problème virus Win32:Rootkit-gen [Rtk] ![réglé]

[jeanseb]

Bonjour,

J'ai un virus depuis quelques jours, Win32:Rootkit-gen [Rtk], dont je n'arrive pas à me défaire !
Avast le trouve sous C:\Windows\System32\Drivers\jreyftsl.sys mais n'arrive pas à le supprimer
J'ai aussi essayer avec Malewarebytes qui le supprime mais il réapparait malheureusement à chaque nouvelle session....
Quelqu'un peut m'aider svp ?
Merci beaucoup !!

Voici le rapport Hijackthis, si ça peut aider

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:09:22, on 20/01/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jean-Sébastien\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lequipe.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [TVAgent] "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/ph ... dfr-fr.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

--
End of file - 11418 bytes

[bernard53]

Bonsoir

Télécharge ComboFix <ICI>>

Pour les Utilisateurs de VISTA: Clic-droit et choisis "Exécuter en tant qu'administrateur".
Pour VISTA : pas d'installation de la console de récupération.

>> Lors de son exécution, ComboFix va vérifier si la Console de récupération Microsoft Windows est installée.

Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir préinstallée sur votre PC avant toute suppression de nuisibles.
Elle permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de vous aider plus facilement si jamais votre ordinateur rencontre un problème après une tentative de nettoyage.

Suis les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows, et lorsque cela est demandé, accepte le Contrat de Licence Utilisateur Final pour l'installer.
>> Une fois sur ton bureau double clique dessus pour le lancer.
Note importante : Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.

Lorsque le scan sera complet, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt

>>Ne pas cliquer dans la fenêtre de Combofix durant l’analyse, ceci provoquerait le gel du programme

[jeanseb]

Merci !
Voilà le rapport :

ComboFix 10-01-19.08 - Jean-Sébastien 20/01/2010 19:48:28.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3068.1957 [GMT 1:00]
Lancé depuis: c:\users\Jean-Sébastien\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1102783101-4160531540-3296191077-500
c:\$recycle.bin\S-1-5-21-3541030145-2230641323-1226403519-500
c:\windows\system32\oem9.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-20 au 2010-01-20 ))))))))))))))))))))))))))))))))))))
.

2010-01-20 18:54 . 2010-01-20 18:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-20 18:54 . 2010-01-20 18:54 -------- d-----w- c:\users\Claire\AppData\Local\temp
2010-01-18 20:44 . 2010-01-18 20:44 -------- d-----w- c:\programdata\clp
2010-01-17 13:54 . 2010-01-17 13:54 -------- d-----w- c:\users\Claire\AppData\Roaming\Malwarebytes
2010-01-17 12:03 . 2010-01-17 12:03 -------- d-----w- C:\rsit
2010-01-17 12:03 . 2010-01-17 12:03 -------- d-----w- c:\program files\trend micro
2010-01-16 17:41 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-16 17:41 . 2010-01-16 17:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-16 17:41 . 2010-01-16 17:41 -------- d-----w- c:\programdata\Malwarebytes
2010-01-16 17:41 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-15 18:12 . 2010-01-17 12:11 -------- d-----w- c:\windows\BDOSCAN8
2010-01-13 17:49 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 17:49 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-17 14:58 . 2009-01-21 05:18 669566 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-17 14:58 . 2009-01-21 05:18 123556 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-14 10:12 . 2009-10-02 17:27 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 21:30 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-06 20:12 . 2009-09-06 20:39 6836 ----a-w- c:\users\Claire\AppData\Local\d3d9caps.dat
2009-11-21 06:40 . 2009-12-09 20:40 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 20:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 20:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 20:40 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-09 13:22 . 2009-12-11 17:14 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:20 . 2009-12-11 17:13 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 11:04 . 2009-12-11 17:13 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-29 09:41 . 2009-11-25 18:56 2048 ----a-w- c:\windows\system32\tzres.dll
2009-01-21 05:37 . 2009-01-21 05:21 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-11-18 966656]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-24 1348904]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-28 1148200]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]
"UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-11-18 914224]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652]
"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-02-09 206120]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [23/08/2009 16:13 114768]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/05/30 04:47];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [28/11/2008 17:04 87536]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\AEstSrv.exe [02/03/2009 17:43 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [23/08/2009 16:13 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [23/08/2009 16:12 53328]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:23 21504]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [18/03/2008 15:24 19456]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [20/01/2009 23:37 365952]
R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [09/02/2009 17:14 296320]
R2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [09/02/2009 17:14 116096]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [20/01/2009 22:38 222512]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [04/09/2008 18:47 54784]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [23/10/2008 10:42 107360]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - jreyftsl

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.lequipe.fr/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
uInternet Settings,ProxyOverride = local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-20 19:54
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\jreyftsl]

.
Heure de fin: 2010-01-20 19:56:37
ComboFix-quarantined-files.txt 2010-01-20 18:56

Avant-CF: 229 854 580 736 octets libres
Après-CF: 230 222 512 128 octets libres

- - End Of File - - 16E9BC3FE6C558DF8C0A7C14B7203CFC

[bernard53]

Fait ceci.

Télécharge >>OTM<< (de Old_Timer) sur ton Bureau.


>> Pour VISTA : Clic-droit et choisis "Exécuter en tant qu'administrateur".

>> AVAST reconnait ce logiciel comme un intrus, donc le désactiver le temps des manipulations.

Double-clique sur OTM pour le lancer.

Copie la liste qui se trouve en citation ci-dessous:

:Reg
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\jreyftsl]
:Files

:Commands
[purity]
[emptytemp]

[Reboot]

et colle-la dans le cadre de gauche de OTM sous ceci:



Clique sur pour lancer la suppression.
attendre la fin du travail de l'outil puis fermer OTM

Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTM\MovedFiles\06092009_130526.log "Exemple"

NB: Il te sera peut-être demandé de redémarrer le pc pour achever la suppression.
si c'est le cas accepte par Oui/Yes.


Puis mets bien à jour MalwareBytes et refait un scan complet.

[jeanseb]

voici le rapport d'OTM

All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\jreyftsl\ not found.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Claire
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 476179289 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jean-Sébastien
->Temp folder emptied: 390789 bytes
->Temporary Internet Files folder emptied: 25868410 bytes
->Java cache emptied: 18085 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67444 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 479,00 mb


OTM by OldTimer - Version 3.1.6.0 log created on 01202010_201218

Files moved on Reboot...
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

et celui de Malewarebytes :

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3576
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18865

20/01/2010 20:23:09
mbam-log-2010-01-20 (20-23-09).txt

Type de recherche: Examen rapide
Eléments examinés: 109638
Temps écoulé: 3 minute(s), 51 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\system32\Drivers\jreyftsl.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

par contre il a de nouveau trouvé le fichier et j'ai du le supprimer, du coup je me demande s'il va pas revenir à nouveau ?

[jeanseb]

je viens de redémarrer et relancer malwarebytes, et il est toujours là !

[bernard53]

fait ceci.


Télécharge Gmer.exe

Clique sur Download EXE
Tu vas obtenir un fichier avec une suite de caractères.exe.
Tu cliques droit sur le fichier et Exécuter en tant qu'administrateur.
Tu cliques sur l'onglet Rootkit/Malware
Tu coches le disque C au minimum.
Tu coches tout et tu cliques sur "scan".
Laisse l'outil travailler, cela peut prendre un quart d'heure.
Quand le scan sera terminé, clique sur Save... , choisis le nom de ton choix pour le rapport ainsi que son dossier d'enregistrement pour le retrouver.
Tu l'ouvres et tu postes un copier-coller dans ta réponse

Tu supprimes les lignes en rouge s'il y en a.



Tu cliques droit sur la ligne et tu sélectionnes l'action appropriée : Delete File ou Delete the service selon le type de la colonne de gauche.

[jeanseb]

voici le rapport :

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-20 21:41:42
Windows 6.0.6001 Service Pack 1
Running: gmer.exe; Driver: C:\Users\JEAN-S~1\AppData\Local\Temp\ugtyapob.sys


---- Kernel code sections - GMER 1.0.15 ----

? System32\drivers\mjaeh.sys Le chemin d'accès spécifié est introuvable. !
? System32\Drivers\jreyftsl.sys Un périphérique attaché au système ne fonctionne pas correctement. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F40B000, 0x2311A4, 0xE8000020]
.text C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl section is writeable [0xA1C03000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl entry point in ".vmp2" section [0xA1C26050]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!DialogBoxIndirectParamW 76AEBD25 5 Bytes JMP 6F6943FF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!CreateWindowExW 76AF3D67 5 Bytes JMP 6F59D684 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!DialogBoxParamW 76B01FD5 5 Bytes JMP 6F4C541D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!DialogBoxParamA 76B280B2 5 Bytes JMP 6F69439C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!DialogBoxIndirectParamA 76B283DD 5 Bytes JMP 6F694462 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!MessageBoxIndirectA 76B3D471 5 Bytes JMP 6F694331 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!MessageBoxIndirectW 76B3D56B 5 Bytes JMP 6F6942C6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!MessageBoxExA 76B3D5D1 5 Bytes JMP 6F694264 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5848] USER32.dll!MessageBoxExW 76B3D5F5 5 Bytes JMP 6F694202 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!SetWindowsHookExW 76AE7B69 5 Bytes JMP 6F5997FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!CallNextHookEx 76AE8C33 5 Bytes JMP 6F58CE81 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!GetAsyncKeyState 76AE8DF4 5 Bytes JMP 6F4B90DB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!DialogBoxIndirectParamW 76AEBD25 5 Bytes JMP 6F6943FF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!SendInput 76AEBEE7 5 Bytes JMP 6F69584B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!EndDialog 76AEC178 5 Bytes JMP 6F4C7DD6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!EnableWindow 76AEDC79 5 Bytes JMP 6F59D89D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!CreateWindowExW 76AF3D67 5 Bytes JMP 6F59D684 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!GetKeyState 76AF87C7 5 Bytes JMP 6F59CE4B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!IsDialogMessageW 76AF99AE 5 Bytes JMP 6F4C592F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!CreateDialogParamA 76B016FD 5 Bytes JMP 6F695084 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!IsDialogMessage 76B0179A 5 Bytes JMP 6F694920 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!DialogBoxParamW 76B01FD5 5 Bytes JMP 6F4C541D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!CreateDialogIndirectParamA 76B027CD 5 Bytes JMP 6F6950BB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!CreateDialogIndirectParamW 76B09AFA 5 Bytes JMP 6F6950F2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!UnhookWindowsHookEx 76B108BE 5 Bytes JMP 6F504620 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!CreateDialogParamW 76B11C58 5 Bytes JMP 6F59DA10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!SetKeyboardState 76B11ECE 5 Bytes JMP 6F694C8F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!SetCursorPos 76B26F1A 5 Bytes JMP 6F69589F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!DialogBoxParamA 76B280B2 5 Bytes JMP 6F69439C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!DialogBoxIndirectParamA 76B283DD 5 Bytes JMP 6F694462 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!MessageBoxIndirectA 76B3D471 5 Bytes JMP 6F694331 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!MessageBoxIndirectW 76B3D56B 5 Bytes JMP 6F6942C6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!MessageBoxExA 76B3D5D1 5 Bytes JMP 6F694264 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!MessageBoxExW 76B3D5F5 5 Bytes JMP 6F694202 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!keybd_event 76B3D93C 5 Bytes JMP 6F695BCF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] SHELL32.dll!SHRestricted + DFD 77018390 4 Bytes [4D, 30, E3, 67]
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] SHELL32.dll!SHRestricted + E05 77018398 8 Bytes [57, 2F, E3, 67, 9C, 5B, E2, ...] {PUSH EDI; DAS ; JECXZ 0x6b; PUSHF ; POP EBX; LOOP 0x6f}
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] ole32.dll!OleLoadFromStream 76359726 5 Bytes JMP 6F694780 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] ole32.dll!CoCreateInstance 7638E188 5 Bytes JMP 6F59D6E0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[692] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 001F0002
IAT C:\Windows\system32\services.exe[692] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 001F0000
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [67E182F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [67E182F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [67E21AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [67E2007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [67E1E1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [67E20994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [67E1EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [67E1A3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [67E21D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [67E23ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [67E22999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [67E23035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [67E1FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [67E1E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [67E1DC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [67E1FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [67E182F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [67E1D4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [67E2FBB3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [67E3051D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [67E2EB3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [67E2F817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [67E2EF31] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [67E2E5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [67E2ED95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [67E2007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [67E1FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [67E1E1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [67E182F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [67E1FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [67E1E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [67E21AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [67E1EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindClose] [67E23ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [67E22CD2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [67E22926] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [67E23035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [67E22999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] [67E1BD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryA] [67E2173F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesA] [67E1BFCD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryA] [67E20F0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryA] [67E214E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] [67E1ED1B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] [67E1BEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryW] [67E21D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesW] [67E1C0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryW] [67E2103D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] [67E1EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] [67E20994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryW] [67E21614] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] [67E20921] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [67E182F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [67E1FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [67E1A073] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [67E1A3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [67E1E717] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [67E1E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [67E1FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [67E1FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [67E20C95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [67E1DC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [67E1D4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [67E1D361] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [67E1EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [67E2007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [67E1C0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [67E1E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [67E23035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [67E22999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [67E21AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [67E1BEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [67E1BFCD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [67E1E717] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [67E22CD2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [67E22926] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [67E23ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [67E223A5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [67E1BD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [67E1FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [67E182F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [67E1FAAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [67E1F973] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [67E2ED95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [67E2E43D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [67E2EDE8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [67E2F9B7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [67E2E9C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [67E2E5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [67E2EB3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [67E3020D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [67E2F4DB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [67E2EF31] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [67E2FBB3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [67E2F817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [67E3051D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [67E2FF19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [67E30085] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [67E30395] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [67E2FDAF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [67E2F677] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [67E1CFA8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [67E22999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [67E20C95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [67E1D22A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [67E1D9DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [67E1DC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [67E1EB68] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [67E1E1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [67E1CAA7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [67E2007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [67E1A3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [67E20994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [67E23035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [67E23ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [67E1C709] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [67E1BD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [67E21AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [67E1CD20] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [67E1D4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [67E21614] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [67E2103D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [67E1EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [67E1C0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [67E1BEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [67E209B9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [67E1C848] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [67E1FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [67E1E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [67E1C368] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [67E1FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [67E1C5D8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [67E21D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [67E1F0D0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [67E1FAAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [67E1F5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [67E265DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [67E2620B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [67E27595] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [67E260AE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [67E2615B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [67E275E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [67E26533] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [67E2799A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [67E2684F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [67E26E45] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [67E26AFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [67E26B47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [67E27281] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [67E26716] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [67E271ED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [67E27021] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [67E27FBE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [67E27159] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [67E268E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsSystemFolderW] [67E26BE2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [67E26803] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [67E26F81] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [67E263A5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [67E280BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [67E28513] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [67E28176] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [67E27BA4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [67E28235] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [67E2697F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [67E26DAD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [67E26D15] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [67E2731F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [67E26EDD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [67E26C7D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [67E26AAF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [67E278EA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [67E263F4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [67E276D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [67E28732] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [67E2777E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [67E27831] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [67E2667B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [67E27636] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [67E1BB38] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [67E23ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [67E23035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [67E2007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [67E21AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [67E1A3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [67E1EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [67E1C848] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [67E1C368] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [67E1E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [67E1FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [67E1BEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [67E1FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [67E182F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [67E182F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [67E28235] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [67E281D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [67E272CD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [67E275E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [67E276D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [67E265DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [67E2788F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [67E286D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [67E278EA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [67E28732] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [67E26533] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [67E182F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ws2_32.dll [KERNEL32.dll!GetProcAddress] [67E182F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [67E182F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [67E182F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [67E182F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [67E182F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

j'ai une ligne en rouge : service (*** hidden *** ) [BOOT] jreyftsl
mais il veut pas la supprimer "syntaxe du nom de fichier, répertoire ou volume incorrecte"

misère

[bernard53]

fait ceci s.t.p

1) Télécharge mbr.exe de Gmer ici : http://www2.gmer.net/mbr/mbr.exe

et enregistre le fichier sur le Bureau.


Désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
Double clique sur mbr.exe
Un rapport sera généré : mbr.log
En cas d'infection, ce message "MBR rootkit code detected" va apparaitre.

Dans le menu Démarrer- Exécuter tape : "%userprofile%\Bureau\mbr" -f
Dans le mbr.log cette ligne apparaitra "original MBR restored successfully !"

Réactive tes protections
Poste ce rapport et supprimes-le ensuite.

Pour vérifier

Désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
Relance mbr.exe

Réactive tes protections.

Le nouveau mbr.log devrait être celui-ci :

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user & kernel MBR OK

[jeanseb]

voici le rapport, après avoir coupé l'antivirus :

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: MBR read successfully

Par contre j'arrive pas à utiliser le chemin "%userprofile%\Bureau\mbr" -f avec la commande executer.
Il le retrouve pas.

[bernard53]

bon fait ceci qui devrait supprimer ce Rootkit cette fois.

Ouvre le Menu Démarrer > Exécuter (Touche Windows+ R : en raccourci)

Dans la boîte de dialogue, copie/colle tout ce qui est en citation ci-dessous :

fsutil file createnew "%userprofile%\desktop\CFScript.txt" 0

Puis valide

2/ Ouvre CFScript.txt (sur ton Bureau) . > copie dedans cette nouvelle citation :

KillAll::

Rootkit::
C:\Windows\system32\Drivers\jreyftsl.sys

File::
C:\Windows\system32\Drivers\jreyftsl.sys

RegLockDel::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\jreyftsl]

Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture:




Une fenêtre bleue va apparaître et ComboFix vas de nouveau faire une analyse.

Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

[jeanseb]

je fais comme tu me dis mais après avoir executer la commande, une fenêtre s'ouvre 1quart de sec, et disparait.
Aucun fichier n'apparait ensuite sur le bureau, ni dans le PC après avoir fait "rechercher".
As tu une nouvelle idée stp ? Merci encore !

[bernard53]

tu as fait ma deuxième demande ci dessus sur Combofix?

[jeanseb]

.....
voici le nouveau rapport :
ComboFix 10-01-20.07 - Jean-Sébastien 21/01/2010 20:41:38.2.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3068.1899 [GMT 1:00]
Lancé depuis: c:\users\Jean-Sébastien\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Jean-Sébastien\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\Drivers\jreyftsl.sys"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Drivers\jreyftsl.sys

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_jreyftsl
-------\Service_jreyftsl


((((((((((((((((((((((((((((( Fichiers créés du 2009-12-21 au 2010-01-21 ))))))))))))))))))))))))))))))))))))
.

2010-01-21 19:46 . 2010-01-21 19:46 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-21 19:46 . 2010-01-21 19:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-21 19:46 . 2010-01-21 19:46 -------- d-----w- c:\users\Claire\AppData\Local\temp
2010-01-20 19:12 . 2010-01-20 19:12 -------- d-----w- C:\_OTM
2010-01-18 20:44 . 2010-01-18 20:44 -------- d-----w- c:\programdata\clp
2010-01-17 13:54 . 2010-01-17 13:54 -------- d-----w- c:\users\Claire\AppData\Roaming\Malwarebytes
2010-01-17 12:03 . 2010-01-17 12:03 -------- d-----w- C:\rsit
2010-01-17 12:03 . 2010-01-17 12:03 -------- d-----w- c:\program files\trend micro
2010-01-16 17:41 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-16 17:41 . 2010-01-16 17:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-16 17:41 . 2010-01-16 17:41 -------- d-----w- c:\programdata\Malwarebytes
2010-01-16 17:41 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-15 18:12 . 2010-01-17 12:11 -------- d-----w- c:\windows\BDOSCAN8
2010-01-13 17:49 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 17:49 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-17 14:58 . 2009-01-21 05:18 669566 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-17 14:58 . 2009-01-21 05:18 123556 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-14 10:12 . 2009-10-02 17:27 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 21:30 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-06 20:12 . 2009-09-06 20:39 6836 ----a-w- c:\users\Claire\AppData\Local\d3d9caps.dat
2009-11-21 06:40 . 2009-12-09 20:40 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 20:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 20:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 20:40 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-09 13:22 . 2009-12-11 17:14 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:20 . 2009-12-11 17:13 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 11:04 . 2009-12-11 17:13 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-29 09:41 . 2009-11-25 18:56 2048 ----a-w- c:\windows\system32\tzres.dll
2009-01-21 05:37 . 2009-01-21 05:21 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-11-18 966656]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-24 1348904]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-28 1148200]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]
"UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-11-18 914224]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652]
"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-02-09 206120]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [23/08/2009 16:13 114768]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/05/30 04:47];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [28/11/2008 17:04 87536]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\AEstSrv.exe [02/03/2009 17:43 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [23/08/2009 16:13 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [23/08/2009 16:12 53328]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:23 21504]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [18/03/2008 15:24 19456]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [20/01/2009 23:37 365952]
R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [09/02/2009 17:14 296320]
R2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [09/02/2009 17:14 116096]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [20/01/2009 22:38 222512]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [04/09/2008 18:47 54784]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [23/10/2008 10:42 107360]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.lequipe.fr/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
uInternet Settings,ProxyOverride = local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 20:48
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\windows\system32\WLANExt.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Heure de fin: 2010-01-21 20:54:29 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-01-21 19:54
ComboFix2.txt 2010-01-20 18:56

Avant-CF: 231 575 392 256 octets libres
Après-CF: 231 661 715 456 octets libres

- - End Of File - - 0DE8BE15A34F017C6772B0175821CD53

[bernard53]

OK fait ceci.

Fait ceci pour supprimer les logiciels qui ont servis à cette désinfection.

>> Télécharge ToolsCleaner (de A.Rothstein & dj QUIOU) http://pc-system.fr/TC/ToolsCleaner2.exe

>> Double-clique dessus pour lancer le programme

>> Clique sur Recherche et laisse le scan se terminer (il peut durer une dizaine de minutes au maximum).

>> Une fois la recherche lancée, ne clique pas dans la fenêtre, cela provoquerait un léger bug du programme.

>> Si toutes fois la mention (ne réponds pas) apparaissait dans le titre de la fenêtre ToolsCleaner, ne t'en occupes pas et laisse quand même le programme terminer son travail

** Clique sur Suppression pour finaliser.

• Tu peux, si tu le souhaites, te servir des Options facultatives.

**Poste-moi le rapport qui apparait

Puis refait un nouveau scan avec MalwaresBytes et dis moi s'il détectes encore cet intrus.