2008-07-25 10:36 . 2008-07-25 10:36 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
    2008-07-25 10:36 . 2008-07-25 10:36 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
    2008-07-23 18:50 . 2008-07-23 18:50 3,596,288 --a--c--- C:\WINDOWS\system32\qt-dx331.dll
    2008-07-23 18:50 . 2008-07-23 18:50 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
    2008-07-23 18:48 . 2008-07-23 18:48 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
    2008-07-23 18:48 . 2008-07-23 18:48 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2008-07-23 18:47 . 2008-07-23 18:47 634,880 --a------ C:\WINDOWS\system32\divxdec.ax
    2008-07-23 18:47 . 2008-07-23 18:47 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
    2008-07-23 18:47 . 2008-07-23 18:47 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
    2008-07-23 18:47 . 2008-07-23 18:47 3,067 --a--c--- C:\WINDOWS\system32\dtu_fr.qm
    2008-07-23 18:47 . 2008-07-23 18:47 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
    2008-07-23 18:47 . 2008-07-23 18:47 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
    2008-07-23 18:46 . 2008-07-23 18:46 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-11 11:00 69,689 -c--a-w C:\WINDOWS\UNZIP.DLL
    2008-08-11 11:00 507,904 -c--a-w C:\WINDOWS\TMUPDATE.DLL
    2008-08-11 11:00 286,720 -c--a-w C:\WINDOWS\PATCH.EXE
    2008-08-07 12:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-08-06 13:42 --------- d-----w C:\Program Files\DivX
    2008-08-04 17:01 --------- d-----w C:\Program Files\Google
    2008-08-04 13:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-04 13:01 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-07-24 16:10 --------- d-----w C:\Program Files\HappyCollection_2.1
    2008-07-23 16:50 43,528 -c----w C:\WINDOWS\system32\drivers\PxHelp20.sys
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-05-18 15:25 4,230,520 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-04 19:01 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-06-26 00:17 504080]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "XCOMM"=2 (0x2)
    "VSSERV"=2 (0x2)
    "LIVESRV"=2 (0x2)
    "bdss"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

    R3 cwbmidi_device;Pilote UART Crystal WDM MPU-401;C:\WINDOWS\system32\drivers\cwbmidi.sys [2001-08-17 21:19]
    R3 cwbwdm_device;Pilote du codec audio Crystal WDM;C:\WINDOWS\system32\drivers\cwbwdm.sys [2001-08-17 21:19]
    R3 neo20xx;neo20xx;C:\WINDOWS\system32\DRIVERS\neo20xx.sys [2001-08-17 21:50]
    R3 ThinkPadDSP;ThinkPad DSP Driver Service;C:\WINDOWS\system32\DRIVERS\mwwdm.sys [1999-09-24 12:10]
    S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05]
    S3 EL3C574;Pilote de périphérique carte réseau PC Card FE574B-3Com 10/100;C:\WINDOWS\system32\DRIVERS\el574nd4.sys [2001-08-17 21:10]
    S3 el575nd5;Pilote de carte réseau PC Card 3Com Megahertz 10/100 CardBus;C:\WINDOWS\system32\DRIVERS\el575nd5.sys [2001-08-17 20:10]
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23]
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

    2008-08-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-17 22:10:42
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-17 22:15:31
    ComboFix-quarantined-files.txt 2008-08-17 20:14:36
    ComboFix2.txt 2008-08-17 17:13:00
    ComboFix3.txt 2008-08-17 16:53:23

    Pre-Run: 391,229,440 octets libres
    Post-Run: 378,892,288 octets libres

    147 --- E O F --- 2008-08-15 23:23:16


    Mais ça ne me rend pas mon espace disque. Je ne comprends pas comment un virus qui se trouve sur une clé usb peut accaparer l'espace de mon disque dur.
    17 Août 2008 22:57:19

    je ne sais pas trop...
    on va chercher. :) 

    Télécharge Gmer.
    Dézippe le dans un dossier ou sur ton bureau.

    Déconnecte toi d'Internet puis et ferme tous les programmes.
    Double-clique sur Gmer.exe.

    IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

    Clique sur l'onglet rootkit.
    A droite, coche tout.
    Clique maintenant sur Scan.

    Lorsque le scan est terminé, clique sur Copy.

    Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
    Le rapport doit alors apparaître.
    Enregistre le fichier sur ton bureau et copie/colle le contenu ici.






    17 Août 2008 23:54:47

    Voilà le rapport :
    GMER 1.0.14.14536 - http://www.gmer.net
    Rootkit scan 2008-08-17 23:46:17
    Windows 5.1.2600 Service Pack 2


    ---- User code sections - GMER 1.0.14 ----

    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!StrStrW + FFE26F82 7C9D2179 276 Bytes [ 95, EF, 77, 2D, C1, EF, 77, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!StrStrW + FFE27097 7C9D228E 1 Byte [ 00 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!StrStrW + FFE27099 7C9D2290 121 Bytes [ E7, 30, 83, 7C, 27, F8, 82, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!StrStrW + FFE27113 7C9D230A 50 Bytes [ 81, 7C, F7, 28, 83, 7C, 5D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!StrStrW + FFE27146 7C9D233D 38 Bytes [ 21, 83, 7C, EC, E7, 80, 7C, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDiskFreeSpaceExW + 9B 7C9FA7BC 63 Bytes [ 53, 48, 47, 65, 74, 44, 69, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDiskFreeSpaceExW + DB 7C9FA7FC 149 Bytes [ 53, 48, 47, 65, 74, 46, 69, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDiskFreeSpaceExW + 171 7C9FA892 974 Bytes [ 53, 48, 47, 65, 74, 49, 63, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFree + 1A7 7C9FAC61 172 Bytes [ 53, 48, 51, 75, 65, 72, 79, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILFree + 62 7C9FAD0E 35 Bytes [ 69, 6D, 70, 6C, 65, 49, 44, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILFree + 86 7C9FAD32 78 Bytes [ 74, 69, 6F, 6E, 44, 69, 61, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILFree + D5 7C9FAD81 453 Bytes [ 53, 48, 55, 70, 64, 61, 74, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILGetSize + 7 7C9FAF47 386 Bytes [ 53, 68, 65, 6C, 6C, 4D, 65, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILClone + 125 7C9FB0CA 92 Bytes [ 53, 74, 72, 53, 74, 72, 41, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILClone + 182 7C9FB127 242 Bytes [ 48, 41, 6C, 6C, 6F, 63, 53, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILCloneFirst + 6 7C9FB21A 9 Bytes [ FF, 56, 8B, F1, 57, 8D, 86, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILCloneFirst + 11 7C9FB225 116 Bytes [ 50, FF, 15, 64, 15, 9D, 7C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILCloneFirst + 86 7C9FB29A 19 Bytes [ 15, 0C, 16, 9D, 7C, 5E, 8B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILCloneFirst + 9A 7C9FB2AE 14 Bytes [ FF, 55, 8B, EC, 83, EC, 14, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILCloneFirst + A9 7C9FB2BD 53 Bytes [ 08, 56, 57, 53, 89, 45, FC, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILCombine + 2E 7C9FB2F3 34 Bytes [ 15, CC, 14, 9D, 7C, 33, D2, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILCombine + 51 7C9FB316 49 Bytes [ CF, FF, 90, CC, 00, 00, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILCombine + 83 7C9FB348 89 Bytes [ 55, 8B, EC, 83, EC, 10, A1, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILCombine + DE 7C9FB3A3 41 Bytes [ 51, FF, 15, 60, 15, 9D, 7C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILCombine + 10B 7C9FB3D0 87 Bytes [ D5, 48, A2, 7C, 56, 0E, A3, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDesktopFolder + 6B 7C9FB983 62 Bytes [ 8B, FF, 55, 8B, EC, 56, 8B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDesktopFolder + AA 7C9FB9C2 13 Bytes [ 00, 00, F6, 45, 08, 01, 74, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDesktopFolder + B8 7C9FB9D0 24 Bytes [ 59, 8B, C6, 5E, 5D, C2, 04, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDesktopFolder + D1 7C9FB9E9 4 Bytes [ 85, 41, BF, 05 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDesktopFolder + D6 7C9FB9EE 179 Bytes [ C3, 90, 1A, 4B, A0, 7C, E1, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHRestricted + 22 7C9FC267 20 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHRestricted + 38 7C9FC27D 66 Bytes [ 75, 08, FF, 15, 84, 1A, 9D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHRestricted + 7B 7C9FC2C0 21 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHRestricted + 91 7C9FC2D6 28 Bytes [ 83, 7D, 0C, 00, 0F, 84, 41, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHRestricted + AE 7C9FC2F3 70 Bytes [ 89, 45, 08, 03, C3, 50, E8, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILRemoveLastID 7C9FC360 29 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILRemoveLastID + 1E 7C9FC37E 57 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILRemoveLastID + 58 7C9FC3B8 13 Bytes [ 55, 8B, EC, 33, C0, 39, 45, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILRemoveLastID + 66 7C9FC3C6 118 Bytes JMP 7C9FBFA4 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILRemoveLastID + DD 7C9FC43D 21 Bytes [ 55, 8B, EC, 51, 53, 56, 8B, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSetSettings + 12F 7C9FC688 27 Bytes CALL 7C9FBFA3 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSetSettings + 14B 7C9FC6A4 5 Bytes [ 50, E8, D3, 14, 00 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSetSettings + 151 7C9FC6AA 17 Bytes [ 89, 47, 2C, 8B, B6, 18, 04, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSetSettings + 163 7C9FC6BC 24 Bytes [ 39, 5D, 08, 5E, 7C, 23, 6A, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSetSettings + 17C 7C9FC6D5 86 Bytes [ 3B, C3, 89, 45, 08, 7C, 09, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCLSIDFromString + 1 7C9FC95D 29 Bytes [ 4D, FC, 53, FF, 75, 10, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCLSIDFromString + 1F 7C9FC97B 6 Bytes [ 00, 00, E9, 4F, FB, FF ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCLSIDFromString + 26 7C9FC982 29 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCLSIDFromString + 44 7C9FC9A0 32 Bytes [ 8B, 45, 08, 85, C0, 8B, D8, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCLSIDFromString + 66 7C9FC9C2 48 Bytes [ FF, 75, 18, 8B, 10, FF, 75, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILFindLastID + 44 7C9FCB69 41 Bytes [ 51, 68, FC, 6E, 9D, 7C, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILFindLastID + 6E 7C9FCB93 12 Bytes [ 75, 14, FF, 75, 10, FF, 75, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILFindLastID + 7B 7C9FCBA0 16 Bytes [ F0, 85, F6, 7C, 0B, 57, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILFindLastID + 8E 7C9FCBB3 47 Bytes [ 8B, 08, 50, FF, 51, 08, 85, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILFindLastID + BE 7C9FCBE3 88 Bytes [ 4D, 0C, 89, 01, F7, D8, 1B, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHParseDisplayName + 3E 7C9FDD57 133 Bytes [ 0F, 84, 3F, 98, 03, 00, 83, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHParseDisplayName + C4 7C9FDDDD 57 Bytes [ EC, 51, 51, 53, 56, 57, 8B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHParseDisplayName + FF 7C9FDE18 51 Bytes CALL 7C9FDCBC C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHParseDisplayName + 133 7C9FDE4C 11 Bytes [ 55, 8B, EC, 83, EC, 18, A1, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHParseDisplayName + 13F 7C9FDE58 29 Bytes [ 56, 8B, F1, 89, 45, FC, 8B, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHILCreateFromPath + 43 7C9FE32C 13 Bytes [ 43, 9D, 7C, A5, A5, A5, A5, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHILCreateFromPath + 51 7C9FE33A 58 Bytes [ 7B, 06, 00, 33, C0, 40, 5F, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHILCreateFromPath + 8C 7C9FE375 27 Bytes CALL 7C9FE31A C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHILCreateFromPath + A8 7C9FE391 46 Bytes [ 00, 00, 8B, D8, 8B, 4D, FC, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHILCreateFromPath + D8 7C9FE3C1 32 Bytes [ 8B, 45, 14, 53, 8B, 5D, 08, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILCreateFromPath + A 7C9FE499 6 Bytes [ FF, 75, 08, E8, 79, E2 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILCreateFromPath + 11 7C9FE4A0 86 Bytes [ FF, 5D, C2, 0C, 00, 90, 90, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILCreateFromPath + 68 7C9FE4F7 49 Bytes [ 6A, 01, 53, 8D, 8D, D4, FD, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILCreateFromPath + 9A 7C9FE529 26 Bytes CALL 7C9F828D C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILCreateFromPath + B5 7C9FE544 119 Bytes [ 00, A1, 48, E5, BD, 7C, 53, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderPathW + 37 7C9FEF49 145 Bytes [ 8B, D8, 85, DB, 7C, 41, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderPathW + C9 7C9FEFDB 30 Bytes [ 8B, 5D, 10, 8B, 75, 08, 89, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderPathW + E9 7C9FEFFB 17 Bytes [ 85, C0, 0F, 84, 31, 08, 04, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderPathW + FB 7C9FF00D 116 Bytes [ 00, FF, 75, 20, 8B, CF, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderPathW + 170 7C9FF082 6 Bytes [ 75, 14, FF, 75, 10, 50 ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderLocation + 24 7C9FF421 20 Bytes [ 00, 00, 40, 49, 75, F9, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderLocation + 39 7C9FF436 17 Bytes CALL 7C9FC9FA C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderLocation + 4B 7C9FF448 33 Bytes [ 66, C7, 03, 19, 00, C6, 43, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderLocation + 6D 7C9FF46A 13 Bytes [ 4D, FC, 8B, C7, 5F, 5E, 5B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderLocation + 7B 7C9FF478 1 Byte [ 10 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSpecialFolderLocation 7C9FF47F 9 Bytes [ 68, F8, 7F, 9D, 7C, E8, 06, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSpecialFolderLocation + A 7C9FF489 188 Bytes [ C3, 90, 90, 90, 90, 90, 8B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSpecialFolderLocation + C7 7C9FF546 29 Bytes [ 15, 30, 10, 9D, 7C, 85, C0, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSpecialFolderLocation + E5 7C9FF564 59 Bytes [ 85, C0, 75, 2F, 8D, 45, AC, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSpecialFolderLocation + 121 7C9FF5A0 21 Bytes [ 8B, 4D, FC, 8B, 45, A8, 5F, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCoCreateInstance + 65 7C9FF7E7 8 Bytes [ 33, C0, 8D, 7D, F4, AB, AB, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCoCreateInstance + 6E 7C9FF7F0 66 Bytes [ 06, 8D, 55, F0, 52, C7, 45, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCoCreateInstance + B1 7C9FF833 22 Bytes [ 8D, 7A, 08, C7, 02, 74, 80, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCoCreateInstance + CB 7C9FF84D 58 Bytes [ 90, 8B, FF, 55, 8B, EC, 56, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCoCreateInstance + 106 7C9FF888 183 Bytes [ 0F, 8C, B4, D1, FF, FF, 8B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DllGetClassObject + 7 7C9FF940 20 Bytes [ F8, 3B, FE, 75, 45, 39, B5, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DllGetClassObject + 1C 7C9FF955 43 Bytes [ 00, 00, 8B, 8D, A0, FD, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DllGetClassObject + 48 7C9FF981 30 Bytes [ D9, FF, FF, 8B, F8, 3B, FE, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DllGetClassObject + 67 7C9FF9A0 31 Bytes [ 85, A8, FD, FF, FF, 8B, B5, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DllGetClassObject + 87 7C9FF9C0 2 Bytes [ F3, A5 ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHBindToParent + 27 7C9FFC06 10 Bytes [ 00, 8D, 85, F4, FD, FF, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHBindToParent + 32 7C9FFC11 28 Bytes CALL 7C9FFC37 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHBindToParent + 4F 7C9FFC2E 180 Bytes [ FF, C9, C2, 04, 00, 90, 90, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHBindToParent + 104 7C9FFCE3 23 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHBindToParent + 11C 7C9FFCFB 4 Bytes [ 85, E1, ED, 00 ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!IsNetDrive + B 7CA00C0A 6 Bytes [ 00, 90, 90, 90, 90, 90 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!IsNetDrive + 12 7CA00C11 61 Bytes [ FF, 55, 8B, EC, 51, 51, 53, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!IsNetDrive + 51 7CA00C50 3 Bytes [ 48, FF, 00 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!IsNetDrive + 55 7CA00C54 51 Bytes [ 89, 5D, F8, 33, C0, 8B, 7D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!IsNetDrive + 89 7CA00C88 163 Bytes [ FF, 75, 20, 8B, 4D, 08, FF, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!RealDriveType + 27 7CA0147D 8 Bytes [ 89, 08, 8B, 45, F8, 5F, 5E, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!RealDriveType + 31 7CA01487 1 Byte [ 1C ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!RealDriveType + 33 7CA01489 17 Bytes [ 81, 7D, F8, 7A, 00, 07, 80, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DriveType + D 7CA0149B 33 Bytes [ 55, 8B, EC, 8D, 45, 0C, 50, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DriveType + 2F 7CA014BD 28 Bytes [ 8B, 45, 0C, 5D, C2, 08, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DriveType + 4C 7CA014DA 27 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DriveType + 68 7CA014F6 28 Bytes [ 75, 0C, FF, 75, 08, FF, 50, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DriveType + 85 7CA01513 36 Bytes CALL 7CA012CF C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetPathFromIDListW + 3B 7CA0161F 17 Bytes JMP 7C9FB385 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetPathFromIDListW + 4D 7CA01631 18 Bytes [ 56, 8B, 75, 08, 57, FF, 75, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetPathFromIDListW + 60 7CA01644 25 Bytes [ 75, 14, 8B, D8, 8B, CF, 89, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetPathFromIDListW + 7A 7CA0165E 47 Bytes [ 00, 49, 0F, 85, 59, 33, 01, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetPathFromIDListW + AA 7CA0168E 10 Bytes [ 85, DB, 8B, C3, 0F, 85, 13, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILIsEqual + 20 7CA017EF 7 Bytes [ C3, 5B, 5D, C2, 10, 00, FF ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILIsEqual + 28 7CA017F7 26 Bytes [ 14, 8B, 76, 18, FF, 75, 10, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILIsEqual + 43 7CA01812 2 Bytes [ FF, 55 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILIsEqual + 46 7CA01815 9 Bytes CALL 7CA0182D C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILIsEqual + 51 7CA01820 10 Bytes [ 0F, 85, 47, 01, 00, 00, 33, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHSimpleIDListFromPath + 27 7CA01900 14 Bytes CALL 7C9FDC3A C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHSimpleIDListFromPath + 36 7CA0190F 45 Bytes [ FF, 50, 8D, 8D, AC, FB, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHSimpleIDListFromPath + 64 7CA0193D 43 Bytes [ 0F, 84, FB, 03, 06, 00, 3B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSpecialFolderPathW + 2 7CA01969 19 Bytes [ C9, C2, 10, 00, FF, 75, 0C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSpecialFolderPathW + 16 7CA0197D 18 Bytes CALL 7C9FDB01 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSpecialFolderPathW + 29 7CA01990 15 Bytes CALL 7C9FDB04 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSpecialFolderPathW + 39 7CA019A0 17 Bytes JMP 7CA01826 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSpecialFolderPathW + 4B 7CA019B2 39 Bytes [ FF, 55, 8B, EC, 81, EC, 84, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathIsSlowW + B 7CA019DA 86 Bytes [ FF, 89, 95, 8C, FE, FF, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathIsSlowW + 62 7CA01A31 5 Bytes [ 15, 28, 18, 9D, 7C ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathIsSlowW + 68 7CA01A37 26 Bytes [ B7, C0, 66, A9, FF, FF, 75, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathIsSlowW + 83 7CA01A52 10 Bytes [ 50, FF, B5, 98, FE, FF, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathIsSlowW + 8E 7CA01A5D 30 Bytes [ FF, 6A, 10, 59, 8D, BD, AC, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILIsParent + C 7CA01AA1 101 Bytes [ FF, 8D, 48, F0, FF, B5, 90, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILIsParent + 72 7CA01B07 11 Bytes [ B8, FD, FF, FF, 53, 57, E8, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILIsParent + 7E 7CA01B13 67 Bytes [ AC, FD, FF, FF, B8, 57, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILFindChild + 2 7CA01B57 8 Bytes [ 51, 14, 8B, D8, 85, DB, 7C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILFindChild + B 7CA01B60 1 Byte [ 45 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILFindChild + D 7CA01B62 42 Bytes [ 8B, 08, 8D, 55, 08, 52, 68, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILFindChild + 39 7CA01B8E 68 Bytes [ FF, FF, 50, 51, FF, 52, 1C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILFindChild + 7E 7CA01BD3 4 Bytes [ FF, 8B, CB, 88 ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotifyDeregister + 1F 7CA055B8 13 Bytes CALL 7C9FBFE8 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotifyDeregister + 2D 7CA055C6 66 Bytes [ FF, 75, 08, FF, 15, 64, 15, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotifyDeregister + 70 7CA05609 203 Bytes [ 00, 00, FF, 15, 2C, 1C, 9D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotifyDeregister + 13C 7CA056D5 14 Bytes [ 8B, 4D, FC, 8B, C7, 5F, E8, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotifyDeregister + 14B 7CA056E4 73 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_GetImageLists + 36 7CA05FA1 9 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_GetImageLists + 40 7CA05FAB 2 Bytes [ 4D, 0C ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_GetImageLists + 43 7CA05FAE 104 Bytes [ B8, 03, 04, 00, 00, 33, F6, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_GetImageLists + AC 7CA06017 76 Bytes [ 1D, 9D, 7C, 8D, 45, E4, 50, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_GetImageLists + F9 7CA06064 8 Bytes [ 79, 04, 3B, C7, 0F, 85, D7, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_GetCachedImageIndex + 2E 7CA0625B 22 Bytes [ FF, 55, 8B, EC, 51, 8D, 45, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_GetCachedImageIndex + 45 7CA06272 116 Bytes [ 85, C0, 0F, 8C, A4, 6E, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_GetCachedImageIndex + BA 7CA062E7 3 Bytes [ FF, 85, C0 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_GetCachedImageIndex + BE 7CA062EB 2 Bytes [ A5, 8B ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_GetCachedImageIndex + C1 7CA062EE 68 Bytes [ 04, 8B, 40, 0C, 85, C0, 89, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotifyRegister + 9 7CA06FE0 79 Bytes [ C9, 39, 75, 10, 89, 03, 8B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotifyRegister + 59 7CA07030 49 Bytes [ 39, 60, A0, 7C, 90, 90, 90, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotifyRegister + 8B 7CA07062 7 Bytes [ 55, 8B, EC, 83, 7D, 08, 00 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotifyRegister + 93 7CA0706A 8 Bytes [ 10, 6A, 00, 68, B8, 34, A4, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotifyRegister + 9C 7CA07073 261 Bytes [ 75, 08, FF, 15, 30, 60, A0, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_MergeMenus + 4F 7CA07723 48 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_MergeMenus + 80 7CA07754 31 Bytes [ 85, C0, 75, 0D, FF, 75, 0C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_MergeMenus + A3 7CA07777 46 Bytes [ 8B, FF, 55, 8B, EC, 83, EC, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_MergeMenus + D2 7CA077A6 13 Bytes CALL 7CA062C2 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_MergeMenus + E0 7CA077B4 156 Bytes [ 9A, C2, AC, 7C, 78, B2, A3, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateShellFolderView + 6E 7CA08DA4 1 Byte [ FF ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateShellFolderView + 70 7CA08DA6 32 Bytes [ C7, 5F, 5E, 5B, C9, C2, 04, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateShellFolderView + 91 7CA08DC7 47 Bytes [ 8B, 91, 44, 01, 00, 00, 85, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateShellFolderView + C1 7CA08DF7 88 Bytes [ 56, 6A, 00, 6A, 00, 8B, F1, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateShellFolderView + 11A 7CA08E50 18 Bytes [ 5F, 0F, 8C, C3, 0F, 05, 00, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHMapIDListToImageListIndexAsync + 38 7CA0B27A 27 Bytes [ 8D, 88, 00, 8E, FF, FF, 81, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHMapIDListToImageListIndexAsync + 54 7CA0B296 6 Bytes [ 00, 6A, 0A, EB, 3F, 6A ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHMapIDListToImageListIndexAsync + 5B 7CA0B29D 83 Bytes [ 8D, 8D, F0, FE, FF, FF, 51, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHMapIDListToImageListIndexAsync + AF 7CA0B2F1 7 Bytes [ FF, 51, 57, FF, B5, F8, FE ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHMapIDListToImageListIndexAsync + B7 7CA0B2F9 61 Bytes [ FF, 6A, 2B, 83, A5, F0, FE, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHMapPIDLToSystemImageListIndex + F 7CA0BB80 18 Bytes [ 00, 53, 56, 8B, 75, 08, 57, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 22 7CA0BB93 12 Bytes [ FF, 85, C0, 89, 45, 08, 0F, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 2F 7CA0BBA0 12 Bytes [ 56, 0C, 81, E2, 03, 03, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 3D 7CA0BBAE 91 Bytes [ 83, 4E, 28, FF, 6A, 0C, 33, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 99 7CA0BC0A 70 Bytes [ 00, BF, 00, 0F, 00, 00, 89, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDataFromIDListW + 1D 7CA0E625 120 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDataFromIDListW + 96 7CA0E69E 27 Bytes [ FF, FF, 8B, D8, 85, DB, 0F, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDataFromIDListW + B2 7CA0E6BA 15 Bytes [ 86, 48, 01, 00, 00, 8B, 08, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDataFromIDListW + C2 7CA0E6CA 9 Bytes [ 1C, 66, 85, C0, 0F, 85, 91, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDataFromIDListW + CC 7CA0E6D4 10 Bytes [ 8B, 45, 0C, 85, C0, 0F, 85, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathIsExe 7CA0E756 5 Bytes [ 90, 90, 90, 90, 8B ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathIsExe + 6 7CA0E75C 13 Bytes [ 55, 8B, EC, 81, EC, 90, 02, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathIsExe + 14 7CA0E76A 20 Bytes [ 53, 8B, 5D, 08, 56, 8B, 75, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathIsExe + 29 7CA0E77F 12 Bytes [ 45, 14, 89, 8D, 74, FD, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathIsExe + 36 7CA0E78C 14 Bytes [ FF, 75, 14, 66, 21, 75, AC, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!IsLFNDrive + 71 7CA0EABA 11 Bytes [ C7, 47, 1C, 02, 00, 00, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!IsLFNDrive + 7D 7CA0EAC6 10 Bytes [ FF, FF, 75, 0C, 8B, F0, 0F, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!IsLFNDrive + 88 7CA0EAD1 56 Bytes [ 75, 08, 03, C6, 50, FF, 15, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!IsLFNDrive + C1 7CA0EB0A 102 Bytes [ 0D, 00, 40, 00, 00, 50, 6A, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!IsLFNDrive + 128 7CA0EB71 50 Bytes [ 28, 00, 00, 00, 83, F8, FF, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathResolve + 5B 7CA113CD 338 Bytes [ B9, 09, 72, AE, 7C, 89, 15, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathResolve + 1AE 7CA11520 2 Bytes [ 09, 68 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathResolve + 1B2 7CA11524 17 Bytes [ 34, 4B, 17, 9B, FF, 40, D2, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathResolve + 1C4 7CA11536 20 Bytes [ 00, 00, 80, 54, 27, F2, 82, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathResolve + 1DA 7CA1154C 19 Bytes [ 83, 25, 98, F0, BD, 7C, 00, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellExecuteExW + B 7CA117E6 45 Bytes [ 69, 00, 73, 00, 74, 00, 20, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellExecuteExW + 39 7CA11814 92 Bytes [ 8D, 7D, D8, 33, F6, 57, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellExecuteExW + 96 7CA11871 61 Bytes [ 83, FF, 08, 0F, 8E, 95, 99, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellExecuteExW + D4 7CA118AF 33 Bytes [ 8B, 75, 08, 3B, F3, 75, 0C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellExecuteExW + F6 7CA118D1 92 Bytes [ 10, 89, 91, A4, F0, BD, 7C, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DllGetVersion + 5 7CA14913 54 Bytes [ 1C, 08, 00, 00, A1, 48, E5, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DllGetVersion + 3C 7CA1494A 98 Bytes [ 3E, 08, 8D, BD, E6, F7, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHTestTokenMembership + 2 7CA149AD 32 Bytes [ 75, 0C, 6A, 02, 68, 50, 38, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHTestTokenMembership + 23 7CA149CE 66 Bytes [ FF, 75, 14, 8B, CF, FF, 75, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHTestTokenMembership + 66 7CA14A11 9 Bytes [ F7, D8, 1B, C0, 23, C1, 50, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHTestTokenMembership + 72 7CA14A1D 3 Bytes [ 5D, C2, 0C ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHTestTokenMembership + 76 7CA14A21 16 Bytes [ 39, 45, 10, 74, F7, E9, 79, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!OpenRegStream + 16 7CA14F20 32 Bytes CALL 7CA14F6C C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!OpenRegStream + 37 7CA14F41 104 Bytes [ 85, 3A, 01, 00, 00, 46, 83, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!OpenRegStream + A0 7CA14FAA 4 Bytes [ D6, 8B, F8, 85 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!OpenRegStream + A5 7CA14FAF 20 Bytes [ 0F, 84, 86, 00, 00, 00, 83, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!OpenRegStream + BA 7CA14FC4 10 Bytes CALL 7CA15069 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractVersionResource16W + 3C 7CA1502D 21 Bytes [ 83, 7D, EC, 00, 7D, B3, 85, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractVersionResource16W + 52 7CA15043 73 Bytes [ 5F, 5E, 8B, 45, EC, C9, C2, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractVersionResource16W + 9C 7CA1508D 6 Bytes [ FF, 56, 8D, 45, F4, 50 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractVersionResource16W + A3 7CA15094 125 Bytes [ 15, 98, 1C, 9D, 7C, 8D, 45, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractVersionResource16W + 121 7CA15112 42 Bytes CALL 7CA012DE C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILLoadFromStream 7CA15DFD 3 Bytes [ 90, 90, 90 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILLoadFromStream + 4 7CA15E01 6 Bytes [ FF, 55, 8B, EC, 81, EC ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILLoadFromStream + B 7CA15E08 54 Bytes [ 02, 00, 00, A1, 48, E5, BD, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILLoadFromStream + 42 7CA15E3F 5 Bytes [ FF, 50, 68, 81, 23 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILLoadFromStream + 48 7CA15E45 5 Bytes [ 00, E8, DE, 95, FF ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DAD_ShowDragImage + 1 7CA17B11 114 Bytes [ 47, 30, 85, C0, 0F, 85, 71, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DAD_ShowDragImage + 74 7CA17B84 2 Bytes [ 50, 53 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DAD_ShowDragImage + 77 7CA17B87 3 Bytes [ CE, F9, FF ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DAD_ShowDragImage + 7B 7CA17B8B 43 Bytes [ 8B, 06, F7, D8, 1B, C0, 25, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DAD_ShowDragImage + A7 7CA17BB7 3 Bytes [ FF, 15, F0 ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderPathAndSubDirW + F 7CA1A04B 5 Bytes [ FF, 01, 00, 00, 00 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderPathAndSubDirW + 15 7CA1A051 231 Bytes [ B5, F8, FD, FF, FF, FF, 15, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateDirectoryExW + 7B 7CA1A139 23 Bytes [ 85, C0, 7C, 23, 8B, 46, 10, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateDirectoryExW + 93 7CA1A151 84 Bytes [ 46, 30, 68, 55, 04, 00, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateDirectoryExW + E8 7CA1A1A6 4 Bytes [ 84, A3, F2, 04 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateDirectoryExW + ED 7CA1A1AB 3 Bytes [ 6A, 43, FF ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateDirectoryExW + F1 7CA1A1AF 11 Bytes [ 50, 1D, 9D, 7C, 85, C0, 0F, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHUpdateRecycleBinIcon + 80 7CA1ABCF 61 Bytes JMP 7CA078A5 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHUpdateRecycleBinIcon + BE 7CA1AC0D 4 Bytes CALL 7CA190BB C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHUpdateRecycleBinIcon + C3 7CA1AC12 42 Bytes [ 8B, F0, 3B, F7, 0F, 8D, 9B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHUpdateRecycleBinIcon + EE 7CA1AC3D 1 Byte [ 15 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHUpdateRecycleBinIcon + F0 7CA1AC3F 30 Bytes [ 15, 9D, 7C, 50, FF, 75, FC, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!IsUserAnAdmin + 35 7CA1CA10 16 Bytes [ 07, 77, 03, 8B, 45, 08, 5D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!IsUserAnAdmin + 46 7CA1CA21 19 Bytes [ 55, 8B, EC, 83, 7D, 0C, 01, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!IsUserAnAdmin + 5A 7CA1CA35 5 Bytes [ 0F, 85, 86, D0, 03 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!IsUserAnAdmin + 60 7CA1CA3B 9 Bytes [ 53, 8B, 5D, 14, 56, 8B, 75, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!IsUserAnAdmin + 6A 7CA1CA45 49 Bytes [ BE, 6C, 05, 00, 00, 3B, 1F, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathProcessCommand + 41 7CA1D34C 1 Byte [ 53 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathProcessCommand + 43 7CA1D34E 48 Bytes [ B5, D0, FB, FF, FF, 8D, 85, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathProcessCommand + 74 7CA1D37F 22 Bytes [ FF, 85, D0, FB, FF, FF, 83, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathProcessCommand + 8B 7CA1D396 5 Bytes [ 89, 9D, B0, FB, FF ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathProcessCommand + 91 7CA1D39C 5 Bytes [ 8D, BD, B4, FB, FF ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DragQueryFileW + 13 7CA2073D 17 Bytes [ 39, B5, CC, FD, FF, FF, 0F, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DragQueryFileAorW + 2 7CA2074F 37 Bytes [ 03, 45, 14, 3B, 45, 18, 89, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DragQueryFileAorW + 28 7CA20775 48 Bytes [ 15, 78, 1F, 9D, 7C, 85, C0, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DragQueryFileAorW + 5A 7CA207A7 61 Bytes [ 50, FF, B5, 54, FF, FF, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DragQueryFileAorW + 99 7CA207E6 34 Bytes [ FF, FF, 85, 54, FF, FF, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DragQueryFileAorW + BC 7CA20809 30 Bytes [ 89, 45, FC, 8B, 45, 0C, 53, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!InternalExtractIconListA + 15 7CA2A7CA 5 Bytes [ 33, C8, 89, 8B, A4 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!InternalExtractIconListA + 1C 7CA2A7D1 46 Bytes JMP 7CA2AC67 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!InternalExtractIconListA + 4B 7CA2A800 39 Bytes [ 85, C0, 0F, 85, 60, 04, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!InternalExtractIconListA + 73 7CA2A828 5 Bytes [ 89, 83, A4, 00, 00 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!InternalExtractIconListA + 79 7CA2A82E 58 Bytes JMP 7CA2AC68 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSetFolderCustomSettingsW + 13 7CA2CA61 75 Bytes [ 76, B0, 56, FF, 15, 30, 1E, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSetFolderCustomSettingsW + 5F 7CA2CAAD 102 Bytes [ 55, 8B, EC, 83, EC, 24, A1, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSetFolderCustomSettingsW + C6 7CA2CB14 68 Bytes [ 75, E4, 68, 17, 04, 00, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSetFolderCustomSettingsW + 10B 7CA2CB59 66 Bytes [ 28, 3B, C2, 0F, 85, 38, 18, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSetFolderCustomSettingsW + 14E 7CA2CB9C 5 Bytes [ FF, FF, E8, B4, BA ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHSetLocalizedName + 6 7CA304D2 8 Bytes [ 6C, 24, 04, 08, E9, B2, F5, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHSetLocalizedName + F 7CA304DB 28 Bytes [ 90, 90, 90, 90, 90, 83, 6C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHSetLocalizedName + 2D 7CA304F9 28 Bytes [ 90, 90, 90, 90, 90, 83, 6C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHSetLocalizedName + 4B 7CA30517 57 Bytes [ F6, C3, 03, 74, 12, FF, 75, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHSetLocalizedName + 85 7CA30551 14 Bytes JMP 7CA1E373 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFlushSFCache + 32 7CA30630 1 Byte [ C7 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFlushSFCache + 34 7CA30632 81 Bytes [ FC, 7C, 00, 00, 40, FF, 75, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFlushSFCache + 86 7CA30684 28 Bytes [ 75, 0C, FF, 70, 0C, FF, 15, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFlushSFCache + A3 7CA306A1 86 Bytes [ 00, 90, 90, 90, 90, 90, 83, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFlushSFCache + FA 7CA306F8 102 Bytes [ 33, C0, 89, 9D, DC, FD, FF, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_NotifyIcon + 2 7CA30CA3 20 Bytes [ 51, 68, FC, 6E, 9D, 7C, 50, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_NotifyIcon + 17 7CA30CB8 24 Bytes [ 85, F0, FD, FF, FF, 57, 8D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_NotifyIcon + 30 7CA30CD1 22 Bytes [ FF, 52, 6A, 01, 56, 89, B5, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_NotifyIcon + 47 7CA30CE8 2 Bytes [ F0, FD ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_NotifyIcon + 4C 7CA30CED 6 Bytes [ 08, 8D, 95, E8, FD, FF ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotification_Lock + 40 7CA31A69 34 Bytes CALL 7CA1E0D0 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotification_Lock + 63 7CA31A8C 27 Bytes [ 50, 68, E0, 5B, 9E, 7C, 8D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotification_Lock + 7F 7CA31AA8 16 Bytes [ 83, F8, 10, 74, 2B, 83, F8, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotification_Lock + 90 7CA31AB9 39 Bytes CALL 8CA31ABB
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotification_Lock + D1 7CA31AFA 49 Bytes CALL 7CA31B2F C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_NotifyIconW + A 7CA31B9C 53 Bytes [ 64, 00, 6F, 00, 77, 00, 73, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_NotifyIconW + 40 7CA31BD2 9 Bytes [ 72, 00, 5C, 00, 53, 00, 74, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_NotifyIconW + 4A 7CA31BDC 19 Bytes [ 72, 00, 74, 00, 4D, 00, 65, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_NotifyIconW + 5E 7CA31BF0 21 Bytes [ 72, 00, 74, 00, 50, 00, 61, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_NotifyIconW + 74 7CA31C06 1 Byte [ 61 ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHDefExtractIconW + AC 7CA323D9 28 Bytes [ 00, 00, 10, 0F, 84, 2D, 43, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHExtractIconsW + 18 7CA323F6 3 Bytes CALL 7C049900
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHExtractIconsW + 1C 7CA323FA 309 Bytes [ 61, FF, 75, 18, 8B, 4D, 08, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHExtractIconsW + 152 7CA32530 61 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHExtractIconsW + 190 7CA3256E 3 Bytes [ 8B, 86, 84 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHExtractIconsW + 194 7CA32572 13 Bytes CALL 05C36C02
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetImageList + 57 7CA337EC 43 Bytes [ 73, 00, 2E, 00, 65, 00, 78, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetImageList + 83 7CA33818 64 Bytes [ 73, 00, 68, 00, 69, 00, 6D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetImageList + C4 7CA33859 5 Bytes [ 83, A5, C0, FC, FF ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetImageList + CA 7CA3385F 30 Bytes [ 00, 33, C0, 8D, BD, C4, FC, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetImageList + E9 7CA3387E 54 Bytes [ FF, 89, 85, EC, FC, FF, FF, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderPathA + 1D 7CA33A68 2 Bytes [ 75, F8 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderPathA + 20 7CA33A6B 23 Bytes [ 76, 30, FF, 76, 2C, FF, 76, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderPathA + 38 7CA33A83 32 Bytes [ FF, 55, 8B, EC, 56, 8B, F1, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderPathA + 5C 7CA33AA7 20 Bytes [ 90, 8B, FF, 56, 8B, F1, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderPathA + 71 7CA33ABC 97 Bytes [ 46, 14, 8B, 08, 50, FF, 51, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DllCanUnloadNow + B 7CA341EC 30 Bytes [ 75, C4, 8D, 45, D0, 50, E8, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DllCanUnloadNow + 2A 7CA3420B 21 Bytes [ 5C, FF, FF, FF, 50, 8D, 85, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DllCanUnloadNow + 40 7CA34221 34 Bytes [ 5C, FF, FF, FF, 80, 00, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DllCanUnloadNow + 63 7CA34244 2 Bytes [ 50, E8 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DllCanUnloadNow + 66 7CA34247 114 Bytes [ 92, FD, FF, 85, C0, 0F, 85, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotification_Unlock + 55 7CA345B1 16 Bytes [ 84, 48, 7C, FC, FF, E9, 2E, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotification_Unlock + 66 7CA345C2 50 Bytes [ 55, 8B, EC, FF, 75, 0C, 8B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotification_Unlock + 99 7CA345F5 66 Bytes [ C0, 0F, 84, 98, C0, FC, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotification_Unlock + DC 7CA34638 9 Bytes [ 0E, 99, 03, 45, CC, 57, 13, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotification_Unlock + E6 7CA34642 3 Bytes [ 52, 50, 56 ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotify + 17 7CA34A6C 49 Bytes [ 14, 89, 45, FC, 8B, 45, 08, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotify + 49 7CA34A9E 76 Bytes [ C9, C2, 14, 00, 90, 90, 90, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotify + 96 7CA34AEB 12 Bytes [ 55, 8B, EC, 56, FF, 75, 0C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotify + A3 7CA34AF8 27 Bytes [ 36, FF, 15, 30, 60, A0, 7C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotify + BF 7CA34B14 4 Bytes JMP 7CA16805 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractIconExW + 7 7CA3612E 240 Bytes [ 90, 90, 90, 90, 90, 83, E9, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractIconExW + F8 7CA3621F 25 Bytes [ 3D, 40, F6, 9F, 7C, 6A, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractIconExW + 112 7CA36239 31 Bytes [ 00, 85, C9, 5F, 74, 07, 6A, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractIconExW + 132 7CA36259 4 Bytes CALL 7C9FBADB C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractIconExW + 137 7CA3625E 10 Bytes [ 5E, C3, 90, 90, 90, 90, 90, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCloneSpecialIDList + E 7CA364C9 4 Bytes JMP 7CA02922 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCloneSpecialIDList + 13 7CA364CE 9 Bytes [ 90, 90, 90, 90, 90, 83, 6C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCloneSpecialIDList + 1D 7CA364D8 44 Bytes JMP 7CA35D5C C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCloneSpecialIDList + 4A 7CA36505 136 Bytes [ 00, 53, 56, 8B, F1, 8D, 46, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCloneSpecialIDList + D4 7CA3658F 5 Bytes [ 8B, CB, E8, 6F, F8 ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFileInfoW + 2 7CA3AE1A 7 Bytes [ 68, FC, A4, A3, 7C, E8, 0C ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFileInfoW + B 7CA3AE23 332 Bytes [ 00, 59, C3, 90, 90, 90, 90, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFileInfoW + 158 7CA3AF70 8 Bytes [ 08, 89, 48, 08, 8B, 4D, 0C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFileInfoW + 161 7CA3AF79 39 Bytes [ 84, 9F, A3, 7C, 89, 48, 0C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFileInfoW + 189 7CA3AFA1 139 Bytes [ 00, C3, 90, 90, 90, 90, 90, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DragAcceptFiles + 5F 7CA3B02D 98 Bytes [ 55, 8B, EC, 8B, C1, 8B, 4D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DragAcceptFiles + C2 7CA3B090 30 Bytes [ 63, 52, B6, 7C, 90, 90, 90, ... ]
    .text
    18 Août 2008 18:43:42

    bonsoir
    le rapport n'est pas complet.
    poste le en entier stp
    23 Août 2008 11:35:16

    Bonjour,
    Voici le rapport :
    GMER 1.0.14.14536 - http://www.gmer.net
    Rootkit scan 2008-08-22 11:15:47
    Windows 5.1.2600 Service Pack 2


    ---- User code sections - GMER 1.0.14 ----

    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!StrStrW + FFE26F82 7C9D2179 276 Bytes [ 95, EF, 77, 2D, C1, EF, 77, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!StrStrW + FFE27097 7C9D228E 1 Byte [ 00 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!StrStrW + FFE27099 7C9D2290 121 Bytes [ E7, 30, 83, 7C, 27, F8, 82, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!StrStrW + FFE27113 7C9D230A 50 Bytes [ 81, 7C, F7, 28, 83, 7C, 5D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!StrStrW + FFE27146 7C9D233D 38 Bytes [ 21, 83, 7C, EC, E7, 80, 7C, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDiskFreeSpaceExW + 9B 7C9FA7BC 63 Bytes [ 53, 48, 47, 65, 74, 44, 69, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDiskFreeSpaceExW + DB 7C9FA7FC 149 Bytes [ 53, 48, 47, 65, 74, 46, 69, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDiskFreeSpaceExW + 171 7C9FA892 974 Bytes [ 53, 48, 47, 65, 74, 49, 63, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFree + 1A7 7C9FAC61 172 Bytes [ 53, 48, 51, 75, 65, 72, 79, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILFree + 62 7C9FAD0E 35 Bytes [ 69, 6D, 70, 6C, 65, 49, 44, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILFree + 86 7C9FAD32 78 Bytes [ 74, 69, 6F, 6E, 44, 69, 61, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILFree + D5 7C9FAD81 453 Bytes [ 53, 48, 55, 70, 64, 61, 74, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILGetSize + 7 7C9FAF47 386 Bytes [ 53, 68, 65, 6C, 6C, 4D, 65, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILClone + 125 7C9FB0CA 92 Bytes [ 53, 74, 72, 53, 74, 72, 41, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILClone + 182 7C9FB127 242 Bytes [ 48, 41, 6C, 6C, 6F, 63, 53, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILCloneFirst + 6 7C9FB21A 9 Bytes [ FF, 56, 8B, F1, 57, 8D, 86, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILCloneFirst + 11 7C9FB225 116 Bytes [ 50, FF, 15, 64, 15, 9D, 7C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILCloneFirst + 86 7C9FB29A 19 Bytes [ 15, 0C, 16, 9D, 7C, 5E, 8B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILCloneFirst + 9A 7C9FB2AE 14 Bytes [ FF, 55, 8B, EC, 83, EC, 14, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILCloneFirst + A9 7C9FB2BD 53 Bytes [ 08, 56, 57, 53, 89, 45, FC, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILCombine + 2E 7C9FB2F3 34 Bytes [ 15, CC, 14, 9D, 7C, 33, D2, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILCombine + 51 7C9FB316 49 Bytes [ CF, FF, 90, CC, 00, 00, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILCombine + 83 7C9FB348 89 Bytes [ 55, 8B, EC, 83, EC, 10, A1, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILCombine + DE 7C9FB3A3 41 Bytes [ 51, FF, 15, 60, 15, 9D, 7C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILCombine + 10B 7C9FB3D0 87 Bytes [ D5, 48, A2, 7C, 56, 0E, A3, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDesktopFolder + 6B 7C9FB983 62 Bytes [ 8B, FF, 55, 8B, EC, 56, 8B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDesktopFolder + AA 7C9FB9C2 13 Bytes [ 00, 00, F6, 45, 08, 01, 74, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDesktopFolder + B8 7C9FB9D0 24 Bytes [ 59, 8B, C6, 5E, 5D, C2, 04, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDesktopFolder + D1 7C9FB9E9 4 Bytes [ 85, 41, BF, 05 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDesktopFolder + D6 7C9FB9EE 179 Bytes [ C3, 90, 1A, 4B, A0, 7C, E1, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHRestricted + 22 7C9FC267 20 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHRestricted + 38 7C9FC27D 66 Bytes [ 75, 08, FF, 15, 84, 1A, 9D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHRestricted + 7B 7C9FC2C0 21 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHRestricted + 91 7C9FC2D6 28 Bytes [ 83, 7D, 0C, 00, 0F, 84, 41, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHRestricted + AE 7C9FC2F3 70 Bytes [ 89, 45, 08, 03, C3, 50, E8, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILRemoveLastID 7C9FC360 29 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILRemoveLastID + 1E 7C9FC37E 57 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILRemoveLastID + 58 7C9FC3B8 13 Bytes [ 55, 8B, EC, 33, C0, 39, 45, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILRemoveLastID + 66 7C9FC3C6 118 Bytes JMP 7C9FBFA4 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILRemoveLastID + DD 7C9FC43D 21 Bytes [ 55, 8B, EC, 51, 53, 56, 8B, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSetSettings + 12F 7C9FC688 27 Bytes CALL 7C9FBFA3 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSetSettings + 14B 7C9FC6A4 5 Bytes [ 50, E8, D3, 14, 00 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSetSettings + 151 7C9FC6AA 17 Bytes [ 89, 47, 2C, 8B, B6, 18, 04, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSetSettings + 163 7C9FC6BC 24 Bytes [ 39, 5D, 08, 5E, 7C, 23, 6A, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSetSettings + 17C 7C9FC6D5 86 Bytes [ 3B, C3, 89, 45, 08, 7C, 09, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCLSIDFromString + 1 7C9FC95D 29 Bytes [ 4D, FC, 53, FF, 75, 10, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCLSIDFromString + 1F 7C9FC97B 6 Bytes [ 00, 00, E9, 4F, FB, FF ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCLSIDFromString + 26 7C9FC982 29 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCLSIDFromString + 44 7C9FC9A0 32 Bytes [ 8B, 45, 08, 85, C0, 8B, D8, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCLSIDFromString + 66 7C9FC9C2 48 Bytes [ FF, 75, 18, 8B, 10, FF, 75, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILFindLastID + 44 7C9FCB69 41 Bytes [ 51, 68, FC, 6E, 9D, 7C, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILFindLastID + 6E 7C9FCB93 12 Bytes [ 75, 14, FF, 75, 10, FF, 75, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILFindLastID + 7B 7C9FCBA0 16 Bytes [ F0, 85, F6, 7C, 0B, 57, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILFindLastID + 8E 7C9FCBB3 47 Bytes [ 8B, 08, 50, FF, 51, 08, 85, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILFindLastID + BE 7C9FCBE3 88 Bytes [ 4D, 0C, 89, 01, F7, D8, 1B, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHParseDisplayName + 3E 7C9FDD57 133 Bytes [ 0F, 84, 3F, 98, 03, 00, 83, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHParseDisplayName + C4 7C9FDDDD 57 Bytes [ EC, 51, 51, 53, 56, 57, 8B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHParseDisplayName + FF 7C9FDE18 51 Bytes CALL 7C9FDCBC C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHParseDisplayName + 133 7C9FDE4C 11 Bytes [ 55, 8B, EC, 83, EC, 18, A1, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHParseDisplayName + 13F 7C9FDE58 29 Bytes [ 56, 8B, F1, 89, 45, FC, 8B, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHILCreateFromPath + 43 7C9FE32C 13 Bytes [ 43, 9D, 7C, A5, A5, A5, A5, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHILCreateFromPath + 51 7C9FE33A 58 Bytes [ 7B, 06, 00, 33, C0, 40, 5F, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHILCreateFromPath + 8C 7C9FE375 27 Bytes CALL 7C9FE31A C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHILCreateFromPath + A8 7C9FE391 46 Bytes [ 00, 00, 8B, D8, 8B, 4D, FC, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHILCreateFromPath + D8 7C9FE3C1 32 Bytes [ 8B, 45, 14, 53, 8B, 5D, 08, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILCreateFromPath + A 7C9FE499 6 Bytes [ FF, 75, 08, E8, 79, E2 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILCreateFromPath + 11 7C9FE4A0 86 Bytes [ FF, 5D, C2, 0C, 00, 90, 90, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILCreateFromPath + 68 7C9FE4F7 49 Bytes [ 6A, 01, 53, 8D, 8D, D4, FD, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILCreateFromPath + 9A 7C9FE529 26 Bytes CALL 7C9F828D C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILCreateFromPath + B5 7C9FE544 119 Bytes [ 00, A1, 48, E5, BD, 7C, 53, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderPathW + 37 7C9FEF49 145 Bytes [ 8B, D8, 85, DB, 7C, 41, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderPathW + C9 7C9FEFDB 30 Bytes [ 8B, 5D, 10, 8B, 75, 08, 89, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderPathW + E9 7C9FEFFB 17 Bytes [ 85, C0, 0F, 84, 31, 08, 04, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderPathW + FB 7C9FF00D 116 Bytes [ 00, FF, 75, 20, 8B, CF, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderPathW + 170 7C9FF082 6 Bytes [ 75, 14, FF, 75, 10, 50 ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderLocation + 24 7C9FF421 20 Bytes [ 00, 00, 40, 49, 75, F9, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderLocation + 39 7C9FF436 17 Bytes CALL 7C9FC9FA C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderLocation + 4B 7C9FF448 33 Bytes [ 66, C7, 03, 19, 00, C6, 43, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderLocation + 6D 7C9FF46A 13 Bytes [ 4D, FC, 8B, C7, 5F, 5E, 5B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderLocation + 7B 7C9FF478 1 Byte [ 10 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSpecialFolderLocation 7C9FF47F 9 Bytes [ 68, F8, 7F, 9D, 7C, E8, 06, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSpecialFolderLocation + A 7C9FF489 188 Bytes [ C3, 90, 90, 90, 90, 90, 8B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSpecialFolderLocation + C7 7C9FF546 29 Bytes [ 15, 30, 10, 9D, 7C, 85, C0, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSpecialFolderLocation + E5 7C9FF564 59 Bytes [ 85, C0, 75, 2F, 8D, 45, AC, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSpecialFolderLocation + 121 7C9FF5A0 21 Bytes [ 8B, 4D, FC, 8B, 45, A8, 5F, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCoCreateInstance + 65 7C9FF7E7 8 Bytes [ 33, C0, 8D, 7D, F4, AB, AB, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCoCreateInstance + 6E 7C9FF7F0 66 Bytes [ 06, 8D, 55, F0, 52, C7, 45, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCoCreateInstance + B1 7C9FF833 22 Bytes [ 8D, 7A, 08, C7, 02, 74, 80, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCoCreateInstance + CB 7C9FF84D 58 Bytes [ 90, 8B, FF, 55, 8B, EC, 56, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCoCreateInstance + 106 7C9FF888 183 Bytes [ 0F, 8C, B4, D1, FF, FF, 8B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DllGetClassObject + 7 7C9FF940 20 Bytes [ F8, 3B, FE, 75, 45, 39, B5, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DllGetClassObject + 1C 7C9FF955 43 Bytes [ 00, 00, 8B, 8D, A0, FD, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DllGetClassObject + 48 7C9FF981 30 Bytes [ D9, FF, FF, 8B, F8, 3B, FE, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DllGetClassObject + 67 7C9FF9A0 31 Bytes [ 85, A8, FD, FF, FF, 8B, B5, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DllGetClassObject + 87 7C9FF9C0 2 Bytes [ F3, A5 ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHBindToParent + 27 7C9FFC06 10 Bytes [ 00, 8D, 85, F4, FD, FF, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHBindToParent + 32 7C9FFC11 28 Bytes CALL 7C9FFC37 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHBindToParent + 4F 7C9FFC2E 180 Bytes [ FF, C9, C2, 04, 00, 90, 90, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHBindToParent + 104 7C9FFCE3 23 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHBindToParent + 11C 7C9FFCFB 4 Bytes [ 85, E1, ED, 00 ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!IsNetDrive + B 7CA00C0A 6 Bytes [ 00, 90, 90, 90, 90, 90 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!IsNetDrive + 12 7CA00C11 61 Bytes [ FF, 55, 8B, EC, 51, 51, 53, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!IsNetDrive + 51 7CA00C50 3 Bytes [ 48, FF, 00 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!IsNetDrive + 55 7CA00C54 51 Bytes [ 89, 5D, F8, 33, C0, 8B, 7D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!IsNetDrive + 89 7CA00C88 163 Bytes [ FF, 75, 20, 8B, 4D, 08, FF, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!RealDriveType + 27 7CA0147D 8 Bytes [ 89, 08, 8B, 45, F8, 5F, 5E, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!RealDriveType + 31 7CA01487 1 Byte [ 1C ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!RealDriveType + 33 7CA01489 17 Bytes [ 81, 7D, F8, 7A, 00, 07, 80, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DriveType + D 7CA0149B 33 Bytes [ 55, 8B, EC, 8D, 45, 0C, 50, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DriveType + 2F 7CA014BD 28 Bytes [ 8B, 45, 0C, 5D, C2, 08, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DriveType + 4C 7CA014DA 27 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DriveType + 68 7CA014F6 28 Bytes [ 75, 0C, FF, 75, 08, FF, 50, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DriveType + 85 7CA01513 36 Bytes CALL 7CA012CF C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetPathFromIDListW + 3B 7CA0161F 17 Bytes JMP 7C9FB385 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetPathFromIDListW + 4D 7CA01631 18 Bytes [ 56, 8B, 75, 08, 57, FF, 75, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetPathFromIDListW + 60 7CA01644 25 Bytes [ 75, 14, 8B, D8, 8B, CF, 89, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetPathFromIDListW + 7A 7CA0165E 47 Bytes [ 00, 49, 0F, 85, 59, 33, 01, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetPathFromIDListW + AA 7CA0168E 10 Bytes [ 85, DB, 8B, C3, 0F, 85, 13, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILIsEqual + 20 7CA017EF 7 Bytes [ C3, 5B, 5D, C2, 10, 00, FF ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILIsEqual + 28 7CA017F7 26 Bytes [ 14, 8B, 76, 18, FF, 75, 10, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILIsEqual + 43 7CA01812 2 Bytes [ FF, 55 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILIsEqual + 46 7CA01815 9 Bytes CALL 7CA0182D C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILIsEqual + 51 7CA01820 10 Bytes [ 0F, 85, 47, 01, 00, 00, 33, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHSimpleIDListFromPath + 27 7CA01900 14 Bytes CALL 7C9FDC3A C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHSimpleIDListFromPath + 36 7CA0190F 45 Bytes [ FF, 50, 8D, 8D, AC, FB, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHSimpleIDListFromPath + 64 7CA0193D 43 Bytes [ 0F, 84, FB, 03, 06, 00, 3B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSpecialFolderPathW + 2 7CA01969 19 Bytes [ C9, C2, 10, 00, FF, 75, 0C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSpecialFolderPathW + 16 7CA0197D 18 Bytes CALL 7C9FDB01 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSpecialFolderPathW + 29 7CA01990 15 Bytes CALL 7C9FDB04 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSpecialFolderPathW + 39 7CA019A0 17 Bytes JMP 7CA01826 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSpecialFolderPathW + 4B 7CA019B2 39 Bytes [ FF, 55, 8B, EC, 81, EC, 84, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathIsSlowW + B 7CA019DA 86 Bytes [ FF, 89, 95, 8C, FE, FF, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathIsSlowW + 62 7CA01A31 5 Bytes [ 15, 28, 18, 9D, 7C ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathIsSlowW + 68 7CA01A37 26 Bytes [ B7, C0, 66, A9, FF, FF, 75, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathIsSlowW + 83 7CA01A52 10 Bytes [ 50, FF, B5, 98, FE, FF, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathIsSlowW + 8E 7CA01A5D 30 Bytes [ FF, 6A, 10, 59, 8D, BD, AC, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILIsParent + C 7CA01AA1 101 Bytes [ FF, 8D, 48, F0, FF, B5, 90, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILIsParent + 72 7CA01B07 11 Bytes [ B8, FD, FF, FF, 53, 57, E8, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILIsParent + 7E 7CA01B13 67 Bytes [ AC, FD, FF, FF, B8, 57, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILFindChild + 2 7CA01B57 8 Bytes [ 51, 14, 8B, D8, 85, DB, 7C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILFindChild + B 7CA01B60 1 Byte [ 45 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILFindChild + D 7CA01B62 42 Bytes [ 8B, 08, 8D, 55, 08, 52, 68, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILFindChild + 39 7CA01B8E 68 Bytes [ FF, FF, 50, 51, FF, 52, 1C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILFindChild + 7E 7CA01BD3 4 Bytes [ FF, 8B, CB, 88 ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotifyDeregister + 1F 7CA055B8 13 Bytes CALL 7C9FBFE8 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotifyDeregister + 2D 7CA055C6 66 Bytes [ FF, 75, 08, FF, 15, 64, 15, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotifyDeregister + 70 7CA05609 203 Bytes [ 00, 00, FF, 15, 2C, 1C, 9D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotifyDeregister + 13C 7CA056D5 14 Bytes [ 8B, 4D, FC, 8B, C7, 5F, E8, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotifyDeregister + 14B 7CA056E4 73 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_GetImageLists + 36 7CA05FA1 9 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_GetImageLists + 40 7CA05FAB 2 Bytes [ 4D, 0C ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_GetImageLists + 43 7CA05FAE 104 Bytes [ B8, 03, 04, 00, 00, 33, F6, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_GetImageLists + AC 7CA06017 76 Bytes [ 1D, 9D, 7C, 8D, 45, E4, 50, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_GetImageLists + F9 7CA06064 8 Bytes [ 79, 04, 3B, C7, 0F, 85, D7, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_GetCachedImageIndex + 2E 7CA0625B 22 Bytes [ FF, 55, 8B, EC, 51, 8D, 45, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_GetCachedImageIndex + 45 7CA06272 116 Bytes [ 85, C0, 0F, 8C, A4, 6E, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_GetCachedImageIndex + BA 7CA062E7 3 Bytes [ FF, 85, C0 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_GetCachedImageIndex + BE 7CA062EB 2 Bytes [ A5, 8B ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_GetCachedImageIndex + C1 7CA062EE 68 Bytes [ 04, 8B, 40, 0C, 85, C0, 89, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotifyRegister + 9 7CA06FE0 79 Bytes [ C9, 39, 75, 10, 89, 03, 8B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotifyRegister + 59 7CA07030 49 Bytes [ 39, 60, A0, 7C, 90, 90, 90, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotifyRegister + 8B 7CA07062 7 Bytes [ 55, 8B, EC, 83, 7D, 08, 00 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotifyRegister + 93 7CA0706A 8 Bytes [ 10, 6A, 00, 68, B8, 34, A4, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotifyRegister + 9C 7CA07073 261 Bytes [ 75, 08, FF, 15, 30, 60, A0, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_MergeMenus + 4F 7CA07723 48 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_MergeMenus + 80 7CA07754 31 Bytes [ 85, C0, 75, 0D, FF, 75, 0C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_MergeMenus + A3 7CA07777 46 Bytes [ 8B, FF, 55, 8B, EC, 83, EC, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_MergeMenus + D2 7CA077A6 13 Bytes CALL 7CA062C2 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_MergeMenus + E0 7CA077B4 156 Bytes [ 9A, C2, AC, 7C, 78, B2, A3, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateShellFolderView + 6E 7CA08DA4 1 Byte [ FF ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateShellFolderView + 70 7CA08DA6 32 Bytes [ C7, 5F, 5E, 5B, C9, C2, 04, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateShellFolderView + 91 7CA08DC7 47 Bytes [ 8B, 91, 44, 01, 00, 00, 85, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateShellFolderView + C1 7CA08DF7 88 Bytes [ 56, 6A, 00, 6A, 00, 8B, F1, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateShellFolderView + 11A 7CA08E50 18 Bytes [ 5F, 0F, 8C, C3, 0F, 05, 00, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHMapIDListToImageListIndexAsync + 38 7CA0B27A 27 Bytes [ 8D, 88, 00, 8E, FF, FF, 81, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHMapIDListToImageListIndexAsync + 54 7CA0B296 6 Bytes [ 00, 6A, 0A, EB, 3F, 6A ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHMapIDListToImageListIndexAsync + 5B 7CA0B29D 83 Bytes [ 8D, 8D, F0, FE, FF, FF, 51, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHMapIDListToImageListIndexAsync + AF 7CA0B2F1 7 Bytes [ FF, 51, 57, FF, B5, F8, FE ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHMapIDListToImageListIndexAsync + B7 7CA0B2F9 61 Bytes [ FF, 6A, 2B, 83, A5, F0, FE, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHMapPIDLToSystemImageListIndex + F 7CA0BB80 18 Bytes [ 00, 53, 56, 8B, 75, 08, 57, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 22 7CA0BB93 12 Bytes [ FF, 85, C0, 89, 45, 08, 0F, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 2F 7CA0BBA0 12 Bytes [ 56, 0C, 81, E2, 03, 03, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 3D 7CA0BBAE 91 Bytes [ 83, 4E, 28, FF, 6A, 0C, 33, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 99 7CA0BC0A 70 Bytes [ 00, BF, 00, 0F, 00, 00, 89, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDataFromIDListW + 1D 7CA0E625 120 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDataFromIDListW + 96 7CA0E69E 27 Bytes [ FF, FF, 8B, D8, 85, DB, 0F, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDataFromIDListW + B2 7CA0E6BA 15 Bytes [ 86, 48, 01, 00, 00, 8B, 08, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDataFromIDListW + C2 7CA0E6CA 9 Bytes [ 1C, 66, 85, C0, 0F, 85, 91, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDataFromIDListW + CC 7CA0E6D4 10 Bytes [ 8B, 45, 0C, 85, C0, 0F, 85, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathIsExe 7CA0E756 5 Bytes [ 90, 90, 90, 90, 8B ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathIsExe + 6 7CA0E75C 13 Bytes [ 55, 8B, EC, 81, EC, 90, 02, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathIsExe + 14 7CA0E76A 20 Bytes [ 53, 8B, 5D, 08, 56, 8B, 75, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathIsExe + 29 7CA0E77F 12 Bytes [ 45, 14, 89, 8D, 74, FD, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathIsExe + 36 7CA0E78C 14 Bytes [ FF, 75, 14, 66, 21, 75, AC, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!IsLFNDrive + 71 7CA0EABA 11 Bytes [ C7, 47, 1C, 02, 00, 00, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!IsLFNDrive + 7D 7CA0EAC6 10 Bytes [ FF, FF, 75, 0C, 8B, F0, 0F, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!IsLFNDrive + 88 7CA0EAD1 56 Bytes [ 75, 08, 03, C6, 50, FF, 15, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!IsLFNDrive + C1 7CA0EB0A 102 Bytes [ 0D, 00, 40, 00, 00, 50, 6A, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!IsLFNDrive + 128 7CA0EB71 50 Bytes [ 28, 00, 00, 00, 83, F8, FF, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathResolve + 5B 7CA113CD 338 Bytes [ B9, 09, 72, AE, 7C, 89, 15, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathResolve + 1AE 7CA11520 2 Bytes [ 09, 68 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathResolve + 1B2 7CA11524 17 Bytes [ 34, 4B, 17, 9B, FF, 40, D2, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathResolve + 1C4 7CA11536 20 Bytes [ 00, 00, 80, 54, 27, F2, 82, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathResolve + 1DA 7CA1154C 19 Bytes [ 83, 25, 98, F0, BD, 7C, 00, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellExecuteExW + B 7CA117E6 45 Bytes [ 69, 00, 73, 00, 74, 00, 20, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellExecuteExW + 39 7CA11814 92 Bytes [ 8D, 7D, D8, 33, F6, 57, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellExecuteExW + 96 7CA11871 61 Bytes [ 83, FF, 08, 0F, 8E, 95, 99, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellExecuteExW + D4 7CA118AF 33 Bytes [ 8B, 75, 08, 3B, F3, 75, 0C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellExecuteExW + F6 7CA118D1 92 Bytes [ 10, 89, 91, A4, F0, BD, 7C, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DllGetVersion + 5 7CA14913 54 Bytes [ 1C, 08, 00, 00, A1, 48, E5, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DllGetVersion + 3C 7CA1494A 98 Bytes [ 3E, 08, 8D, BD, E6, F7, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHTestTokenMembership + 2 7CA149AD 32 Bytes [ 75, 0C, 6A, 02, 68, 50, 38, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHTestTokenMembership + 23 7CA149CE 66 Bytes [ FF, 75, 14, 8B, CF, FF, 75, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHTestTokenMembership + 66 7CA14A11 9 Bytes [ F7, D8, 1B, C0, 23, C1, 50, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHTestTokenMembership + 72 7CA14A1D 3 Bytes [ 5D, C2, 0C ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHTestTokenMembership + 76 7CA14A21 16 Bytes [ 39, 45, 10, 74, F7, E9, 79, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!OpenRegStream + 16 7CA14F20 32 Bytes CALL 7CA14F6C C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!OpenRegStream + 37 7CA14F41 104 Bytes [ 85, 3A, 01, 00, 00, 46, 83, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!OpenRegStream + A0 7CA14FAA 4 Bytes [ D6, 8B, F8, 85 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!OpenRegStream + A5 7CA14FAF 20 Bytes [ 0F, 84, 86, 00, 00, 00, 83, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!OpenRegStream + BA 7CA14FC4 10 Bytes CALL 7CA15069 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractVersionResource16W + 3C 7CA1502D 21 Bytes [ 83, 7D, EC, 00, 7D, B3, 85, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractVersionResource16W + 52 7CA15043 73 Bytes [ 5F, 5E, 8B, 45, EC, C9, C2, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractVersionResource16W + 9C 7CA1508D 6 Bytes [ FF, 56, 8D, 45, F4, 50 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractVersionResource16W + A3 7CA15094 125 Bytes [ 15, 98, 1C, 9D, 7C, 8D, 45, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractVersionResource16W + 121 7CA15112 42 Bytes CALL 7CA012DE C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILLoadFromStream 7CA15DFD 3 Bytes [ 90, 90, 90 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILLoadFromStream + 4 7CA15E01 6 Bytes [ FF, 55, 8B, EC, 81, EC ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILLoadFromStream + B 7CA15E08 54 Bytes [ 02, 00, 00, A1, 48, E5, BD, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILLoadFromStream + 42 7CA15E3F 5 Bytes [ FF, 50, 68, 81, 23 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILLoadFromStream + 48 7CA15E45 5 Bytes [ 00, E8, DE, 95, FF ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DAD_ShowDragImage + 1 7CA17B11 114 Bytes [ 47, 30, 85, C0, 0F, 85, 71, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DAD_ShowDragImage + 74 7CA17B84 2 Bytes [ 50, 53 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DAD_ShowDragImage + 77 7CA17B87 3 Bytes [ CE, F9, FF ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DAD_ShowDragImage + 7B 7CA17B8B 43 Bytes [ 8B, 06, F7, D8, 1B, C0, 25, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DAD_ShowDragImage + A7 7CA17BB7 3 Bytes [ FF, 15, F0 ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderPathAndSubDirW + F 7CA1A04B 5 Bytes [ FF, 01, 00, 00, 00 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderPathAndSubDirW + 15 7CA1A051 231 Bytes [ B5, F8, FD, FF, FF, FF, 15, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateDirectoryExW + 7B 7CA1A139 23 Bytes [ 85, C0, 7C, 23, 8B, 46, 10, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateDirectoryExW + 93 7CA1A151 84 Bytes [ 46, 30, 68, 55, 04, 00, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateDirectoryExW + E8 7CA1A1A6 4 Bytes [ 84, A3, F2, 04 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateDirectoryExW + ED 7CA1A1AB 3 Bytes [ 6A, 43, FF ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateDirectoryExW + F1 7CA1A1AF 11 Bytes [ 50, 1D, 9D, 7C, 85, C0, 0F, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHUpdateRecycleBinIcon + 80 7CA1ABCF 61 Bytes JMP 7CA078A5 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHUpdateRecycleBinIcon + BE 7CA1AC0D 4 Bytes CALL 7CA190BB C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHUpdateRecycleBinIcon + C3 7CA1AC12 42 Bytes [ 8B, F0, 3B, F7, 0F, 8D, 9B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHUpdateRecycleBinIcon + EE 7CA1AC3D 1 Byte [ 15 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHUpdateRecycleBinIcon + F0 7CA1AC3F 30 Bytes [ 15, 9D, 7C, 50, FF, 75, FC, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!IsUserAnAdmin + 35 7CA1CA10 16 Bytes [ 07, 77, 03, 8B, 45, 08, 5D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!IsUserAnAdmin + 46 7CA1CA21 19 Bytes [ 55, 8B, EC, 83, 7D, 0C, 01, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!IsUserAnAdmin + 5A 7CA1CA35 5 Bytes [ 0F, 85, 86, D0, 03 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!IsUserAnAdmin + 60 7CA1CA3B 9 Bytes [ 53, 8B, 5D, 14, 56, 8B, 75, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!IsUserAnAdmin + 6A 7CA1CA45 49 Bytes [ BE, 6C, 05, 00, 00, 3B, 1F, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathProcessCommand + 41 7CA1D34C 1 Byte [ 53 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathProcessCommand + 43 7CA1D34E 48 Bytes [ B5, D0, FB, FF, FF, 8D, 85, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathProcessCommand + 74 7CA1D37F 22 Bytes [ FF, 85, D0, FB, FF, FF, 83, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathProcessCommand + 8B 7CA1D396 5 Bytes [ 89, 9D, B0, FB, FF ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathProcessCommand + 91 7CA1D39C 5 Bytes [ 8D, BD, B4, FB, FF ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DragQueryFileW + 13 7CA2073D 17 Bytes [ 39, B5, CC, FD, FF, FF, 0F, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DragQueryFileAorW + 2 7CA2074F 37 Bytes [ 03, 45, 14, 3B, 45, 18, 89, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DragQueryFileAorW + 28 7CA20775 48 Bytes [ 15, 78, 1F, 9D, 7C, 85, C0, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DragQueryFileAorW + 5A 7CA207A7 61 Bytes [ 50, FF, B5, 54, FF, FF, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DragQueryFileAorW + 99 7CA207E6 34 Bytes [ FF, FF, 85, 54, FF, FF, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DragQueryFileAorW + BC 7CA20809 30 Bytes [ 89, 45, FC, 8B, 45, 0C, 53, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!InternalExtractIconListA + 15 7CA2A7CA 5 Bytes [ 33, C8, 89, 8B, A4 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!InternalExtractIconListA + 1C 7CA2A7D1 46 Bytes JMP 7CA2AC67 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!InternalExtractIconListA + 4B 7CA2A800 39 Bytes [ 85, C0, 0F, 85, 60, 04, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!InternalExtractIconListA + 73 7CA2A828 5 Bytes [ 89, 83, A4, 00, 00 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!InternalExtractIconListA + 79 7CA2A82E 58 Bytes JMP 7CA2AC68 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSetFolderCustomSettingsW + 13 7CA2CA61 75 Bytes [ 76, B0, 56, FF, 15, 30, 1E, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSetFolderCustomSettingsW + 5F 7CA2CAAD 102 Bytes [ 55, 8B, EC, 83, EC, 24, A1, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSetFolderCustomSettingsW + C6 7CA2CB14 68 Bytes [ 75, E4, 68, 17, 04, 00, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSetFolderCustomSettingsW + 10B 7CA2CB59 66 Bytes [ 28, 3B, C2, 0F, 85, 38, 18, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSetFolderCustomSettingsW + 14E 7CA2CB9C 5 Bytes [ FF, FF, E8, B4, BA ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHSetLocalizedName + 6 7CA304D2 8 Bytes [ 6C, 24, 04, 08, E9, B2, F5, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHSetLocalizedName + F 7CA304DB 28 Bytes [ 90, 90, 90, 90, 90, 83, 6C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHSetLocalizedName + 2D 7CA304F9 28 Bytes [ 90, 90, 90, 90, 90, 83, 6C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHSetLocalizedName + 4B 7CA30517 57 Bytes [ F6, C3, 03, 74, 12, FF, 75, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHSetLocalizedName + 85 7CA30551 14 Bytes JMP 7CA1E373 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFlushSFCache + 32 7CA30630 1 Byte [ C7 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFlushSFCache + 34 7CA30632 81 Bytes [ FC, 7C, 00, 00, 40, FF, 75, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFlushSFCache + 86 7CA30684 28 Bytes [ 75, 0C, FF, 70, 0C, FF, 15, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFlushSFCache + A3 7CA306A1 86 Bytes [ 00, 90, 90, 90, 90, 90, 83, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFlushSFCache + FA 7CA306F8 102 Bytes [ 33, C0, 89, 9D, DC, FD, FF, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_NotifyIcon + 2 7CA30CA3 20 Bytes [ 51, 68, FC, 6E, 9D, 7C, 50, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_NotifyIcon + 17 7CA30CB8 24 Bytes [ 85, F0, FD, FF, FF, 57, 8D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_NotifyIcon + 30 7CA30CD1 22 Bytes [ FF, 52, 6A, 01, 56, 89, B5, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_NotifyIcon + 47 7CA30CE8 2 Bytes [ F0, FD ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_NotifyIcon + 4C 7CA30CED 6 Bytes [ 08, 8D, 95, E8, FD, FF ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotification_Lock + 40 7CA31A69 34 Bytes CALL 7CA1E0D0 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotification_Lock + 63 7CA31A8C 27 Bytes [ 50, 68, E0, 5B, 9E, 7C, 8D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotification_Lock + 7F 7CA31AA8 16 Bytes [ 83, F8, 10, 74, 2B, 83, F8, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotification_Lock + 90 7CA31AB9 39 Bytes CALL 8CA31ABB
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotification_Lock + D1 7CA31AFA 49 Bytes CALL 7CA31B2F C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_NotifyIconW + A 7CA31B9C 53 Bytes [ 64, 00, 6F, 00, 77, 00, 73, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_NotifyIconW + 40 7CA31BD2 9 Bytes [ 72, 00, 5C, 00, 53, 00, 74, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_NotifyIconW + 4A 7CA31BDC 19 Bytes [ 72, 00, 74, 00, 4D, 00, 65, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_NotifyIconW + 5E 7CA31BF0 21 Bytes [ 72, 00, 74, 00, 50, 00, 61, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Shell_NotifyIconW + 74 7CA31C06 1 Byte [ 61 ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHDefExtractIconW + AC 7CA323D9 28 Bytes [ 00, 00, 10, 0F, 84, 2D, 43, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHExtractIconsW + 18 7CA323F6 3 Bytes CALL 7C049900
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHExtractIconsW + 1C 7CA323FA 309 Bytes [ 61, FF, 75, 18, 8B, 4D, 08, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHExtractIconsW + 152 7CA32530 61 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHExtractIconsW + 190 7CA3256E 3 Bytes [ 8B, 86, 84 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHExtractIconsW + 194 7CA32572 13 Bytes CALL 05C36C02
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetImageList + 57 7CA337EC 43 Bytes [ 73, 00, 2E, 00, 65, 00, 78, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetImageList + 83 7CA33818 64 Bytes [ 73, 00, 68, 00, 69, 00, 6D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetImageList + C4 7CA33859 5 Bytes [ 83, A5, C0, FC, FF ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetImageList + CA 7CA3385F 30 Bytes [ 00, 33, C0, 8D, BD, C4, FC, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetImageList + E9 7CA3387E 54 Bytes [ FF, 89, 85, EC, FC, FF, FF, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderPathA + 1D 7CA33A68 2 Bytes [ 75, F8 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderPathA + 20 7CA33A6B 23 Bytes [ 76, 30, FF, 76, 2C, FF, 76, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderPathA + 38 7CA33A83 32 Bytes [ FF, 55, 8B, EC, 56, 8B, F1, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderPathA + 5C 7CA33AA7 20 Bytes [ 90, 8B, FF, 56, 8B, F1, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderPathA + 71 7CA33ABC 97 Bytes [ 46, 14, 8B, 08, 50, FF, 51, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DllCanUnloadNow + B 7CA341EC 30 Bytes [ 75, C4, 8D, 45, D0, 50, E8, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DllCanUnloadNow + 2A 7CA3420B 21 Bytes [ 5C, FF, FF, FF, 50, 8D, 85, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DllCanUnloadNow + 40 7CA34221 34 Bytes [ 5C, FF, FF, FF, 80, 00, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DllCanUnloadNow + 63 7CA34244 2 Bytes [ 50, E8 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DllCanUnloadNow + 66 7CA34247 114 Bytes [ 92, FD, FF, 85, C0, 0F, 85, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotification_Unlock + 55 7CA345B1 16 Bytes [ 84, 48, 7C, FC, FF, E9, 2E, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotification_Unlock + 66 7CA345C2 50 Bytes [ 55, 8B, EC, FF, 75, 0C, 8B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotification_Unlock + 99 7CA345F5 66 Bytes [ C0, 0F, 84, 98, C0, FC, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotification_Unlock + DC 7CA34638 9 Bytes [ 0E, 99, 03, 45, CC, 57, 13, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotification_Unlock + E6 7CA34642 3 Bytes [ 52, 50, 56 ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotify + 17 7CA34A6C 49 Bytes [ 14, 89, 45, FC, 8B, 45, 08, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotify + 49 7CA34A9E 76 Bytes [ C9, C2, 14, 00, 90, 90, 90, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotify + 96 7CA34AEB 12 Bytes [ 55, 8B, EC, 56, FF, 75, 0C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotify + A3 7CA34AF8 27 Bytes [ 36, FF, 15, 30, 60, A0, 7C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotify + BF 7CA34B14 4 Bytes JMP 7CA16805 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractIconExW + 7 7CA3612E 240 Bytes [ 90, 90, 90, 90, 90, 83, E9, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractIconExW + F8 7CA3621F 25 Bytes [ 3D, 40, F6, 9F, 7C, 6A, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractIconExW + 112 7CA36239 31 Bytes [ 00, 85, C9, 5F, 74, 07, 6A, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractIconExW + 132 7CA36259 4 Bytes CALL 7C9FBADB C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractIconExW + 137 7CA3625E 10 Bytes [ 5E, C3, 90, 90, 90, 90, 90, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCloneSpecialIDList + E 7CA364C9 4 Bytes JMP 7CA02922 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCloneSpecialIDList + 13 7CA364CE 9 Bytes [ 90, 90, 90, 90, 90, 83, 6C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCloneSpecialIDList + 1D 7CA364D8 44 Bytes JMP 7CA35D5C C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCloneSpecialIDList + 4A 7CA36505 136 Bytes [ 00, 53, 56, 8B, F1, 8D, 46, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCloneSpecialIDList + D4 7CA3658F 5 Bytes [ 8B, CB, E8, 6F, F8 ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFileInfoW + 2 7CA3AE1A 7 Bytes [ 68, FC, A4, A3, 7C, E8, 0C ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFileInfoW + B 7CA3AE23 332 Bytes [ 00, 59, C3, 90, 90, 90, 90, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFileInfoW + 158 7CA3AF70 8 Bytes [ 08, 89, 48, 08, 8B, 4D, 0C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFileInfoW + 161 7CA3AF79 39 Bytes [ 84, 9F, A3, 7C, 89, 48, 0C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFileInfoW + 189 7CA3AFA1 139 Bytes [ 00, C3, 90, 90, 90, 90, 90, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DragAcceptFiles + 5F 7CA3B02D 98 Bytes [ 55, 8B, EC, 8B, C1, 8B, 4D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DragAcceptFiles + C2 7CA3B090 30 Bytes [ 63, 52, B6, 7C, 90, 90, 90, ..
    23 Août 2008 11:43:39

    C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DragAcceptFiles + C2 7CA3B090 30 Bytes [ 63, 52, B6, 7C, 90, 90, 90, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DragAcceptFiles + E2 7CA3B0B0 31 Bytes [ 68, 00, 6E, 00, 65, 00, 74, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DragAcceptFiles + 102 7CA3B0D0 30 Bytes [ 4E, 00, 65, 00, 74, 00, 57, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DragAcceptFiles + 121 7CA3B0EF 24 Bytes [ 00, 90, 90, 90, 90, 90, 68, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetMalloc + 30 7CA3B1F8 35 Bytes [ 1E, 57, B6, 7C, 63, 52, B6, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetMalloc + 54 7CA3B21C 9 Bytes [ 64, 00, 69, 00, 73, 00, 70, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetMalloc + 5E 7CA3B226 77 Bytes [ 68, 00, 74, 00, 6D, 00, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetMalloc + B0 7CA3B278 29 Bytes [ 73, 00, 68, 00, 65, 00, 6C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetMalloc + CE 7CA3B296 7 Bytes [ 45, 00, 30, 00, 2D, 00, 33 ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILSaveToStream + 1 7CA3F275 48 Bytes [ 7D, CC, 8D, 4D, C8, 51, 6A, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILSaveToStream + 32 7CA3F2A6 20 Bytes [ 50, 10, 3B, C6, 89, 45, D4, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILSaveToStream + 47 7CA3F2BB 85 Bytes [ 50, 14, 8B, 45, D4, 8B, 4D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILSaveToStream + 9D 7CA3F311 47 Bytes [ 45, D4, 50, 8B, 45, 08, 56, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILSaveToStream + CD 7CA3F341 6 Bytes [ 7F, FF, 75, FC, FF, 15 ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHAddToRecentDocs + 7 7CA3FB71 42 Bytes [ FF, 15, E4, 15, 9D, 7C, 85, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHAddToRecentDocs + 32 7CA3FB9C 20 Bytes [ FF, 55, 8B, EC, 56, 8B, 75, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHAddToRecentDocs + 47 7CA3FBB1 76 Bytes [ C0, 74, 12, 8B, CF, 8B, D1, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHAddToRecentDocs + 94 7CA3FBFE 48 Bytes [ 55, 8B, EC, 81, EC, 98, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHAddToRecentDocs + C5 7CA3FC2F 8 Bytes [ FF, FF, 33, C0, 8D, BD, 72, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Win32DeleteFile + 4B 7CA40358 4 Bytes [ 84, 8C, 43, 02 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Win32DeleteFile + 50 7CA4035D 54 Bytes [ 56, 57, 6A, 60, 6A, 40, BF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Win32DeleteFile + 87 7CA40394 36 Bytes CALL 7CA402EA C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Win32DeleteFile + AC 7CA403B9 16 Bytes [ 55, 8B, EC, 56, FF, 75, 08, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Win32DeleteFile + BD 7CA403CA 13 Bytes [ 15, 58, 18, 9D, 7C, 85, C0, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathYetAnotherMakeUniqueName + 6B 7CA4073C 12 Bytes [ 0A, 00, 89, B5, C6, FB, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathYetAnotherMakeUniqueName + 78 7CA40749 78 Bytes [ FF, 8D, BD, C4, FB, FF, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathYetAnotherMakeUniqueName + C7 7CA40798 11 Bytes [ FF, 55, 8B, EC, 51, 56, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathYetAnotherMakeUniqueName + D3 7CA407A4 44 Bytes [ 16, 9D, 7C, 8B, 75, 08, 6A, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathYetAnotherMakeUniqueName + 100 7CA407D1 14 Bytes [ 5E, C9, C2, 08, 00, 8D, 85, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathCleanupSpec + 33 7CA408E7 63 Bytes [ FF, 6A, 00, 50, 6A, 00, E8, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathCleanupSpec + 73 7CA40927 12 Bytes [ F3, 33, C0, F3, A7, 0F, 84, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathCleanupSpec + 80 7CA40934 4 Bytes [ B5, D0, FD, FF ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathCleanupSpec + 85 7CA40939 18 Bytes CALL 7C9FF0BF C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathCleanupSpec + 98 7CA4094C 37 Bytes [ 8D, 95, DC, FB, FF, FF, 52, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetNewLinkInfoW + 20 7CA40972 16 Bytes [ 08, 50, FF, 51, 10, 8B, F0, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetNewLinkInfoW + 31 7CA40983 39 Bytes [ 51, 08, 81, FE, 01, 40, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetNewLinkInfoW + 59 7CA409AB 53 Bytes [ 8D, 44, 43, 02, 51, 50, E8, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetNewLinkInfoW + 8F 7CA409E1 12 Bytes [ FF, A5, A5, A5, A5, C7, 85, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetNewLinkInfoW + 9C 7CA409EE 26 Bytes [ 00, 00, 8B, 85, D4, F5, FF, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!StrStrIW + 58 7CA41007 106 Bytes JMP 7CA36F7A C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!StrStrIW + C4 7CA41073 5 Bytes [ 53, 8D, 45, FC, 50 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!StrStrIW + CA 7CA41079 79 Bytes [ 75, 0C, 8B, CE, FF, 75, 08, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!StrStrIW + 11A 7CA410C9 31 Bytes [ 75, 10, FF, 15, 34, 16, 9D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!StrStrIW + 13A 7CA410E9 18 Bytes [ EC, 81, EC, 38, 08, 00, 00, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFileInfo + 1 7CA4139A 47 Bytes [ 4D, 10, 56, 8B, 75, 0C, 57, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFileInfo + 31 7CA413CA 16 Bytes [ 50, 8D, 85, F4, FD, FF, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFileInfo + 42 7CA413DB 4 Bytes [ 8C, 9C, 00, 00 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFileInfo + 47 7CA413E0 30 Bytes [ 83, BD, F0, FD, FF, FF, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFileInfo + 66 7CA413FF 14 Bytes CALL 7C9FBF3F C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractIconW + 63 7CA416E9 17 Bytes [ 5D, 14, 89, 85, C0, F7, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractIconW + 75 7CA416FB 11 Bytes [ B5, D0, F7, FF, FF, 89, 85, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractIconW + 81 7CA41707 1 Byte [ 9D ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractIconW + 83 7CA41709 78 Bytes [ F7, FF, FF, 0F, 84, 13, 2F, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractIconW + D2 7CA41758 1 Byte [ D7 ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILGetNext + 2 7CA44251 8 Bytes CALL 7C9FD4FA C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILGetNext + B 7CA4425A 4 Bytes [ 74, FD, FF, FF ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILGetNext + 10 7CA4425F 15 Bytes [ 08, 50, FF, 51, 08, 8B, C7, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILGetNext + 21 7CA44270 3 Bytes [ 8B, FF, 55 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILGetNext + 25 7CA44274 52 Bytes [ EC, 81, EC, 24, 06, 00, 00, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ReadCabinetState + 1B 7CA445CF 81 Bytes [ 0C, 8B, C8, FF, 75, 08, E8, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ReadCabinetState + 6D 7CA44621 197 Bytes [ CC, 71, 9E, 7C, C7, 40, 04, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ReadCabinetState + 133 7CA446E7 12 Bytes [ 45, A0, 8B, 08, 50, FF, 51, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ReadCabinetState + 140 7CA446F4 28 Bytes [ 8B, 40, 04, C1, E0, 17, C1, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ReadCabinetState + 15F 7CA44713 110 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetPathFromIDList + 1 7CA44A12 113 Bytes [ F0, 85, F6, 7C, 15, FF, 75, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetPathFromIDList + 73 7CA44A84 6 Bytes [ 55, 8B, EC, 56, 8B, F1 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetPathFromIDList + 7A 7CA44A8B 24 Bytes [ 76, 04, FF, 75, 08, E8, 3A, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetPathFromIDList + 93 7CA44AA4 3 Bytes [ 27, DD, FB ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetPathFromIDList + 99 7CA44AAA 27 Bytes [ 0F, 84, 48, 66, 00, 00, 33, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHPropStgReadMultiple 7CA4788A 33 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHPropStgReadMultiple + 22 7CA478AC 12 Bytes [ F0, 85, F6, 0F, 84, 49, BB, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHPropStgReadMultiple + 2F 7CA478B9 12 Bytes [ 06, FF, 75, 0C, 56, FF, 10, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHPropStgReadMultiple + 3C 7CA478C6 114 Bytes [ 50, 08, 8B, C7, 5F, 5E, 5D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHPropStgReadMultiple + B0 7CA4793A 63 Bytes [ 0F, 84, 26, 74, 02, 00, 5D, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetRealIDL + C 7CA48B61 10 Bytes [ FB, FF, 90, 90, 90, 90, 90, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetRealIDL + 17 7CA48B6C 46 Bytes [ EC, 81, EC, 10, 02, 00, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetRealIDL + 46 7CA48B9B 18 Bytes [ 80, 00, 00, 3B, F8, 0F, 8F, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetRealIDL + 59 7CA48BAE 35 Bytes [ 00, 02, 00, 00, 0F, 84, 6B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetRealIDL + 7D 7CA48BD2 2 Bytes [ 00, 20 ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!FindExecutableW + 8F 7CA4F8B1 10 Bytes [ 55, 8B, EC, 56, 57, 68, 40, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!FindExecutableW + 9A 7CA4F8BC 3 Bytes [ 42, B9, FA ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!FindExecutableW + A0 7CA4F8C2 11 Bytes [ 59, 74, 55, FF, 75, 2C, 8B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!FindExecutableW + AC 7CA4F8CE 5 Bytes [ 75, 24, FF, 75, 20 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!FindExecutableW + B2 7CA4F8D4 8 Bytes [ 75, 1C, FF, 75, 14, FF, 75, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSettings 7CA4F941 3 Bytes [ 90, 90, 90 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSettings + 4 7CA4F945 4 Bytes [ FF, 55, 8B, EC ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSettings + C 7CA4F94D 35 Bytes [ 57, 8D, 46, 04, 50, FF, 15, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSettings + 30 7CA4F971 9 Bytes [ 55, 8B, EC, 51, 53, 56, 57, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSettings + 3A 7CA4F97B 71 Bytes [ 33, DB, 8D, 77, 08, 8B, 06, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHPathPrepareForWriteW + B 7CA50735 92 Bytes [ 00, 33, FF, 8D, 45, 08, 83, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHPathPrepareForWriteW + 68 7CA50792 40 Bytes [ 55, 8B, EC, 81, EC, 10, 02, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHPathPrepareForWriteW + 91 7CA507BB 39 Bytes [ F8, 83, C4, 0C, 3B, FB, 88, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHPathPrepareForWriteW + B9 7CA507E3 18 Bytes [ 34, 16, 9D, 7C, 53, 53, 68, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHPathPrepareForWriteW + CC 7CA507F6 67 Bytes [ FF, 50, 53, 53, FF, 15, 08, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DoEnvironmentSubstW + 4 7CA50AF3 4 Bytes [ 7D, 10, 89, 5D ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DoEnvironmentSubstW + 9 7CA50AF8 13 Bytes [ 74, 46, 39, 5D, FC, 75, 31, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DoEnvironmentSubstW + 17 7CA50B06 118 Bytes [ 75, 0C, 56, 53, 68, 00, 08, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DoEnvironmentSubstW + 8E 7CA50B7D 92 Bytes [ FC, 74, 55, 50, 8B, CB, E8, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellExecuteEx + 26 7CA50BDB 75 Bytes [ 00, 03, C7, 39, 43, 08, 5F, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellExecuteEx + 73 7CA50C28 48 Bytes [ 00, 8D, 45, F8, 50, 68, A0, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellExecuteEx + A4 7CA50C59 50 Bytes [ FF, 2B, 45, 0C, 1B, 55, 10, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellExecuteEx + D7 7CA50C8C 114 Bytes [ F1, C7, 06, 6C, 35, 9E, 7C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellExecuteEx + 14A 7CA50CFF 7 Bytes [ 33, C0, 3B, F7, 0F, 94, C0 ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellExecuteA + 13 7CA50EF3 48 Bytes [ EC, 81, EC, 0C, 02, 00, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellExecuteA + 44 7CA50F24 54 Bytes [ 8D, 85, F4, FD, FF, FF, 50, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellExecuteA + 7B 7CA50F5B 1 Byte [ F0 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellExecuteA + 7D 7CA50F5D 58 Bytes [ 6A, 01, FF, 75, 08, FF, 15, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellExecuteA + BA 7CA50F9A 6 Bytes [ 8B, FF, 55, 8B, EC, 83 ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!CommandLineToArgvW + A2 7CA5117A 9 Bytes [ 83, 7E, 20, 00, 57, 0F, 84, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!CommandLineToArgvW + AD 7CA51185 78 Bytes [ FF, 15, 04, 1E, 9D, 7C, 68, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!CommandLineToArgvW + FC 7CA511D4 77 Bytes [ 5D, 08, 56, 57, 8B, F1, 56, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!CommandLineToArgvW + 181 7CA51259 67 Bytes [ 00, 50, 89, 85, E0, FD, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!CommandLineToArgvW + 1C6 7CA5129E 55 Bytes [ B5, E4, FD, FF, FF, FF, B5, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + 7 7CA51D1D 32 Bytes [ 0C, 8B, 4D, 08, 80, E1, 03, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + 28 7CA51D3E 54 Bytes [ FE, FF, 3D, 43, 00, 07, 80, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + 5F 7CA51D75 88 Bytes [ 8B, F0, 8D, 7D, EC, A5, A5, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + B8 7CA51DCE 11 Bytes JMP 7C9FEE68 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + C4 7CA51DDA 81 Bytes [ 61, 00, 6E, 00, 74, 00, 73, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellAboutW + 3F 7CA724A2 138 Bytes [ 70, 00, 73, 00, 70, 00, 32, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellAboutA + 7B 7CA7252D 50 Bytes [ 00, 90, 90, 78, 00, 70, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellAboutA + AE 7CA72560 119 Bytes [ 70, 00, 68, 00, 6F, 00, 6E, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellAboutA + 126 7CA725D8 57 Bytes [ 30, 00, 00, 00, 6D, 00, 6D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellAboutA + 160 7CA72612 19 Bytes [ 30, 00, 30, 00, 00, 00, 73, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellAboutA + 174 7CA72626 1 Byte [ 70 ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHQueryRecycleBinW + 55 7CA75E44 62 Bytes [ FF, FF, 15, AC, 1C, 9D, 7C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHQueryRecycleBinA + 2 7CA75E83 33 Bytes [ 15, B0, 15, 9D, 7C, 8D, 86, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHQueryRecycleBinA + 24 7CA75EA5 21 Bytes [ 15, E4, 23, A0, 7C, 83, F8, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHQueryRecycleBinA + 3A 7CA75EBB 19 Bytes [ FF, 50, FF, 75, 14, E8, CB, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHQueryRecycleBinA + 4E 7CA75ECF 2 Bytes [ 8D, 85 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHQueryRecycleBinA + 51 7CA75ED2 66 Bytes [ FB, FF, FF, FF, 75, 10, FF, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHEmptyRecycleBinW + 2 7CA76182 6 Bytes [ FF, 53, E8, 3C, EE, FF ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHEmptyRecycleBinW + 9 7CA76189 30 Bytes [ 39, B5, DC, F9, FF, FF, 74, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHEmptyRecycleBinW + 29 7CA761A9 31 Bytes [ 18, 01, 00, 00, 74, 08, 39, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHEmptyRecycleBinW + 4A 7CA761CA 14 Bytes CALL 7CA73600 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHEmptyRecycleBinW + 59 7CA761D9 62 Bytes [ 8D, 1C, 9D, B8, 48, BE, 7C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHEmptyRecycleBinA + 2E 7CA76218 89 Bytes [ 35, A4, E5, BD, 7C, E8, 1A, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHEmptyRecycleBinA + 88 7CA76272 110 Bytes [ 56, 0F, 94, C1, 56, 56, 50, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHEmptyRecycleBinA + F7 7CA762E1 65 Bytes [ FF, 0F, 94, C0, 89, 41, 18, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHEmptyRecycleBinA + 139 7CA76323 5 Bytes [ FF, 8D, 85, DC, F7 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHEmptyRecycleBinA + 140 7CA7632A 54 Bytes CALL 7CA74ADC C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateStdEnumFmtEtc + 18 7CA76361 112 Bytes [ 85, C0, 0F, 84, 4A, 02, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateStdEnumFmtEtc + 89 7CA763D2 183 Bytes [ 8D, 85, DC, F7, FF, FF, 50, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateStdEnumFmtEtc + 141 7CA7648A 24 Bytes [ D8, BE, 04, 01, 00, 00, 56, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateStdEnumFmtEtc + 15A 7CA764A3 13 Bytes [ 08, FE, FF, FF, 50, 57, E8, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateStdEnumFmtEtc + 168 7CA764B1 63 Bytes [ 32, 68, 6C, 0B, 9E, 7C, 56, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!WriteCabinetState + 7E 7CA766AC 54 Bytes [ 15, 80, 1C, 9D, 7C, 85, C0, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!WriteCabinetState + B5 7CA766E3 15 Bytes [ FF, 00, EB, 0C, FF, 15, C4, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!WriteCabinetState + C5 7CA766F3 135 Bytes [ 83, BD, BC, F7, FF, FF, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!WriteCabinetState + 14D 7CA7677B 7 Bytes [ 15, 58, 1C, 9D, 7C, 57, 50 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!WriteCabinetState + 155 7CA76783 39 Bytes [ B5, D8, F7, FF, FF, 89, 85, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFreeNameMappings + F2 7CA786CA 73 Bytes [ FF, 8B, F8, 3B, FB, 89, 7D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFreeNameMappings + 13C 7CA78714 12 Bytes [ FF, FF, 85, C0, 74, 2E, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFreeNameMappings + 14B 7CA78723 4 Bytes [ 45, D8, 50, 68 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFreeNameMappings + 150 7CA78728 8 Bytes [ FF, FF, 7F, FF, B6, 1C, 02, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFreeNameMappings + 159 7CA78731 6 Bytes [ FF, 15, 00, F7, 9F, 7C ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateDirectory + C 7CA79DE5 18 Bytes [ 41, 56, 8B, 75, 08, 57, 6A, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateDirectoryExA + 4 7CA79DF8 23 Bytes CALL 7CA79C96 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateDirectoryExA + 1C 7CA79E10 15 Bytes [ 6A, 07, 68, 01, 04, 00, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateDirectoryExA + 2D 7CA79E21 2 Bytes [ D8, 1D ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateDirectoryExA + 31 7CA79E25 27 Bytes [ 5F, 5E, 33, C0, 5D, C2, 10, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateDirectoryExA + 4D 7CA79E41 101 Bytes [ 00, 8B, 41, 30, 57, C1, E0, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFileOperationW + 24 7CA7FD3E 27 Bytes [ 00, 8B, 86, A4, 00, 00, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFileOperationW + 41 7CA7FD5B 225 Bytes [ 00, C7, 46, 3C, 01, 00, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFileOperationW + 123 7CA7FE3D 11 Bytes [ A1, 48, E5, BD, 7C, 53, 56, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFileOperationW + 12F 7CA7FE49 8 Bytes [ FC, 8B, 45, 0C, 57, 8B, D8, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFileOperationW + 138 7CA7FE52 56 Bytes [ 40, 85, C0, BF, 00, 01, 00, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFileOperation + 4B 7CA8004D 41 Bytes [ FF, 8D, 85, F4, FD, FF, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFileOperation + 75 7CA80077 67 Bytes [ 85, F4, FD, FF, FF, 50, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFileOperation + B9 7CA800BB 56 Bytes [ FF, EB, 2B, 8B, 3D, A8, 1C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFileOperation + F2 7CA800F4 16 Bytes [ FF, 8B, 46, 40, 85, C0, 0F, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFileOperation + 103 7CA80105 36 Bytes [ FF, 00, 01, 00, 00, 75, 19, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Control_FillCache_RunDLL + 3D 7CA80B83 27 Bytes JMP 7CA807F3 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Control_FillCache_RunDLL + 59 7CA80B9F 88 Bytes [ 00, 50, 8D, 86, F4, 00, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Control_FillCache_RunDLL + B2 7CA80BF8 5 Bytes [ 50, 8D, 86, F4, 00 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Control_FillCache_RunDLL + B9 7CA80BFF 91 Bytes CALL 7CA7AF1B C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Control_FillCache_RunDLLW + 20 7CA80C5B 38 Bytes [ B5, 04, F9, FF, FF, E8, EE, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Control_FillCache_RunDLLW + 47 7CA80C82 29 Bytes [ 83, F8, FF, 74, 11, 8D, 8D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Control_FillCache_RunDLLW + 65 7CA80CA0 11 Bytes [ FF, 68, 04, 01, 00, 00, 50, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Control_FillCache_RunDLLW + 71 7CA80CAC 7 Bytes [ 8D, 85, B4, FD, FF, FF, 50 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Control_FillCache_RunDLLW + 79 7CA80CB4 108 Bytes [ 15, A8, 1C, 9D, 7C, 56, 8D, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHRunControlPanel + 2 7CA81803 15 Bytes [ 75, 08, 68, 90, CA, 9E, 7C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHRunControlPanel + 12 7CA81813 5 Bytes [ FF, 5D, C2, 1C, 00 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Control_RunDLL 7CA8181C 23 Bytes [ 90, 8B, FF, 55, 8B, EC, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Control_RunDLL + 18 7CA81834 16 Bytes [ FF, 75, 08, 68, D8, CA, 9E, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Control_RunDLL + 29 7CA81845 29 Bytes [ FF, 5D, C2, 1C, 00, 90, 90, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Control_RunDLL + 47 7CA81863 50 Bytes [ 7D, 0C, 89, 45, FC, 6A, 20, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Control_RunDLLW + 21 7CA81896 7 Bytes CALL CD24B5B8
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Control_RunDLLW + 29 7CA8189E 11 Bytes [ D6, 66, 85, C0, 74, 3C, 8B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Control_RunDLLW + 35 7CA818AA 7 Bytes [ 75, 34, 0F, B7, C0, 50, 53 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Control_RunDLLW + 3D 7CA818B2 36 Bytes [ D6, 66, 85, C0, 74, 09, 8B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Control_RunDLLAsUserW + 9 7CA818D7 80 Bytes [ 74, 07, 89, 5F, 08, 33, C0, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Control_RunDLLAsUserW + 5A 7CA81928 38 Bytes [ D6, 68, C4, 4E, 9E, 7C, 66, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Control_RunDLLAsUserW + 81 7CA8194F 80 Bytes [ 38, 66, 83, 65, BC, 00, 85, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Control_RunDLLAsUserW + D2 7CA819A0 131 Bytes [ 45, 10, 53, 8B, 5D, 0C, 56, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Control_RunDLLAsUserW + 158 7CA81A26 24 Bytes [ 08, 50, FF, D7, 66, 83, 66, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractIconEx + 7 7CA81F29 56 Bytes CALL 7CA81F2B C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DuplicateIcon + 2F 7CA81F62 3 Bytes [ 85, EC, FD ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DuplicateIcon + 33 7CA81F66 67 Bytes [ FF, 83, 20, 00, EB, 4D, 8B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DuplicateIcon + 78 7CA81FAB 131 Bytes [ 40, EB, 0D, 68, 70, E5, BD, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!FreeIconList + 46 7CA8202F 93 Bytes [ 85, C9, 74, 2A, 8B, 83, 14, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractIconResInfoW + 43 7CA8208D 14 Bytes [ 8B, B6, 3C, CB, 9E, 7C, 85, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractIconResInfoW + 52 7CA8209C 28 Bytes [ 00, 6A, 00, FF, 75, FC, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractIconResInfoW + 70 7CA820BA 35 Bytes [ A1, 48, E5, BD, 7C, 53, 8B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractIconResInfoW + 94 7CA820DE 18 Bytes [ 89, B5, D8, F9, FF, FF, E8, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractIconResInfoW + A7 7CA820F1 87 Bytes [ 26, 00, 00, 68, 01, 26, 00, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractIconResInfoA + 1B 7CA8256E 13 Bytes [ 85, EC, FB, FF, FF, 50, E8, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractIconResInfoA + 29 7CA8257C 15 Bytes [ EC, FB, FF, FF, 50, 8D, 85, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractIconResInfoA + 39 7CA8258C 5 Bytes [ FF, 8D, 85, D8, F7 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractIconResInfoA + 3F 7CA82592 2 Bytes [ FF, 50 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractIconResInfoA + 42 7CA82595 97 Bytes [ 15, 60, 1C, 9D, 7C, 8B, F8, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractAssociatedIconExW + 38 7CA825F7 55 Bytes [ 95, 5C, F7, FF, C9, C2, 04, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractAssociatedIconExW + 70 7CA8262F 23 Bytes [ 15, 84, 15, 9D, 7C, 85, C0, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractAssociatedIconExW + 88 7CA82647 20 Bytes [ 50, FF, 15, 80, 1C, 9D, 7C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractAssociatedIconExW + 9D 7CA8265C 33 Bytes [ 39, 5D, 10, B9, 14, 51, 9D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractAssociatedIconExW + BF 7CA8267E 64 Bytes CALL 0A24CE99
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractAssociatedIconExA + 20 7CA827AA 10 Bytes [ 75, 0C, FF, 75, 10, 53, 56, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractAssociatedIconExA + 2D 7CA827B7 24 Bytes [ F8, 56, FF, 15, 34, 16, 9D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractAssociatedIconExA + 48 7CA827D2 57 Bytes [ 00, 74, 16, FF, B5, EC, FD, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractAssociatedIconExA + 82 7CA8280C 5 Bytes [ 75, 08, E8, 1C, FF ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractAssociatedIconExA + 89 7CA82813 88 Bytes [ 5D, C2, 08, 00, 90, 90, 90, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractAssociatedIconW + F 7CA82888 41 Bytes [ 08, 57, 8B, 7D, 0C, 68, 08, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractAssociatedIconW + 39 7CA828B2 53 Bytes CALL 7CA820AB C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractIconA + 11 7CA828E8 56 Bytes [ 5D, C2, 10, 00, 90, 90, 90, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractIconA + 4A 7CA82921 26 Bytes [ FF, 8D, 85, E4, FB, FF, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!InternalExtractIconListW + 1 7CA8293C 13 Bytes [ 45, F8, FF, B5, E0, FB, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!InternalExtractIconListW + F 7CA8294A 163 Bytes [ FF, 33, C0, 40, EB, 05, 83, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!InternalExtractIconListW + B3 7CA829EE 82 Bytes [ 55, 8B, EC, 8B, 45, 14, 33, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!InternalExtractIconListW + 108 7CA82A43 41 Bytes [ 8B, FF, 55, 8B, EC, 53, 8B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractAssociatedIconA + 28 7CA82A6D 104 Bytes [ C0, 74, 1B, 8B, 4D, 14, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractAssociatedIconA + 91 7CA82AD6 165 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ExtractAssociatedIconA + 137 7CA82B7C 17 Bytes [ 00, 2B, D7, 79, 02, F7, DA, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DoEnvironmentSubstA + 4 7CA82B8E 78 Bytes [ CF, 2B, CA, 8B, D1, 0F, AF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DoEnvironmentSubstA + 53 7CA82BDD 1 Byte [ AF ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DoEnvironmentSubstA + 55 7CA82BDF 102 Bytes [ 0F, AF, C3, 33, D2, F7, F1, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DoEnvironmentSubstA + BC 7CA82C46 123 Bytes [ 7D, 18, 8B, 1D, 24, 11, 9D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDiskFreeSpaceA + 42 7CA82CC2 26 Bytes CALL 7BB0A2C6
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDiskFreeSpaceA + 5D 7CA82CDD 3 Bytes [ 45, 1C, FF ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDiskFreeSpaceA + 61 7CA82CE1 53 Bytes [ 08, FF, D3, 85, C0, 89, 45, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDiskFreeSpaceA + 97 7CA82D17 11 Bytes [ 75, F0, FF, 75, 08, FF, 15, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDiskFreeSpaceA + A3 7CA82D23 26 Bytes [ 75, EC, FF, D6, FF, 75, E4, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHHelpShortcuts_RunDLL + D 7CA82E5C 45 Bytes CALL 8BA82E64
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHHelpShortcuts_RunDLL + 3C 7CA82E8B 78 Bytes [ 08, FF, 15, 38, 12, 9D, 7C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHObjectProperties + 20 7CA82EDA 10 Bytes [ 76, 22, 6A, 00, FF, 75, FC, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHObjectProperties + 2B 7CA82EE5 76 Bytes [ 75, 08, FF, D3, 8B, 4D, 18, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHObjectProperties + 78 7CA82F32 93 Bytes [ 90, 8B, FF, 55, 8B, EC, 83, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHObjectProperties + D6 7CA82F90 31 Bytes [ 00, 3B, 4D, 10, 74, 1A, 0F, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHObjectProperties + F6 7CA82FB0 63 Bytes [ 66, 8B, 50, 02, 33, F6, 66, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellMessageBoxA + 8F 7CA8335D 24 Bytes [ FF, 0F, 84, A8, 01, 00, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellMessageBoxA + A8 7CA83376 8 Bytes [ 72, 09, 66, C7, 85, D0, FD, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellMessageBoxA + B1 7CA8337F 9 Bytes [ 0A, 00, 8B, F8, 8D, B5, CC, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellMessageBoxA + BB 7CA83389 11 Bytes [ A5, 83, C0, 06, 66, A5, 66, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellMessageBoxA + C7 7CA83395 12 Bytes [ FF, 89, 9D, DC, FD, FF, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFlushClipboard + 6 7CA833A2 23 Bytes [ 89, 85, D8, FD, FF, FF, 76, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFlushClipboard + 1E 7CA833BA 26 Bytes [ 15, F4, 14, 9D, 7C, 83, F8, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFlushClipboard + 39 7CA833D5 5 Bytes [ 8D, DC, FD, FF, FF ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFlushClipboard + 3F 7CA833DB 4 Bytes [ 95, D8, FD, FF ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFlushClipboard + 44 7CA833E0 11 Bytes [ 83, 85, D8, FD, FF, FF, 0E, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathIsSlowA + 40 7CA84091 10 Bytes [ 75, 08, 89, 5D, D8, FF, D6, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathIsSlowA + 4B 7CA8409C 37 Bytes [ 15, 50, 1E, 9D, 7C, 6A, 01, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathIsSlowA + 71 7CA840C2 101 Bytes [ 00, FF, 75, 08, FF, 15, B4, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathIsSlowA + D7 7CA84128 34 Bytes [ 80, EB, 0A, 8B, 45, 10, 8B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathIsSlowA + FA 7CA8414B 34 Bytes [ 15, 28, 16, 9D, 7C, 5D, C2, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathGetShortPath + 82 7CA844D0 2 Bytes [ 74, 16 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathGetShortPath + 86 7CA844D4 85 Bytes [ 18, FF, 75, 14, FF, 75, 10, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathGetShortPath + DC 7CA8452A 73 Bytes [ 35, 94, 14, 9D, 7C, 57, 8B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathGetShortPath + 126 7CA84574 51 Bytes [ 53, 8B, 5D, 0C, 56, 8B, 75, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathGetShortPath + 15A 7CA845A8 11 Bytes [ 57, 8D, 85, 24, FD, FF, FF, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!IsLFNDriveA 7CA845CA 50 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!IsLFNDriveA + 33 7CA845FD 50 Bytes [ C9, C2, 04, 00, 90, 90, 90, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathQualify + 1C 7CA84630 54 Bytes [ 8D, 85, 44, FF, FF, FF, 6A, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathQualify + 53 7CA84667 52 Bytes [ 00, 80, 68, 9C, 4D, BE, 7C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathQualify + 89 7CA8469D 30 Bytes [ FF, 51, 50, C7, 85, 68, FC, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathQualify + A8 7CA846BC 7 Bytes [ 04, 75, 0B, 39, 9D, 54, FC ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathQualify + B0 7CA846C4 103 Bytes JMP 7CA8478A C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathMakeUniqueName + 12 7CA84A0E 19 Bytes [ 08, 68, 68, 3A, A8, 7C, 68, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathMakeUniqueName + 26 7CA84A22 7 Bytes [ FF, 85, C0, 75, 29, 68, 00 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathMakeUniqueName + 2E 7CA84A2A 29 Bytes CALL 7C9FD243 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathMakeUniqueName + 4C 7CA84A48 2 Bytes [ DF, F9 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PathMakeUniqueName + 4F 7CA84A4B 42 Bytes [ FF, 85, C0, 75, 04, 33, C0, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PickIconDlg + 19 7CA858B0 29 Bytes [ 7D, 08, 89, 95, E0, FB, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PickIconDlg + 37 7CA858CE 7 Bytes [ 45, 0C, 8B, BD, D4, FB, FF ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PickIconDlg + 3F 7CA858D6 4 Bytes [ 8B, 9D, D0, FB ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PickIconDlg + 44 7CA858DB 10 Bytes [ FF, 03, C0, 89, 85, C8, FB, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PickIconDlg + 4F 7CA858E6 17 Bytes [ B5, DC, FB, FF, FF, 2B, C7, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHInvokePrinterCommandA + 5B 7CA86711 10 Bytes [ 15, 94, 1D, 9D, 7C, E9, E1, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHInvokePrinterCommandA + 66 7CA8671C 58 Bytes [ 35, 50, 1D, 9D, 7C, 6A, 0B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHInvokePrinterCommandA + A1 7CA86757 18 Bytes [ 15, 30, 11, 9D, 7C, 33, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHInvokePrinterCommandA + B4 7CA8676A 8 Bytes [ 76, 18, FF, 15, 2C, 11, 9D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHInvokePrinterCommandA + BD 7CA86773 210 Bytes CALL 7CA2AD72 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PrintersGetCommand_RunDLL + 3 7CA86846 36 Bytes [ A8, 7C, FF, 75, 08, 89, 5E, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PrintersGetCommand_RunDLL + 28 7CA8686B 168 Bytes [ 56, 89, 07, FF, 15, 34, 16, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PrintersGetCommand_RunDLLW + 4C 7CA86914 2 Bytes [ 75, 10 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PrintersGetCommand_RunDLLW + 4F 7CA86917 3 Bytes [ 45, F4, 50 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PrintersGetCommand_RunDLLW + 53 7CA8691B 8 Bytes [ 75, F8, FF, 75, FC, FF, 75, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PrintersGetCommand_RunDLLW + 5C 7CA86924 8 Bytes [ 75, 08, FF, 75, 18, FF, 55, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PrintersGetCommand_RunDLLW + 66 7CA8692E 64 Bytes [ 75, 2E, FF, D3, 83, F8, 7A, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHAddFromPropSheetExtArray + 2 7CA86CE8 109 Bytes [ 3C, 00, 00, 00, C7, 85, 54, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHReplaceFromPropSheetExtArray + 18 7CA86D56 74 Bytes [ F8, FF, 15, 00, 10, 9D, 7C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHReplaceFromPropSheetExtArray + 63 7CA86DA1 78 Bytes [ 80, 00, 00, 56, 89, 85, E4, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHReplaceFromPropSheetExtArray + B2 7CA86DF0 7 Bytes [ C7, 74, 38, 66, 39, 38, 74 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHReplaceFromPropSheetExtArray + BA 7CA86DF8 70 Bytes CALL 7CA4481B C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHReplaceFromPropSheetExtArray + 101 7CA86E3F 8 Bytes [ 08, 02, 00, 00, 8D, 85, EC, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreatePropSheetExtArray + 20 7CA86F36 95 Bytes [ D6, 8D, 44, 00, 02, 01, 45, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreatePropSheetExtArray + 80 7CA86F96 14 Bytes [ C6, 5B, 5F, 5E, C9, C2, 04, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreatePropSheetExtArray + 8F 7CA86FA5 104 Bytes [ 55, 8B, EC, 6A, 00, 68, 1F, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreatePropSheetExtArray + F8 7CA8700E 70 Bytes [ 55, 8B, EC, 81, EC, 3C, 08, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreatePropSheetExtArray + 13F 7CA87055 21 Bytes [ FF, FF, D7, 8D, 85, EC, FB, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DragQueryPoint + 1E 7CA870A9 69 Bytes [ 34, 16, 9D, 7C, EB, 0C, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DragFinish + 7 7CA870EF 56 Bytes [ 50, 8D, 85, EC, FB, FF, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DragQueryFile + 2F 7CA87128 43 Bytes [ 50, 56, 8D, 85, DC, F7, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DragQueryFile + 5B 7CA87154 17 Bytes [ B5, C8, F7, FF, FF, E8, DC, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DragQueryFile + 6D 7CA87166 18 Bytes [ 8D, 85, D4, F7, FF, FF, 50, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DragQueryFile + 80 7CA87179 52 Bytes [ 8B, 85, D4, F7, FF, FF, 3B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DragQueryFile + B5 7CA871AE 9 Bytes [ 74, 31, FF, 75, 10, 8D, 85, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!RestartDialogEx + 2D 7CA87895 17 Bytes [ 7E, 11, FF, 75, 14, FF, 75, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!RestartDialogEx + 3F 7CA878A7 44 Bytes [ FF, FF, 75, FC, FF, 15, 34, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!RestartDialogEx + 6D 7CA878D5 36 Bytes [ 90, 90, 90, 8B, FF, 55, 8B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!RestartDialogEx + 93 7CA878FB 11 Bytes [ 59, 89, 85, A4, FB, FF, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!RestartDialogEx + 9F 7CA87907 28 Bytes CALL 06A87907
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!RestartDialog + 7 7CA8815C 13 Bytes [ 75, 11, 53, C7, 05, 50, 49, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!RestartDialog + 15 7CA8816A 29 Bytes [ 15, 4C, 14, 9D, 7C, 57, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!RestartDialog + 33 7CA88188 21 Bytes [ 15, 0C, 16, 9D, 7C, C3, 90, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!RestartDialog + 49 7CA8819E 8 Bytes [ A1, 48, E5, BD, 7C, 89, 45, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!RestartDialog + 52 7CA881A7 22 Bytes [ 45, 08, 89, 85, 34, FD, FF, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHOpenPropSheetW + A 7CA88B1B 123 Bytes [ FF, 15, 78, 1D, 9D, 7C, 85, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHOpenPropSheetW + 86 7CA88B97 18 Bytes [ 6A, 01, 68, 10, F0, 00, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHOpenPropSheetW + 9B 7CA88BAC 50 Bytes [ 8B, 75, 10, 83, E6, F0, 81, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHOpenPropSheetW + CE 7CA88BDF 59 Bytes [ 35, A4, E5, BD, 7C, 89, 35, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHOpenPropSheetW + 10A 7CA88C1B 74 Bytes [ 14, 56, FF, 75, 08, C7, 05, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!CheckEscapesW + 85 7CA8A7FD 9 Bytes [ 75, 10, 74, 11, 56, 68, 58, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!CheckEscapesW + 8F 7CA8A807 8 Bytes [ 8D, 8D, 44, F9, FF, FF, 51, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!CheckEscapesW + 98 7CA8A810 66 Bytes [ 50, 10, 53, FF, 15, 0C, 16, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!CheckEscapesA + 32 7CA8A853 30 Bytes [ FF, 15, 3C, 1C, 9D, 7C, 83, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!CheckEscapesA + 51 7CA8A872 57 Bytes [ 55, 8B, EC, 51, 51, E8, 24, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!CheckEscapesA + 8B 7CA8A8AC 100 Bytes [ 15, 08, 16, 9D, 7C, 8D, 45, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!CheckEscapesA + F0 7CA8A911 92 Bytes [ 8D, B7, BC, 00, 00, 00, 8B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!StrCpyNA + 17 7CA8A96E 89 Bytes [ D6, 85, C0, 5E, 74, 0F, 50, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!StrNCmpW + 36 7CA8A9C9 27 Bytes [ F7, D8, 1B, C0, 23, 45, 08, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!StrNCmpW + 52 7CA8A9E5 53 Bytes [ 65, FC, 00, 56, 8B, 75, 08, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!StrNCmpA + 2 7CA8AA1B 105 Bytes CALL 7CBACA40 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!StrNCmpA + 6C 7CA8AA85 4 Bytes [ 35, A4, E5, BD ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!StrNCmpA + 71 7CA8AA8A 163 Bytes [ FF, 15, 54, 1D, 9D, 7C, 85, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!StrNCmpIA + 30 7CA8AB2E 26 Bytes [ 85, C0, 0F, 85, 6E, FF, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!StrNCmpIA + 4B 7CA8AB49 26 Bytes [ FF, 36, FF, 15, 34, 16, 9D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!StrNCmpIA + 66 7CA8AB64 145 Bytes [ 55, 8B, EC, 81, EC, CC, 05, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!StrNCpyA + 35 7CA8ABF6 30 Bytes [ 50, 68, 84, 51, 9D, 7C, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!StrRStrW + 4 7CA8AC15 54 Bytes [ 85, 4C, FA, FF, FF, 0F, B7, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!StrRStrW + 3B 7CA8AC4C 5 Bytes [ FF, 50, 68, 53, 33 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!StrRStrW + 41 7CA8AC52 354 Bytes [ 00, FF, 76, 34, FF, 15, 64, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheGetPathOffsetW + 75 7CA8ADB5 6 Bytes [ 00, 8D, 85, 50, FA, FF ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheGetDirW + 2 7CA8ADBC 35 Bytes [ 50, 53, 68, 80, 01, 00, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheGetDirW + 26 7CA8ADE0 15 Bytes [ 83, A5, 4C, FA, FF, FF, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheGetDirW + 36 7CA8ADF0 49 Bytes [ 00, 0F, 8E, 9A, 00, 00, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheGetDirW + 68 7CA8AE22 5 Bytes [ 00, E8, CD, 2B, F9 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheGetDirW + 6E 7CA8AE28 30 Bytes [ 8B, 9D, 34, FA, FF, FF, 8B, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheGetDirA + 29 7CA8AE85 150 Bytes [ 3B, 86, B8, 00, 00, 00, 0F, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheChangeDirW + 56 7CA8AF1C 84 Bytes [ 40, 5E, 5D, C2, 04, 00, 90, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580
    23 Août 2008 11:45:52

    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheChangeDirW + 56 7CA8AF1C 84 Bytes [ 40, 5E, 5D, C2, 04, 00, 90, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheChangeDirW + AB 7CA8AF71 5 Bytes [ 56, E8, C2, F9, FF ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheChangeDirW + B1 7CA8AF77 34 Bytes [ EB, 53, 57, 8B, 7D, 14, 57, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheChangeDirW + D4 7CA8AF9A 19 Bytes [ 15, 6C, 1E, 9D, 7C, EB, 2B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheChangeDirW + E8 7CA8AFAE 11 Bytes [ 70, 0C, EB, E7, 8B, 4D, 14, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheChangeDirA + A 7CA8B0B4 34 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheChangeDirA + 2D 7CA8B0D7 11 Bytes [ 00, 00, 04, 89, 45, FC, E8, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheChangeDirA + 39 7CA8B0E3 35 Bytes [ C0, 0F, 85, CF, 00, 00, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheGetCurDrive + 4 7CA8B107 92 Bytes [ 00, 00, 8D, 85, F8, FE, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheSetCurDrive + 3B 7CA8B164 12 Bytes [ 15, AC, 1C, 9D, 7C, EB, 06, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheSetCurDrive + 48 7CA8B171 74 Bytes [ 80, 8D, B9, FE, FF, FF, 40, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheFullPathA + 42 7CA8B1BC 2 Bytes [ 07, 80 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheFullPathA + 45 7CA8B1BF 59 Bytes [ 4D, FC, 5F, 5E, 5B, E8, C7, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheFullPathA + 81 7CA8B1FB 43 Bytes [ C3, 90, 90, 90, 90, 90, 8B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheFullPathA + AD 7CA8B227 81 Bytes [ 00, 00, 48, C7, 85, A0, FD, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheFullPathW + 4D 7CA8B279 38 Bytes [ 35, A4, E5, BD, 7C, FF, 15, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheFullPathW + 74 7CA8B2A0 32 Bytes [ 8B, D8, 85, DB, 74, 15, 8D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheFullPathW + 95 7CA8B2C1 10 Bytes CALL 7C9FBCAC C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheFullPathW + A0 7CA8B2CC 114 Bytes [ 8B, 4D, FC, 5E, 5B, E8, BA, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheGetDirExW + 5B 7CA8B33F 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheGetDirExW + 62 7CA8B346 48 Bytes [ 55, 8B, EC, 81, EC, 1C, 04, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheGetDirExW + 93 7CA8B377 4 Bytes [ C7, 85, E8, FB ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheGetDirExW + 98 7CA8B37C 23 Bytes [ FF, 02, 00, 00, 00, 50, 75, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheGetDirExW + B0 7CA8B394 9 Bytes [ 68, 08, 02, 00, 00, 50, E8, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheChangeDirExW + 33 7CA8B414 41 Bytes [ 8B, 4D, FC, 8B, 85, E8, FB, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheChangeDirExW + 5D 7CA8B43E 21 Bytes [ 4D, 14, 53, 8B, 5D, 08, 57, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheChangeDirExW + 73 7CA8B454 52 Bytes [ FF, 89, 85, 40, F7, FF, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheChangeDirExW + A8 7CA8B489 7 Bytes [ 00, 00, 8D, 85, 38, F7, FF ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheChangeDirExW + B0 7CA8B491 55 Bytes [ 50, 8D, 85, 44, F7, FF, FF, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheChangeDirExA + 1F 7CA8B684 196 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheChangeDirExA + E5 7CA8B74A 17 Bytes [ 0C, 8B, 45, 08, 83, C0, 10, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheChangeDirExA + FA 7CA8B75F 25 Bytes [ 90, 8B, FF, 55, 8B, EC, 8B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheChangeDirExA + 114 7CA8B779 36 Bytes [ FF, 55, 8B, EC, 56, 8B, 75, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheChangeDirExA + 139 7CA8B79E 59 Bytes CALL BDB52BC6
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!RegenerateUserEnvironment + 1B 7CA8C7D1 3 Bytes [ 85, F0, EF ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!RegenerateUserEnvironment + 20 7CA8C7D6 5 Bytes [ 50, 8D, 85, E8, EF ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!RegenerateUserEnvironment + 26 7CA8C7DC 9 Bytes [ FF, 50, FF, 36, 66, 89, BD, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!RegenerateUserEnvironment + 30 7CA8C7E6 10 Bytes [ FF, 66, C7, 85, F2, EF, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!RegenerateUserEnvironment + 3B 7CA8C7F1 5 Bytes [ 15, 10, 17, 9D, 7C ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!CallCPLEntry16 + 14 7CA8CBF6 98 Bytes [ 07, 00, 00, 00, 83, BD, D8, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!CallCPLEntry16 + 77 7CA8CC59 180 Bytes [ FF, EB, 13, 53, 8D, 85, F4, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!CallCPLEntry16 + 12C 7CA8CD0E 147 Bytes [ 8D, 85, D0, FD, FF, FF, 50, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!CallCPLEntry16 + 1C0 7CA8CDA2 172 Bytes [ FF, B5, DC, FD, FF, FF, E8, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!CallCPLEntry16 + 26D 7CA8CE4F 188 Bytes [ 45, 08, 56, 89, 85, E4, FD, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PifMgr_CloseProperties + 11 7CA91FBD 1 Byte [ C0 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PifMgr_CloseProperties + 13 7CA91FBF 77 Bytes [ 07, 66, 83, 4E, 02, FF, EB, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PifMgr_CloseProperties + 61 7CA9200D 50 Bytes [ 50, 6A, 40, 8D, 85, 64, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PifMgr_CloseProperties + 94 7CA92040 71 Bytes [ 85, 54, FF, FF, FF, FF, 48, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PifMgr_CloseProperties + DC 7CA92088 100 Bytes [ A8, FD, FF, FF, 8B, 45, 18, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PifMgr_GetProperties + 18 7CA926E0 11 Bytes CALL 7C9F828D C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PifMgr_GetProperties + 24 7CA926EC 22 Bytes [ 90, 90, 90, 90, 90, E8, BB, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PifMgr_GetProperties + 3B 7CA92703 15 Bytes [ FF, 55, 8B, EC, 68, 00, 20, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PifMgr_GetProperties + 4B 7CA92713 71 Bytes CALL 7CA3BE16 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PifMgr_GetProperties + 93 7CA9275B 78 Bytes [ 00, 74, 04, 33, C0, EB, 2C, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PifMgr_SetProperties + 43 7CA92F8A 46 Bytes [ 00, 75, 07, A1, 24, A1, BE, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PifMgr_SetProperties + 72 7CA92FB9 11 Bytes [ FF, 8B, F0, 85, F6, 75, 08, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PifMgr_SetProperties + 7E 7CA92FC5 10 Bytes [ 00, 00, 00, 8B, 4D, 0C, 83, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PifMgr_SetProperties + 8C 7CA92FD3 62 Bytes [ 40, 8B, 46, 10, A8, 01, 74, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PifMgr_SetProperties + CB 7CA93012 22 Bytes [ 8B, 46, 40, 83, F8, FF, 74, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PifMgr_OpenProperties + 11B 7CA93560 3 Bytes [ 15, 10, 1C ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PifMgr_OpenProperties + 11F 7CA93564 34 Bytes [ 7C, 85, C0, 74, 10, 83, C0, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PifMgr_OpenProperties + 143 7CA93588 34 Bytes [ C9, C3, 90, 90, 90, 90, 90, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PifMgr_OpenProperties + 166 7CA935AB 11 Bytes [ 51, 8D, 8D, EC, FB, FF, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!PifMgr_OpenProperties + 172 7CA935B7 18 Bytes [ 00, 53, 33, FF, 89, 45, FC, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheRemoveQuotesW + 6 7CA9B459 81 Bytes [ 4D, B8, 8B, 40, 04, C1, E9, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheRemoveQuotesA + 1C 7CA9B4AB 9 Bytes [ 75, B0, 89, 75, B4, FF, D3, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheRemoveQuotesA + 26 7CA9B4B5 84 Bytes [ 21, 8B, 45, AC, 8B, 48, 04, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheRemoveQuotesA + 7B 7CA9B50A 96 Bytes [ 89, 48, 22, 8D, 45, B4, 50, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheShortenPathW + 25 7CA9B56B 35 Bytes [ 75, B0, C7, 45, B4, 40, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheShortenPathW + 49 7CA9B58F 27 Bytes [ 83, 60, 02, 00, 6A, 04, 5E, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheShortenPathW + 65 7CA9B5AB 7 Bytes [ 75, B4, FF, D3, 85, C0, 75 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheShortenPathW + 6D 7CA9B5B3 172 Bytes [ 8B, 45, AC, 8B, 40, 04, 8B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheShortenPathW + 11A 7CA9B660 20 Bytes [ C9, C2, 04, 00, 90, 90, 90, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheShortenPathA + 1B 7CA9B714 31 Bytes [ 59, 9E, 7C, FF, 75, B4, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheShortenPathA + 3B 7CA9B734 61 Bytes [ 75, B4, FF, D6, 83, 65, AC, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheShortenPathA + 79 7CA9B772 135 Bytes [ 75, B4, FF, D6, 01, 5D, A8, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheShortenPathA + 101 7CA9B7FA 7 Bytes [ D6, 8B, 47, 04, 0F, B7, 48 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheShortenPathA + 109 7CA9B802 22 Bytes [ 0F, B7, 40, 10, 53, C1, E1, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheConvertPathW + 16 7CA9BAC4 17 Bytes [ 00, 80, 80, 80, 00, 8B, 42, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheConvertPathW + 28 7CA9BAD6 128 Bytes [ 8B, 42, 04, C7, 80, B4, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheConvertPathW + A9 7CA9BB57 9 Bytes [ EC, 20, FF, 75, 0C, 8D, 45, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheConvertPathW + B4 7CA9BB62 2 Bytes [ 14, 17 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SheConvertPathW + B9 7CA9BB67 61 Bytes [ 45, 08, 83, 65, F0, 00, 83, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!OpenAs_RunDLL 7CA9D501 3 Bytes [ 90, 90, 90 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!OpenAs_RunDLL + 4 7CA9D505 28 Bytes [ FF, 55, 8B, EC, 56, 8B, F1, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!OpenAs_RunDLL + 21 7CA9D522 9 Bytes [ 74, 6C, 83, F8, FC, 74, 0E, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!OpenAs_RunDLL + 2B 7CA9D52C 20 Bytes [ 74, 37, 83, F8, FE, 0F, 85, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!OpenAs_RunDLL + 40 7CA9D541 28 Bytes [ 15, 9C, 1A, 9D, 7C, 85, C0, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!OpenAs_RunDLLW + 2 7CA9D5BD 70 Bytes [ 15, DC, 1D, 9D, 7C, EB, 0E, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!OpenAs_RunDLLW + 49 7CA9D604 20 Bytes [ 76, 10, FF, 15, 68, 1D, 9D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!OpenAs_RunDLLW + 5E 7CA9D619 106 Bytes [ BB, 09, 35, 00, 00, 74, 1C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!OpenAs_RunDLLW + C9 7CA9D684 35 Bytes [ FF, 35, A4, E5, BD, 7C, B8, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!OpenAs_RunDLLW + ED 7CA9D6A8 66 Bytes CALL 7CA2D6A9 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Activate_RunDLL + 39 7CA9E575 6 Bytes [ 50, FF, B5, E0, FD, FF ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Activate_RunDLL + 40 7CA9E57C 53 Bytes CALL 44A9E57E
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Activate_RunDLL + 76 7CA9E5B2 37 Bytes [ C9, C2, 10, 00, 90, 90, 90, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Activate_RunDLL + 9C 7CA9E5D8 2 Bytes [ 95, 42 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Activate_RunDLL + A0 7CA9E5DC 18 Bytes [ 89, 85, E4, FD, FF, FF, 33, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHIsFileAvailableOffline + 4E 7CAA163E 75 Bytes [ FF, 8B, 08, 50, FF, 51, 08, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHIsFileAvailableOffline + 9A 7CAA168A 32 Bytes CALL 7C9FBAB6 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHIsFileAvailableOffline + BB 7CAA16AB 26 Bytes [ FC, FF, FF, 6A, 00, 56, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHIsFileAvailableOffline + D6 7CAA16C6 16 Bytes CALL 7CAA12F2 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHIsFileAvailableOffline + E7 7CAA16D7 147 Bytes [ 15, 34, 16, 9D, 7C, 33, C0, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHEnumerateUnreadMailAccountsW + 2F 7CAA1A09 83 Bytes CALL 7CAA1946 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHEnumerateUnreadMailAccountsW + 83 7CAA1A5D 62 Bytes [ 00, 00, 00, 96, 57, AA, 7C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHEnumerateUnreadMailAccountsW + C3 7CAA1A9D 6 Bytes [ 75, 08, E8, 40, 00, F8 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHEnumerateUnreadMailAccountsW + CA 7CAA1AA4 49 Bytes [ 8B, F0, 8B, 45, 08, 8B, 08, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHEnumerateUnreadMailAccountsW + FC 7CAA1AD6 41 Bytes [ 75, 10, FF, 75, 0C, FF, 75, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetAttributesFromDataObject + C8 7CAA1F19 63 Bytes [ 74, 0C, FF, B5, B0, FB, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetAttributesFromDataObject + 109 7CAA1F5A 24 Bytes [ 18, FF, 75, 14, FF, 75, 10, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetAttributesFromDataObject + 122 7CAA1F73 23 Bytes [ 74, 07, 6A, 00, FF, 75, 08, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetAttributesFromDataObject + 13A 7CAA1F8B 52 Bytes [ 55, 8B, EC, 56, FF, 75, 1C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetAttributesFromDataObject + 16F 7CAA1FC0 61 Bytes [ 8B, D8, 0F, B7, 05, C0, E9, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHPathPrepareForWriteA + 28 7CAA3DF4 16 Bytes [ 3B, C7, 89, 45, FC, 7C, 3A, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHPathPrepareForWriteA + 39 7CAA3E05 31 Bytes CALL 7CAA1C0E C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHPathPrepareForWriteA + 59 7CAA3E25 71 Bytes [ 45, 08, 03, F8, 57, FF, 76, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHPathPrepareForWriteA + A1 7CAA3E6D 28 Bytes [ 15, 30, 1E, 9D, 7C, 85, C0, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHPathPrepareForWriteA + BE 7CAA3E8A 30 Bytes CALL 7CA073CC C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetUnreadMailCountW + 2 7CAA40EA 56 Bytes CALL 7CA3D6FA C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetUnreadMailCountW + 3B 7CAA4123 4 Bytes [ FF, BE, 00, 04 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetUnreadMailCountW + 41 7CAA4129 2 Bytes [ 0F, 84 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetUnreadMailCountW + 44 7CAA412C 82 Bytes [ 01, 00, 00, 85, C0, 75, 03, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetUnreadMailCountW + 97 7CAA417F 6 Bytes [ 45, BC, 50, 6A, 12, 56 ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHSetUnreadMailCountW + 2C 7CAA4328 32 Bytes [ 8B, 0F, 80, E1, 01, F6, D9, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHSetUnreadMailCountW + 4D 7CAA4349 6 Bytes [ 68, 3C, 95, 9D, 7C, 50 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHSetUnreadMailCountW + 54 7CAA4350 53 Bytes [ D6, 8B, 07, 83, E0, 10, C1, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHSetUnreadMailCountW + 8B 7CAA4387 93 Bytes [ FF, 75, FC, FF, D6, 8B, 07, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHSetUnreadMailCountW + E9 7CAA43E5 99 Bytes [ 75, FC, FF, D6, 8B, 07, 25, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetShellStyleHInstance + 1 7CAA4785 49 Bytes [ 85, F0, FD, FF, FF, 5F, 5E, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetShellStyleHInstance + 33 7CAA47B7 42 Bytes [ 8B, 45, 14, 53, 8B, 5D, 10, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetShellStyleHInstance + 5E 7CAA47E2 18 Bytes [ FF, 15, 6C, 1C, 9D, 7C, 33, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetShellStyleHInstance + 71 7CAA47F5 21 Bytes [ 85, EC, FD, FF, FF, 89, BD, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetShellStyleHInstance + 88 7CAA480C 5 Bytes [ 89, BD, C4, FD, FF ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFormatDrive + 1F 7CAA76AC 62 Bytes [ 76, 30, FF, D7, 8B, 1D, DC, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFormatDrive + 5E 7CAA76EB 14 Bytes [ 76, 30, FF, D7, 50, FF, 15, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFormatDrive + 6D 7CAA76FA 100 Bytes [ 5F, C7, 06, 65, 00, 00, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFormatDrive + D2 7CAA775F 20 Bytes [ 15, 5C, 1D, 9D, 7C, 8B, F8, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFormatDrive + E9 7CAA7776 25 Bytes CALL 7CA06F6B C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!AppCompat_RunDLLW + 2 7CAA7DD9 11 Bytes [ FF, 51, 05, 20, 70, 00, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!AppCompat_RunDLLW + 10 7CAA7DE7 23 Bytes [ FF, 15, 54, 1D, 9D, 7C, 8D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!AppCompat_RunDLLW + 28 7CAA7DFF 12 Bytes JMP 7CAA7E98 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!AppCompat_RunDLLW + 35 7CAA7E0C 1 Byte [ FF ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!AppCompat_RunDLLW + 37 7CAA7E0E 22 Bytes CALL 7CAA7230 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!CDefFolderMenu_Create + 11 7CAA9571 212 Bytes [ 75, D0, FF, D3, 8B, 45, D0, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!CDefFolderMenu_Create2 + 47 7CAA9646 12 Bytes [ 15, 8C, 1D, 9D, 7C, 8B, 1D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!CDefFolderMenu_Create2 + 54 7CAA9653 75 Bytes [ D3, 8B, CE, 89, 45, F8, E8, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!CDefFolderMenu_Create2 + A0 7CAA969F 31 Bytes [ 76, 64, 50, 6A, 00, 51, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!CDefFolderMenu_Create2 + C0 7CAA96BF 269 Bytes [ D3, 85, FF, 7D, 08, 6A, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!CDefFolderMenu_Create2 + 1CE 7CAA97CD 8 Bytes [ 00, 83, F9, FF, 56, BE, 05, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DAD_AutoScroll + 17 7CAB492D 29 Bytes [ 85, C0, 74, 14, 81, 78, 04, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DAD_AutoScroll + 35 7CAB494B 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DAD_AutoScroll + 3C 7CAB4952 30 Bytes [ 55, 8B, EC, 53, 56, 8B, 35, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DAD_AutoScroll + 5B 7CAB4971 142 Bytes [ 00, 57, FF, D6, 53, 68, 2E, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DAD_AutoScroll + EA 7CAB4A00 66 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DAD_DragEnterEx + 3 7CABDCF3 122 Bytes [ F8, D1, F8, 03, D1, 3B, D3, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DAD_DragMove + 25 7CABDD6E 68 Bytes [ 03, 57, 57, 57, 57, FF, 75, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DAD_SetDragImage + 2A 7CABDDB3 52 Bytes [ 75, F8, FF, 75, 0C, FF, D3, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DAD_SetDragImage + 5F 7CABDDE8 24 Bytes CALL 7CA853EC C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DAD_SetDragImage + 78 7CABDE01 11 Bytes [ 75, F4, FF, 15, 58, 12, 9D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DAD_SetDragImage + 84 7CABDE0D 64 Bytes [ 15, 54, 12, 9D, 7C, FF, 75, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DAD_DragLeave + 2A 7CABDE4E 21 Bytes [ 55, 8B, EC, 56, 57, FF, 75, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DAD_DragLeave + 40 7CABDE64 13 Bytes CALL 7CABDC72 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DAD_DragLeave + 4E 7CABDE72 146 Bytes [ FF, 75, 10, FF, 76, 50, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHDoDragDrop + 80 7CABDF05 77 Bytes [ EB, 4B, 39, 44, BB, 58, 75, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHDoDragDrop + CE 7CABDF53 106 Bytes [ 44, BB, 58, 5F, 5B, 5D, C2, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHDoDragDrop + 139 7CABDFBE 53 Bytes [ D6, 8B, C7, 5F, 5E, C9, C2, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHDoDragDrop + 16F 7CABDFF4 10 Bytes [ 89, 5D, FC, 75, 6A, 57, E8, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHDoDragDrop + 17A 7CABDFFF 21 Bytes [ 83, F8, FF, 74, 5F, 6A, 00, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DllInstall + 77 7CAC0EEB 13 Bytes [ 15, 10, 10, 9D, 7C, 8B, F8, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DllInstall + 86 7CAC0EFA 47 Bytes [ FF, FF, B5, B8, FE, FF, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DllInstall + B6 7CAC0F2A 27 Bytes [ 90, 90, 40, 00, 78, 00, 70, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DllInstall + D2 7CAC0F46 97 Bytes [ 2C, 00, 2D, 00, 25, 00, 64, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!DllInstall + 134 7CAC0FA8 19 Bytes [ 77, 00, 73, 00, 5C, 00, 43, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHDefExtractIconA + 1D 7CAC3F13 27 Bytes [ 00, 50, 8D, 46, 38, 50, 8B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHDefExtractIconA + 39 7CAC3F2F 28 Bytes [ 85, C0, 74, 07, 8B, CF, E8, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHDefExtractIconA + 56 7CAC3F4C 43 Bytes [ 5F, 83, 7D, 0C, 05, 75, 0B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHDefExtractIconA + 82 7CAC3F78 18 Bytes CALL 7C9FB217 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHDefExtractIconA + 95 7CAC3F8B 118 Bytes [ 75, 1A, FF, 75, 14, C7, 46, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHValidateUNC + 3C 7CAC44FC 6 Bytes [ FF, 74, 0D, 81, F9, 38 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHValidateUNC + 43 7CAC4503 1 Byte [ FF ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHValidateUNC + 45 7CAC4505 12 Bytes JMP 7CAC4603 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHValidateUNC + 52 7CAC4512 21 Bytes [ 85, C0, 0F, 85, EB, 00, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHValidateUNC + 69 7CAC4529 63 Bytes CALL 7CAC2CBC C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SignalFileOpen + C 7CAC4C7C 30 Bytes [ 55, 8B, EC, 81, EC, AC, 03, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SignalFileOpen + 2B 7CAC4C9B 74 Bytes [ 15, 54, 1C, 9D, 7C, 8B, F0, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SignalFileOpen + 76 7CAC4CE6 3 Bytes [ F0, FA, 9E ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SignalFileOpen + 7A 7CAC4CEA 37 Bytes [ 8D, 85, 5C, FC, FF, FF, 50, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SignalFileOpen + A0 7CAC4D10 11 Bytes [ 10, 9D, 7C, 89, 9D, 58, FC, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!RealShellExecuteExW + 75 7CAC4E76 10 Bytes CALL 7CA00CEC C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!RealShellExecuteExW + 80 7CAC4E81 15 Bytes [ C0, 7C, 4F, 8D, 85, 54, FC, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!RealShellExecuteExW + 90 7CAC4E91 11 Bytes [ 50, 6A, 00, 6A, 02, 6A, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!RealShellExecuteExW + 9C 7CAC4E9D 23 Bytes [ FF, 50, 53, FF, 15, 70, 1B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!RealShellExecuteA + B 7CAC4EB5 11 Bytes [ 50, FF, 15, 24, 1C, 9D, 7C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!RealShellExecuteA + 17 7CAC4EC1 17 Bytes [ B6, EC, F9, 9E, 7C, 8D, 85, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!RealShellExecuteA + 29 7CAC4ED3 11 Bytes [ 83, C6, 08, 83, FE, 50, 0F, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!RealShellExecuteW + 2 7CAC4EDF 145 Bytes CALL 7CA11FEF C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellExecuteW + 61 7CAC4F71 115 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellExecuteW + D5 7CAC4FE5 205 Bytes [ 89, 45, 10, 75, 61, 6A, 20, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellExecuteW + 1A3 7CAC50B3 28 Bytes [ 75, 0C, FF, 15, 38, 1C, 9D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellExecuteW + 1C0 7CAC50D0 26 Bytes [ A1, 48, E5, BD, 7C, 56, 57, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellExecuteW + 1DB 7CAC50EB 18 Bytes CALL 7CA132E1 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!GetFileNameFromBrowse + 1E 7CAC6565 5 Bytes [ FF, 83, 8D, E0, F0 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!GetFileNameFromBrowse + 24 7CAC656B 8 Bytes [ FF, FF, 83, 8D, F4, F0, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!GetFileNameFromBrowse + 2D 7CAC6574 11 Bytes [ 89, B5, 10, F1, FF, FF, 8D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!GetFileNameFromBrowse + 39 7CAC6580 30 Bytes [ AB, AB, 33, C0, 89, B5, 20, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!GetFileNameFromBrowse + 58 7CAC659F 53 Bytes [ FF, 8D, BD, 54, F1, FF, FF, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILAppendID + 36 7CAC695B 3 Bytes [ D7, 50, 8D ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILAppendID + 3A 7CAC695F 38 Bytes [ EC, FB, FF, FF, 50, FF, 15, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILAppendID + 62 7CAC6987 3 Bytes [ E1, 4C, FC ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILAppendID + 66 7CAC698B 39 Bytes [ 85, C0, 0F, 85, 45, 04, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILAppendID + 8E 7CAC69B3 13 Bytes [ 85, 74, F1, FF, FF, 8B, 40, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILCreateFromPathA + 2 7CAC6B86 29 Bytes CALL 7CB272D8 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILCreateFromPathA + 20 7CAC6BA4 20 Bytes [ C7, 04, 07, 80, 75, 5F, 8B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILCreateFromPathA + 35 7CAC6BB9 7 Bytes [ FF, 8B, 50, 40, 8B, 40, 44 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILCreateFromPathA + 3D 7CAC6BC1 10 Bytes [ B5, 60, F1, FF, FF, 01, 85, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ILCreateFromPathA + 48 7CAC6BCC 26 Bytes [ FF, B5, 5C, F1, FF, FF, 11, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetSpecialFolderPathA + 29 7CAC8CDB 6 Bytes [ 00, 8B, CE, E8, 7A, F9 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderPathAndSubDirA + 2 7CAC8CE2 11 Bytes [ FF, 85, C0, 8B, 45, D8, 74, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderPathAndSubDirA + E 7CAC8CEE 78 Bytes CALL C9D85F26
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderPathAndSubDirA + 5E 7CAC8D3E 117 Bytes [ 85, C0, 8B, 4D, DC, 74, 20, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderPathAndSubDirA + D4 7CAC8DB4 125 Bytes [ FF, 76, 18, FF, 15, 30, 1E, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetFolderPathAndSubDirA + 152 7CAC8E32 74 Bytes [ 8D, 45, D4, 50, 8D, 45, C4, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHHandleUpdateImage + 46 7CACA04F 20 Bytes [ 15, 0C, 10, 9D, 7C, FF, B5, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHHandleUpdateImage + 5C 7CACA065 66 Bytes [ 00, 80, 0F, 85, 94, 00, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHHandleUpdateImage + 9F 7CACA0A8 69 Bytes [ FF, 50, 8B, 45, 08, 33, F6, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHHandleUpdateImage + E5 7CACA0EE 12 Bytes [ D3, 89, 85, D4, FB, FF, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHHandleUpdateImage + F2 7CACA0FB 16 Bytes [ FF, 15, 00, 10, 9D, 7C, 8B, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotifySuspendResume + 15 7CACA5E5 41 Bytes [ 76, 08, 57, FF, B5, F0, FD, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotifySuspendResume + 3F 7CACA60F 16 Bytes [ FF, 50, 68, 00, 80, 00, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotifySuspendResume + 50 7CACA620 14 Bytes [ 0D, FF, B5, EC, FD, FF, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotifySuspendResume + 5F 7CACA62F 1 Byte [ 76 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHChangeNotifySuspendResume + 61 7CACA631 4 Bytes [ FF, B5, F0, FD ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHUpdateImageW + 29 7CACA6DA 14 Bytes CALL 7C9FFEA4 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHUpdateImageW + 38 7CACA6E9 5 Bytes [ 8D, 85, F4, FD, FF ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHUpdateImageW + 3E 7CACA6EF 2 Bytes [ 50, FF ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHUpdateImageW + 41 7CACA6F2 30 Bytes [ 20, 1B, 9D, 7C, 85, C0, 74, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHUpdateImageW + 60 7CACA711 17 Bytes [ 15, 30, 1C, 9D, 7C, 39, 75, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHUpdateImageA + 1 7CACA7F1 72 Bytes [ 45, 10, 89, 85, EC, FD, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHUpdateImageA + 4A 7CACA83A 24 Bytes [ 00, F6, 46, 11, 01, 0F, 85, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHUpdateImageA + 63 7CACA853 60 Bytes [ 40, 00, 00, 6A, 00, 56, 6A, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHUpdateImageA + A0 7CACA890 16 Bytes CALL 7CACA56E C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHUpdateImageA + B1 7CACA8A1 38 Bytes [ FF, D7, 50, 6A, 40, 68, 32, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDataFromIDListA + 16 7CAD16B6 17 Bytes [ FF, EB, C4, C7, 45, FC, 0E, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDataFromIDListA + 28 7CAD16C8 35 Bytes [ F4, 83, C0, 04, 50, FF, 15, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDataFromIDListA + 4C 7CAD16EC 26 Bytes [ 55, 8B, EC, 51, 83, 65, FC, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDataFromIDListA + 67 7CAD1707 5 Bytes [ FF, 75, 0C, 8B, CF ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetDataFromIDListA + 6D 7CAD170D 107 Bytes [ 75, 08, FF, 75, FC, E8, 01, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetNewLinkInfo + 18 7CAD1937 97 Bytes [ 15, 40, 1C, 9D, 7C, EB, C8, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetNewLinkInfo + 7A 7CAD1999 26 Bytes [ 51, 0C, 8B, D8, 3B, DE, 0F, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetNewLinkInfo + 95 7CAD19B4 103 Bytes [ 15, 3C, 1A, 9D, 7C, 8B, D8, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetNewLinkInfo + FD 7CAD1A1C 123 Bytes JMP 7CAD1B12 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetNewLinkInfo + 179 7CAD1A98 78 Bytes [ 75, 0C, 68, 98, 22, 9E, 7C, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHOpenFolderAndSelectItems + 7B 7CAD1D59 28 Bytes [ 7C, 0E, 8B, 4D, FC, F7, D9, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateShellItem 7CAD1D76 7 Bytes [ 90, 90, 90, 90, 8B, FF, 55 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateShellItem + 8 7CAD1D7E 29 Bytes [ EC, 51, 83, 65, FC, 00, 8D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateShellItem + 26 7CAD1D9C 2 Bytes [ 4D, FC ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateShellItem + 29 7CAD1D9F 23 Bytes [ D9, 1B, C9, 83, E1, FE, 41, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateShellItem + 41 7CAD1DB7 20 Bytes [ 90, 90, 90, 8B, FF, 55, 8B, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateFileExtractIconW + 9 7CAD1EEB 18 Bytes [ 59, 8B, 55, 14, 89, 0A, C9, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateFileExtractIconW + 1C 7CAD1EFE 74 Bytes [ EC, 51, 83, 65, FC, 00, 8D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateFileExtractIconW + 67 7CAD1F49 66 Bytes [ 75, 0C, FF, 75, 08, 6A, 02, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateFileExtractIconW + AA 7CAD1F8C 79 Bytes [ 75, 08, 6A, 02, 6A, 0A, E8, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateFileExtractIconW + FA 7CAD1FDC 63 Bytes [ 4D, FC, F7, D9, 1B, C9, 83, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHAppBarMessage + 87 7CAD31A6 4 Bytes [ 8D, 85, 4C, FB ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHAppBarMessage + 8C 7CAD31AB 36 Bytes [ FF, 50, FF, 15, 7C, 15, 9D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHAppBarMessage + B1 7CAD31D0 82 Bytes [ FF, 5F, 5E, 8B, 4D, FC, 5B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHAppBarMessage + 104 7CAD3223 42 Bytes [ FF, 89, B5, C4, F9, FF, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHAppBarMessage + 12F 7CAD324E 31 Bytes [ 50, FF, 15, 4C, 1A, 9D, 7C, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHEnableServiceObject + 2 7CAD3291 100 Bytes [ D6, 8D, 85, F4, FD, FF, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetInstanceExplorer + 30 7CAD32F6 16 Bytes [ FF, 50, FF, 15, 14, 1B, 9D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetInstanceExplorer + 41 7CAD3307 24 Bytes [ 0F, 84, 33, 01, 00, 00, 66, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetInstanceExplorer + 5A 7CAD3320 12 Bytes [ FF, 50, FF, B5, CC, F9, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetInstanceExplorer + 67 7CAD332D 50 Bytes [ FF, 50, FF, D3, FF, B5, D0, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetInstanceExplorer + 9B 7CAD3361 15 Bytes CALL 7CA12BF6 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHBrowseForFolderW + 6 7CAD6267 16 Bytes [ 4F, F2, FF, 59, 8B, C6, 5E, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHBrowseForFolderW + 17 7CAD6278 94 Bytes [ C1, C7, 00, 74, 66, 9E, 7C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHBrowseForFolderW + 76 7CAD62D7 12 Bytes [ 50, 68, 00, 80, 00, 00, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHBrowseForFolderW + 83 7CAD62E4 78 Bytes [ B5, F0, FD, FF, FF, E8, 0C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHBrowseForFolderW + D3 7CAD6334 4 Bytes [ 08, 50, FF, 51 ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHBrowseForFolder + 6D 7CAD63C8 11 Bytes CALL 7CA374E3 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHBrowseForFolder + 79 7CAD63D4 18 Bytes [ 1D, 5C, 1D, 9D, 7C, 89, 85, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHBrowseForFolder + 8C 7CAD63E7 12 Bytes [ 50, 68, 44, 37, 00, 00, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHBrowseForFolder + 99 7CAD63F4 25 Bytes [ 15, 6C, 1D, 9D, 7C, 83, 66, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHBrowseForFolder + B3 7CAD640E 143 Bytes [ 15, DC, 1D, 9D, 7C, FF, 37, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!WOWShellExecute + 1 7CAD7881 4 Bytes [ 45, 10, 89, 18 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!WOWShellExecute + 7 7CAD7887 33 Bytes [ 14, 89, 18, 0F, 8C, 95, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!WOWShellExecute + 29 7CAD78A9 73 Bytes [ FF, 8B, F0, EB, 02, 33, F6, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!WOWShellExecute + 73 7CAD78F3 110 Bytes [ 51, 18, 8B, F8, EB, 05, BF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!WOWShellExecute + E2 7CAD7962 1 Byte [ 57 ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellExec_RunDLLW + 1C 7CAD7A98 3 Bytes [ 50, 6A, 00 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellExec_RunDLLW + 20 7CAD7A9C 40 Bytes CALL 7CB0C1AA C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellExec_RunDLLW + 49 7CAD7AC5 48 Bytes [ 51, 08, 8B, C6, 5E, 5D, C2, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellExec_RunDLLW + 7A 7CAD7AF6 7 Bytes [ FF, 75, 08, E8, 3F, FE, F3 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellExec_RunDLLW + 82 7CAD7AFE 45 Bytes [ 85, C0, 0F, 84, DB, 00, 00, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateProcessAsUserW + 14 7CAD8650 4 Bytes [ 25, 50, C3, 00 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateProcessAsUserW + 19 7CAD8655 23 Bytes [ 8D, 4D, FC, 51, 05, 30, 75, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateProcessAsUserW + 31 7CAD866D 10 Bytes [ 15, 9C, 1E, 9D, 7C, 68, 98, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateProcessAsUserW + 3C 7CAD8678 4 Bytes [ 75, 08, FF, 15 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateProcessAsUserW + 41 7CAD867D 23 Bytes [ 1D, 9D, 7C, 5E, C9, C2, 04, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHShellFolderView_Message + 2 7CAD9D22 5 Bytes [ FF, 04, 00, 00, 00 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHShellFolderView_Message + 8 7CAD9D28 18 Bytes [ 15, 2C, 1C, 9D, 7C, 85, C0, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHShellFolderView_Message + 1B 7CAD9D3B 7 Bytes [ FF, 6A, 01, FF, B5, F4, F7 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHShellFolderView_Message + 23 7CAD9D43 84 Bytes CALL 7CA22575 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHShellFolderView_Message + 78 7CAD9D98 68 Bytes [ FF, 15, 00, 10, 9D, 7C, 5F, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateShellFolderViewEx + 1F 7CADA1F1 8 Bytes [ 53, 8D, 85, F4, F9, FF, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateShellFolderViewEx + 28 7CADA1FA 3 Bytes [ 0D, 83, F4 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateShellFolderViewEx + 2C 7CADA1FE 25 Bytes [ F7, D8, 1B, C0, 83, E0, FC, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateShellFolderViewEx + 46 7CADA218 36 Bytes [ 85, F4, FB, FF, FF, 50, 8D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateShellFolderViewEx + 6B 7CADA23D 42 Bytes [ BB, 00, 01, 00, 00, 53, 8D, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFind_InitMenuPopup + 2 7CADBF94 93 Bytes [ 5E, 5D, C2, 08, 00, 90, 90, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFind_InitMenuPopup + 60 7CADBFF2 45 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFind_InitMenuPopup + 8E 7CADC020 44 Bytes CALL 7C9FBCAB C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFind_InitMenuPopup + BB 7CADC04D 36 Bytes [ 10, 89, 06, 74, 46, FF, 75, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFind_InitMenuPopup + E0 7CADC072 256 Bytes [ FF, FF, 85, C0, 74, 0A, 50, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFindFiles + 19 7CADD5D7 9 Bytes [ 46, 20, 8B, 08, 57, 8D, 55, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFindFiles + 23 7CADD5E1 17 Bytes [ 70, 60, 50, FF, 51, 14, 85, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFindFiles + 37 7CADD5F5 162 Bytes CALL 7CADD4E0 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFindFiles + DA 7CADD698 88 Bytes [ 89, 85, EC, FD, FF, FF, 8B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHFindFiles + 133 7CADD6F1 12 Bytes [ FD, FF, FF, 20, 0F, 84, A8, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHStartNetConnectionDialogW + 2 7CAE0CB5 48 Bytes [ 7C, 6B, 8B, 46, 14, 8B, 08, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHStartNetConnectionDialogW + 33 7CAE0CE6 94 Bytes [ B6, 34, 02, 00, 00, FF, 33, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHStartNetConnectionDialogW + 92 7CAE0D45 10 Bytes [ C9, C2, 0C, 00, 90, 90, 90, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHStartNetConnectionDialogW + 9D 7CAE0D50 29 Bytes [ 55, 8B, EC, 81, EC, B8, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHStartNetConnectionDialogW + BB 7CAE0D6E 125 Bytes [ FF, FF, 89, 45, FC, 8B, 43, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetIconOverlayIndexW + 3A 7CAE2C81 7 Bytes [ 74, 07, B8, 57, 00, 07, 80 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetIconOverlayIndexW + 42 7CAE2C89 56 Bytes [ 02, 33, C0, 5D, C2, 08, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetIconOverlayIndexW + 7B 7CAE2CC2 69 Bytes CALL 7CA376AB C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetIconOverlayIndexW + C1 7CAE2D08 92 Bytes CALL 7C9FBCAB C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetIconOverlayIndexA + 46 7CAE2D65 28 Bytes [ C6, 5E, 5D, C2, 0C, 00, 90, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetIconOverlayIndexA + 63 7CAE2D82 2 Bytes [ 8B, 75 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetIconOverlayIndexA + 66 7CAE2D85 23 Bytes [ 57, 8B, 7D, 0C, 89, 45, FC, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetIconOverlayIndexA + 7E 7CAE2D9D 2 Bytes [ A0, A1 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHGetIconOverlayIndexA + 82 7CAE2DA1 58 Bytes [ 8B, D8, 85, DB, 7C, 48, 68, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHPropStgCreate + 14 7CAE388A 31 Bytes [ 08, FF, 75, FC, 50, FF, 51, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHPropStgCreate + 34 7CAE38AA 102 Bytes [ FF, 55, 8B, EC, 8B, 45, 18, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHPropStgCreate + 9C 7CAE3912 24 Bytes [ 00, A1, 48, E5, BD, 7C, 53, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHPropStgCreate + B5 7CAE392B 12 Bytes [ FF, 05, 40, 00, 80, 33, C0, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHPropStgCreate + C2 7CAE3938 44 Bytes [ 55, 0C, 39, 11, 74, 0B, 40, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHPropStgWriteMultiple + 2 7CAE44D8 53 Bytes [ FF, 50, FF, D6, 53, 8D, 85, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHPropStgWriteMultiple + 38 7CAE450E 54 Bytes CALL 7CA35A55 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHPropStgWriteMultiple + 6F 7CAE4545 11 Bytes [ FF, 8D, 85, F4, FD, FF, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHPropStgWriteMultiple + 7B 7CAE4551 38 Bytes CALL 7CA1AF27 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHPropStgWriteMultiple + A2 7CAE4578 15 Bytes [ FF, FF, D6, 85, C0, 0F, 84, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHLimitInputEdit + 3B 7CAE51E5 27 Bytes [ 55, 8B, EC, 56, 57, FF, 75, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll
    23 Août 2008 11:56:56

    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHLimitInputEdit + 3B 7CAE51E5 27 Bytes [ 55, 8B, EC, 56, 57, FF, 75, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHLimitInputEdit + 57 7CAE5201 51 Bytes [ 85, C0, 74, 21, 33, F6, F6, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHLimitInputEdit + 8B 7CAE5235 10 Bytes [ 55, 8B, EC, 56, 8B, 75, 14, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHLimitInputEdit + 96 7CAE5240 43 Bytes [ 57, FF, 75, 10, BF, 05, 40, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHLimitInputEdit + C2 7CAE526C 31 Bytes [ EC, 56, 8B, 75, 14, 83, 26, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHMultiFileProperties + 22 7CAE55D1 1 Byte [ 59 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHMultiFileProperties + 24 7CAE55D3 69 Bytes [ 46, 14, 83, F8, FF, 74, 0B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHMultiFileProperties + 6A 7CAE5619 43 Bytes [ 59, 8B, C6, 5E, 5D, C2, 04, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHMultiFileProperties + 96 7CAE5645 9 Bytes [ 01, 89, 7D, FC, 74, 15, 8D, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHMultiFileProperties + A0 7CAE564F 135 Bytes [ 53, 8D, 45, 08, 50, 53, 68, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 6D 7CAE5DC4 5 Bytes [ FF, 33, C0, EB, 51 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 73 7CAE5DCA 66 Bytes [ 75, 14, 8B, 4D, 1C, 8D, 45, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + B6 7CAE5E0D 31 Bytes [ 75, 10, FF, 75, 0C, FF, 75, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + D6 7CAE5E2D 43 Bytes [ 57, 8B, F1, FF, 15, 30, 1E, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 102 7CAE5E59 168 Bytes JMP 7CAE6043 C:\WINDOWS\system32\SHELL32.dll (DLL commune du shell Windows/Microsoft Corporation)
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!FindExeDlgProc + 13 7CAEFB09 30 Bytes [ 55, 8B, EC, 53, 8B, 5D, 08, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!FindExeDlgProc + 32 7CAEFB28 34 Bytes [ 4D, 0C, 89, 01, 74, 47, 8B, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!FindExeDlgProc + 55 7CAEFB4B 16 Bytes JMP 0854EE52
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!FindExeDlgProc + 66 7CAEFB5C 100 Bytes [ 15, 18, F8, 9F, 7C, 33, C0, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!FindExeDlgProc + CB 7CAEFBC1 89 Bytes [ 00, 00, 39, 77, 10, 89, 75, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Options_RunDLL + 8 7CB6B11E 302 Bytes [ FF, AB, AB, AB, 8D, 85, D0, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Options_RunDLLW + 10B 7CB6B24D 2 Bytes [ 0F, D8 ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Options_RunDLLW + 10F 7CB6B251 30 Bytes [ 8B, F0, 85, F6, 75, 31, 57, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Options_RunDLLW + 12E 7CB6B270 2 Bytes CALL E6B6B278
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Options_RunDLLW + 132 7CB6B274 62 Bytes [ 6A, 0A, 56, FF, 15, 14, 1E, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!Options_RunDLLW + 171 7CB6B2B3 64 Bytes [ 75, D8, FF, 75, 08, FF, 15, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateLocalServerRunDll + 1 7CB6D08E 374 Bytes [ C6, 5E, C9, C2, 08, 00, 90, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateLocalServerRunDll + 17A 7CB6D207 69 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateLocalServerRunDll + 1C0 7CB6D24D 20 Bytes CALL 8C775851
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateLocalServerRunDll + 1D5 7CB6D262 56 Bytes [ 65, DC, 00, 83, 4D, E0, FF, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!SHCreateLocalServerRunDll + 20E 7CB6D29B 51 Bytes [ 75, EC, FF, 15, 2C, E2, BC, ... ]
    .text ...
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!ShellMessageBoxW + 1 7CBAB13D 32 Bytes [ D6, 53, 53, 68, 62, 04, 00, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!StrChrIW + 1 7CBAB15E 87 Bytes [ 77, 50, FF, D6, 50, FF, 75, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!StrRChrIW + 1 7CBAB1B6 87 Bytes [ 77, 08, FF, 15, A4, E4, BC, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!StrStrW + 17 7CBAB20E 28 Bytes [ 85, C0, 75, 13, FF, 75, 14, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!StrStrW + 37 7CBAB22E 51 Bytes [ 90, 8B, FF, 55, 8B, EC, 83, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!StrStrW + 6E 7CBAB265 16 Bytes [ 90, 8B, FF, 55, 8B, EC, 81, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!StrStrW + 7F 7CBAB276 38 Bytes [ 53, 8B, 1D, B4, 1D, 9D, 7C, ... ]
    .text C:\WINDOWS\system32\winlogon.exe[580] SHELL32.dll!StrStrW + A6 7CBAB29D 21 Bytes [ FF, 50, FF, 76, 50, FF, 15, ... ]
    .text ...

    ---- Devices - GMER 1.0.14 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs ino_flpy.sys (CA eTrust Antivirus/InoculateIT File System Mounting Filter Driver for Windows 2000/XP/.Net/Computer Associates)
    AttachedDevice \FileSystem\Fastfat \Fat ino_flpy.sys (CA eTrust Antivirus/InoculateIT File System Mounting Filter Driver for Windows 2000/XP/.Net/Computer Associates)

    ---- EOF - GMER 1.0.14 ----
    23 Août 2008 19:38:16

    re



    Rends toi sur ce lien : Virus Total
  • Clique sur Parcourir
  • Rends toi jusque sur ce fichier si tu le trouves :

    C:\WINDOWS\system32\winlogon.exe

  • Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image :
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.
    Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
    Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.


    lis:
    http://www.infos-du-net.com/forum/281791-11-forum-fige-...

    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS