Virus bloquant AV, hijack, spybots.... invincible?
Dernière réponse : dans Sécurité
Salut,
Je pense être tombé sur un sacré bestiaux. J'ai laissé accès à mon pc à ma soeur et je sais pas ou elle a déniché ça mais :
- J'ai une message d'erreur au démarrage disant qu'on ne peut pas lire la disquette (lecteur A)
- Mon PC est très ralenti
- Des lignes floues balaye lentement mon fond d'écran
- Je ne peux plus ouvrir l'antivirus installé, ni d'antivirus online, spybot... je ne peux même pas installer hijack
Je ne sais plus par quel bout prendre le problème, un peu d'aide serait la bienvenue.
Merci
Je pense être tombé sur un sacré bestiaux. J'ai laissé accès à mon pc à ma soeur et je sais pas ou elle a déniché ça mais :
- J'ai une message d'erreur au démarrage disant qu'on ne peut pas lire la disquette (lecteur A)
- Mon PC est très ralenti
- Des lignes floues balaye lentement mon fond d'écran
- Je ne peux plus ouvrir l'antivirus installé, ni d'antivirus online, spybot... je ne peux même pas installer hijack
Je ne sais plus par quel bout prendre le problème, un peu d'aide serait la bienvenue.
Merci
Autres pages sur : virus bloquant hijack spybots invincible
Lassé par la pub ? Créez un compte
Salut,
Télécharge ELIBAGLA au bas de cette page. Il est préférable pour certains antivirus de les désactiver avant d’entâmer cette procédure !
Clique sur le Descargar Elibagla afin de télécharger le fichier, enregistre-le sur ton bureau.
Lance le en double cliquant dessus.
Vérifie que dans le menu déroulant Unidad, il y ait bien C:\![]()
L'option Eliminar Ficheros Automaticamente doit également être cochée.
Clique sur Explorar pour lancer l'analyse.
Poste le rapport généré en fin fin d'analyse.
Télécharge Hijackthis
Dézippe le dans un dossier sur ton bureau.
Double clique sur celui-ci.
Puis "Do a system scan and save a logfile" et poste le rapport.
Tuto HiJackThis
Télécharge ELIBAGLA au bas de cette page. Il est préférable pour certains antivirus de les désactiver avant d’entâmer cette procédure !
Clique sur le Descargar Elibagla afin de télécharger le fichier, enregistre-le sur ton bureau.
Lance le en double cliquant dessus.
Vérifie que dans le menu déroulant Unidad, il y ait bien C:\
L'option Eliminar Ficheros Automaticamente doit également être cochée.
Clique sur Explorar pour lancer l'analyse.
Poste le rapport généré en fin fin d'analyse.
Télécharge Hijackthis
Dézippe le dans un dossier sur ton bureau.
Double clique sur celui-ci.
Puis "Do a system scan and save a logfile" et poste le rapport.
Tuto HiJackThis
Bonjour, merci de ta réponse.
Le BagleA n'a pas été trouvé (jai analyser C puis D, a noter que dans D, l'utilitaire compte 43000 fichiers mais n'en analyse que 2336)
J'ai installé Hijack (jeu de de rapidité pour accepter la license avant que le virus ne ferme la fenêtre...).
Puis même manège pour lancer l'analyse avec un rapport mais là, le virus ferme la fenêtre avant que l'analyse soit complète...
sacré bestiole, tu as une idée?
Le BagleA n'a pas été trouvé (jai analyser C puis D, a noter que dans D, l'utilitaire compte 43000 fichiers mais n'en analyse que 2336)
J'ai installé Hijack (jeu de de rapidité pour accepter la license avant que le virus ne ferme la fenêtre...).
Puis même manège pour lancer l'analyse avec un rapport mais là, le virus ferme la fenêtre avant que l'analyse soit complète...
sacré bestiole, tu as une idée?
Tu es sûr que Bagle n'a rien trouvé.
Le mode sans échec fonctionne-t-il correctement ?
Redémarrer en mode sans échec.
Le mode sans échec fonctionne-t-il correctement ?
Redémarrer en mode sans échec.
Oui, fichiers infectados = 0 et eliminados = 0, sur chaque partition du DD.
Le mode sans échec fonctionne, d'ailleurs j'ai pu lancer hijack en mode sans échec (je sais pas si ça reste utile) mais je poste quand même le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:23:23, on 06/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
D:\Mes Documents\Bureau\Tkt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.okskwehjpykrtvoacgkry.com/wgJC3wUykR716vwesJ...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\9.tmp
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\system32\9.tmp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\System32\ldpxfvcf.dll
O2 - BHO: (no name) - {9370EFDE-C0DA-42C9-B609-41C87B462011} - C:\WINDOWS\System32\iifcbyx.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {949EDA45-B247-4C36-8818-C65471D84900} - C:\WINDOWS\System32\mljge.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {EBC41EF6-189E-0211-F514-980CE1CCDDF8} - C:\DOCUME~1\ADMINI~1\APPLIC~1\SHIMKI~1\for skip.exe (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Network Service Monitor] C:\WINDOWS\system32\19.tmp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft (R) Windows Protocol Deployment Manager] C:\WINDOWS\system32\9.tmp
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\System32\qtuabyni.dll",sitypnow
O4 - HKUS\S-1-5-18\..\Run: [Windows File Verification Service] "C:\WINDOWS\System32\wfvs.exe" * (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Network Translation System Service] "C:\WINDOWS\system32\ntss.exe" * (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Network Translation Service] "C:\WINDOWS\nts.exe" * (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Windows File Verification Service] "C:\WINDOWS\System32\wfvs.exe" * (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Bluetooth\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr
O16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version3/Applet/wchatsign.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://kit.carpediem.fr/15239/xgratos.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D43316F4-7398-4572-9FF1-275F4B059CC6}: NameServer = 193.252.19.3,193.252.19.4
O20 - Winlogon Notify: iifcbyx - C:\WINDOWS\SYSTEM32\iifcbyx.dll
O23 - Service: AVP Control Centre Service (AVPCC) - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Bluetooth\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: cKhLd3IuQgV39agc72 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: D880g0dS+Ss25oQQQ2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: DomainService - - C:\WINDOWS\System32\uwnxkjnh.exe
O23 - Service: EJCKi3Hn0dt12kf2Q1 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IScL62iwp003hatHh0UTS+s2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
O23 - Service: LRqgC2IISz23uGK6h04GyBs2elBTQ2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: M1BSB1L01AM1ALMnG17Hjfx3mwWHp1hDsSR1DydWi2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: Microsoft Windows VHP Control - Unknown owner - C:\WINDOWS\System32\dllcache\winvhp.exe
O23 - Service: Microsoft Windows Software Update Service (mswsus) - Unknown owner - C:\WINDOWS\System32\mswsus.exe (file missing)
O23 - Service: Windows Network Service Monitor (nsmss) - Unknown owner - C:\WINDOWS\system32\19.tmp
O23 - Service: Network Translation Service (NTS) - Unknown owner - C:\WINDOWS\nts.exe
O23 - Service: Network Translation System Service (NTSS) - Unknown owner - C:\WINDOWS\system32\ntss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Windows Protocol Deployment Manager (PDM) - Unknown owner - C:\WINDOWS\system32\9.tmp
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Q+Ilf1Oc65S1jX2d703r3j01Ka3lh2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Windows File Verification Service (wfvs) - Unknown owner - C:\WINDOWS\System32\wfvs.exe
O23 - Service: Windows Service Monitor (winsvcmon) - Unknown owner - C:\WINDOWS\System32\winsvcmon.exe
O23 - Service: Windows Management Service (wms) - Unknown owner - C:\WINDOWS\System32\wms.exe
--
End of file - 8651 bytes
Le mode sans échec fonctionne, d'ailleurs j'ai pu lancer hijack en mode sans échec (je sais pas si ça reste utile) mais je poste quand même le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:23:23, on 06/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
D:\Mes Documents\Bureau\Tkt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.okskwehjpykrtvoacgkry.com/wgJC3wUykR716vwesJ...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\9.tmp
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\system32\9.tmp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\System32\ldpxfvcf.dll
O2 - BHO: (no name) - {9370EFDE-C0DA-42C9-B609-41C87B462011} - C:\WINDOWS\System32\iifcbyx.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {949EDA45-B247-4C36-8818-C65471D84900} - C:\WINDOWS\System32\mljge.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {EBC41EF6-189E-0211-F514-980CE1CCDDF8} - C:\DOCUME~1\ADMINI~1\APPLIC~1\SHIMKI~1\for skip.exe (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Network Service Monitor] C:\WINDOWS\system32\19.tmp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft (R) Windows Protocol Deployment Manager] C:\WINDOWS\system32\9.tmp
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\System32\qtuabyni.dll",sitypnow
O4 - HKUS\S-1-5-18\..\Run: [Windows File Verification Service] "C:\WINDOWS\System32\wfvs.exe" * (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Network Translation System Service] "C:\WINDOWS\system32\ntss.exe" * (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Network Translation Service] "C:\WINDOWS\nts.exe" * (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Windows File Verification Service] "C:\WINDOWS\System32\wfvs.exe" * (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Bluetooth\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr
O16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version3/Applet/wchatsign.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://kit.carpediem.fr/15239/xgratos.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D43316F4-7398-4572-9FF1-275F4B059CC6}: NameServer = 193.252.19.3,193.252.19.4
O20 - Winlogon Notify: iifcbyx - C:\WINDOWS\SYSTEM32\iifcbyx.dll
O23 - Service: AVP Control Centre Service (AVPCC) - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Bluetooth\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: cKhLd3IuQgV39agc72 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: D880g0dS+Ss25oQQQ2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: DomainService - - C:\WINDOWS\System32\uwnxkjnh.exe
O23 - Service: EJCKi3Hn0dt12kf2Q1 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IScL62iwp003hatHh0UTS+s2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
O23 - Service: LRqgC2IISz23uGK6h04GyBs2elBTQ2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: M1BSB1L01AM1ALMnG17Hjfx3mwWHp1hDsSR1DydWi2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: Microsoft Windows VHP Control - Unknown owner - C:\WINDOWS\System32\dllcache\winvhp.exe
O23 - Service: Microsoft Windows Software Update Service (mswsus) - Unknown owner - C:\WINDOWS\System32\mswsus.exe (file missing)
O23 - Service: Windows Network Service Monitor (nsmss) - Unknown owner - C:\WINDOWS\system32\19.tmp
O23 - Service: Network Translation Service (NTS) - Unknown owner - C:\WINDOWS\nts.exe
O23 - Service: Network Translation System Service (NTSS) - Unknown owner - C:\WINDOWS\system32\ntss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Windows Protocol Deployment Manager (PDM) - Unknown owner - C:\WINDOWS\system32\9.tmp
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Q+Ilf1Oc65S1jX2d703r3j01Ka3lh2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Windows File Verification Service (wfvs) - Unknown owner - C:\WINDOWS\System32\wfvs.exe
O23 - Service: Windows Service Monitor (winsvcmon) - Unknown owner - C:\WINDOWS\System32\winsvcmon.exe
O23 - Service: Windows Management Service (wms) - Unknown owner - C:\WINDOWS\System32\wms.exe
--
End of file - 8651 bytes
Tu as plusieurs infections dont vundo.
Fais déjà ça, on verra vundo après :
Télécharge SDFix
Enregistre le sur ton le bureau.
Lances le.
Fais install afin qu’il puisse s’extraire.
Redémarre en mode sans échec
Lance SDFix.
Double clique sur RunThis.bat (Le .bat apparaît si tu fais ça : Aller dans poste de travail>outils>option des dossiers>affichage>décocher masquer les extensions dont le type est connu. - - > Appliquer - - > OK)
Appuie sur Y pour le lancer.
Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
Il est probable que le redémarrage soit un peu plus long que d’habitude.
Une fois l’apparition de ton Bureau, il affichera Finished
Appuie sur une touche.
Un rapport est généré , poste le dans ta réponse.
Il se trouve également. dans le dossier SDFix >Report.txt<
et un nouveau rapport Hijackthis
Fais déjà ça, on verra vundo après :
Télécharge SDFix
Enregistre le sur ton le bureau.
Lances le.
Fais install afin qu’il puisse s’extraire.
Redémarre en mode sans échec
Lance SDFix.
Double clique sur RunThis.bat (Le .bat apparaît si tu fais ça : Aller dans poste de travail>outils>option des dossiers>affichage>décocher masquer les extensions dont le type est connu. - - > Appliquer - - > OK)
Appuie sur Y pour le lancer.
Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
Il est probable que le redémarrage soit un peu plus long que d’habitude.
Une fois l’apparition de ton Bureau, il affichera Finished
Appuie sur une touche.
Un rapport est généré , poste le dans ta réponse.
Il se trouve également. dans le dossier SDFix >Report.txt<
et un nouveau rapport Hijackthis
Ayé. ça sent le grand chantier, heureusement que j'ai trouvé Hercule ^^
Rapport SD FIX :
SDFix: Version 1.107
Run by Administrateur on 06/10/2007 at 14:21
Microsoft Windows XP [version 5.1.2600]
Running From: D:\MESDOC~1\Bureau\SDFIX\SDFix
Safe Mode:
Checking Services:
Name:
mswsus
PDM
wfvs
winsvcmon
ImagePath:
C:\WINDOWS\System32\mswsus.exe
C:\WINDOWS\system32\9.tmp
C:\WINDOWS\System32\wfvs.exe
C:\WINDOWS\System32\winsvcmon.exe
mswsus - Deleted
PDM - Deleted
wfvs - Deleted
winsvcmon - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
RAPPORT HJT :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33:17, on 06/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Mes Documents\Bureau\Tkt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.okskwehjpykrtvoacgkry.com/wgJC3wUykR716vwesJ...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\System32\ldpxfvcf.dll
O2 - BHO: (no name) - {9370EFDE-C0DA-42C9-B609-41C87B462011} - C:\WINDOWS\System32\iifcbyx.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {DE865916-6C58-4BC0-AA87-F20EE8A8A41E} - C:\WINDOWS\System32\mljge.dll
O2 - BHO: (no name) - {EBC41EF6-189E-0211-F514-980CE1CCDDF8} - C:\DOCUME~1\ADMINI~1\APPLIC~1\SHIMKI~1\for skip.exe (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Network Service Monitor] C:\WINDOWS\system32\19.tmp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\System32\qtuabyni.dll",sitypnow
O4 - HKUS\S-1-5-18\..\Run: [Windows File Verification Service] "C:\WINDOWS\System32\wfvs.exe" * (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Network Translation System Service] "C:\WINDOWS\system32\ntss.exe" * (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Network Translation Service] "C:\WINDOWS\nts.exe" * (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Windows File Verification Service] "C:\WINDOWS\System32\wfvs.exe" * (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Bluetooth\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr
O16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version3/Applet/wchatsign.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://kit.carpediem.fr/15239/xgratos.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D43316F4-7398-4572-9FF1-275F4B059CC6}: NameServer = 193.252.19.3,193.252.19.4
O20 - Winlogon Notify: iifcbyx - C:\WINDOWS\SYSTEM32\iifcbyx.dll
O23 - Service: AVP Control Centre Service (AVPCC) - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Bluetooth\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: cKhLd3IuQgV39agc72 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: D880g0dS+Ss25oQQQ2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: DomainService - - C:\WINDOWS\System32\uwnxkjnh.exe
O23 - Service: EJCKi3Hn0dt12kf2Q1 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IScL62iwp003hatHh0UTS+s2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
O23 - Service: LRqgC2IISz23uGK6h04GyBs2elBTQ2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: M1BSB1L01AM1ALMnG17Hjfx3mwWHp1hDsSR1DydWi2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: Microsoft Windows VHP Control - Unknown owner - C:\WINDOWS\System32\dllcache\winvhp.exe
O23 - Service: Windows Network Service Monitor (nsmss) - Unknown owner - C:\WINDOWS\system32\19.tmp (file missing)
O23 - Service: Network Translation Service (NTS) - Unknown owner - C:\WINDOWS\nts.exe
O23 - Service: Network Translation System Service (NTSS) - Unknown owner - C:\WINDOWS\system32\ntss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Q+Ilf1Oc65S1jX2d703r3j01Ka3lh2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Windows Management Service (wms) - Unknown owner - C:\WINDOWS\System32\wms.exe
--
End of file - 7971 bytes
Je suis opé pour la suite![:)]( ":)")
Rapport SD FIX :
SDFix: Version 1.107
Run by Administrateur on 06/10/2007 at 14:21
Microsoft Windows XP [version 5.1.2600]
Running From: D:\MESDOC~1\Bureau\SDFIX\SDFix
Safe Mode:
Checking Services:
Name:
mswsus
PDM
wfvs
winsvcmon
ImagePath:
C:\WINDOWS\System32\mswsus.exe
C:\WINDOWS\system32\9.tmp
C:\WINDOWS\System32\wfvs.exe
C:\WINDOWS\System32\winsvcmon.exe
mswsus - Deleted
PDM - Deleted
wfvs - Deleted
winsvcmon - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
RAPPORT HJT :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33:17, on 06/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Mes Documents\Bureau\Tkt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.okskwehjpykrtvoacgkry.com/wgJC3wUykR716vwesJ...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\System32\ldpxfvcf.dll
O2 - BHO: (no name) - {9370EFDE-C0DA-42C9-B609-41C87B462011} - C:\WINDOWS\System32\iifcbyx.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {DE865916-6C58-4BC0-AA87-F20EE8A8A41E} - C:\WINDOWS\System32\mljge.dll
O2 - BHO: (no name) - {EBC41EF6-189E-0211-F514-980CE1CCDDF8} - C:\DOCUME~1\ADMINI~1\APPLIC~1\SHIMKI~1\for skip.exe (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Network Service Monitor] C:\WINDOWS\system32\19.tmp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\System32\qtuabyni.dll",sitypnow
O4 - HKUS\S-1-5-18\..\Run: [Windows File Verification Service] "C:\WINDOWS\System32\wfvs.exe" * (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Network Translation System Service] "C:\WINDOWS\system32\ntss.exe" * (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Network Translation Service] "C:\WINDOWS\nts.exe" * (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Windows File Verification Service] "C:\WINDOWS\System32\wfvs.exe" * (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Bluetooth\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr
O16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version3/Applet/wchatsign.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://kit.carpediem.fr/15239/xgratos.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D43316F4-7398-4572-9FF1-275F4B059CC6}: NameServer = 193.252.19.3,193.252.19.4
O20 - Winlogon Notify: iifcbyx - C:\WINDOWS\SYSTEM32\iifcbyx.dll
O23 - Service: AVP Control Centre Service (AVPCC) - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Bluetooth\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: cKhLd3IuQgV39agc72 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: D880g0dS+Ss25oQQQ2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: DomainService - - C:\WINDOWS\System32\uwnxkjnh.exe
O23 - Service: EJCKi3Hn0dt12kf2Q1 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IScL62iwp003hatHh0UTS+s2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
O23 - Service: LRqgC2IISz23uGK6h04GyBs2elBTQ2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: M1BSB1L01AM1ALMnG17Hjfx3mwWHp1hDsSR1DydWi2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: Microsoft Windows VHP Control - Unknown owner - C:\WINDOWS\System32\dllcache\winvhp.exe
O23 - Service: Windows Network Service Monitor (nsmss) - Unknown owner - C:\WINDOWS\system32\19.tmp (file missing)
O23 - Service: Network Translation Service (NTS) - Unknown owner - C:\WINDOWS\nts.exe
O23 - Service: Network Translation System Service (NTSS) - Unknown owner - C:\WINDOWS\system32\ntss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Q+Ilf1Oc65S1jX2d703r3j01Ka3lh2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Windows Management Service (wms) - Unknown owner - C:\WINDOWS\System32\wms.exe
--
End of file - 7971 bytes
Je suis opé pour la suite
Re,
On va s'occuper du vundo et des finitions à la fin.
Fais les manips ci-dessous dans l'ordre.
1/ Télécharge VundoFix.exe :
Double-clique VundoFix.exe .
Clique sur Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Ensuite clique sur YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu auras un message comme quoi l’ordinateur va s’éteindre, fais ok
Poste le rapport qui se trouve dans C:\vundofix.txt
2/ Télécharge Combofix (par sUBs) sur ton Bureau. (Tuto)
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Le rapport se trouve ici : C:\Combofix.txt
3/ Poste un nouveau rapport hijackthis en ayant renommé hijackthis.exe en scanner.exe
On va s'occuper du vundo et des finitions à la fin.
Fais les manips ci-dessous dans l'ordre.
1/ Télécharge VundoFix.exe :
Double-clique VundoFix.exe .
Clique sur Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Ensuite clique sur YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu auras un message comme quoi l’ordinateur va s’éteindre, fais ok
Poste le rapport qui se trouve dans C:\vundofix.txt
2/ Télécharge Combofix (par sUBs) sur ton Bureau. (Tuto)
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Le rapport se trouve ici : C:\Combofix.txt
3/ Poste un nouveau rapport hijackthis en ayant renommé hijackthis.exe en scanner.exe
Alors j'ai fixé tout ça.
A noter que pour certains fichiers, vundofix et combofix ont galéré, d'ailleurs après avoir fait la procédure dans l'ordre, j'ai redémarré en mode sans échec (pr pouvoir lancer hijack) et en relançant vundo, il trouve encore un fichier infecté : c:\windows\system32\gomkigf.dll.
Dois je recommencer en mode sans échec?
En tout cas voici les rapports :
VUNDO :
VundoFix V6.5.9
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Scan started at 15:00:21 06/10/2007
Listing files found while scanning....
C:\windows\system32\byxvuvu.dll
C:\windows\system32\cbxvwxy.dll
C:\windows\system32\fccdabb.dll
C:\windows\system32\fccddda.dll
C:\windows\system32\fccddde.dll
C:\windows\system32\fccywts.dll
C:\windows\system32\iifcbyx.dll
C:\WINDOWS\System32\inybautq.ini
C:\WINDOWS\System32\ldpxfvcf.dll
C:\windows\system32\ljjiggd.dll
C:\windows\system32\ljjjjhi.dll
C:\windows\system32\nnnmmmk.dll
C:\windows\system32\opnmmjg.dll
C:\WINDOWS\System32\qtuabyni.dll
C:\windows\system32\rqrpmlj.dll
C:\windows\system32\tuvsrqq.dll
C:\windows\system32\vtuvusr.dll
C:\windows\system32\yaywwtu.dll
Beginning removal...
Attempting to delete C:\windows\system32\byxvuvu.dll
C:\windows\system32\byxvuvu.dll Has been deleted!
Attempting to delete C:\windows\system32\cbxvwxy.dll
C:\windows\system32\cbxvwxy.dll Has been deleted!
Attempting to delete C:\windows\system32\fccdabb.dll
C:\windows\system32\fccdabb.dll Has been deleted!
Attempting to delete C:\windows\system32\fccddda.dll
C:\windows\system32\fccddda.dll Has been deleted!
Attempting to delete C:\windows\system32\fccddde.dll
C:\windows\system32\fccddde.dll Could not be deleted.
Attempting to delete C:\windows\system32\fccywts.dll
C:\windows\system32\fccywts.dll Has been deleted!
Attempting to delete C:\windows\system32\iifcbyx.dll
C:\windows\system32\iifcbyx.dll Could not be deleted.
Attempting to delete C:\WINDOWS\System32\inybautq.ini
C:\WINDOWS\System32\inybautq.ini Has been deleted!
Attempting to delete C:\WINDOWS\System32\ldpxfvcf.dll
C:\WINDOWS\System32\ldpxfvcf.dll Could not be deleted.
Attempting to delete C:\windows\system32\ljjiggd.dll
C:\windows\system32\ljjiggd.dll Has been deleted!
Attempting to delete C:\windows\system32\ljjjjhi.dll
C:\windows\system32\ljjjjhi.dll Has been deleted!
Attempting to delete C:\windows\system32\nnnmmmk.dll
C:\windows\system32\nnnmmmk.dll Has been deleted!
Attempting to delete C:\windows\system32\opnmmjg.dll
C:\windows\system32\opnmmjg.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\qtuabyni.dll
C:\WINDOWS\System32\qtuabyni.dll Has been deleted!
Attempting to delete C:\windows\system32\rqrpmlj.dll
C:\windows\system32\rqrpmlj.dll Has been deleted!
Attempting to delete C:\windows\system32\tuvsrqq.dll
C:\windows\system32\tuvsrqq.dll Has been deleted!
Attempting to delete C:\windows\system32\vtuvusr.dll
C:\windows\system32\vtuvusr.dll Has been deleted!
Attempting to delete C:\windows\system32\yaywwtu.dll
C:\windows\system32\yaywwtu.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\windows\system32\fccddde.dll
C:\windows\system32\fccddde.dll Has been deleted!
Attempting to delete C:\windows\system32\iifcbyx.dll
C:\windows\system32\iifcbyx.dll Could not be deleted.
Attempting to delete C:\WINDOWS\System32\ldpxfvcf.dll
C:\WINDOWS\System32\ldpxfvcf.dll Has been deleted!
Performing Repairs to the registry.
Done!
Combo :
ComboFix 07-10-06.3 - Administrateur 2007-10-06 15:12:37.1 - FAT32x86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.291 [GMT 2:00]
Running from: D:\Mes Documents\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\check_LSA7.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\system32\ashnvlya.ini
C:\WINDOWS\system32\aylvnhsa.dll
C:\WINDOWS\system32\byxvwuu.dll
C:\WINDOWS\system32\cbxussq.dll
C:\WINDOWS\system32\egjlm.bak1
C:\WINDOWS\system32\egjlm.bak2
C:\WINDOWS\system32\egjlm.ini
C:\WINDOWS\system32\fcmutyhe.dll
C:\WINDOWS\system32\gljudpns.dll
C:\WINDOWS\system32\iifcbyx.dll
C:\WINDOWS\system32\ivfsmxdm.exe
C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\snpdujlg.ini
C:\WINDOWS\system32\uwnxkjnh.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((((((( Fichiers créés 203.-01-28 to 203.0.2.99 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-06 15:16 44054 --a------ C:\WINDOWS\system32\qomkjgf.dll
2007-10-06 15:03 24576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-10-06 14:27 1422 --a------ C:\Documents and Settings\Administrateur\clean.reg
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EBC41EF6-189E-0211-F514-980CE1CCDDF8}]
C:\DOCUME~1\ADMINI~1\APPLIC~1\SHIMKI~1\for skip.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 10:29]
"Microsoft (R) Windows Network Service Monitor"="C:\WINDOWS\system32\19.tmp" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-12-10 03:06]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"<NO NAME>"=
"Windows File Verification Service"="C:\WINDOWS\System32\wfvs.exe" *
"Network Translation System Service"="C:\WINDOWS\system32\ntss.exe" *
"Network Translation Service"="C:\WINDOWS\nts.exe" *
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9370EFDE-C0DA-42C9-B609-41C87B462011}"= C:\WINDOWS\System32\qomkjgf.dll [2007-10-06 15:16 44054]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomkjgf]
qomkjgf.dll 2007-10-06 15:16 44054 C:\WINDOWS\system32\qomkjgf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Démarrage d'Office.lnk]
path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Démarrage d'Office.lnk
backup=C:\WINDOWS\pss\Démarrage d'Office.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Microsoft Recherche accélérée.lnk]
path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Microsoft Recherche accélérée.lnk
backup=C:\WINDOWS\pss\Microsoft Recherche accélérée.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Album Fast Start.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Album Fast Start.lnk
backup=C:\WINDOWS\pss\Album Fast Start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk
backup=C:\WINDOWS\pss\Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVPCC]
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avserve.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
C:\WINDOWS\System32\ezSP_Px.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessagerStarter Wanadoo]
C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"D:\Program Files\MessengerPlus! 3\MsgPlus.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft (R) Windows Network Service Monitor]
C:\WINDOWS\system32\19.tmp
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft (R) Windows Protocol Deployment Manager]
C:\WINDOWS\system32\9.tmp
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Translation Service]
"C:\WINDOWS\nts.exe" *
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Translation System Service]
"C:\WINDOWS\system32\ntss.exe" *
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer]
rundll32.exe "C:\WINDOWS\System32\gljudpns.dll",sitypnow
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCam Go Plus Sti Service Application]
Wcgopsvc
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows File Verification Service]
"C:\WINDOWS\System32\wfvs.exe" *
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]
C:\PROGRA~1\WANADOO\CnxMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\WANADOO\TaskbarIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
C:\PROGRA~1\WANADOO\Watch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_AntiSpyware]
c:\progra~1\mcafee\MCAFEE~1\masalert.exe
R1 sdcplh;sdcplh;C:\WINDOWS\System32\drivers\sdcplh.sys
R2 Dnscache;Client DNS;C:\WINDOWS\System32\svchost.exe -k NetworkService
R2 KAVMonitorService;KAV Monitor Service;"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /service
R2 Microsoft Windows VHP Control;Microsoft Windows VHP Control;"C:\WINDOWS\System32\dllcache\winvhp.exe"
R2 NTS;Network Translation Service;C:\WINDOWS\nts.exe
R2 NTSS;Network Translation System Service;C:\WINDOWS\system32\ntss.exe
R2 wms;Windows Management Service;C:\WINDOWS\System32\wms.exe
S2 AVPCC;AVP Control Centre Service;"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /service
S2 nsmss;Windows Network Service Monitor;C:\WINDOWS\system32\19.tmp
S3 060f2e7e-6d14-4f82-90d7-d7d94506d992;060f2e7e-6d14-4f82-90d7-d7d94506d992;\??\E:\Player\cds300.dll
S3 cKhLd3IuQgV39agc72;cKhLd3IuQgV39agc72;C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe /service
S3 D880g0dS+Ss25oQQQ2;D880g0dS+Ss25oQQQ2;C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe /service
S3 EJCKi3Hn0dt12kf2Q1;EJCKi3Hn0dt12kf2Q1;C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe /service
S3 Ip6FwHlp;Pare-feu de connexion Internet IPv6;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 IScL62iwp003hatHh0UTS+s2;IScL62iwp003hatHh0UTS+s2;C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe /service
S3 LRqgC2IISz23uGK6h04GyBs2elBTQ2;LRqgC2IISz23uGK6h04GyBs2elBTQ2;C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe /service
S3 M1BSB1L01AM1ALMnG17Hjfx3mwWHp1hDsSR1DydWi2;M1BSB1L01AM1ALMnG17Hjfx3mwWHp1hDsSR1DydWi2;C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe /service
S3 Q+Ilf1Oc65S1jX2d703r3j01Ka3lh2;Q+Ilf1Oc65S1jX2d703r3j01Ka3lh2;C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe /service
S3 WCGOPHAL;WCGOPHAL;C:\WINDOWS\System32\drivers\Wcgophal.sys
S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\WINDOWS\System32\DRIVERS\WlanUIG.sys
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-06 13:16:04 C:\WINDOWS\Tasks\Symantec NetDetect.job"
"2007-10-06 13:00:02 C:\WINDOWS\Tasks\AD34AD5891832150.job"
- c:\docume~1\admini~1\applic~1\bindti~1\Software4Funk.exe
"2007-09-04 03:30:02 C:\WINDOWS\Tasks\McAfee AntiSpyware.job"
- c:\progra~1\mcafee\MCAFEE~1\MASCon.exe
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-06 15:16:38
Windows 5.1.2600 Service Pack 1 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-06 15:17:21 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-06 15:17
.
--- E O F ---
HIJACK :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:29:00, on 06/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Mes Documents\Bureau\VundoFix.exe
D:\Mes Documents\Bureau\scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9370EFDE-C0DA-42C9-B609-41C87B462011} - C:\WINDOWS\System32\qomkjgf.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {EBC41EF6-189E-0211-F514-980CE1CCDDF8} - C:\DOCUME~1\ADMINI~1\APPLIC~1\SHIMKI~1\for skip.exe (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Network Service Monitor] C:\WINDOWS\system32\19.tmp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-18\..\Run: [Windows File Verification Service] "C:\WINDOWS\System32\wfvs.exe" * (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Network Translation System Service] "C:\WINDOWS\system32\ntss.exe" * (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Network Translation Service] "C:\WINDOWS\nts.exe" * (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Windows File Verification Service] "C:\WINDOWS\System32\wfvs.exe" * (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Bluetooth\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr
O16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version3/Applet/wchatsign.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://kit.carpediem.fr/15239/xgratos.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D43316F4-7398-4572-9FF1-275F4B059CC6}: NameServer = 193.252.19.3,193.252.19.4
O20 - Winlogon Notify: qomkjgf - C:\WINDOWS\SYSTEM32\qomkjgf.dll
O23 - Service: AVP Control Centre Service (AVPCC) - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Bluetooth\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: cKhLd3IuQgV39agc72 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: D880g0dS+Ss25oQQQ2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: EJCKi3Hn0dt12kf2Q1 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IScL62iwp003hatHh0UTS+s2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
O23 - Service: LRqgC2IISz23uGK6h04GyBs2elBTQ2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: M1BSB1L01AM1ALMnG17Hjfx3mwWHp1hDsSR1DydWi2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: Microsoft Windows VHP Control - Unknown owner - C:\WINDOWS\System32\dllcache\winvhp.exe
O23 - Service: Windows Network Service Monitor (nsmss) - Unknown owner - C:\WINDOWS\system32\19.tmp (file missing)
O23 - Service: Network Translation Service (NTS) - Unknown owner - C:\WINDOWS\nts.exe
O23 - Service: Network Translation System Service (NTSS) - Unknown owner - C:\WINDOWS\system32\ntss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Q+Ilf1Oc65S1jX2d703r3j01Ka3lh2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Windows Management Service (wms) - Unknown owner - C:\WINDOWS\System32\wms.exe
--
End of file - 7374 bytes
Prêt pour la suite
A noter que pour certains fichiers, vundofix et combofix ont galéré, d'ailleurs après avoir fait la procédure dans l'ordre, j'ai redémarré en mode sans échec (pr pouvoir lancer hijack) et en relançant vundo, il trouve encore un fichier infecté : c:\windows\system32\gomkigf.dll.
Dois je recommencer en mode sans échec?
En tout cas voici les rapports :
VUNDO :
VundoFix V6.5.9
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Scan started at 15:00:21 06/10/2007
Listing files found while scanning....
C:\windows\system32\byxvuvu.dll
C:\windows\system32\cbxvwxy.dll
C:\windows\system32\fccdabb.dll
C:\windows\system32\fccddda.dll
C:\windows\system32\fccddde.dll
C:\windows\system32\fccywts.dll
C:\windows\system32\iifcbyx.dll
C:\WINDOWS\System32\inybautq.ini
C:\WINDOWS\System32\ldpxfvcf.dll
C:\windows\system32\ljjiggd.dll
C:\windows\system32\ljjjjhi.dll
C:\windows\system32\nnnmmmk.dll
C:\windows\system32\opnmmjg.dll
C:\WINDOWS\System32\qtuabyni.dll
C:\windows\system32\rqrpmlj.dll
C:\windows\system32\tuvsrqq.dll
C:\windows\system32\vtuvusr.dll
C:\windows\system32\yaywwtu.dll
Beginning removal...
Attempting to delete C:\windows\system32\byxvuvu.dll
C:\windows\system32\byxvuvu.dll Has been deleted!
Attempting to delete C:\windows\system32\cbxvwxy.dll
C:\windows\system32\cbxvwxy.dll Has been deleted!
Attempting to delete C:\windows\system32\fccdabb.dll
C:\windows\system32\fccdabb.dll Has been deleted!
Attempting to delete C:\windows\system32\fccddda.dll
C:\windows\system32\fccddda.dll Has been deleted!
Attempting to delete C:\windows\system32\fccddde.dll
C:\windows\system32\fccddde.dll Could not be deleted.
Attempting to delete C:\windows\system32\fccywts.dll
C:\windows\system32\fccywts.dll Has been deleted!
Attempting to delete C:\windows\system32\iifcbyx.dll
C:\windows\system32\iifcbyx.dll Could not be deleted.
Attempting to delete C:\WINDOWS\System32\inybautq.ini
C:\WINDOWS\System32\inybautq.ini Has been deleted!
Attempting to delete C:\WINDOWS\System32\ldpxfvcf.dll
C:\WINDOWS\System32\ldpxfvcf.dll Could not be deleted.
Attempting to delete C:\windows\system32\ljjiggd.dll
C:\windows\system32\ljjiggd.dll Has been deleted!
Attempting to delete C:\windows\system32\ljjjjhi.dll
C:\windows\system32\ljjjjhi.dll Has been deleted!
Attempting to delete C:\windows\system32\nnnmmmk.dll
C:\windows\system32\nnnmmmk.dll Has been deleted!
Attempting to delete C:\windows\system32\opnmmjg.dll
C:\windows\system32\opnmmjg.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\qtuabyni.dll
C:\WINDOWS\System32\qtuabyni.dll Has been deleted!
Attempting to delete C:\windows\system32\rqrpmlj.dll
C:\windows\system32\rqrpmlj.dll Has been deleted!
Attempting to delete C:\windows\system32\tuvsrqq.dll
C:\windows\system32\tuvsrqq.dll Has been deleted!
Attempting to delete C:\windows\system32\vtuvusr.dll
C:\windows\system32\vtuvusr.dll Has been deleted!
Attempting to delete C:\windows\system32\yaywwtu.dll
C:\windows\system32\yaywwtu.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\windows\system32\fccddde.dll
C:\windows\system32\fccddde.dll Has been deleted!
Attempting to delete C:\windows\system32\iifcbyx.dll
C:\windows\system32\iifcbyx.dll Could not be deleted.
Attempting to delete C:\WINDOWS\System32\ldpxfvcf.dll
C:\WINDOWS\System32\ldpxfvcf.dll Has been deleted!
Performing Repairs to the registry.
Done!
Combo :
ComboFix 07-10-06.3 - Administrateur 2007-10-06 15:12:37.1 - FAT32x86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.291 [GMT 2:00]
Running from: D:\Mes Documents\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\check_LSA7.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\system32\ashnvlya.ini
C:\WINDOWS\system32\aylvnhsa.dll
C:\WINDOWS\system32\byxvwuu.dll
C:\WINDOWS\system32\cbxussq.dll
C:\WINDOWS\system32\egjlm.bak1
C:\WINDOWS\system32\egjlm.bak2
C:\WINDOWS\system32\egjlm.ini
C:\WINDOWS\system32\fcmutyhe.dll
C:\WINDOWS\system32\gljudpns.dll
C:\WINDOWS\system32\iifcbyx.dll
C:\WINDOWS\system32\ivfsmxdm.exe
C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\snpdujlg.ini
C:\WINDOWS\system32\uwnxkjnh.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((((((( Fichiers créés 203.-01-28 to 203.0.2.99 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-06 15:16 44054 --a------ C:\WINDOWS\system32\qomkjgf.dll
2007-10-06 15:03 24576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-10-06 14:27 1422 --a------ C:\Documents and Settings\Administrateur\clean.reg
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EBC41EF6-189E-0211-F514-980CE1CCDDF8}]
C:\DOCUME~1\ADMINI~1\APPLIC~1\SHIMKI~1\for skip.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 10:29]
"Microsoft (R) Windows Network Service Monitor"="C:\WINDOWS\system32\19.tmp" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-12-10 03:06]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"<NO NAME>"=
"Windows File Verification Service"="C:\WINDOWS\System32\wfvs.exe" *
"Network Translation System Service"="C:\WINDOWS\system32\ntss.exe" *
"Network Translation Service"="C:\WINDOWS\nts.exe" *
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9370EFDE-C0DA-42C9-B609-41C87B462011}"= C:\WINDOWS\System32\qomkjgf.dll [2007-10-06 15:16 44054]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomkjgf]
qomkjgf.dll 2007-10-06 15:16 44054 C:\WINDOWS\system32\qomkjgf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Démarrage d'Office.lnk]
path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Démarrage d'Office.lnk
backup=C:\WINDOWS\pss\Démarrage d'Office.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Microsoft Recherche accélérée.lnk]
path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Microsoft Recherche accélérée.lnk
backup=C:\WINDOWS\pss\Microsoft Recherche accélérée.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Album Fast Start.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Album Fast Start.lnk
backup=C:\WINDOWS\pss\Album Fast Start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk
backup=C:\WINDOWS\pss\Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVPCC]
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avserve.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
C:\WINDOWS\System32\ezSP_Px.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessagerStarter Wanadoo]
C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"D:\Program Files\MessengerPlus! 3\MsgPlus.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft (R) Windows Network Service Monitor]
C:\WINDOWS\system32\19.tmp
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft (R) Windows Protocol Deployment Manager]
C:\WINDOWS\system32\9.tmp
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Translation Service]
"C:\WINDOWS\nts.exe" *
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Translation System Service]
"C:\WINDOWS\system32\ntss.exe" *
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer]
rundll32.exe "C:\WINDOWS\System32\gljudpns.dll",sitypnow
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCam Go Plus Sti Service Application]
Wcgopsvc
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows File Verification Service]
"C:\WINDOWS\System32\wfvs.exe" *
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]
C:\PROGRA~1\WANADOO\CnxMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\WANADOO\TaskbarIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
C:\PROGRA~1\WANADOO\Watch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_AntiSpyware]
c:\progra~1\mcafee\MCAFEE~1\masalert.exe
R1 sdcplh;sdcplh;C:\WINDOWS\System32\drivers\sdcplh.sys
R2 Dnscache;Client DNS;C:\WINDOWS\System32\svchost.exe -k NetworkService
R2 KAVMonitorService;KAV Monitor Service;"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /service
R2 Microsoft Windows VHP Control;Microsoft Windows VHP Control;"C:\WINDOWS\System32\dllcache\winvhp.exe"
R2 NTS;Network Translation Service;C:\WINDOWS\nts.exe
R2 NTSS;Network Translation System Service;C:\WINDOWS\system32\ntss.exe
R2 wms;Windows Management Service;C:\WINDOWS\System32\wms.exe
S2 AVPCC;AVP Control Centre Service;"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /service
S2 nsmss;Windows Network Service Monitor;C:\WINDOWS\system32\19.tmp
S3 060f2e7e-6d14-4f82-90d7-d7d94506d992;060f2e7e-6d14-4f82-90d7-d7d94506d992;\??\E:\Player\cds300.dll
S3 cKhLd3IuQgV39agc72;cKhLd3IuQgV39agc72;C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe /service
S3 D880g0dS+Ss25oQQQ2;D880g0dS+Ss25oQQQ2;C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe /service
S3 EJCKi3Hn0dt12kf2Q1;EJCKi3Hn0dt12kf2Q1;C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe /service
S3 Ip6FwHlp;Pare-feu de connexion Internet IPv6;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 IScL62iwp003hatHh0UTS+s2;IScL62iwp003hatHh0UTS+s2;C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe /service
S3 LRqgC2IISz23uGK6h04GyBs2elBTQ2;LRqgC2IISz23uGK6h04GyBs2elBTQ2;C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe /service
S3 M1BSB1L01AM1ALMnG17Hjfx3mwWHp1hDsSR1DydWi2;M1BSB1L01AM1ALMnG17Hjfx3mwWHp1hDsSR1DydWi2;C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe /service
S3 Q+Ilf1Oc65S1jX2d703r3j01Ka3lh2;Q+Ilf1Oc65S1jX2d703r3j01Ka3lh2;C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe /service
S3 WCGOPHAL;WCGOPHAL;C:\WINDOWS\System32\drivers\Wcgophal.sys
S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\WINDOWS\System32\DRIVERS\WlanUIG.sys
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-06 13:16:04 C:\WINDOWS\Tasks\Symantec NetDetect.job"
"2007-10-06 13:00:02 C:\WINDOWS\Tasks\AD34AD5891832150.job"
- c:\docume~1\admini~1\applic~1\bindti~1\Software4Funk.exe
"2007-09-04 03:30:02 C:\WINDOWS\Tasks\McAfee AntiSpyware.job"
- c:\progra~1\mcafee\MCAFEE~1\MASCon.exe
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-06 15:16:38
Windows 5.1.2600 Service Pack 1 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-06 15:17:21 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-06 15:17
.
--- E O F ---
HIJACK :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:29:00, on 06/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Mes Documents\Bureau\VundoFix.exe
D:\Mes Documents\Bureau\scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9370EFDE-C0DA-42C9-B609-41C87B462011} - C:\WINDOWS\System32\qomkjgf.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {EBC41EF6-189E-0211-F514-980CE1CCDDF8} - C:\DOCUME~1\ADMINI~1\APPLIC~1\SHIMKI~1\for skip.exe (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Network Service Monitor] C:\WINDOWS\system32\19.tmp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-18\..\Run: [Windows File Verification Service] "C:\WINDOWS\System32\wfvs.exe" * (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Network Translation System Service] "C:\WINDOWS\system32\ntss.exe" * (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Network Translation Service] "C:\WINDOWS\nts.exe" * (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Windows File Verification Service] "C:\WINDOWS\System32\wfvs.exe" * (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Bluetooth\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr
O16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version3/Applet/wchatsign.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://kit.carpediem.fr/15239/xgratos.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D43316F4-7398-4572-9FF1-275F4B059CC6}: NameServer = 193.252.19.3,193.252.19.4
O20 - Winlogon Notify: qomkjgf - C:\WINDOWS\SYSTEM32\qomkjgf.dll
O23 - Service: AVP Control Centre Service (AVPCC) - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Bluetooth\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: cKhLd3IuQgV39agc72 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: D880g0dS+Ss25oQQQ2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: EJCKi3Hn0dt12kf2Q1 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IScL62iwp003hatHh0UTS+s2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
O23 - Service: LRqgC2IISz23uGK6h04GyBs2elBTQ2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: M1BSB1L01AM1ALMnG17Hjfx3mwWHp1hDsSR1DydWi2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: Microsoft Windows VHP Control - Unknown owner - C:\WINDOWS\System32\dllcache\winvhp.exe
O23 - Service: Windows Network Service Monitor (nsmss) - Unknown owner - C:\WINDOWS\system32\19.tmp (file missing)
O23 - Service: Network Translation Service (NTS) - Unknown owner - C:\WINDOWS\nts.exe
O23 - Service: Network Translation System Service (NTSS) - Unknown owner - C:\WINDOWS\system32\ntss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Q+Ilf1Oc65S1jX2d703r3j01Ka3lh2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Windows Management Service (wms) - Unknown owner - C:\WINDOWS\System32\wms.exe
--
End of file - 7374 bytes
Prêt pour la suite
Re,
Copie le texte se situant dans le cadre ci-dessous :
Ouvre le Bloc-Notes puis colle le texte copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :
![]()
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
Copie le texte se situant dans le cadre ci-dessous :
File::
C:\WINDOWS\System32\wfvs.exe
C:\WINDOWS\System32\gljudpns.dll
C:\WINDOWS\system32\9.tmp
C:\WINDOWS\nts.exe
C:\WINDOWS\system32\ntss.exe
C:\WINDOWS\system32\19.tmp
C:\WINDOWS\System32\qomkjgf.dll
C:\WINDOWS\system32\VundoFixSVC.exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows File Verification Service]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCam Go Plus Sti Service Application]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft (R) Windows Protocol Deployment Manager]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Translation System Service]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Translation Service]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft (R) Windows Network Service Monitor]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9370EFDE-C0DA-42C9-B609-41C87B462011}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomkjgf]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"<NO NAME>"=-
"Windows File Verification Service"=-
"Network Translation System Service"=-
"Network Translation Service"=-
C:\WINDOWS\System32\wfvs.exe
C:\WINDOWS\System32\gljudpns.dll
C:\WINDOWS\system32\9.tmp
C:\WINDOWS\nts.exe
C:\WINDOWS\system32\ntss.exe
C:\WINDOWS\system32\19.tmp
C:\WINDOWS\System32\qomkjgf.dll
C:\WINDOWS\system32\VundoFixSVC.exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows File Verification Service]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCam Go Plus Sti Service Application]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft (R) Windows Protocol Deployment Manager]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Translation System Service]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Translation Service]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft (R) Windows Network Service Monitor]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9370EFDE-C0DA-42C9-B609-41C87B462011}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomkjgf]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"<NO NAME>"=-
"Windows File Verification Service"=-
"Network Translation System Service"=-
"Network Translation Service"=-
Ouvre le Bloc-Notes puis colle le texte copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
Salut, quel que soit le résultat final, encore merci pour ton aide XmichouX.
Voilà les rapports:
ComboFix 07-10-06.3 - Administrateur 2007-10-07 12:24:05.2 - FAT32x86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.383 [GMT 2:00]
Running from: D:\Mes Documents\Bureau\ComboFix.exe
Command switches used :: D:\Mes Documents\Bureau\CFScript.txt
FILE::
C:\WINDOWS\nts.exe
C:\WINDOWS\system32\19.tmp
C:\WINDOWS\system32\9.tmp
C:\WINDOWS\System32\gljudpns.dll
C:\WINDOWS\system32\ntss.exe
C:\WINDOWS\System32\qomkjgf.dll
C:\WINDOWS\system32\VundoFixSVC.exe
C:\WINDOWS\System32\wfvs.exe
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36, on 2007-10-07
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Mes Documents\Bureau\scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9370EFDE-C0DA-42C9-B609-41C87B462011} - C:\WINDOWS\system32\qomkjgf.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {EBC41EF6-189E-0211-F514-980CE1CCDDF8} - C:\DOCUME~1\ADMINI~1\APPLIC~1\SHIMKI~1\for skip.exe (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Network Service Monitor] C:\WINDOWS\system32\19.tmp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\cmd.exe /c cd /d C:\ComboFix\ & Combobatch.bat
O4 - HKLM\..\RunOnce: [combofix] C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows File Verification Service] "C:\WINDOWS\System32\wfvs.exe" * (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Network Translation System Service] "C:\WINDOWS\system32\ntss.exe" * (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Network Translation Service] "C:\WINDOWS\nts.exe" * (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Bluetooth\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr
O16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version3/Applet/wchatsign.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://kit.carpediem.fr/15239/xgratos.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D43316F4-7398-4572-9FF1-275F4B059CC6}: NameServer = 193.252.19.3,193.252.19.4
O20 - Winlogon Notify: qomkjgf - qomkjgf.dll (file missing)
O23 - Service: AVP Control Centre Service (AVPCC) - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Bluetooth\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: cKhLd3IuQgV39agc72 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: D880g0dS+Ss25oQQQ2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: EJCKi3Hn0dt12kf2Q1 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IScL62iwp003hatHh0UTS+s2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
O23 - Service: LRqgC2IISz23uGK6h04GyBs2elBTQ2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: M1BSB1L01AM1ALMnG17Hjfx3mwWHp1hDsSR1DydWi2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: Microsoft Windows VHP Control - Unknown owner - C:\WINDOWS\System32\dllcache\winvhp.exe
O23 - Service: Windows Network Service Monitor (nsmss) - Unknown owner - C:\WINDOWS\system32\19.tmp (file missing)
O23 - Service: Network Translation Service (NTS) - Unknown owner - C:\WINDOWS\nts.exe (file missing)
O23 - Service: Network Translation System Service (NTSS) - Unknown owner - C:\WINDOWS\system32\ntss.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Q+Ilf1Oc65S1jX2d703r3j01Ka3lh2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Windows Management Service (wms) - Unknown owner - C:\WINDOWS\System32\wms.exe
--
End of file - 7417 bytes
Voilà les rapports:
ComboFix 07-10-06.3 - Administrateur 2007-10-07 12:24:05.2 - FAT32x86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.383 [GMT 2:00]
Running from: D:\Mes Documents\Bureau\ComboFix.exe
Command switches used :: D:\Mes Documents\Bureau\CFScript.txt
FILE::
C:\WINDOWS\nts.exe
C:\WINDOWS\system32\19.tmp
C:\WINDOWS\system32\9.tmp
C:\WINDOWS\System32\gljudpns.dll
C:\WINDOWS\system32\ntss.exe
C:\WINDOWS\System32\qomkjgf.dll
C:\WINDOWS\system32\VundoFixSVC.exe
C:\WINDOWS\System32\wfvs.exe
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36, on 2007-10-07
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Mes Documents\Bureau\scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9370EFDE-C0DA-42C9-B609-41C87B462011} - C:\WINDOWS\system32\qomkjgf.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {EBC41EF6-189E-0211-F514-980CE1CCDDF8} - C:\DOCUME~1\ADMINI~1\APPLIC~1\SHIMKI~1\for skip.exe (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Network Service Monitor] C:\WINDOWS\system32\19.tmp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\cmd.exe /c cd /d C:\ComboFix\ & Combobatch.bat
O4 - HKLM\..\RunOnce: [combofix] C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows File Verification Service] "C:\WINDOWS\System32\wfvs.exe" * (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Network Translation System Service] "C:\WINDOWS\system32\ntss.exe" * (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Network Translation Service] "C:\WINDOWS\nts.exe" * (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Bluetooth\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr
O16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version3/Applet/wchatsign.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://kit.carpediem.fr/15239/xgratos.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D43316F4-7398-4572-9FF1-275F4B059CC6}: NameServer = 193.252.19.3,193.252.19.4
O20 - Winlogon Notify: qomkjgf - qomkjgf.dll (file missing)
O23 - Service: AVP Control Centre Service (AVPCC) - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Bluetooth\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: cKhLd3IuQgV39agc72 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: D880g0dS+Ss25oQQQ2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: EJCKi3Hn0dt12kf2Q1 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IScL62iwp003hatHh0UTS+s2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
O23 - Service: LRqgC2IISz23uGK6h04GyBs2elBTQ2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: M1BSB1L01AM1ALMnG17Hjfx3mwWHp1hDsSR1DydWi2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: Microsoft Windows VHP Control - Unknown owner - C:\WINDOWS\System32\dllcache\winvhp.exe
O23 - Service: Windows Network Service Monitor (nsmss) - Unknown owner - C:\WINDOWS\system32\19.tmp (file missing)
O23 - Service: Network Translation Service (NTS) - Unknown owner - C:\WINDOWS\nts.exe (file missing)
O23 - Service: Network Translation System Service (NTSS) - Unknown owner - C:\WINDOWS\system32\ntss.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Q+Ilf1Oc65S1jX2d703r3j01Ka3lh2 - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Windows Management Service (wms) - Unknown owner - C:\WINDOWS\System32\wms.exe
--
End of file - 7417 bytes
J'ai vérifié le rapport combofix, après voir exécuter ton script, je n'ai rien de plus que ces lignes dans combofix.txt :
ComboFix 07-10-06.3 - Administrateur 2007-10-07 12:24:05.2 - FAT32x86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.383 [GMT 2:00]
Running from: D:\Mes Documents\Bureau\ComboFix.exe
Command switches used :: D:\Mes Documents\Bureau\CFScript.txt
FILE::
C:\WINDOWS\nts.exe
C:\WINDOWS\system32\19.tmp
C:\WINDOWS\system32\9.tmp
C:\WINDOWS\System32\gljudpns.dll
C:\WINDOWS\system32\ntss.exe
C:\WINDOWS\System32\qomkjgf.dll
C:\WINDOWS\system32\VundoFixSVC.exe
C:\WINDOWS\System32\wfvs.exe
.
Mon Kaspersky provenait d'un master CD de la personne qui m'a monté le PC.... n'ayant pas de doc je pense qu'il est cracké. Mais il avait cessé de fonctionner quand j'avais voulu mettre macaffe (fonction firewall) qui m'a malheureusement collé un AntiVirus avec.... donc bug, et comme j'ai plus accès a ajout/supp programme, jai galéré et pas viré correctement mac afee....
Mon PC a l'air de moins ramer, mais l'infection principale (enfin comme je la ressens) me semble toujours là (lignes floues qui balaye discrètement le fond d'écran et fenetre d'antivirus et site associés fermées intepestivement)
ComboFix 07-10-06.3 - Administrateur 2007-10-07 12:24:05.2 - FAT32x86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.383 [GMT 2:00]
Running from: D:\Mes Documents\Bureau\ComboFix.exe
Command switches used :: D:\Mes Documents\Bureau\CFScript.txt
FILE::
C:\WINDOWS\nts.exe
C:\WINDOWS\system32\19.tmp
C:\WINDOWS\system32\9.tmp
C:\WINDOWS\System32\gljudpns.dll
C:\WINDOWS\system32\ntss.exe
C:\WINDOWS\System32\qomkjgf.dll
C:\WINDOWS\system32\VundoFixSVC.exe
C:\WINDOWS\System32\wfvs.exe
.
Mon Kaspersky provenait d'un master CD de la personne qui m'a monté le PC.... n'ayant pas de doc je pense qu'il est cracké. Mais il avait cessé de fonctionner quand j'avais voulu mettre macaffe (fonction firewall) qui m'a malheureusement collé un AntiVirus avec.... donc bug, et comme j'ai plus accès a ajout/supp programme, jai galéré et pas viré correctement mac afee....
Mon PC a l'air de moins ramer, mais l'infection principale (enfin comme je la ressens) me semble toujours là (lignes floues qui balaye discrètement le fond d'écran et fenetre d'antivirus et site associés fermées intepestivement)
Re,
Bizarre.
Télécharge ZebRestore
Dézippe-le. Ouvre le dossier, lance le en double cliquant sur l’exe.
Coche :
- RegEdit
- Clés RUN
- Bouton Arrêter
- Windows Update
- Gestionnaire des tâches
- Panneau de configuration
- Ajout/Suppression de programmes
- Policies
- Bureau
- Réparation IE
- Sites de confiance et sensibles
- Préfixes et Protocoles Internet :
- Réinitialiser Fichier Hosts
Clique sur Restaurer. Ferme le programme.
Désinstalle Kaspersky et McAfee.
Si il ya des restes d'antivirus : Désinstaller correctement son antivirus
Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.
Télécharge et installe Antivir. (tuto)
Repasse combofix sans script poste le rapport.
Bizarre.
Télécharge ZebRestore
Dézippe-le. Ouvre le dossier, lance le en double cliquant sur l’exe.
Coche :
- RegEdit
- Clés RUN
- Bouton Arrêter
- Windows Update
- Gestionnaire des tâches
- Panneau de configuration
- Ajout/Suppression de programmes
- Policies
- Bureau
- Réparation IE
- Sites de confiance et sensibles
- Préfixes et Protocoles Internet :
- Réinitialiser Fichier Hosts
Clique sur Restaurer. Ferme le programme.
Désinstalle Kaspersky et McAfee.
Si il ya des restes d'antivirus : Désinstaller correctement son antivirus
Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.
Télécharge et installe Antivir. (tuto)
Repasse combofix sans script poste le rapport.
J'ai tout télécharger et lu les tutos. J'ai donc commencer a lancer les processus dans l'ordre que tu m'as donné et puis là, après zebrestore, dans panneau de config / ajout suppression de programme :
"Windows ne trouve pas 'rundll32.exe'. vérifiez que vous avez entré correctement le nom et essayez a nouveau. pour rechercher un fichier, cliquez sur le bouton Démarrer, puis sur Rechercher"
J'ai préféré interrompre la, la suite des évènements car si j'ajoute Antivir sans avoir virer KAsper et Macafee je crois pas que ce sera bon. J'avais oublié ce bon vieux rundll32.exe.... que fais-je?
"Windows ne trouve pas 'rundll32.exe'. vérifiez que vous avez entré correctement le nom et essayez a nouveau. pour rechercher un fichier, cliquez sur le bouton Démarrer, puis sur Rechercher"
J'ai préféré interrompre la, la suite des évènements car si j'ajoute Antivir sans avoir virer KAsper et Macafee je crois pas que ce sera bon. J'avais oublié ce bon vieux rundll32.exe.... que fais-je?
J'ai trouvé ça :
* Redémarrer l'ordinateur en Mode sans échec (F8 au démarrage)
* Dans l'Explorateur Windows, ouvrir le dossier Windows\INF
* Cliquer du bouton droit sur le fichier sr.inf et sélectionner la commande Installer
* Une fois la procédure d'installation terminée, redémarrer l'ordinateur en mode normal.
Ta version de windows est-elle légale ? Si oui, mets à jour on ordi, passe au SP2 !
Tiens moi au courant.
Citation :
Ces problèmes peuvent produire si le SP1a ou des correctifs de Windows ont mis à jour le fichier "winsta.dll" et que la réinstallation/réparation du système n'a pas restauré correctement le fichier "winsta.dll" ou si un programme anti-virus interfère avec l'installation d'un service pack. Pour les corriger:* Redémarrer l'ordinateur en Mode sans échec (F8 au démarrage)
* Dans l'Explorateur Windows, ouvrir le dossier Windows\INF
* Cliquer du bouton droit sur le fichier sr.inf et sélectionner la commande Installer
* Une fois la procédure d'installation terminée, redémarrer l'ordinateur en mode normal.
Ta version de windows est-elle légale ? Si oui, mets à jour on ordi, passe au SP2 !
Tiens moi au courant.
La procédure installer ne fonctionne pas sur sr.inf car.... rundll32.exe est introuvable ![:p]( ":p")
Vla le cercle vicieux.
Ma version est légale (je crois...) mais encore une fois je n'ai aucun papier. Pour passer au SP2 de quoi ai je besoin?
Je vais essayer de trouver comment réparer ce rundll32, même si je crois que j'avais déjà essayé antérieurement sans succès
Vla le cercle vicieux.
Ma version est légale (je crois...) mais encore une fois je n'ai aucun papier. Pour passer au SP2 de quoi ai je besoin?
Je vais essayer de trouver comment réparer ce rundll32, même si je crois que j'avais déjà essayé antérieurement sans succès
Re michou,
J'ai bidouillé vite fait hier soir, je reprends cet aprem.
Bilan de hier :
- SP2 downloaded et installé, mais pas de correction pour le rundll32.exe.
-Là un éclair a illuminé mon esprit (ou pas, tu me diras si c'est pas bien) mais j'ai copier sur clé USB le rundll32 de mon pc portable (windows xp SP2 aussi) et je l'ai coller dans le systeme 32 de l'odi malade qui ne fonctionnait plus.
==> Résultat, j'ai récupéré toutes les fonctions manquantes (horloge, ajout/suppr de programme etc...). J'ai donc pu désintaller kaspersky et macafee, et j'ai rajouté Antivir
J'ai tout mis a jour, je fais l'analyse antivir, puis combo fix + rapport + rapport hijack en début d'aprem et jte poste tout ça.
J'ai bidouillé vite fait hier soir, je reprends cet aprem.
Bilan de hier :
- SP2 downloaded et installé, mais pas de correction pour le rundll32.exe.
-Là un éclair a illuminé mon esprit (ou pas, tu me diras si c'est pas bien) mais j'ai copier sur clé USB le rundll32 de mon pc portable (windows xp SP2 aussi) et je l'ai coller dans le systeme 32 de l'odi malade qui ne fonctionnait plus.
==> Résultat, j'ai récupéré toutes les fonctions manquantes (horloge, ajout/suppr de programme etc...). J'ai donc pu désintaller kaspersky et macafee, et j'ai rajouté Antivir
J'ai tout mis a jour, je fais l'analyse antivir, puis combo fix + rapport + rapport hijack en début d'aprem et jte poste tout ça.
Héhé je crois qu'on les a eu. J'ai pu lancer hijack depuis le mode normal
Antivir a fini le boulot je pense (98 infections quand même![:p]( ":p")
)
Voici les rapports combofix et hijack :
ComboFix 07-10-06.3 - Administrateur 2007-10-09 22:37:43.4 - FAT32x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.309 [GMT 2:00]
Running from: D:\Mes Documents\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-09 to 2007-10-09 ))))))))))))))))))))))))))))))))))))
.
2007-10-09 22:39 <REP> d-------- C:\WINDOWS\LastGood
2007-10-09 06:54 <REP> d-------- C:\Program Files\Avira
2007-10-09 06:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-10-09 06:51 <REP> d-------- C:\Program Files\CCleaner
2007-10-09 03:09 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-10-09 03:09 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-10-09 03:09 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-10-09 03:01 <REP> d-------- C:\Program Files\MSXML 4.0
2007-10-08 23:16 33,792 --a------ C:\WINDOWS\system32\rundll32.exe
2007-10-08 23:16 33,792 --a------ C:\WINDOWS\system32\dllcache\rundll32.exe
2007-10-08 22:56 97,280 --------- C:\WINDOWS\system32\dllcache\dpcdll.dll
2007-10-08 22:56 9,728 --------- C:\WINDOWS\system32\rwnh.dll
2007-10-08 22:56 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
2007-10-08 22:56 40,832 --------- C:\WINDOWS\system32\drivers\irbus.sys
2007-10-08 22:56 10,752 --------- C:\WINDOWS\system32\smtpapi.dll
2007-10-08 22:53 <REP> d-------- C:\WINDOWS\ServicePackFiles
2007-10-08 22:46 <REP> d-------- C:\WINDOWS\EHome
2007-10-06 15:12 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-06 15:00 <REP> d-------- C:\VundoFix Backups
2007-10-06 14:26 1,422 --a------ C:\Documents and Settings\Administrateur\clean.reg
2007-10-06 14:20 <REP> d-------- C:\WINDOWS\ERUNT
2007-10-06 11:14 401,720 --a------ C:\Tkt.exe
2007-09-30 15:25 <REP> d--hs---- C:\FOUND.023
2007-09-28 00:02 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-09-28 00:02 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-09-28 00:01 <REP> d-------- C:\WINDOWS\system32\bits
2007-09-28 00:00 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-09-28 00:00 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-09-28 00:00 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2007-09-28 00:00 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-09-27 22:45 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-09-27 22:45 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-09-27 22:45 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-09-27 22:45 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-09-21 22:23 <REP> d--hs---- C:\FOUND.022
2007-09-16 19:03 <REP> d--hs---- C:\FOUND.021
2007-09-14 01:36 <REP> d-------- C:\Documents and Settings\Administrateur\Contacts
2007-09-14 01:35 <REP> d-------- C:\WINDOWS\system32\DRVSTORE
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-08 23:06 96256 --a------ C:\WINDOWS\system32\drivers\sptd0765.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((( snapshot@2007-10-06_15.16.53.98 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 153,088 2004-08-19 14:10:04 C:\WINDOWS\regedit.exe
----a-w 70,656 2004-08-19 14:10:00 C:\WINDOWS\notepad.exe
----a-w 50,688 2004-08-19 14:09:48 C:\WINDOWS\twain_32.dll
----a-w 288,256 2004-08-19 14:10:06 C:\WINDOWS\winhlp32.exe
------w 32,866 2004-08-19 14:10:04 C:\WINDOWS\slrundll.exe
----a-w 10,752 2005-05-26 23:22:02 C:\WINDOWS\hh.exe
----a-w 1,037,312 2007-06-13 13:22:28 C:\WINDOWS\explorer.exe
----a-w 40,960 2007-03-08 15:37:50 C:\WINDOWS\system32\mf3216.dll
----a-w 549,376 2007-05-17 11:29:50 C:\WINDOWS\system32\oleaut32.dll
----a-w 1,097,728 2005-10-20 22:25:54 C:\WINDOWS\system32\esent.dll
----a-w 50,688 2004-08-19 14:10:04 C:\WINDOWS\system32\smss.exe
----a-w 500,278 2006-08-24 11:17:20 C:\WINDOWS\system32\dxmasf.dll
----a-w 246,814 2006-08-24 11:19:40 C:\WINDOWS\system32\strmdll.dll
----a-w 221,184 2004-08-19 14:09:50 C:\WINDOWS\system32\wmpns.dll
----a-w 137,216 2005-05-27 02:08:06 C:\WINDOWS\system32\itss.dll
----a-w 155,136 2005-05-27 02:08:06 C:\WINDOWS\system32\itircl.dll
----a-w 41,472 2005-05-27 02:08:06 C:\WINDOWS\system32\hhsetup.dll
----a-w 282,112 2007-06-19 13:32:26 C:\WINDOWS\system32\gdi32.dll
----a-w 2,854,400 2007-04-18 16:14:18 C:\WINDOWS\system32\msi.dll
----a-w 354,304 2004-11-17 17:42:34 C:\WINDOWS\system32\hypertrm.dll
----a-w 64,000 2004-08-19 14:09:40 C:\WINDOWS\system32\samlib.dll
----a-w 4,734,976 2007-04-30 00:22:16 C:\WINDOWS\system32\wmp.dll
----a-w 185,344 2007-02-05 20:19:06 C:\WINDOWS\system32\upnphost.dll
----a-w 132,096 2006-08-17 12:29:50 C:\WINDOWS\system32\wkssvc.dll
----a-w 728,576 2006-08-17 12:29:50 C:\WINDOWS\system32\lsasrv.dll
----a-w 332,288 2006-08-17 12:29:50 C:\WINDOWS\system32\netapi32.dll
----a-w 57,856 2005-06-10 23:53:32 C:\WINDOWS\system32\spoolsv.exe
----a-w 981,760 2006-10-14 08:13:26 C:\WINDOWS\system32\mfc42u.dll
----a-w 927,504 2006-11-01 19:18:42 C:\WINDOWS\system32\mfc40u.dll
----a-w 26,624 2004-08-19 14:09:38 C:\WINDOWS\system32\perfos.dll
----a-w 1,104,896 2007-06-26 06:09:14 C:\WINDOWS\system32\msxml3.dll
----a-w 181,248 2006-06-22 10:48:06 C:\WINDOWS\system32\rasmans.dll
----a-w 145,920 2006-10-13 12:36:56 C:\WINDOWS\system32\nwprovau.dll
----a-w 65,536 2006-10-13 12:36:56 C:\WINDOWS\system32\nwwks.dll
----a-w 64,000 2006-10-13 12:36:56 C:\WINDOWS\system32\nwapi32.dll
----a-w 249,344 2005-07-08 16:28:58 C:\WINDOWS\system32\tapisrv.dll
----a-w 1,440,768 2006-06-22 05:13:46 C:\WINDOWS\system32\query.dll
----a-w 69,120 2006-06-22 05:13:46 C:\WINDOWS\system32\ciodm.dll
----a-w 2,067,968 2005-09-10 01:55:14 C:\WINDOWS\system32\cdosys.dll
----a-w 68,096 2006-01-04 03:35:12 C:\WINDOWS\system32\webclnt.dll
----a-w 2,182,400 2007-02-28 16:02:36 C:\WINDOWS\system32\ntoskrnl.exe
----a-w 2,059,648 2007-02-28 16:02:36 C:\WINDOWS\system32\ntkrnlpa.exe
----a-w 135,168 2006-12-19 21:49:48 C:\WINDOWS\system32\shsvcs.dll
----a-w 8,509,952 2006-12-19 21:49:48 C:\WINDOWS\system32\shell32.dll
----a-w 100,352 2006-08-16 11:59:28 C:\WINDOWS\system32\6to4svc.dll
----a-w 334,336 2006-12-19 18:17:50 C:\WINDOWS\system32\wiaservc.dll
----a-w 295,936 2005-06-15 17:50:32 C:\WINDOWS\system32\kerberos.dll
----a-w 44,544 2004-08-19 13:52:06 C:\WINDOWS\system32\tscupgrd.exe
----a-w 189,952 2004-08-19 14:09:52 C:\WINDOWS\system32\accwiz.exe
----a-w 47,104 2004-08-19 14:09:48 C:\WINDOWS\system32\tcpmonui.dll
----a-w 638,976 2004-08-19 14:09:52 C:\WINDOWS\system32\autoconv.exe
----a-w 348,189 2004-08-19 14:09:36 C:\WINDOWS\system32\msxbde40.dll
----a-w 15,872 2004-08-19 14:10:02 C:\WINDOWS\system32\perfmon.exe
----a-w 27,136 2004-08-19 14:09:38 C:\WINDOWS\system32\perfdisk.dll
----a-w 50,688 2004-08-19 14:08:18 C:\WINDOWS\system32\inetres.dll
----a-w 54,784 2004-08-19 14:09:22 C:\WINDOWS\system32\cryptext.dll
----a-w 399,872 2004-08-19 14:09:32 C:\WINDOWS\system32\lmrt.dll
----a-w 348,160 2004-08-19 14:09:26 C:\WINDOWS\system32\filemgmt.dll
----a-w 28,672 2004-08-19 14:09:38 C:\WINDOWS\system32\nmmkcert.dll
----a-w 50,532 2007-10-09 01:24:58 C:\WINDOWS\system32\perfc009.dat
----a-w 374,064 2007-10-09 01:24:58 C:\WINDOWS\system32\perfh009.dat
----a-w 176,640 2004-08-19 14:09:48 C:\WINDOWS\system32\wintrust.dll
----a-w 286,208 2004-08-19 14:09:38 C:\WINDOWS\system32\pdh.dll
----a-w 194,048 2004-08-19 14:09:20 C:\WINDOWS\system32\activeds.dll
----a-w 101,888 2004-08-19 14:09:20 C:\WINDOWS\system32\actxprxy.dll
----a-w 44,544 2004-08-19 14:09:52 C:\WINDOWS\system32\alg.exe
----a-w 25,088 2004-08-19 14:09:50 C:\WINDOWS\system32\wsock32.dll
----a-w 302,592 2004-08-19 14:09:20 C:\WINDOWS\system32\appmgr.dll
----a-w 8,704 2004-08-19 14:08:02 C:\WINDOWS\system32\asferror.dll
----a-w 58,880 2004-08-19 14:09:20 C:\WINDOWS\system32\atl.dll
----a-w 11,264 2004-08-19 14:09:52 C:\WINDOWS\system32\atmadm.exe
----a-w 285,696 2004-08-19 14:08:02 C:\WINDOWS\system32\atmfd.dll
----a-w 625,152 2004-08-19 14:09:52 C:\WINDOWS\system32\autochk.exe
----a-w 670,720 2004-08-19 14:09:48 C:\WINDOWS\system32\wmadmoe.dll
----a-w 59,904 2004-08-19 14:09:22 C:\WINDOWS\system32\cabinet.dll
----a-w 85,504 2004-08-19 14:09:22 C:\WINDOWS\system32\cabview.dll
----a-w 200,192 2004-08-19 14:09:22 C:\WINDOWS\system32\certcli.dll
----a-w 30,720 2004-08-19 14:09:52 C:\WINDOWS\system32\asr_fmt.exe
----a-w 65,536 2004-08-19 14:09:52 C:\WINDOWS\system32\cleanmgr.exe
----a-w 77,824 2004-08-19 14:09:22 C:\WINDOWS\system32\cliconfg.dll
----a-w 20,480 2004-08-19 14:09:52 C:\WINDOWS\system32\cliconfg.exe
----a-w 104,448 2004-08-19 14:09:52 C:\WINDOWS\system32\clipbrd.exe
----a-w 57,856 2004-08-19 14:09:22 C:\WINDOWS\system32\clusapi.dll
----a-w 47,104 2004-08-19 14:09:52 C:\WINDOWS\system32\cmdl32.exe
----a-w 191,488 2004-08-19 14:09:22 C:\WINDOWS\system32\cmprops.dll
----a-w 65,536 2004-08-19 14:09:52 C:\WINDOWS\system32\cmstp.exe
----a-w 27,648 2004-08-19 14:09:52 C:\WINDOWS\system32\conime.exe
----a-w 33,280 2004-08-19 14:09:22 C:\WINDOWS\system32\cryptdll.dll
----a-w 102,912 2004-08-19 14:09:22 C:\WINDOWS\system32\cscdll.dll
----a-w 4,096 2004-08-19 14:09:32 C:\WINDOWS\system32\ksuser.dll
----a-w 25,088 2004-08-19 14:09:24 C:\WINDOWS\system32\davclnt.dll
----a-w 28,672 2004-08-19 14:09:24 C:\WINDOWS\system32\dbnmpntw.dll
----a-w 8,704 2004-08-19 14:09:24 C:\WINDOWS\system32\dciman32.dll
----a-w 299,520 2004-08-19 14:10:16 C:\WINDOWS\system32\drmclien.dll
----a-w 87,040 2004-08-19 14:09:24 C:\WINDOWS\system32\drmstor.dll
----a-w 115,200 2004-08-19 14:09:24 C:\WINDOWS\system32\dgnet.dll
----a-w 187,904 2004-08-19 14:09:24 C:\WINDOWS\system32\dinput8.dll
----a-w 167,936 2004-08-19 14:09:52 C:\WINDOWS\system32\diskpart.exe
----a-w 5,120 2004-08-19 14:09:52 C:\WINDOWS\system32\dllhost.exe
----a-w 61,440 2004-08-19 14:09:24 C:\WINDOWS\system32\dmcompos.dll
----a-w 35,840 2004-08-19 14:09:24 C:\WINDOWS\system32\dmloader.dll
----a-w 17,408 2004-08-19 14:09:22 C:\WINDOWS\system32\bidispl.dll
----a-w 104,448 2004-08-19 14:09:24 C:\WINDOWS\system32\dmusic.dll
----a-w 48,640 2004-08-19 14:09:24 C:\WINDOWS\system32\docprop2.dll
----a-w 213,023 2004-08-19 14:09:34 C:\WINDOWS\system32\msltus40.dll
----a-w 5,632 2004-08-19 14:09:08 C:\WINDOWS\system32\wmi.dll
----a-w 200,704 2004-08-19 14:09:08 C:\WINDOWS\system32\wmerror.dll
----a-w 11,776 2004-08-19 14:09:32 C:\WINDOWS\system32\localui.dll
----a-w 65,024 2004-08-19 14:09:38 C:\WINDOWS\system32\pautoenr.dll
----a-w 408,064 2004-08-19 14:09:48 C:\WINDOWS\system32\wmadmod.dll
----a-w 72,192 2004-08-19 14:09:24 C:\WINDOWS\system32\dsdmoprp.dll
----a-w 94,208 2004-08-19 14:09:48 C:\WINDOWS\system32\wlnotify.dll
----a-w 233,472 2004-08-19 14:09:50 C:\WINDOWS\system32\wmpdxm.dll
----a-w 240,640 2004-08-19 14:09:24 C:\WINDOWS\system32\dsquery.dll
----a-w 137,216 2004-08-03 20:31:44 C:\WINDOWS\system32\dssenh.dll
----a-w 484,864 2004-08-19 14:09:50 C:\WINDOWS\system32\wmspdmod.dll
----a-w 304,128 2004-08-19 14:09:24 C:\WINDOWS\system32\duser.dll
----a-w 896,512 2004-08-19 14:09:50 C:\WINDOWS\system32\wmspdmoe.dll
----a-w 20,480 2004-08-19 14:09:50 C:\WINDOWS\system32\wmpui.dll
----a-w 56,832 2004-08-19 14:09:52 C:\WINDOWS\system32\cipher.exe
----a-w 52,736 2004-08-19 14:09:52 C:\WINDOWS\system32\eventcreate.exe
----a-w 380,957 2004-08-19 14:09:26 C:\WINDOWS\system32\expsrv.dll
----a-w 21,504 2004-08-19 14:09:26 C:\WINDOWS\system32\feclient.dll
----a-w 88,064 2004-08-19 14:09:26 C:\WINDOWS\system32\fldrclnr.dll
----a-w 76,288 2004-08-19 14:09:26 C:\WINDOWS\system32\fdeploy.dll
----a-w 123,904 2004-08-19 14:09:28 C:\WINDOWS\system32\glu32.dll
----a-w 10,240 2004-08-19 14:08:14 C:\WINDOWS\system32\gpkrsrc.dll
----a-w 614,912 2004-08-19 14:09:28 C:\WINDOWS\system32\h323msp.dll
----a-w 347,648 2004-08-19 14:09:28 C:\WINDOWS\system32\hnetcfg.dll
----a-w 336,384 2004-08-19 14:09:28 C:\WINDOWS\system32\hnetwiz.dll
----a-w 146,944 2004-08-19 14:09:28 C:\WINDOWS\system32\hotplug.dll
----a-w 43,008 2004-08-19 14:09:28 C:\WINDOWS\system32\htui.dll
----a-w 11,264 2004-08-19 14:09:28 C:\WINDOWS\system32\icaapi.dll
----a-w 114,688 2004-08-19 14:09:56 C:\WINDOWS\system32\iexpress.exe
----a-w 142,848 2004-08-19 14:09:28 C:\WINDOWS\system32\ifmon.dll
----a-w 75,264 2004-08-19 14:09:30 C:\WINDOWS\system32\inetpp.dll
----a-w 355,840 2004-08-19 14:09:32 C:\WINDOWS\system32\ippromon.dll
----a-w 59,904 2004-08-19 14:09:32 C:\WINDOWS\system32\ipv6mon.dll
----a-w 100,352 2004-08-19 14:09:32 C:\WINDOWS\system32\loadperf.dll
----a-w 57,856 2004-08-19 14:09:24 C:\WINDOWS\system32\dpwsockx.dll
----a-w 201,216 2004-08-19 14:09:28 C:\WINDOWS\system32\gptext.dll
----a-w 515,584 2004-08-19 14:09:56 C:\WINDOWS\system32\logonui.exe
----a-w 22,016 2004-08-19 14:09:32 C:\WINDOWS\system32\lpk.dll
----a-w 91,648 2004-08-19 14:09:36 C:\WINDOWS\system32\mydocs.dll
----a-w 73,216 2004-08-19 14:09:56 C:\WINDOWS\system32\magnify.exe
----a-w 85,504 2004-08-19 14:09:56 C:\WINDOWS\system32\makecab.exe
----a-w 14,848 2004-08-19 14:09:32 C:\WINDOWS\system32\mcastmib.dll
----a-w 35,328 2004-08-19 14:09:32 C:\WINDOWS\system32\mciqtz32.dll
----a-w 23,040 2004-08-19 14:09:32 C:\WINDOWS\system32\mciseq.dll
----a-w 1,028,096 2004-08-19 14:09:32 C:\WINDOWS\system32\mfc42.dll
----a-w 18,944 2004-08-19 14:09:32 C:\WINDOWS\system32\midimap.dll
----a-w 586,240 2004-08-19 14:09:32 C:\WINDOWS\system32\mlang.dll
----a-w 816,128 2004-08-19 14:09:58 C:\WINDOWS\system32\mmc.exe
----a-w 1,198,080 2004-08-19 14:09:32 C:\WINDOWS\system32\mmcndmgr.dll
----a-w 17,920 2004-08-19 14:09:32 C:\WINDOWS\system32\mmfutil.dll
----a-w 210,432 2004-08-19 14:09:32 C:\WINDOWS\system32\mobsync.dll
----a-w 138,240 2004-08-19 14:09:32 C:\WINDOWS\system32\mqad.dll
----a-w 19,968 2004-08-19 14:10:00 C:\WINDOWS\system32\mqbkup.exe
----a-w 16,896 2004-08-19 14:09:32 C:\WINDOWS\system32\mqise.dll
----a-w 89,088 2004-08-19 14:09:32 C:\WINDOWS\system32\mqlogmgr.dll
----a-w 177,152 2004-08-19 14:09:32 C:\WINDOWS\system32\mqrt.dll
----a-w 517,632 2004-08-19 14:09:34 C:\WINDOWS\system32\mqsnap.dll
----a-w 4,608 2004-08-19 14:10:00 C:\WINDOWS\system32\mqsvc.exe
----a-w 186,880 2004-08-19 14:09:34 C:\WINDOWS\system32\mqtrig.dll
----a-w 3,584 2004-08-19 14:08:26 C:\WINDOWS\system32\msafd.dll
----a-w 1,119,744 2004-08-19 14:09:50 C:\WINDOWS\system32\wmsdmoe2.dll
----a-w 184,351 2004-08-19 14:09:34 C:\WINDOWS\system32\msjint40.dll
----a-w 53,279 2004-08-19 14:09:34 C:\WINDOWS\system32\msjter40.dll
----a-w 315,423 2004-08-19 14:09:34 C:\WINDOWS\system32\msrd3x40.dll
----a-w 195,584 2004-08-19 14:09:36 C:\WINDOWS\system32\msutb.dll
----a-w 1,433,600 2004-08-19 14:09:36 C:\WINDOWS\system32\msvidctl.dll
----a-w 247,808 2004-08-19 14:09:36 C:\WINDOWS\system32\mswsock.dll
----a-w 614,429 2004-08-19 14:09:36 C:\WINDOWS\system32\mswstr10.dll
----a-w 344,576 2004-08-19 14:09:32 C:\WINDOWS\system32\localspl.dll
----a-w 18,432 2004-08-19 14:09:36 C:\WINDOWS\system32\nddeapi.dll
----a-w 114,176 2004-08-19 14:10:00 C:\WINDOWS\system32\netdde.exe
----a-w 388,096 2004-08-19 14:09:32 C:\WINDOWS\system32\ipsmsnap.dll
----a-w 1,723,904 2004-08-19 14:09:38 C:\WINDOWS\system32\netshell.dll
----a-w 129,536 2004-08-19 14:09:36 C:\WINDOWS\system32\msv1_0.dll
----a-w 527,360 2004-08-19 14:09:34 C:\WINDOWS\system32\mqutil.dll
----a-w 34,000 2004-08-03 20:45:26 C:\WINDOWS\system32\ntio.sys
----a-w 34,560 2004-08-03 20:45:16 C:\WINDOWS\system32\ntio404.sys
----a-w 35,648 2004-08-03 20:45:12 C:\WINDOWS\system32\ntio411.sys
----a-w 35,424 2004-08-03 20:45:16 C:\WINDOWS\system32\ntio412.sys
----a-w 733,184 2004-08-19 14:09:16 C:\WINDOWS\system32\ntdll.dll
----a-w 181,248 2004-08-19 14:09:38 C:\WINDOWS\system32\ntmsdba.dll
----a-w 145,920 2004-08-19 14:09:38 C:\WINDOWS\system32\ntshrui.dll
----a-w 267,776 2004-08-19 14:09:38 C:\WINDOWS\system32\oakley.dll
----a-w 288,768 2004-08-19 14:09:38 C:\WINDOWS\system32\objsel.dll
----a-w 98,304 2004-08-19 14:08:44 C:\WINDOWS\system32\odbcint.dll
----a-w 61,712 2004-08-19 14:08:44 C:\WINDOWS\system32\odbcji32.dll
----a-w 59,904 2004-08-19 14:10:02 C:\WINDOWS\system32\packager.exe
----a-w 71,680 2004-08-19 14:10:00 C:\WINDOWS\system32\openfiles.exe
----a-w 68,096 2004-08-19 14:09:38 C:\WINDOWS\system32\osuninst.dll
----a-w 216,576 2004-08-19 14:10:02 C:\WINDOWS\system32\osk.exe
----a-w 713,728 2004-08-19 14:09:38 C:\WINDOWS\system32\opengl32.dll
----a-w 83,456 2004-08-19 14:09:38 C:\WINDOWS\system32\olepro32.dll
----a-w 110,592 2004-08-19 14:09:38 C:\WINDOWS\system32\oleprn.dll
----a-w 120,832 2004-08-19 14:09:38 C:\WINDOWS\system32\offfilt.dll
----a-w 20,511 2004-08-19 14:09:38 C:\WINDOWS\system32\odtext32.dll
----a-w 310,272 2004-08-19 14:09:32 C:\WINDOWS\system32\mp43dmod.dll
------w 86,016 2004-08-19 14:09:32 C:\WINDOWS\system32\mdmxsdk.dll
----a-w 204,800 2004-08-19 14:09:36 C:\WINDOWS\system32\mswebdvd.dll
----a-w 237,056 2004-08-19 14:09:40 C:\WINDOWS\system32\rasapi32.dll
----a-w 20,510 2004-08-19 14:09:38 C:\WINDOWS\system32\odpdx32.dll
----a-w 20,510 2004-08-19 14:09:38 C:\WINDOWS\system32\odfox32.dll
----a-w 20,510 2004-08-19 14:09:38 C:\WINDOWS\system32\odexl32.dll
----a-w 20,511 2004-08-19 14:09:38 C:\WINDOWS\system32\oddbse32.dll
----a-w 147,456 2004-08-19 14:09:38 C:\WINDOWS\system32\odbctrac.dll
----a-w 12,288 2004-08-19 14:08:44 C:\WINDOWS\system32\odbcp32r.dll
----a-w 278,559 2004-08-19 14:09:38 C:\WINDOWS\system32\odbcjt32.dll
----a-w 65,536 2004-08-19 14:09:38 C:\WINDOWS\system32\odbccu32.dll
----a-w 65,536 2004-08-19 14:09:38 C:\WINDOWS\system32\odbccr32.dll
----a-w 106,496 2004-08-19 14:09:38 C:\WINDOWS\system32\odbccp32.dll
----a-w 13,824 2004-08-19 14:10:04 C:\WINDOWS\system32\savedump.exe
----a-w 69,632 2004-08-19 14:10:00 C:\WINDOWS\system32\odbcconf.exe
----a-w 135,168 2004-08-19 14:09:38 C:\WINDOWS\system32\odbcconf.dll
----a-w 24,576 2004-08-19 14:09:38 C:\WINDOWS\system32\odbcbcp.dll
----a-w 32,768 2004-08-19 14:10:00 C:\WINDOWS\system32\odbcad32.exe
----a-w 16,384 2004-08-19 14:09:38 C:\WINDOWS\system32\odbc32gt.dll
----a-w 249,856 2004-08-19 14:09:38 C:\WINDOWS\system32\odbc32.dll
----a-w 97,280 2004-08-19 14:09:38 C:\WINDOWS\system32\occache.dll
----a-w 438,272 2004-08-19 14:09:38 C:\WINDOWS\system32\ntmssvc.dll
----a-w 496,640 2004-08-19 14:09:38 C:\WINDOWS\system32\ntmsmgr.dll
----a-w 20,992 2004-08-19 14:10:08 C:\WINDOWS\system32\ssmarque.scr
----a-w 138,240 2004-08-19 14:09:46 C:\WINDOWS\system32\sti_ci.dll
----a-w 57,856 2004-08-19 14:09:46 C:\WINDOWS\system32\synceng.dll
----a-w 107,520 2004-08-19 14:10:04 C:\WINDOWS\system32\sysocmgr.exe
----a-w 143,360 2004-08-19 14:10:04 C:\WINDOWS\system32\taskmgr.exe
----a-w 46,592 2004-08-19 14:09:48 C:\WINDOWS\system32\tcpmon.dll
----a-w 1,005,056 2004-08-19 14:09:46 C:\WINDOWS\system32\syssetup.dll
----a-w 391,168 2004-08-19 14:09:48 C:\WINDOWS\system32\themeui.dll
----a-w 12,168 2004-08-19 14:10:20 C:\WINDOWS\system32\tsddd.dll
----a-w 40,960 2004-08-19 14:09:38 C:\WINDOWS\system32\ntmsapi.dll
----a-w 132,608 2004-08-19 14:09:48 C:\WINDOWS\system32\upnp.dll
----a-w 17,920 2004-08-19 14:09:52 C:\WINDOWS\system32\dvdupgrd.exe
----a-w 417,792 2004-08-19 14:09:48 C:\WINDOWS\system32\vbscript.dll
----a-w 430,592 2004-08-19 14:09:48 C:\WINDOWS\system32\vssapi.dll
----a-w 66,560 2004-08-19 14:10:06 C:\WINDOWS\system32\wextract.exe
----a-w 438,784 2004-08-19 14:10:06 C:\WINDOWS\system32\wiaacmgr.exe
----a-w 124,928 2004-08-19 14:09:48 C:\WINDOWS\system32\wiadss.dll
----a-w 594,432 2004-08-19 14:09:48 C:\WINDOWS\system32\wiashext.dll
----a-w 180,736 2004-08-19 14:09:48 C:\WINDOWS\system32\winmm.dll
----a-w 467,968 2004-08-19 14:09:22 C:\WINDOWS\system32\certmgr.dll
----a-w 230,400 2004-08-19 14:09:48 C:\WINDOWS\system32\wmasf.dll
----a-w 265,216 2004-08-19 14:09:50 C:\WINDOWS\system32\wow32.dll
----a-w 32,256 2004-08-19 14:10:06 C:\WINDOWS\system32\wpabaln.exe
----a-w 19,968 2004-08-19 14:09:50 C:\WINDOWS\system32\ws2help.dll
----a-w 114,688 2004-08-19 14:10:06 C:\WINDOWS\system32\wscript.exe
----a-w 28,672 2004-08-19 14:09:50 C:\WINDOWS\system32\wshcon.dll
----a-w 14,336 2004-08-19 14:09:50 C:\WINDOWS\system32\wship6.dll
----a-w 11,776 2004-08-19 14:09:50 C:\WINDOWS\system32\WshRm.dll
----a-w 348,189 2004-08-19 14:09:34 C:\WINDOWS\system32\mspbde40.dll
----a-w 91,648 2004-08-19 14:09:50 C:\WINDOWS\system32\xactsrv.dll
----a-w 25,600 2004-08-19 14:09:48 C:\WINDOWS\system32\udhisapi.dll
----a-w 311,808 2004-08-19 14:09:48 C:\WINDOWS\system32\ulib.dll
----a-w 60,864 2007-10-09 01:24:58 C:\WINDOWS\system32\perfc00C.dat
----a-w 438,498 2007-10-09 01:24:58 C:\WINDOWS\system32\perfh00C.dat
----a-w 16,896 2004-08-19 14:10:04 C:\WINDOWS\system32\upnpcont.exe
----a-w 27,136 2004-08-19 14:09:48 C:\WINDOWS\system32\wmdmlog.dll
----a-w 119,808 2004-08-19 14:09:38 C:\WINDOWS\system32\ntmarta.dll
----a-w 43,520 2004-08-19 14:09:38 C:\WINDOWS\system32\ntlanman.dll
----a-w 34,560 2004-08-03 20:45:14 C:\WINDOWS\system32\ntio804.sys
----a-w 67,072 2004-08-19 14:09:38 C:\WINDOWS\system32\ntdsapi.dll
----a-w 55,296 2004-08-19 14:09:38 C:\WINDOWS\system32\npptools.dll
----a-w 240,128 2004-08-19 14:09:48 C:\WINDOWS\system32\upnpui.dll
----a-w 347,136 2004-08-19 14:10:04 C:\WINDOWS\system32\tourstart.exe
----a-w 1,003,520 2004-08-19 14:09:42 C:\WINDOWS\system32\setupapi.dll
----a-w 685,056 2004-08-19 14:09:20 C:\WINDOWS\system32\advapi32.dll
----a-w 70,656 2004-08-19 14:10:00 C:\WINDOWS\system32\notepad.exe
----a-w 340,480 2004-08-19 14:09:50 C:\WINDOWS\system32\zipfldr.dll
----a-w 144,384 2004-08-19 14:09:28 C:\WINDOWS\system32\imagehlp.dll
----a-w 400,896 2004-08-19 14:09:52 C:\WINDOWS\system32\cmd.exe
----a-w 91,648 2004-08-19 14:09:38 C:\WINDOWS\system32\ntprint.dll
----a-w 177,664 2004-08-19 14:09:48 C:\WINDOWS\system32\w32time.dll
----a-w 281,088 2004-08-19 14:09:22 C:\WINDOWS\system32\comdlg32.dll
----a-w 13,824 2004-08-19 14:09:32 C:\WINDOWS\system32\lmhsvc.dll
----a-w 131,968 2004-08-03 20:59:10 C:\WINDOWS\system32\HAL.DLL
----a-w 142,336 2004-08-19 14:10:04 C:\WINDOWS\system32\sessmgr.exe
----a-w 103,936 2004-08-19 14:09:38 C:\WINDOWS\system32\nlhtml.dll
----a-w 101,888 2004-08-19 14:09:20 C:\WINDOWS\system32\advpack.dll
----a-w 40,960 2004-08-19 14:09:40 C:\WINDOWS\system32\rshx32.dll
----a-w 33,792 2004-08-19 14:09:34 C:\WINDOWS\system32\msgsvc.dll
----a-w 578,560 2004-08-19 14:09:40 C:\WINDOWS\system32\printui.dll
----a-w 685,056 2004-08-19 14:09:40 C:\WINDOWS\system32\rasdlg.dll
----a-w 251,392 2004-08-19 14:09:38 C:\WINDOWS\system32\newdev.dll
----a-w 102,400 2004-08-19 14:09:48 C:\WINDOWS\system32\win32spl.dll
----a-w 6,656 2004-08-19 14:09:32 C:\WINDOWS\system32\laprxy.dll
----a-w 316,416 2004-08-19 14:09:48 C:\WINDOWS\system32\untfs.dll
----a-w 245,760 2004-08-19 14:09:38 C:\WINDOWS\system32\netui1.dll
----a-w 32,768 2004-08-19 14:09:22 C:\WINDOWS\system32\csrsrv.dll
----a-w 121,856 2004-08-19 14:09:28 C:\WINDOWS\system32\idq.dll
----a-w 263,680 2004-08-19 14:09:20 C:\WINDOWS\system32\adsnt.dll
----a-w 102,400 2004-08-19 14:09:50 C:\WINDOWS\system32\wmpshell.dll
----a-w 11,264 2004-08-19 14:09:52 C:\WINDOWS\system32\autolfn.exe
----a-w 61,440 2004-08-03 20:58:26 C:\WINDOWS\system32\msvcrt40.dll
----a-w 20,480 2004-08-19 14:09:50 C:\WINDOWS\system32\wmpcore.dll
----a-w 42,496 2004-08-19 14:10:00 C:\WINDOWS\system32\net.exe
----a-w 32,768 2004-08-19 14:09:58 C:\WINDOWS\system32\mnmsrvc.exe
----a-w 221,696 2004-08-19 14:09:28 C:\WINDOWS\system32\ieaksie.dll
----a-w 63,488 2004-08-19 14:09:28 C:\WINDOWS\system32\iesetup.dll
----a-w 151,552 2004-08-19 14:09:50 C:\WINDOWS\system32\wmidx.dll
----a-w 1,050,624 2004-08-19 14:09:50 C:\WINDOWS\system32\wmnetmgr.dll
----a-w 1,298,432 2004-08-19 14:09:52 C:\WINDOWS\system32\dxdiag.exe
----a-w 83,456 2004-08-19 14:09:38 C:\WINDOWS\system32\netui0.dll
----a-w 37,888 2004-08-19 14:10:00 C:\WINDOWS\system32\netstat.exe
----a-w 27,136 2004-08-19 14:09:24 C:\WINDOWS\system32\ddrawex.dll
----a-w 290,816 2004-08-19 14:09:24 C:\WINDOWS\system32\devmgr.dll
----a-w 82,432 2004-08-19 14:09:52 C:\WINDOWS\system32\dfrgfat.exe
----a-w 103,936 2004-08-19 14:09:56 C:\WINDOWS\system32\logagent.exe
----a-w 221,696 2004-08-19 14:10:08 C:\WINDOWS\system32\logon.scr
----a-w 42,496 2004-08-19 14:09:38 C:\WINDOWS\system32\perfctrs.dll
----a-w 88,576 2004-08-19 14:10:00 C:\WINDOWS\system32\netsh.exe
----a-w 332,800 2004-08-19 14:12:34 C:\WINDOWS\system32\netsetup.exe
----a-w 20,480 2004-08-19 14:09:50 C:\WINDOWS\system32\wmpcd.dll
----a-w 252,928 2004-08-19 14:09:34 C:\WINDOWS\system32\msoeacct.dll
----a-w 53,760 2004-08-19 14:09:56 C:\WINDOWS\system32\ipv6.exe
----a-w 61,440 2004-08-19 14:09:20 C:\WINDOWS\system32\admparse.dll
----a-w 143,360 2004-08-19 14:09:20 C:\WINDOWS\system32\adsldpc.dll
----a-w 68,096 2004-08-19 14:09:20 C:\WINDOWS\system32\adsmsext.dll
------w 50,176 2004-08-19 14:09:50 C:\WINDOWS\system32\xmlprovi.dll
----a-w 176,640 2004-08-19 14:09:20 C:\WINDOWS\system32\appmgmts.dll
----a-w 114,688 2004-08-19 14:09:50 C:\WINDOWS\system32\wmpasf.dll
----a-w 65,024 2004-08-19 14:09:20 C:\WINDOWS\system32\asycfilt.dll
----a-w 616,960 2004-08-19 14:09:52 C:\WINDOWS\system32\autofmt.exe
----a-w 2,985,984 2004-08-19 14:09:12 C:\WINDOWS\system32\wmploc.dll
----a-w 16,896 2004-08-19 14:08:04 C:\WINDOWS\system32\cfgmgr32.dll
----a-w 15,872 2004-08-19 14:09:22 C:\WINDOWS\system32\cmcfg32.dll
----a-w 352,256 2004-08-19 14:09:22 C:\WINDOWS\system32\cmdial32.dll
----a-w 253,440 2004-08-19 14:09:22 C:\WINDOWS\system32\compatUI.dll
----a-w 604,672 2004-08-19 14:09:22 C:\WINDOWS\system32\crypt32.dll
----a-w 825,344 2004-08-19 14:09:24 C:\WINDOWS\system32\d3dim700.dll
----a-w 640,000 2004-08-19 14:09:24 C:\WINDOWS\system32\dbghelp.dll
----a-w 24,576 2004-08-19 14:09:24 C:\WINDOWS\system32\dbmsrpcn.dll
----a-w 731,136 2004-08-19 14:09:48 C:\WINDOWS\system32\userenv.dll
----a-w 59,904 2004-08-19 14:09:24 C:\WINDOWS\system32\devenum.dll
----a-w 123,904 2004-08-19 14:09:24 C:\WINDOWS\system32\dfrgui.dll
----a-w 104,960 2004-08-19 14:09:52 C:\WINDOWS\system32\dfrgntfs.exe
----a-w 39,424 2004-08-19 14:09:24 C:\WINDOWS\system32\dfrgsnap.dll
----a-w 28,672 2004-08-19 14:09:24 C:\WINDOWS\system32\dfsshlex.dll
----a-w 85,504 2004-08-19 14:09:52 C:\WINDOWS\system32\diantz.exe
----a-w 68,608 2004-08-19 14:09:24 C:\WINDOWS\system32\digest.dll
----a-w 165,376 2004-08-19 14:09:24 C:\WINDOWS\system32\dinput.dll
------w 17,408 2004-08-19 14:09:48 C:\WINDOWS\system32\winshfhc.dll
----a-w 45,568 2004-08-19 14:09:24 C:\WINDOWS\system32\dnsrslvr.dll
----a-w 79,360 2004-08-19 14:10:00 C:\WINDOWS\system32\nslookup.exe
----a-w 25,088 2004-08-19 14:10:04 C:\WINDOWS\system32\userinit.exe
----a-w 14,336 2004-08-19 14:09:24 C:\WINDOWS\system32\drprov.dll
----a-w 1,294,336 2004-08-19 14:09:24 C:\WINDOWS\system32\dsound3d.dll
----a-w 1,689,088 2004-08-19 14:09:22 C:\WINDOWS\system32\d3d9.dll
----a-w 145,408 2004-08-19 14:09:24 C:\WINDOWS\system32\dsprop.dll
----a-w 19,456 2004-08-19 14:09:24 C:\WINDOWS\system32\dswave.dll
----a-w 108,544 2004-08-19 14:10:04 C:\WINDOWS\system32\services.exe
----a-w 100,352 2004-08-19 14:10:04 C:\WINDOWS\system32\scardsvr.exe
----a-w 45,568 2004-08-19 14:09:54 C:\WINDOWS\system32\extrac32.exe
----a-w 382,464 2004-08-19 14:09:40 C:\WINDOWS\system32\qmgr.dll
----a-w 4,126 2004-08-19 14:08:26 C:\WINDOWS\system32\msdxmlc.dll
----a-w 27,136 2004-08-19 14:09:24 C:\WINDOWS\system32\efsadu.dll
----a-w 29,184 2004-08-19 14:09:56 C:\WINDOWS\system32\findstr.exe
----a-w 386,560 2004-08-19 14:09:26 C:\WINDOWS\system32\fontext.dll
----a-w 21,504 2004-08-19 14:09:56 C:\WINDOWS\system32\fontview.exe
----a-w 577,536 2004-08-19 14:09:28 C:\WINDOWS\system32\gpedit.dll
----a-w 123,392 2004-08-19 14:09:56 C:\WINDOWS\system32\gpresult.exe
----a-w 12,288 2004-08-19 14:09:38 C:\WINDOWS\system32\netrap.dll
----a-w 80,384 2004-08-19 14:09:28 C:\WINDOWS\system32\iccvid.dll
----a-w 65,536 2004-08-19 14:09:28 C:\WINDOWS\system32\icwphbk.dll
----a-w 34,304 2004-08-19 14:09:56 C:\WINDOWS\system32\ie4uinit.exe
----a-w 139,264 2004-08-19 14:09:28 C:\WINDOWS\system32\ieakeng.dll
----a-w 323,584 2004-08-19 14:09:28 C:\WINDOWS\system32\iedkcs32.dll
----a-w 49,152 2004-08-19 14:09:28 C:\WINDOWS\system32\iernonce.dll
----a-w 81,920 2004-08-19 14:09:28 C:\WINDOWS\system32\ils.dll
----a-w 150,016 2004-08-19 14:09:56 C:\WINDOWS\system32\imapi.exe
----a-w 36,921 2004-08-19 14:09:28 C:\WINDOWS\system32\imeshare.dll
----a-w 147,456 2004-08-19 14:09:30 C:\WINDOWS\system32\initpki.dll
----a-w 126,464 2004-08-19 14:09:30 C:\WINDOWS\system32\input.dll
----a-w 120,320 2004-08-19 14:09:32 C:\WINDOWS\system32\mdminst.dll
----a-w 332,800 2004-08-19 14:09:32 C:\WINDOWS\system32\ipnathlp.dll
----a-w 65,536 2004-08-19 14:09:50 C:\WINDOWS\system32\wshext.dll
----a-w 47,616 2004-08-19 14:09:32 C:\WINDOWS\system32\iyuv_32.dll
----a-w 424,960 2004-08-19 14:09:32 C:\WINDOWS\system32\licdll.dll
----a-w 228,352 2004-08-19 14:09:32 C:\WINDOWS\system32\localsec.dll
----a-w 79,872 2004-08-19 14:09:32 C:\WINDOWS\system32\mmcbase.dll
----a-w 156,160 2004-08-19 14:09:32 C:\WINDOWS\system32\modemui.dll
----a-w 885,248 2004-08-19 14:09:38 C:\WINDOWS\system32\netplwiz.dll
----a-w 61,952 2004-08-19 14:09:56 C:\WINDOWS\system32\logman.exe
----a-w 47,104 2004-08-19 14:09:32 C:\WINDOWS\system32\mqdscli.dll
----a-w 225,280 2004-08-19 14:09:32 C:\WINDOWS\system32\mqoa.dll
----a-w 660,992 2004-08-19 14:09:32 C:\WINDOWS\system32\mqqm.dll
----a-w 123,392 2004-08-19 14:09:32 C:\WINDOWS\system32\mqrtdep.dll
----a-w 95,744 2004-08-19 14:09:32 C:\WINDOWS\system32\mqsec.dll
----a-w 117,248 2004-08-19 14:10:00 C:\WINDOWS\system32\mqtgsvc.exe
----a-w 48,640 2004-08-19 14:09:34 C:\WINDOWS\system32\mqupgrd.dll
----a-w 72,192 2004-08-19 14:09:34 C:\WINDOWS\system32\msacm32.dll
----a-w 57,344 2004-08-19 14:09:34 C:\WINDOWS\system32\msasn1.dll
----a-w 406,528 2004-08-19 14:09:48 C:\WINDOWS\system32\usp10.dll
----a-w 151,552 2004-08-19 14:09:34 C:\WINDOWS\system32\msdart.dll
----a-w 6,656 2004-08-19 14:09:34 C:\WINDOWS\system32\msidle.dll
----a-w 1,507,356 2004-08-19 14:09:34 C:\WINDOWS\system32\msjet40.dll
----a-w 25,600 2004-08-19 14:09:34 C:\WINDOWS\system32\mslbui.dll
----a-w 30,208 2004-08-19 14:09:34 C:\WINDOWS\system32\mspatcha.dll
----a-w 421,919 2004-08-19 14:09:34 C:\WINDOWS\system32\msrd2x40.dll
----a-w 259,072 2004-08-19 14:10:10 C:\WINDOWS\system32\msnetobj.dll
----a-w 14,848 2004-08-19 14:09:32 C:\WINDOWS\system32\mgmtapi.dll
----a-w 48,128 2004-08-19 14:08:36 C:\WINDOWS\system32\msprivs.dll
----a-w 552,989 2004-08-19 14:09:34 C:\WINDOWS\system32\msrepl40.dll
----a-w 52,736 2004-08-19 14:09:34 C:\WINDOWS\system32\mspmsnsv.dll
----a-w 11,264 2004-08-19 14:09:34 C:\WINDOWS\system32\msrle32.dll
----a-w 356,352 2004-08-19 14:10:12 C:\WINDOWS\system32\msscp.dll
----a-w 258,077 2004-08-19 14:09:36 C:\WINDOWS\system32\mstext40.dll
----a-w 32,768 2004-08-19 14:09:32 C:\WINDOWS\system32\isrdbg32.dll
----a-w 506,368 2004-08-19 14:09:36 C:\WINDOWS\system32\msxml.dll
----a-w 4,096 2004-08-19 14:10:00 C:\WINDOWS\system32\nddeapir.exe
----a-w 633,856 2004-08-19 14:09:36 C:\WINDOWS\system32\netcfgx.dll
----a-w 407,040 2004-08-19 14:09:38 C:\WINDOWS\system32\netlogon.dll
----a-w 144,896 2004-08-19 14:09:36 C:\WINDOWS\system32\netid.dll
----a-w 124,928 2004-08-19 14:10:00 C:\WINDOWS\system32\net1.exe
----a-w 19,456 2004-08-19 14:09:36 C:\WINDOWS\system32\nddenb32.dll
----a-w 36,352 2004-08-19 14:09:36 C:\WINDOWS\system32\ncobjapi.dll
----a-w 55,296 2004-08-19 14:10:00 C:\WINDOWS\system32\narrator.exe
----a-w 8,192 2004-08-19 14:09:38 C:\WINDOWS\system32\ntlsapi.dll
----a-w 420,864 2004-08-19 14:10:00 C:\WINDOWS\system32\ntvdm.exe
----a-w 1,230,848 2004-08-19 14:10:00 C:\WINDOWS\system32\ntbackup.exe
------w 445,440 2004-08-19 14:08:44 C:\WINDOWS\system32\xpob2res.dll
----a-w 17,408 2004-08-19 14:09:36 C:\WINDOWS\system32\msyuv.dll
----a-w 701,440 2004-08-19 14:09:36 C:\WINDOWS\system32\msxml2.dll
----a-w 246,272 2004-08-19 14:09:36 C:\WINDOWS\system32\mswmdm.dll
----a-w 831,519 2004-08-19 14:09:36 C:\WINDOWS\system32\mswdat10.dll
----a-w 72,704 2004-08-19 14:09:36 C:\WINDOWS\system32\msw3prt.dll
----a-w 121,856 2004-08-19 14:09:36 C:\WINDOWS\system32\msvfw32.dll
----a-w 343,040 2004-08-19 14:09:36 C:\WINDOWS\system32\msvcrt.dll
----a-w 13,312 2004-08-19 14:09:56 C:\WINDOWS\system32\lsass.exe
----a-w 413,696 2004-08-19 14:09:36 C:\WINDOWS\system32\msvcp60.dll
----a-w 89,088 2004-08-19 14:09:40 C:\WINDOWS\system32\rasauto.dll
----a-w 54,784 2004-08-19 14:09:36 C:\WINDOWS\system32\msvcirt.dll
----a-w 61,440 2004-08-19 14:09:40 C:\WINDOWS\system32\rasman.dll
----a-w 655,360 2004-08-03 20:59:44 C:\WINDOWS\system32\mstscax.dll
----a-w 411,648 2004-08-19 13:52:00 C:\WINDOWS\system32\mstsc.exe
----a-w 115,712 2004-08-19 14:09:36 C:\WINDOWS\system32\mstlsapi.dll
------w 118,784 2004-08-19 14:09:34 C:\WINDOWS\system32\msdadiag.dll
----a-w 58,880 2004-08-19 14:09:40 C:\WINDOWS\system32\rastapi.dll
----a-w 9,728 2004-08-19 14:10:04 C:\WINDOWS\system32\proxycfg.exe
----a-w 197,632 2004-08-19 14:08:56 C:\WINDOWS\system32\xpsp1res.dll
----a-w 12,288 2004-08-19 14:10:00 C:\WINDOWS\system32\mstinit.exe
----a-w 431,104 2004-08-19 14:09:40 C:\WINDOWS\system32\samsrv.dll
----a-w 55,808 2004-08-19 14:09:26 C:\WINDOWS\system32\eventlog.dll
----a-w 270,848 2004-08-19 14:09:40 C:\WINDOWS\system32\sbe.dll
----a-w 281,600 2004-08-19 14:09:36 C:\WINDOWS\system32\mstask.dll
----a-w 107,520 2004-08-19 14:10:04 C:\WINDOWS\system32\rsnotify.exe
----a-w 201,728 2004-08-19 14:09:34 C:\WINDOWS\system32\mspmsp.dll
----a-w 347,648 2004-08-19 14:10:00 C:\WINDOWS\system32\mspaint.exe
----a-w 143,360 2004-08-19 14:09:34 C:\WINDOWS\system32\msorcl32.dll
----a-w 24,576 2004-08-19 14:08:36 C:\WINDOWS\system32\msorc32r.dll
----a-w 105,984 2004-08-19 14:09:34 C:\WINDOWS\system32\msoert2.dll
----a-w 290,816 2004-08-19 14:09:34 C:\WINDOWS\system32\msnsspc.dll
----a-w 241,693 2004-08-19 14:09:34 C:\WINDOWS\system32\msjtes40.dll
----a-w 358,976 2004-07-17 09:34:48 C:\WINDOWS\system32\msjetoledb40.dll
----a-w 159,232 2004-08-19 14:09:34 C:\WINDOWS\system32\msimtf.dll
------w 60,416 2004-08-19 14:09:28 C:\WINDOWS\system32\fwcfg.dll
----a-w 171,008 2004-08-19 14:09:46 C:\WINDOWS\system32\srsvc.dll
----a-w 708,608 2004-08-19 14:10:08 C:\WINDOWS\system32\ss3dfo.scr
----a-w 71,680 2004-08-19 14:09:46 C:\WINDOWS\system32\ssdpsrv.dll
----a-w 393,216 2004-08-19 14:10:08 C:\WINDOWS\system32\ssflwbox.scr
----a-w 47,104 2004-08-19 14:10:08 C:\WINDOWS\system32\ssmypics.scr
----a-w 18,944 2004-08-19 14:10:08 C:\WINDOWS\system32\ssmyst.scr
----a-w 610,304 2004-08-19 14:10:08 C:\WINDOWS\system32\sspipes.scr
----a-w 14,336 2004-08-19 14:10:08 C:\WINDOWS\system32\ssstars.scr
----a-w 68,096 2004-08-19 14:09:46 C:\WINDOWS\system32\sti.dll
----a-w 76,800 2004-08-19 14:09:46 C:\WINDOWS\system32\storprop.dll
----a-w 75,264 2004-08-19 14:09:56 C:\WINDOWS\system32\locator.exe
----a-w 197,120 2004-08-19 14:09:46 C:\WINDOWS\system32\syncui.dll
----a-w 75,264 2004-08-19 14:10:04 C:\WINDOWS\system32\tlntsvr.exe
----a-w 63,488 2004-08-19 14:10:04 C:\WINDOWS\system32\tlntadmn.exe
----a-w 130,560 2004-08-19 14:10:04 C:\WINDOWS\system32\schtasks.exe
----a-w 80,384 2004-08-19 14:10:04 C:\WINDOWS\system32\tlntsess.exe
----a-w 7,168 2004-08-19 14:09:48 C:\WINDOWS\system32\tlntsvrp.dll
----a-w 26,112 2004-08-19 14:09:48 C:\WINDOWS\system32\vdmdbg.dll
----a-w 136,192 2004-08-19 14:09:48 C:\WINDOWS\system32\webvw.dll
----a-w 465,920 2004-08-19 14:09:48 C:\WINDOWS\system32\wiadefui.dll
------w 15,872 2004-08-19 14:09:48 C:\WINDOWS\system32\w3ssl.dll
----a-w 8,192 2004-08-19 14:10:04 C:\WINDOWS\system32\spdwnwxp.exe
----a-w 126,976 2004-08-19 14:09:20 C:\WINDOWS\system32\apphelp.dll
----a-w 4,608 2004-08-19 14:09:34 C:\WINDOWS\system32\msimg32.dll
----a-w 614,400 2004-08-19 14:09:50 C:\WINDOWS\system32\wsecedit.dll
----a-w 252,416 2004-08-19 14:09:34 C:\WINDOWS\system32\msieftp.dll
----a-w 759,296 2004-08-19 14:09:50 C:\WINDOWS\system32\wmsdmod.dll
----a-w 115,200 2004-08-19 14:09:50 C:\WINDOWS\system32\wmsdmoe.dll
----a-w 303,616 2004-08-19 14:09:50 C:\WINDOWS\system32\wmstream.dll
----a-w 16,384 2004-08-19 14:09:30 C:\WINDOWS\system32\inetppui.dll
----a-w 809,984 2004-08-19 14:09:50 C:\WINDOWS\system32\wmvdmod.dll
----a-w 260,096 2004-08-19 14:10:04 C:\WINDOWS\system32\tracerpt.exe
----a-w 19,968 2004-08-19 14:09:50 C:\WINDOWS\system32\wshtcpip.dll
----a-w 378,880 2004-08-19 14:09:50 C:\WINDOWS\system32\wzcdlg.dll
----a-w 359,936 2004-08-19 14:09:50 C:\WINDOWS\system32\wzcsvc.dll
----a-w 30,720 2004-08-19 14:10:06 C:\WINDOWS\system32\xcopy.exe
----a-w 294,400 2004-08-19 14:09:34 C:\WINDOWS\system32\msctf.dll
----a-w 51,712 2004-08-19 14:09:34 C:\WINDOWS\system32\msident.dll
----a-w 6,144 2004-08-19 14:09:52 C:\WINDOWS\system32\csrss.exe
----a-w 57,344 2004-08-19 14:08:28 C:\WINDOWS\system32\mshtmler.dll
----a-w 29,184 2004-08-19 14:10:00 C:\WINDOWS\system32\mshta.exe
----a-w 384,512 2004-08-19 14:09:32 C:\WINDOWS\system32\mp4sdmod.dll
------w 11,776 2004-08-19 14:10:04 C:\WINDOWS\system32\spnpinst.exe
----a-w 512,029 2004-08-19 14:09:34 C:\WINDOWS\system32\msexch40.dll
----a-w 1,004,032 2004-08-19 14:09:34 C:\WINDOWS\system32\msgina.dll
----a-w 319,517 2004-08-19 14:09:34 C:\WINDOWS\system32\msexcl40.dll
----a-w 219,648 2004-08-19 14:09:48 C:\WINDOWS\system32\uxtheme.dll
----a-w 18,432 2004-08-19 14:09:50 C:\WINDOWS\system32\wtsapi32.dll
----a-w 46,080 2004-08-19 14:09:56 C:\WINDOWS\system32\ftp.exe
----a-w 192,184 2007-10-09 01:22:50 C:\WINDOWS\system32\FNTCACHE.DAT
----a-w 282,624 2004-08-19 14:09:30 C:\WINDOWS\system32\inetcfg.dll
----a-w 94,208 2004-08-19 14:09:48 C:\WINDOWS\system32\tscfgwmi.dll
----a-w 122,368 2004-08-19 14:09:46 C:\WINDOWS\system32\stobject.dll
----a-w 58,880 2004-08-19 14:09:34 C:\WINDOWS\system32\msdtclog.dll
----a-w 28,672 2004-08-19 14:09:22 C:\WINDOWS\system32\batmeter.dll
----a-w 177,784 2004-07-17 09:39:04 C:\WINDOWS\system32\xenroll.dll
----a-w 6,144 2004-08-19 14:10:00 C:\WINDOWS\system32\msdtc.exe
----a-w 14,336 2004-08-19 14:09:34 C:\WINDOWS\system32\msdmo.dll
----a-w 69,120 2004-08-19 14:09:34 C:\WINDOWS\system32\msctfp.dll
----a-w 90,624 2004-08-19 14:09:48 C:\WINDOWS\system32\trkwks.dll
----a-w 69,632 2004-08-19 14:09:34 C:\WINDOWS\system32\msconf.dll
----a-w 40,448 2004-08-19 14:09:52 C:\WINDOWS\system32\cmmon32.exe
----a-w 50,688 2004-08-19 14:09:32 C:\WINDOWS\system32\mmcshext.dll
----a-w 5,632 2004-08-19 14:09:52 C:\WINDOWS\system32\cisvc.exe
----a-w 86,016 2004-08-19 14:09:34 C:\WINDOWS\system32\msapsspc.dll
----a-w 51,712 2004-08-19 14:09:50 C:\WINDOWS\system32\wzcsapi.dll
----a-w 87,040 2004-08-19 14:09:32 C:\WINDOWS\system32\mprapi.dll
----a-w 59,904 2004-08-19 14:09:32 C:\WINDOWS\system32\mpr.dll
----a-w 124,928 2004-08-19 14:10:00 C:\WINDOWS\system32\mplay32.exe
----a-w 240,640 2004-08-19 14:09:32 C:\WINDOWS\system32\mpg4dmod.dll
----a-w 16,896 2004-08-19 14:09:48 C:\WINDOWS\system32\usbmon.dll
----a-w 51,200 2004-08-19 14:09:50 C:\WINDOWS\system32\wstdecod.dll
----a-w 42,496 2004-08-19 14:09:50 C:\WINDOWS\system32\wsnmp32.dll
----a-w 216,064 2004-08-19 14:08:24 C:\WINDOWS\system32\moricons.dll
----a-w 144,384 2004-08-19 14:09:58 C:\WINDOWS\system32\mobsync.exe
----a-w 22,528 2004-08-19 14:09:32 C:\WINDOWS\system32\licmgr10.dll
------w 88,064 2004-08-19 14:09:38 C:\WINDOWS\system32\p2pnetsh.dll
------w 116,224 2004-08-19 14:09:38 C:\WINDOWS\system32\p2p.dll
----a-w 34,560 2004-08-19 14:09:32 C:\WINDOWS\system32\mnmdd.dll
------w 86,016 2004-08-19 14:09:38 C:\WINDOWS\system32\p2pgasvc.dll
----a-w 159,232 2004-08-19 14:09:22 C:\WINDOWS\system32\cewmdm.dll
----a-w 54,784 2004-08-19 14:09:32 C:\WINDOWS\system32\ixsso.dll
----a-w 70,688 2004-08-19 13:52:22 C:\WINDOWS\system32\mmsystem.dll
------w 81,920 2004-08-19 14:09:28 C:\WINDOWS\system32\ieencode.dll
----a-w 60,928 2004-08-19 14:09:32 C:\WINDOWS\system32\miglibnt.dll
----a-w 110,592 2004-08-19 14:09:24 C:\WINDOWS\system32\DBnetlib.dll
------w 312,320 2004-08-19 14:09:38 C:\WINDOWS\system32\p2pGraph.dll
------w 48,640 2004-08-19 14:09:38 C:\WINDOWS\system32\pnrpNsp.dll
------w 120,320 2004-08-19 14:09:32 C:\WINDOWS\system32\ir41_qc.dll
----a-w 20,480 2004-08-19 14:09:26 C:\WINDOWS\system32\encapi.dll
----a-w 22,528 2004-08-19 14:09:32 C:\WINDOWS\system32\mfcsubs.dll
----a-w 23,552 2004-08-19 14:09:32 C:\WINDOWS\system32\mciwave.dll
----a-w 85,504 2004-08-19 14:09:32 C:\WINDOWS\system32\mciavi32.dll
----a-w 10,240 2004-08-19 14:09:32 C:\WINDOWS\system32\lprhelp.dll
----a-w 18,944 2004-08-19 14:09:48 C:\WINDOWS\system32\version.dll
----a-w 58,880 2004-08-19 14:09:32 C:\WINDOWS\system32\licwmi.dll
----a-w 92,608 2004-08-03 20:49:58 C:\WINDOWS\system32\krnl386.exe
----a-w 157,184 2004-08-19 14:09:32 C:\WINDOWS\system32\keymgr.dll
----a-w 7,424 2004-08-03 20:59:24 C:\WINDOWS\system32\kd1394.dll
----a-w 8,192 2004-08-19 14:09:28 C:\WINDOWS\system32\igmpagnt.dll
----a-w 86,016 2004-08-19 14:09:32 C:\WINDOWS\system32\isign32.dll
----a-w 110,080 2004-08-19 14:09:30 C:\WINDOWS\system32\imm32.dll
----a-w 24,576 2004-08-19 14:09:56 C:\WINDOWS\system32\ipxroute.exe
----a-w 3,584 2004-08-19 14:08:16 C:\WINDOWS\system32\icmp.dll
----a-w 73,728 2004-08-19 14:09:28 C:\WINDOWS\system32\icwdial.dll
----a-w 184,320 2004-08-19 14:09:32 C:\WINDOWS\system32\ipsecsvc.dll
----a-w 361,472 2004-08-19 14:09:32 C:\WINDOWS\system32\ipsecsnp.dll
----a-w 58,368 2004-08-19 14:09:56 C:\WINDOWS\system32\ipconfig.exe
----a-w 33,280 2004-08-19 14:09:30 C:\WINDOWS\system32\inetmib1.dll
----a-w 8,192 2004-08-19 14:09:22 C:\WINDOWS\system32\d3d8thk.dll
----a-w 31,744 2004-08-19 14:09:52 C:\WINDOWS\system32\ddeshare.exe
----a-w 266,240 2004-08-19 14:09:24 C:\WINDOWS\system32\ddraw.dll
----a-w 54,080 2004-08-03 20:51:28 C:\WINDOWS\system32\dosx.exe
----a-w 30,208 2004-08-19 14:09:52 C:\WINDOWS\system32\dplaysvr.exe
----a-w 229,888 2004-08-19 14:09:24 C:\WINDOWS\system32\dplayx.dll
----a-w 116,736 2004-08-19 14:09:24 C:\WINDOWS\system32\dpvvox.dll
----a-w 35,840 2004-08-19 14:09:30 C:\WINDOWS\system32\imgutil.dll
----a-w 93,696 2004-08-19 14:09:24 C:\WINDOWS\system32\dskquota.dll
----a-w 367,616 2004-08-19 14:09:24 C:\WINDOWS\system32\dsound.dll
----a-w 82,944 2004-08-19 14:09:50 C:\WINDOWS\system32\ws2_32.dll
----a-w 180,224 2004-08-19 14:09:52 C:\WINDOWS\system32\dwwin.exe
----a-w 1,179,648 2004-08-19 14:09:22 C:\WINDOWS\system32\d3d8.dll
----a-w 619,008 2004-08-19 14:09:24 C:\WINDOWS\system32\dx7vb.dll
----a-w 32,768 2004-08-19 14:10:06 C:\WINDOWS\system32\wpnpinst.exe
----a-w 24,064 2004-08-19 14:09:24 C:\WINDOWS\system32\dpmodemx.dll
----a-w 3,584 2004-08-19 14:08:08 C:\WINDOWS\system32\dpnaddr.dll
----a-w 375,296 2004-08-19 14:09:24 C:\WINDOWS\system32\dpnet.dll
----a-w 35,328 2004-08-19 14:09:24 C:\WINDOWS\system32\dpnhpast.dll
----a-w 60,928 2004-08-19 14:09:24 C:\WINDOWS\system32\dpnhupnp.dll
----a-w 3,584 2004-08-19 14:08:08 C:\WINDOWS\system32\dpnlobby.dll
----a-w 18,432 2004-08-19 14:09:52 C:\WINDOWS\system32\dpnsvr.exe
----a-w 21,504 2004-08-19 14:09:24 C:\WINDOWS\system32\dpvacm.dll
----a-w 213,504 2004-08-19 14:09:24 C:\WINDOWS\system32\dpvoice.dll
----a-w 83,456 2004-08-19 14:09:52 C:\WINDOWS\system32\dpvsetup.exe
----a-w 16,384 2004-08-19 14:09:24 C:\WINDOWS\system32\ds32gt.dll
----a-w 181,760 2004-08-19 14:09:24 C:\WINDOWS\system32\dsdmo.dll
----a-w 1,227,264 2004-08-19 14:09:24 C:\WINDOWS\system32\dx8vb.dll
----a-w 17,408 2004-08-19 14:09:20 C:\WINDOWS\system32\alrsvc.dll
----a-w 25,088 2004-08-19 14:09:52 C:\WINDOWS\system32\defrag.exe
----a-w 2,113,536 2004-08-19 14:09:24 C:\WINDOWS\system32\dxdiagn.dll
----a-w 119,808 2004-08-19 14:09:28 C:\WINDOWS\system32\iasrad.dll
----a-w 20,992 2004-08-19 14:09:28 C:\WINDOWS\system32\hid.dll
----a-w 39,424 2004-08-19 14:09:56 C:\WINDOWS\system32\grpconv.exe
----a-w 9,344 2004-08-19 14:08:14 C:\WINDOWS\system32\framebuf.dll
----a-w 80,896 2004-08-19 14:09:26 C:\WINDOWS\system32\faultrep.dll
----a-w 195,072 2004-08-19 14:09:52 C:\WINDOWS\system32\eudcedit.exe
----a-w 15,360 2004-08-19 14:09:52 C:\WINDOWS\system32\ctfmon.exe
----a-w 15,872 2004-08-19 14:09:52 C:\WINDOWS\system32\dmremote.exe
----a-w 113,664 2004-08-19 14:09:24 C:\WINDOWS\system32\dsuiext.dll
----a-w 225,280 2004-08-19 14:09:52 C:\WINDOWS\system32\dmadmin.exe
----a-w 28,672 2004-08-19 14:09:24 C:\WINDOWS\system32\dmband.dll
----a-w 200,704 2004-08-19 14:09:24 C:\WINDOWS\system32\dmdskmgr.dll
----a-w 181,248 2004-08-19 14:09:24 C:\WINDOWS\system32\dmime.dll
----a-w 24,576 2004-08-19 14:09:24 C:\WINDOWS\system32\dmserver.dll
----a-w 105,984 2004-08-19 14:09:24 C:\WINDOWS\system32\dmstyle.dll
----a-w 103,424 2004-08-19 14:09:24 C:\WINDOWS\system32\dmsynth.dll
------w 13,824 2004-08-19 14:09:22 C:\WINDOWS\system32\cmsetacl.dll
----a-w 4,096 2004-08-19 14:08:10 C:\WINDOWS\system32\dsprpres.dll
----a-w 8,704 2004-08-19 14:09:22 C:\WINDOWS\system32\batt.dll
----a-w 23,040 2004-08-19 14:09:26 C:\WINDOWS\system32\ersvc.dll
----a-w 187,392 2004-08-19 14:09:26 C:\WINDOWS\system32\els.dll
----a-w 10,752 2004-08-19 14:09:52 C:\WINDOWS\system32\dumprep.exe
----a-w 52,736 2004-08-19 14:09:24 C:\WINDOWS\system32\dssec.dll
----a-w 695,296 2004-08-19 14:10:14 C:\WINDOWS\system32\drmv2clt.dll
----a-w 30,749 2004-08-19 14:09:48 C:\WINDOWS\system32\vbajet32.dll
----a-w 23,552 2004-08-19 14:09:48 C:\WINDOWS\system32\wmdmps.dll
----a-w 172,544 2004-08-19 14:09:48 C:\WINDOWS\system32\wldap32.dll
----a-w 5,632 2004-08-19 14:10:06 C:\WINDOWS\system32\winver.exe
----a-w 58,880 2004-08-19 14:09:24 C:\WINDOWS\system32\dmutil.dll
----a-w 53,760 2004-08-19 14:09:48 C:\WINDOWS\system32\winsta.dll
----a-w 100,352 2004-08-19 14:09:48 C:\WINDOWS\system32\winscard.dll
----a-w 16,896 2004-08-19 14:09:48 C:\WINDOWS\system32\winrnr.dll
----a-w 773,632 2004-08-19 14:09:08 C:\WINDOWS\system32\winntbbu.dll
----a-w 506,368 2004-08-19 14:10:06 C:\WINDOWS\system32\winlogon.exe
------w 49,152 2004-08-19 14:10:02 C:\WINDOWS\system32\powercfg.exe
----a-w 82,432 2004-08-19 14:09:24 C:\WINDOWS\system32\dmscript.dll
------w 14,336 2004-08-19 14:09:52 C:\WINDOWS\system32\auditusr.exe
----a-w 32,768 2004-08-19 14:09:48 C:\WINDOWS\system32\winipsec.dll
----a-w 111,104 2004-08-19 14:09:48 C:\WINDOWS\system32\wiavideo.dll
----a-w 75,776 2004-08-19 14:09:48 C:\WINDOWS\system32\wiascr.dll
----a-w 281,600 2004-08-19 14:09:48 C:\WINDOWS\system32\webcheck.dll
----a-w 49,152 2004-08-19 14:09:48 C:\WINDOWS\system32\wdigest.dll
----a-w 17,664 2004-08-03 21:07:34 C:\WINDOWS\system32\watchdog.sys
----a-w 295,424 2004-08-19 14:10:04 C:\WINDOWS\system32\vssvc.exe
----a-w 54,784 2004-08-19 14:09:48 C:\WINDOWS\system32\vfwwdm32.dll
----a-w 51,712 2004-08-19 14:09:48 C:\WINDOWS\system32\vdmredir.dll
----a-w 50,176 2004-08-19 14:10:04 C:\WINDOWS\system32\utilman.exe
----a-w 77,312 2004-08-19 14:09:48 C:\WINDOWS\system32\usbui.dll
----a-w 37,888 2004-08-19 14:09:48 C:\WINDOWS\system32\url.dll
----a-w 18,432 2004-08-19 14:10:04 C:\WINDOWS\system32\ups.exe
----a-w 13,824 2004-08-19 14:09:48 C:\WINDOWS\system32\uniplat.dll
----a-w 78,848 2004-08-19 14:09:48 C:\WINDOWS\system32\unimdmat.dll
----a-w 36,864 2004-08-19 14:09:48 C:\WINDOWS\system32\umandlg.dll
----a-w 13,312 2004-08-19 14:10:04 C:\WINDOWS\system32\tracert.exe
----a-w 297,984 2004-08-19 14:09:48 C:\WINDOWS\system32\termsrv.dll
----a-w 358,912 2004-08-19 14:09:48 C:\WINDOWS\system32\termmgr.dll
----a-w 14,848 2004-08-19 14:09:48 C:\WINDOWS\system32\tcpmib.dll
----a-w 181,760 2004-08-19 14:09:48 C:\WINDOWS\system32\tapi32.dll
----a-w 860,160 2004-08-19 14:09:48 C:\WINDOWS\system32\tapi3.dll
----a-w 14,336 2004-08-19 14:10:04 C:\WINDOWS\system32\svchost.exe
----a-w 14,848 2004-08-19 14:10:04 C:\WINDOWS\system32\stimon.exe
----a-w 684,032 2004-08-19 14:10:08 C:\WINDOWS\system32\sstext3d.scr
----a-w 34,816 2004-08-19 14:09:46 C:\WINDOWS\system32\ssdpapi.dll
----a-w 19,968 2004-08-19 14:10:08 C:\WINDOWS\system32\ssbezier.scr
----a-w 241,664 2004-08-19 14:09:46 C:\WINDOWS\system32\srrstr.dll
----a-w 55,296 2004-08-19 14:09:24 C:\WINDOWS\system32\dataclen.dll
----a-w 67,584 2004-08-19 14:09:46 C:\WINDOWS\system32\srclient.dll
----a-w 337,920 2004-08-19 14:09:22 C:\WINDOWS\system32\cscui.dll
----a-w 180,800 2004-08-19 14:09:46 C:\WINDOWS\system32\sqlunirl.dll
----a-w 98,304 2004-08-19 14:09:52 C:\WINDOWS\system32\cscript.exe
----a-w 530,432 2004-08-19 14:09:22 C:\WINDOWS\system32\cryptui.dll
----a-w 442,368 2004-08-19 14:09:46 C:\WINDOWS\system32\sqlsrv32.dll
----a-w 60,416 2004-08-19 14:09:22 C:\WINDOWS\system32\cryptsvc.dll
----a-w 63,488 2004-08-19 14:09:22 C:\WINDOWS\system32\cryptnet.dll
----a-w 74,752 2004-08-19 14:09:44 C:\WINDOWS\system32\spoolss.dll
----a-w 75,776 2004-08-19 14:09:22 C:\WINDOWS\system32\cryptdlg.dll
----a-w 539,136 2004-08-19 14:10:04 C:\WINDOWS\system32\spider.exe
----a-w 165,888 2004-08-19 14:09:22 C:\WINDOWS\system32\credui.dll
----a-w 184,320 2004-08-19 14:09:44 C:\WINDOWS\system32\snmpsnap.dll
----a-w 35,328 2004-08-19 14:09:22 C:\WINDOWS\system32\corpol.dll
----a-w 18,944 2004-08-19 14:09:44 C:\WINDOWS\system32\snmpapi.dll
----a-w 133,120 2004-08-19 14:10:04 C:\WINDOWS\system32\sndrec32.exe
----a-w 851,968 2004-08-19 14:09:22 C:\WINDOWS\system32\comres.dll
----a-w 93,184 2004-08-19 14:10:04 C:\WINDOWS\system32\smlogsvc.exe
----a-w 230,912 2004-08-19 14:09:22 C:\WINDOWS\system32\compstui.dll
----a-w 370,688 2004-08-19 14:09:42 C:\WINDOWS\system32\smlogcfg.dll
----a-w 50,688 2004-08-19 14:09:22 C:\WINDOWS\system32\cnbjmon.dll
----a-w 98,304 2004-08-19 14:09:42 C:\WINDOWS\system32\slbiop.dll
----a-w 40,960 2004-08-19 14:09:22 C:\WINDOWS\system32\cmutil.dll
----a-w 306,176 2004-08-03 20:31:44 C:\WINDOWS\system32\slbcsp.dll
----a-w 33,280 2004-08-19 14:09:52 C:\WINDOWS\system32\clipsrv.exe
----a-w 25,600 2004-08-19 14:09:42 C:\WINDOWS\system32\slayerxp.dll
----a-w 39,424 2004-08-19 14:09:22 C:\WINDOWS\system32\cfgbkend.dll
----a-w 26,112 2004-08-19 14:10:04 C:\WINDOWS\system32\skeys.exe
----a-w 85,504 2004-08-19 14:09:22 C:\WINDOWS\system32\catsrvps.dll
----a-w 71,168 2004-08-19 14:10:04 C:\WINDOWS\system32\sigverif.exe
----a-w 50,688 2004-08-19 14:09:22 C:\WINDOWS\system32\camocx.dll
----a-w 13,824 2004-08-19 14:09:42 C:\WINDOWS\system32\sigtab.dll
----a-w 78,336 2004-08-19 14:09:22 C:\WINDOWS\system32\browsewm.dll
----a-w 20,480 2004-08-19 14:10:04 C:\WINDOWS\system32\shutdown.exe
----a-w 77,312 2004-08-19 14:09:22 C:\WINDOWS\system32\browser.dll
----a-w 70,144 2004-08-19 14:08:04 C:\WINDOWS\system32\browselc.dll
----a-w 28,160 2004-08-19 14:09:42 C:\WINDOWS\system32\shscrap.dll
----a-w 286,208 2004-08-19 14:09:22 C:\WINDOWS\system32\blackbox.dll
----a-w 78,848 2004-08-19 14:10:04 C:\WINDOWS\system32\shrpubw.exe
----a-w 52,736 2004-08-19 14:09:22 C:\WINDOWS\system32\basesrv.dll
----a-w 42,496 2004-08-19 14:10:04 C:\WINDOWS\system32\shmgrate.exe
----a-w 85,504 2004-08-19 14:09:22 C:\WINDOWS\system32\avifil32.dll
----a-w 153,088 2004-08-19 14:09:42 C:\WINDOWS\system32\shmedia.dll
----a-w 42,496 2004-08-19 14:09:22 C:\WINDOWS\system32\audiosrv.dll
----a-w 30,208 2004-08-19 14:09:22 C:\WINDOWS\system32\atmlib.dll
----a-w 440,320 2004-08-19 14:09:42 C:\WINDOWS\system32\shimgvw.dll
----a-w 25,088 2004-08-19 14:09:52 C:\WINDOWS\system32\at.exe
----a-w 65,536 2004-08-19 14:09:42 C:\WINDOWS\system32\shimeng.dll
----a-w 70,656 2004-08-19 14:09:20 C:\WINDOWS\system32\amstream.dll
----a-w 68,096 2004-08-19 14:09:42 C:\WINDOWS\system32\shgina.dll
----a-w 98,304 2004-08-19 14:09:52 C:\WINDOWS\system32\ahui.exe
----a-w 25,088 2004-08-19 14:09:42 C:\WINDOWS\system32\shfolder.dll
----a-w 175,616 2004-08-19 14:09:20 C:\WINDOWS\system32\adsldp.dll
----a-w 4,096 2004-08-19 14:09:52 C:\WINDOWS\system32\actmovie.exe
----a-w 119,296 2004-08-19 14:09:20 C:\WINDOWS\system32\aclui.dll
----a-w 572,416 2004-08-19 14:08:52 C:\WINDOWS\system32\shdoclc.dll
------w 129,536 2004-08-19 14:09:50 C:\WINDOWS\system32\xmlprov.dll
----a-w 1,548,288 2004-08-19 14:09:42 C:\WINDOWS\system32\sfcfiles.dll
----a-w 6,656 2004-08-19 14:09:50 C:\WINDOWS\system32\wuauserv.dll
----a-w 142,336 2004-08-19 14:09:42 C:\WINDOWS\system32\sfc_os.dll
------w 184,320 2004-08-19 14:09:50 C:\WINDOWS\system32\wuaueng1.dll
----a-w 5,120 2004-08-19 14:09:42 C:\WINDOWS\system32\sfc.dll
------w 168,960 2004-08-19 14:10:06 C:\WINDOWS\system32\wuauclt1.exe
----a-w 23,040 2004-08-19 14:10:04 C:\WINDOWS\system32\setup.exe
------w 108,032 2004-08-19 14:09:50 C:\WINDOWS\system32\wshbth.dll
----a-w 32,768 2004-08-19 14:10:04 C:\WINDOWS\system32\sethc.exe
----a-w 56,320 2004-08-19 14:09:42 C:\WINDOWS\system32\servdeps.dll
------w 81,408 2004-08-19 14:09:50 C:\WINDOWS\system32\wscsvc.dll
----a-w 6,656 2004-08-19 14:09:42 C:\WINDOWS\system32\sensapi.dll
------w 13,824 2004-08-19 14:10:06 C:\WINDOWS\system32\wscntfy.exe
----a-w 38,912 2004-08-19 14:09:42 C:\WINDOWS\system32\sens.dll
----a-w 1,001,472 2004-08-19 14:09:50 C:\WINDOWS\system32\wmvdmoe2.dll
----a-w 55,296 2004-08-19 14:09:40 C:\WINDOWS\system32\sendmail.dll
----a-w 29,696 2004-08-19 14:09:40 C:\WINDOWS\system32\sendcmsg.dll
----a-w 938,496 2004-08-19 14:09:08 C:\WINDOWS\system32\winbrand.dll
----a-w 5,632 2004-08-19 14:09:40 C:\WINDOWS\system32\security.dll
----a-w 55,808 2004-08-19 14:09:40 C:\WINDOWS\system32\secur32.dll
------w 44,032 2004-08-19 14:09:48 C:\WINDOWS\system32\twext.dll
----a-w 18,944 2004-08-19 14:09:40 C:\WINDOWS\system32\seclogon.dll
------w 75,776 2004-08-19 14:09:46 C:\WINDOWS\system32\strmfilt.dll
----a-w 78,848 2004-08-19 14:10:04 C:\WINDOWS\system32\sdbinst.exe
------w 21,504 2004-08-19 14:10:04 C:\WINDOWS\system32\spupdwxp.exe
----a-w 151,552 2004-08-19 14:09:40 C:\WINDOWS\system32\scrrun.dll
------w 2,986,496 2004-08-19 14:08:58 C:\WINDOWS\system32\xpsp2res.dll
----a-w 159,744 2004-08-19 14:09:40 C:\WINDOWS\system32\scrobj.dll
------w 8,192 2004-08-19 14:10:04 C:\WINDOWS\system32\smbinst.exe
----a-w 9,216 2004-08-19 14:10:08 C:\WINDOWS\system32\scrnsave.scr
------w 73,796 2004-08-19 14:10:04 C:\WINDOWS\system32\slserv.exe
----a-w 22,016 2004-08-19 14:09:40 C:\WINDOWS\system32\sclgntfy.dll
------w 32,866 2004-08-19 14:10:04 C:\WINDOWS\system32\slrundll.exe
----a-w 193,024 2004-08-19 14:09:40 C:\WINDOWS\system32\schedsvc.dll
------w 188,508 2004-08-19 14:09:42 C:\WINDOWS\system32\slgen.dll
----a-w 328,704 2004-08-19 14:09:40 C:\WINDOWS\system32\scesrv.dll
------w 286,792 2004-08-19 14:09:42 C:\WINDOWS\system32\slextspk.dll
----a-w 186,368 2004-08-19 14:09:40 C:\WINDOWS\system32\scecli.dll
------w 73,832 2004-08-19 14:09:42 C:\WINDOWS\system32\slcoinst.dll
----a-w 171,520 2004-08-19 14:09:40 C:\WINDOWS\system32\sccsccp.dll
------w 29,184 2004-08-19 14:09:40 C:\WINDOWS\system32\sdhcinst.dll
----a-w 71,168 2004-08-19 14:09:40 C:\WINDOWS\system32\scarddlg.dll
----a-w 159,232 2004-08-19 14:09:40 C:\WINDOWS\system32\sbeio.dll
----a-w 45,568 2004-08-19 14:09:40 C:\WINDOWS\system32\safrslv.dll
------w 526,848 2004-08-19 14:09:38 C:\WINDOWS\system32\p2psvc.dll
----a-w 29,696 2004-08-19 14:09:40 C:\WINDOWS\system32\safrdm.dll
------w 1,737,856 2004-08-19 14:09:36 C:\WINDOWS\system32\mtxparhd.dll
----a-w 43,520 2004-08-19 14:09:40 C:\WINDOWS\system32\safrcdlg.dll
----a-w 134,656 2004-08-19 14:09:34 C:\WINDOWS\system32\mssap.dll
----a-w 14,336 2004-08-19 14:10:04 C:\WINDOWS\system32\runonce.exe
----a-w 44,032 2004-08-19 14:09:40 C:\WINDOWS\system32\rtutils.dll
------w 7,168 2004-08-19 14:08:20 C:\WINDOWS\system32\kbdukx.dll
----a-w 31,744 2004-08-19 14:09:40 C:\WINDOWS\system32\rtipxmib.dll
------w 7,680 2004-08-19 14:08:20 C:\WINDO
Antivir a fini le boulot je pense (98 infections quand même
)Voici les rapports combofix et hijack :
ComboFix 07-10-06.3 - Administrateur 2007-10-09 22:37:43.4 - FAT32x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.309 [GMT 2:00]
Running from: D:\Mes Documents\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-09 to 2007-10-09 ))))))))))))))))))))))))))))))))))))
.
2007-10-09 22:39 <REP> d-------- C:\WINDOWS\LastGood
2007-10-09 06:54 <REP> d-------- C:\Program Files\Avira
2007-10-09 06:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-10-09 06:51 <REP> d-------- C:\Program Files\CCleaner
2007-10-09 03:09 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-10-09 03:09 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-10-09 03:09 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-10-09 03:01 <REP> d-------- C:\Program Files\MSXML 4.0
2007-10-08 23:16 33,792 --a------ C:\WINDOWS\system32\rundll32.exe
2007-10-08 23:16 33,792 --a------ C:\WINDOWS\system32\dllcache\rundll32.exe
2007-10-08 22:56 97,280 --------- C:\WINDOWS\system32\dllcache\dpcdll.dll
2007-10-08 22:56 9,728 --------- C:\WINDOWS\system32\rwnh.dll
2007-10-08 22:56 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
2007-10-08 22:56 40,832 --------- C:\WINDOWS\system32\drivers\irbus.sys
2007-10-08 22:56 10,752 --------- C:\WINDOWS\system32\smtpapi.dll
2007-10-08 22:53 <REP> d-------- C:\WINDOWS\ServicePackFiles
2007-10-08 22:46 <REP> d-------- C:\WINDOWS\EHome
2007-10-06 15:12 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-06 15:00 <REP> d-------- C:\VundoFix Backups
2007-10-06 14:26 1,422 --a------ C:\Documents and Settings\Administrateur\clean.reg
2007-10-06 14:20 <REP> d-------- C:\WINDOWS\ERUNT
2007-10-06 11:14 401,720 --a------ C:\Tkt.exe
2007-09-30 15:25 <REP> d--hs---- C:\FOUND.023
2007-09-28 00:02 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-09-28 00:02 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-09-28 00:01 <REP> d-------- C:\WINDOWS\system32\bits
2007-09-28 00:00 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-09-28 00:00 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-09-28 00:00 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2007-09-28 00:00 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-09-27 22:45 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-09-27 22:45 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-09-27 22:45 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-09-27 22:45 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-09-21 22:23 <REP> d--hs---- C:\FOUND.022
2007-09-16 19:03 <REP> d--hs---- C:\FOUND.021
2007-09-14 01:36 <REP> d-------- C:\Documents and Settings\Administrateur\Contacts
2007-09-14 01:35 <REP> d-------- C:\WINDOWS\system32\DRVSTORE
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-08 23:06 96256 --a------ C:\WINDOWS\system32\drivers\sptd0765.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((( snapshot@2007-10-06_15.16.53.98 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 153,088 2004-08-19 14:10:04 C:\WINDOWS\regedit.exe
----a-w 70,656 2004-08-19 14:10:00 C:\WINDOWS\notepad.exe
----a-w 50,688 2004-08-19 14:09:48 C:\WINDOWS\twain_32.dll
----a-w 288,256 2004-08-19 14:10:06 C:\WINDOWS\winhlp32.exe
------w 32,866 2004-08-19 14:10:04 C:\WINDOWS\slrundll.exe
----a-w 10,752 2005-05-26 23:22:02 C:\WINDOWS\hh.exe
----a-w 1,037,312 2007-06-13 13:22:28 C:\WINDOWS\explorer.exe
----a-w 40,960 2007-03-08 15:37:50 C:\WINDOWS\system32\mf3216.dll
----a-w 549,376 2007-05-17 11:29:50 C:\WINDOWS\system32\oleaut32.dll
----a-w 1,097,728 2005-10-20 22:25:54 C:\WINDOWS\system32\esent.dll
----a-w 50,688 2004-08-19 14:10:04 C:\WINDOWS\system32\smss.exe
----a-w 500,278 2006-08-24 11:17:20 C:\WINDOWS\system32\dxmasf.dll
----a-w 246,814 2006-08-24 11:19:40 C:\WINDOWS\system32\strmdll.dll
----a-w 221,184 2004-08-19 14:09:50 C:\WINDOWS\system32\wmpns.dll
----a-w 137,216 2005-05-27 02:08:06 C:\WINDOWS\system32\itss.dll
----a-w 155,136 2005-05-27 02:08:06 C:\WINDOWS\system32\itircl.dll
----a-w 41,472 2005-05-27 02:08:06 C:\WINDOWS\system32\hhsetup.dll
----a-w 282,112 2007-06-19 13:32:26 C:\WINDOWS\system32\gdi32.dll
----a-w 2,854,400 2007-04-18 16:14:18 C:\WINDOWS\system32\msi.dll
----a-w 354,304 2004-11-17 17:42:34 C:\WINDOWS\system32\hypertrm.dll
----a-w 64,000 2004-08-19 14:09:40 C:\WINDOWS\system32\samlib.dll
----a-w 4,734,976 2007-04-30 00:22:16 C:\WINDOWS\system32\wmp.dll
----a-w 185,344 2007-02-05 20:19:06 C:\WINDOWS\system32\upnphost.dll
----a-w 132,096 2006-08-17 12:29:50 C:\WINDOWS\system32\wkssvc.dll
----a-w 728,576 2006-08-17 12:29:50 C:\WINDOWS\system32\lsasrv.dll
----a-w 332,288 2006-08-17 12:29:50 C:\WINDOWS\system32\netapi32.dll
----a-w 57,856 2005-06-10 23:53:32 C:\WINDOWS\system32\spoolsv.exe
----a-w 981,760 2006-10-14 08:13:26 C:\WINDOWS\system32\mfc42u.dll
----a-w 927,504 2006-11-01 19:18:42 C:\WINDOWS\system32\mfc40u.dll
----a-w 26,624 2004-08-19 14:09:38 C:\WINDOWS\system32\perfos.dll
----a-w 1,104,896 2007-06-26 06:09:14 C:\WINDOWS\system32\msxml3.dll
----a-w 181,248 2006-06-22 10:48:06 C:\WINDOWS\system32\rasmans.dll
----a-w 145,920 2006-10-13 12:36:56 C:\WINDOWS\system32\nwprovau.dll
----a-w 65,536 2006-10-13 12:36:56 C:\WINDOWS\system32\nwwks.dll
----a-w 64,000 2006-10-13 12:36:56 C:\WINDOWS\system32\nwapi32.dll
----a-w 249,344 2005-07-08 16:28:58 C:\WINDOWS\system32\tapisrv.dll
----a-w 1,440,768 2006-06-22 05:13:46 C:\WINDOWS\system32\query.dll
----a-w 69,120 2006-06-22 05:13:46 C:\WINDOWS\system32\ciodm.dll
----a-w 2,067,968 2005-09-10 01:55:14 C:\WINDOWS\system32\cdosys.dll
----a-w 68,096 2006-01-04 03:35:12 C:\WINDOWS\system32\webclnt.dll
----a-w 2,182,400 2007-02-28 16:02:36 C:\WINDOWS\system32\ntoskrnl.exe
----a-w 2,059,648 2007-02-28 16:02:36 C:\WINDOWS\system32\ntkrnlpa.exe
----a-w 135,168 2006-12-19 21:49:48 C:\WINDOWS\system32\shsvcs.dll
----a-w 8,509,952 2006-12-19 21:49:48 C:\WINDOWS\system32\shell32.dll
----a-w 100,352 2006-08-16 11:59:28 C:\WINDOWS\system32\6to4svc.dll
----a-w 334,336 2006-12-19 18:17:50 C:\WINDOWS\system32\wiaservc.dll
----a-w 295,936 2005-06-15 17:50:32 C:\WINDOWS\system32\kerberos.dll
----a-w 44,544 2004-08-19 13:52:06 C:\WINDOWS\system32\tscupgrd.exe
----a-w 189,952 2004-08-19 14:09:52 C:\WINDOWS\system32\accwiz.exe
----a-w 47,104 2004-08-19 14:09:48 C:\WINDOWS\system32\tcpmonui.dll
----a-w 638,976 2004-08-19 14:09:52 C:\WINDOWS\system32\autoconv.exe
----a-w 348,189 2004-08-19 14:09:36 C:\WINDOWS\system32\msxbde40.dll
----a-w 15,872 2004-08-19 14:10:02 C:\WINDOWS\system32\perfmon.exe
----a-w 27,136 2004-08-19 14:09:38 C:\WINDOWS\system32\perfdisk.dll
----a-w 50,688 2004-08-19 14:08:18 C:\WINDOWS\system32\inetres.dll
----a-w 54,784 2004-08-19 14:09:22 C:\WINDOWS\system32\cryptext.dll
----a-w 399,872 2004-08-19 14:09:32 C:\WINDOWS\system32\lmrt.dll
----a-w 348,160 2004-08-19 14:09:26 C:\WINDOWS\system32\filemgmt.dll
----a-w 28,672 2004-08-19 14:09:38 C:\WINDOWS\system32\nmmkcert.dll
----a-w 50,532 2007-10-09 01:24:58 C:\WINDOWS\system32\perfc009.dat
----a-w 374,064 2007-10-09 01:24:58 C:\WINDOWS\system32\perfh009.dat
----a-w 176,640 2004-08-19 14:09:48 C:\WINDOWS\system32\wintrust.dll
----a-w 286,208 2004-08-19 14:09:38 C:\WINDOWS\system32\pdh.dll
----a-w 194,048 2004-08-19 14:09:20 C:\WINDOWS\system32\activeds.dll
----a-w 101,888 2004-08-19 14:09:20 C:\WINDOWS\system32\actxprxy.dll
----a-w 44,544 2004-08-19 14:09:52 C:\WINDOWS\system32\alg.exe
----a-w 25,088 2004-08-19 14:09:50 C:\WINDOWS\system32\wsock32.dll
----a-w 302,592 2004-08-19 14:09:20 C:\WINDOWS\system32\appmgr.dll
----a-w 8,704 2004-08-19 14:08:02 C:\WINDOWS\system32\asferror.dll
----a-w 58,880 2004-08-19 14:09:20 C:\WINDOWS\system32\atl.dll
----a-w 11,264 2004-08-19 14:09:52 C:\WINDOWS\system32\atmadm.exe
----a-w 285,696 2004-08-19 14:08:02 C:\WINDOWS\system32\atmfd.dll
----a-w 625,152 2004-08-19 14:09:52 C:\WINDOWS\system32\autochk.exe
----a-w 670,720 2004-08-19 14:09:48 C:\WINDOWS\system32\wmadmoe.dll
----a-w 59,904 2004-08-19 14:09:22 C:\WINDOWS\system32\cabinet.dll
----a-w 85,504 2004-08-19 14:09:22 C:\WINDOWS\system32\cabview.dll
----a-w 200,192 2004-08-19 14:09:22 C:\WINDOWS\system32\certcli.dll
----a-w 30,720 2004-08-19 14:09:52 C:\WINDOWS\system32\asr_fmt.exe
----a-w 65,536 2004-08-19 14:09:52 C:\WINDOWS\system32\cleanmgr.exe
----a-w 77,824 2004-08-19 14:09:22 C:\WINDOWS\system32\cliconfg.dll
----a-w 20,480 2004-08-19 14:09:52 C:\WINDOWS\system32\cliconfg.exe
----a-w 104,448 2004-08-19 14:09:52 C:\WINDOWS\system32\clipbrd.exe
----a-w 57,856 2004-08-19 14:09:22 C:\WINDOWS\system32\clusapi.dll
----a-w 47,104 2004-08-19 14:09:52 C:\WINDOWS\system32\cmdl32.exe
----a-w 191,488 2004-08-19 14:09:22 C:\WINDOWS\system32\cmprops.dll
----a-w 65,536 2004-08-19 14:09:52 C:\WINDOWS\system32\cmstp.exe
----a-w 27,648 2004-08-19 14:09:52 C:\WINDOWS\system32\conime.exe
----a-w 33,280 2004-08-19 14:09:22 C:\WINDOWS\system32\cryptdll.dll
----a-w 102,912 2004-08-19 14:09:22 C:\WINDOWS\system32\cscdll.dll
----a-w 4,096 2004-08-19 14:09:32 C:\WINDOWS\system32\ksuser.dll
----a-w 25,088 2004-08-19 14:09:24 C:\WINDOWS\system32\davclnt.dll
----a-w 28,672 2004-08-19 14:09:24 C:\WINDOWS\system32\dbnmpntw.dll
----a-w 8,704 2004-08-19 14:09:24 C:\WINDOWS\system32\dciman32.dll
----a-w 299,520 2004-08-19 14:10:16 C:\WINDOWS\system32\drmclien.dll
----a-w 87,040 2004-08-19 14:09:24 C:\WINDOWS\system32\drmstor.dll
----a-w 115,200 2004-08-19 14:09:24 C:\WINDOWS\system32\dgnet.dll
----a-w 187,904 2004-08-19 14:09:24 C:\WINDOWS\system32\dinput8.dll
----a-w 167,936 2004-08-19 14:09:52 C:\WINDOWS\system32\diskpart.exe
----a-w 5,120 2004-08-19 14:09:52 C:\WINDOWS\system32\dllhost.exe
----a-w 61,440 2004-08-19 14:09:24 C:\WINDOWS\system32\dmcompos.dll
----a-w 35,840 2004-08-19 14:09:24 C:\WINDOWS\system32\dmloader.dll
----a-w 17,408 2004-08-19 14:09:22 C:\WINDOWS\system32\bidispl.dll
----a-w 104,448 2004-08-19 14:09:24 C:\WINDOWS\system32\dmusic.dll
----a-w 48,640 2004-08-19 14:09:24 C:\WINDOWS\system32\docprop2.dll
----a-w 213,023 2004-08-19 14:09:34 C:\WINDOWS\system32\msltus40.dll
----a-w 5,632 2004-08-19 14:09:08 C:\WINDOWS\system32\wmi.dll
----a-w 200,704 2004-08-19 14:09:08 C:\WINDOWS\system32\wmerror.dll
----a-w 11,776 2004-08-19 14:09:32 C:\WINDOWS\system32\localui.dll
----a-w 65,024 2004-08-19 14:09:38 C:\WINDOWS\system32\pautoenr.dll
----a-w 408,064 2004-08-19 14:09:48 C:\WINDOWS\system32\wmadmod.dll
----a-w 72,192 2004-08-19 14:09:24 C:\WINDOWS\system32\dsdmoprp.dll
----a-w 94,208 2004-08-19 14:09:48 C:\WINDOWS\system32\wlnotify.dll
----a-w 233,472 2004-08-19 14:09:50 C:\WINDOWS\system32\wmpdxm.dll
----a-w 240,640 2004-08-19 14:09:24 C:\WINDOWS\system32\dsquery.dll
----a-w 137,216 2004-08-03 20:31:44 C:\WINDOWS\system32\dssenh.dll
----a-w 484,864 2004-08-19 14:09:50 C:\WINDOWS\system32\wmspdmod.dll
----a-w 304,128 2004-08-19 14:09:24 C:\WINDOWS\system32\duser.dll
----a-w 896,512 2004-08-19 14:09:50 C:\WINDOWS\system32\wmspdmoe.dll
----a-w 20,480 2004-08-19 14:09:50 C:\WINDOWS\system32\wmpui.dll
----a-w 56,832 2004-08-19 14:09:52 C:\WINDOWS\system32\cipher.exe
----a-w 52,736 2004-08-19 14:09:52 C:\WINDOWS\system32\eventcreate.exe
----a-w 380,957 2004-08-19 14:09:26 C:\WINDOWS\system32\expsrv.dll
----a-w 21,504 2004-08-19 14:09:26 C:\WINDOWS\system32\feclient.dll
----a-w 88,064 2004-08-19 14:09:26 C:\WINDOWS\system32\fldrclnr.dll
----a-w 76,288 2004-08-19 14:09:26 C:\WINDOWS\system32\fdeploy.dll
----a-w 123,904 2004-08-19 14:09:28 C:\WINDOWS\system32\glu32.dll
----a-w 10,240 2004-08-19 14:08:14 C:\WINDOWS\system32\gpkrsrc.dll
----a-w 614,912 2004-08-19 14:09:28 C:\WINDOWS\system32\h323msp.dll
----a-w 347,648 2004-08-19 14:09:28 C:\WINDOWS\system32\hnetcfg.dll
----a-w 336,384 2004-08-19 14:09:28 C:\WINDOWS\system32\hnetwiz.dll
----a-w 146,944 2004-08-19 14:09:28 C:\WINDOWS\system32\hotplug.dll
----a-w 43,008 2004-08-19 14:09:28 C:\WINDOWS\system32\htui.dll
----a-w 11,264 2004-08-19 14:09:28 C:\WINDOWS\system32\icaapi.dll
----a-w 114,688 2004-08-19 14:09:56 C:\WINDOWS\system32\iexpress.exe
----a-w 142,848 2004-08-19 14:09:28 C:\WINDOWS\system32\ifmon.dll
----a-w 75,264 2004-08-19 14:09:30 C:\WINDOWS\system32\inetpp.dll
----a-w 355,840 2004-08-19 14:09:32 C:\WINDOWS\system32\ippromon.dll
----a-w 59,904 2004-08-19 14:09:32 C:\WINDOWS\system32\ipv6mon.dll
----a-w 100,352 2004-08-19 14:09:32 C:\WINDOWS\system32\loadperf.dll
----a-w 57,856 2004-08-19 14:09:24 C:\WINDOWS\system32\dpwsockx.dll
----a-w 201,216 2004-08-19 14:09:28 C:\WINDOWS\system32\gptext.dll
----a-w 515,584 2004-08-19 14:09:56 C:\WINDOWS\system32\logonui.exe
----a-w 22,016 2004-08-19 14:09:32 C:\WINDOWS\system32\lpk.dll
----a-w 91,648 2004-08-19 14:09:36 C:\WINDOWS\system32\mydocs.dll
----a-w 73,216 2004-08-19 14:09:56 C:\WINDOWS\system32\magnify.exe
----a-w 85,504 2004-08-19 14:09:56 C:\WINDOWS\system32\makecab.exe
----a-w 14,848 2004-08-19 14:09:32 C:\WINDOWS\system32\mcastmib.dll
----a-w 35,328 2004-08-19 14:09:32 C:\WINDOWS\system32\mciqtz32.dll
----a-w 23,040 2004-08-19 14:09:32 C:\WINDOWS\system32\mciseq.dll
----a-w 1,028,096 2004-08-19 14:09:32 C:\WINDOWS\system32\mfc42.dll
----a-w 18,944 2004-08-19 14:09:32 C:\WINDOWS\system32\midimap.dll
----a-w 586,240 2004-08-19 14:09:32 C:\WINDOWS\system32\mlang.dll
----a-w 816,128 2004-08-19 14:09:58 C:\WINDOWS\system32\mmc.exe
----a-w 1,198,080 2004-08-19 14:09:32 C:\WINDOWS\system32\mmcndmgr.dll
----a-w 17,920 2004-08-19 14:09:32 C:\WINDOWS\system32\mmfutil.dll
----a-w 210,432 2004-08-19 14:09:32 C:\WINDOWS\system32\mobsync.dll
----a-w 138,240 2004-08-19 14:09:32 C:\WINDOWS\system32\mqad.dll
----a-w 19,968 2004-08-19 14:10:00 C:\WINDOWS\system32\mqbkup.exe
----a-w 16,896 2004-08-19 14:09:32 C:\WINDOWS\system32\mqise.dll
----a-w 89,088 2004-08-19 14:09:32 C:\WINDOWS\system32\mqlogmgr.dll
----a-w 177,152 2004-08-19 14:09:32 C:\WINDOWS\system32\mqrt.dll
----a-w 517,632 2004-08-19 14:09:34 C:\WINDOWS\system32\mqsnap.dll
----a-w 4,608 2004-08-19 14:10:00 C:\WINDOWS\system32\mqsvc.exe
----a-w 186,880 2004-08-19 14:09:34 C:\WINDOWS\system32\mqtrig.dll
----a-w 3,584 2004-08-19 14:08:26 C:\WINDOWS\system32\msafd.dll
----a-w 1,119,744 2004-08-19 14:09:50 C:\WINDOWS\system32\wmsdmoe2.dll
----a-w 184,351 2004-08-19 14:09:34 C:\WINDOWS\system32\msjint40.dll
----a-w 53,279 2004-08-19 14:09:34 C:\WINDOWS\system32\msjter40.dll
----a-w 315,423 2004-08-19 14:09:34 C:\WINDOWS\system32\msrd3x40.dll
----a-w 195,584 2004-08-19 14:09:36 C:\WINDOWS\system32\msutb.dll
----a-w 1,433,600 2004-08-19 14:09:36 C:\WINDOWS\system32\msvidctl.dll
----a-w 247,808 2004-08-19 14:09:36 C:\WINDOWS\system32\mswsock.dll
----a-w 614,429 2004-08-19 14:09:36 C:\WINDOWS\system32\mswstr10.dll
----a-w 344,576 2004-08-19 14:09:32 C:\WINDOWS\system32\localspl.dll
----a-w 18,432 2004-08-19 14:09:36 C:\WINDOWS\system32\nddeapi.dll
----a-w 114,176 2004-08-19 14:10:00 C:\WINDOWS\system32\netdde.exe
----a-w 388,096 2004-08-19 14:09:32 C:\WINDOWS\system32\ipsmsnap.dll
----a-w 1,723,904 2004-08-19 14:09:38 C:\WINDOWS\system32\netshell.dll
----a-w 129,536 2004-08-19 14:09:36 C:\WINDOWS\system32\msv1_0.dll
----a-w 527,360 2004-08-19 14:09:34 C:\WINDOWS\system32\mqutil.dll
----a-w 34,000 2004-08-03 20:45:26 C:\WINDOWS\system32\ntio.sys
----a-w 34,560 2004-08-03 20:45:16 C:\WINDOWS\system32\ntio404.sys
----a-w 35,648 2004-08-03 20:45:12 C:\WINDOWS\system32\ntio411.sys
----a-w 35,424 2004-08-03 20:45:16 C:\WINDOWS\system32\ntio412.sys
----a-w 733,184 2004-08-19 14:09:16 C:\WINDOWS\system32\ntdll.dll
----a-w 181,248 2004-08-19 14:09:38 C:\WINDOWS\system32\ntmsdba.dll
----a-w 145,920 2004-08-19 14:09:38 C:\WINDOWS\system32\ntshrui.dll
----a-w 267,776 2004-08-19 14:09:38 C:\WINDOWS\system32\oakley.dll
----a-w 288,768 2004-08-19 14:09:38 C:\WINDOWS\system32\objsel.dll
----a-w 98,304 2004-08-19 14:08:44 C:\WINDOWS\system32\odbcint.dll
----a-w 61,712 2004-08-19 14:08:44 C:\WINDOWS\system32\odbcji32.dll
----a-w 59,904 2004-08-19 14:10:02 C:\WINDOWS\system32\packager.exe
----a-w 71,680 2004-08-19 14:10:00 C:\WINDOWS\system32\openfiles.exe
----a-w 68,096 2004-08-19 14:09:38 C:\WINDOWS\system32\osuninst.dll
----a-w 216,576 2004-08-19 14:10:02 C:\WINDOWS\system32\osk.exe
----a-w 713,728 2004-08-19 14:09:38 C:\WINDOWS\system32\opengl32.dll
----a-w 83,456 2004-08-19 14:09:38 C:\WINDOWS\system32\olepro32.dll
----a-w 110,592 2004-08-19 14:09:38 C:\WINDOWS\system32\oleprn.dll
----a-w 120,832 2004-08-19 14:09:38 C:\WINDOWS\system32\offfilt.dll
----a-w 20,511 2004-08-19 14:09:38 C:\WINDOWS\system32\odtext32.dll
----a-w 310,272 2004-08-19 14:09:32 C:\WINDOWS\system32\mp43dmod.dll
------w 86,016 2004-08-19 14:09:32 C:\WINDOWS\system32\mdmxsdk.dll
----a-w 204,800 2004-08-19 14:09:36 C:\WINDOWS\system32\mswebdvd.dll
----a-w 237,056 2004-08-19 14:09:40 C:\WINDOWS\system32\rasapi32.dll
----a-w 20,510 2004-08-19 14:09:38 C:\WINDOWS\system32\odpdx32.dll
----a-w 20,510 2004-08-19 14:09:38 C:\WINDOWS\system32\odfox32.dll
----a-w 20,510 2004-08-19 14:09:38 C:\WINDOWS\system32\odexl32.dll
----a-w 20,511 2004-08-19 14:09:38 C:\WINDOWS\system32\oddbse32.dll
----a-w 147,456 2004-08-19 14:09:38 C:\WINDOWS\system32\odbctrac.dll
----a-w 12,288 2004-08-19 14:08:44 C:\WINDOWS\system32\odbcp32r.dll
----a-w 278,559 2004-08-19 14:09:38 C:\WINDOWS\system32\odbcjt32.dll
----a-w 65,536 2004-08-19 14:09:38 C:\WINDOWS\system32\odbccu32.dll
----a-w 65,536 2004-08-19 14:09:38 C:\WINDOWS\system32\odbccr32.dll
----a-w 106,496 2004-08-19 14:09:38 C:\WINDOWS\system32\odbccp32.dll
----a-w 13,824 2004-08-19 14:10:04 C:\WINDOWS\system32\savedump.exe
----a-w 69,632 2004-08-19 14:10:00 C:\WINDOWS\system32\odbcconf.exe
----a-w 135,168 2004-08-19 14:09:38 C:\WINDOWS\system32\odbcconf.dll
----a-w 24,576 2004-08-19 14:09:38 C:\WINDOWS\system32\odbcbcp.dll
----a-w 32,768 2004-08-19 14:10:00 C:\WINDOWS\system32\odbcad32.exe
----a-w 16,384 2004-08-19 14:09:38 C:\WINDOWS\system32\odbc32gt.dll
----a-w 249,856 2004-08-19 14:09:38 C:\WINDOWS\system32\odbc32.dll
----a-w 97,280 2004-08-19 14:09:38 C:\WINDOWS\system32\occache.dll
----a-w 438,272 2004-08-19 14:09:38 C:\WINDOWS\system32\ntmssvc.dll
----a-w 496,640 2004-08-19 14:09:38 C:\WINDOWS\system32\ntmsmgr.dll
----a-w 20,992 2004-08-19 14:10:08 C:\WINDOWS\system32\ssmarque.scr
----a-w 138,240 2004-08-19 14:09:46 C:\WINDOWS\system32\sti_ci.dll
----a-w 57,856 2004-08-19 14:09:46 C:\WINDOWS\system32\synceng.dll
----a-w 107,520 2004-08-19 14:10:04 C:\WINDOWS\system32\sysocmgr.exe
----a-w 143,360 2004-08-19 14:10:04 C:\WINDOWS\system32\taskmgr.exe
----a-w 46,592 2004-08-19 14:09:48 C:\WINDOWS\system32\tcpmon.dll
----a-w 1,005,056 2004-08-19 14:09:46 C:\WINDOWS\system32\syssetup.dll
----a-w 391,168 2004-08-19 14:09:48 C:\WINDOWS\system32\themeui.dll
----a-w 12,168 2004-08-19 14:10:20 C:\WINDOWS\system32\tsddd.dll
----a-w 40,960 2004-08-19 14:09:38 C:\WINDOWS\system32\ntmsapi.dll
----a-w 132,608 2004-08-19 14:09:48 C:\WINDOWS\system32\upnp.dll
----a-w 17,920 2004-08-19 14:09:52 C:\WINDOWS\system32\dvdupgrd.exe
----a-w 417,792 2004-08-19 14:09:48 C:\WINDOWS\system32\vbscript.dll
----a-w 430,592 2004-08-19 14:09:48 C:\WINDOWS\system32\vssapi.dll
----a-w 66,560 2004-08-19 14:10:06 C:\WINDOWS\system32\wextract.exe
----a-w 438,784 2004-08-19 14:10:06 C:\WINDOWS\system32\wiaacmgr.exe
----a-w 124,928 2004-08-19 14:09:48 C:\WINDOWS\system32\wiadss.dll
----a-w 594,432 2004-08-19 14:09:48 C:\WINDOWS\system32\wiashext.dll
----a-w 180,736 2004-08-19 14:09:48 C:\WINDOWS\system32\winmm.dll
----a-w 467,968 2004-08-19 14:09:22 C:\WINDOWS\system32\certmgr.dll
----a-w 230,400 2004-08-19 14:09:48 C:\WINDOWS\system32\wmasf.dll
----a-w 265,216 2004-08-19 14:09:50 C:\WINDOWS\system32\wow32.dll
----a-w 32,256 2004-08-19 14:10:06 C:\WINDOWS\system32\wpabaln.exe
----a-w 19,968 2004-08-19 14:09:50 C:\WINDOWS\system32\ws2help.dll
----a-w 114,688 2004-08-19 14:10:06 C:\WINDOWS\system32\wscript.exe
----a-w 28,672 2004-08-19 14:09:50 C:\WINDOWS\system32\wshcon.dll
----a-w 14,336 2004-08-19 14:09:50 C:\WINDOWS\system32\wship6.dll
----a-w 11,776 2004-08-19 14:09:50 C:\WINDOWS\system32\WshRm.dll
----a-w 348,189 2004-08-19 14:09:34 C:\WINDOWS\system32\mspbde40.dll
----a-w 91,648 2004-08-19 14:09:50 C:\WINDOWS\system32\xactsrv.dll
----a-w 25,600 2004-08-19 14:09:48 C:\WINDOWS\system32\udhisapi.dll
----a-w 311,808 2004-08-19 14:09:48 C:\WINDOWS\system32\ulib.dll
----a-w 60,864 2007-10-09 01:24:58 C:\WINDOWS\system32\perfc00C.dat
----a-w 438,498 2007-10-09 01:24:58 C:\WINDOWS\system32\perfh00C.dat
----a-w 16,896 2004-08-19 14:10:04 C:\WINDOWS\system32\upnpcont.exe
----a-w 27,136 2004-08-19 14:09:48 C:\WINDOWS\system32\wmdmlog.dll
----a-w 119,808 2004-08-19 14:09:38 C:\WINDOWS\system32\ntmarta.dll
----a-w 43,520 2004-08-19 14:09:38 C:\WINDOWS\system32\ntlanman.dll
----a-w 34,560 2004-08-03 20:45:14 C:\WINDOWS\system32\ntio804.sys
----a-w 67,072 2004-08-19 14:09:38 C:\WINDOWS\system32\ntdsapi.dll
----a-w 55,296 2004-08-19 14:09:38 C:\WINDOWS\system32\npptools.dll
----a-w 240,128 2004-08-19 14:09:48 C:\WINDOWS\system32\upnpui.dll
----a-w 347,136 2004-08-19 14:10:04 C:\WINDOWS\system32\tourstart.exe
----a-w 1,003,520 2004-08-19 14:09:42 C:\WINDOWS\system32\setupapi.dll
----a-w 685,056 2004-08-19 14:09:20 C:\WINDOWS\system32\advapi32.dll
----a-w 70,656 2004-08-19 14:10:00 C:\WINDOWS\system32\notepad.exe
----a-w 340,480 2004-08-19 14:09:50 C:\WINDOWS\system32\zipfldr.dll
----a-w 144,384 2004-08-19 14:09:28 C:\WINDOWS\system32\imagehlp.dll
----a-w 400,896 2004-08-19 14:09:52 C:\WINDOWS\system32\cmd.exe
----a-w 91,648 2004-08-19 14:09:38 C:\WINDOWS\system32\ntprint.dll
----a-w 177,664 2004-08-19 14:09:48 C:\WINDOWS\system32\w32time.dll
----a-w 281,088 2004-08-19 14:09:22 C:\WINDOWS\system32\comdlg32.dll
----a-w 13,824 2004-08-19 14:09:32 C:\WINDOWS\system32\lmhsvc.dll
----a-w 131,968 2004-08-03 20:59:10 C:\WINDOWS\system32\HAL.DLL
----a-w 142,336 2004-08-19 14:10:04 C:\WINDOWS\system32\sessmgr.exe
----a-w 103,936 2004-08-19 14:09:38 C:\WINDOWS\system32\nlhtml.dll
----a-w 101,888 2004-08-19 14:09:20 C:\WINDOWS\system32\advpack.dll
----a-w 40,960 2004-08-19 14:09:40 C:\WINDOWS\system32\rshx32.dll
----a-w 33,792 2004-08-19 14:09:34 C:\WINDOWS\system32\msgsvc.dll
----a-w 578,560 2004-08-19 14:09:40 C:\WINDOWS\system32\printui.dll
----a-w 685,056 2004-08-19 14:09:40 C:\WINDOWS\system32\rasdlg.dll
----a-w 251,392 2004-08-19 14:09:38 C:\WINDOWS\system32\newdev.dll
----a-w 102,400 2004-08-19 14:09:48 C:\WINDOWS\system32\win32spl.dll
----a-w 6,656 2004-08-19 14:09:32 C:\WINDOWS\system32\laprxy.dll
----a-w 316,416 2004-08-19 14:09:48 C:\WINDOWS\system32\untfs.dll
----a-w 245,760 2004-08-19 14:09:38 C:\WINDOWS\system32\netui1.dll
----a-w 32,768 2004-08-19 14:09:22 C:\WINDOWS\system32\csrsrv.dll
----a-w 121,856 2004-08-19 14:09:28 C:\WINDOWS\system32\idq.dll
----a-w 263,680 2004-08-19 14:09:20 C:\WINDOWS\system32\adsnt.dll
----a-w 102,400 2004-08-19 14:09:50 C:\WINDOWS\system32\wmpshell.dll
----a-w 11,264 2004-08-19 14:09:52 C:\WINDOWS\system32\autolfn.exe
----a-w 61,440 2004-08-03 20:58:26 C:\WINDOWS\system32\msvcrt40.dll
----a-w 20,480 2004-08-19 14:09:50 C:\WINDOWS\system32\wmpcore.dll
----a-w 42,496 2004-08-19 14:10:00 C:\WINDOWS\system32\net.exe
----a-w 32,768 2004-08-19 14:09:58 C:\WINDOWS\system32\mnmsrvc.exe
----a-w 221,696 2004-08-19 14:09:28 C:\WINDOWS\system32\ieaksie.dll
----a-w 63,488 2004-08-19 14:09:28 C:\WINDOWS\system32\iesetup.dll
----a-w 151,552 2004-08-19 14:09:50 C:\WINDOWS\system32\wmidx.dll
----a-w 1,050,624 2004-08-19 14:09:50 C:\WINDOWS\system32\wmnetmgr.dll
----a-w 1,298,432 2004-08-19 14:09:52 C:\WINDOWS\system32\dxdiag.exe
----a-w 83,456 2004-08-19 14:09:38 C:\WINDOWS\system32\netui0.dll
----a-w 37,888 2004-08-19 14:10:00 C:\WINDOWS\system32\netstat.exe
----a-w 27,136 2004-08-19 14:09:24 C:\WINDOWS\system32\ddrawex.dll
----a-w 290,816 2004-08-19 14:09:24 C:\WINDOWS\system32\devmgr.dll
----a-w 82,432 2004-08-19 14:09:52 C:\WINDOWS\system32\dfrgfat.exe
----a-w 103,936 2004-08-19 14:09:56 C:\WINDOWS\system32\logagent.exe
----a-w 221,696 2004-08-19 14:10:08 C:\WINDOWS\system32\logon.scr
----a-w 42,496 2004-08-19 14:09:38 C:\WINDOWS\system32\perfctrs.dll
----a-w 88,576 2004-08-19 14:10:00 C:\WINDOWS\system32\netsh.exe
----a-w 332,800 2004-08-19 14:12:34 C:\WINDOWS\system32\netsetup.exe
----a-w 20,480 2004-08-19 14:09:50 C:\WINDOWS\system32\wmpcd.dll
----a-w 252,928 2004-08-19 14:09:34 C:\WINDOWS\system32\msoeacct.dll
----a-w 53,760 2004-08-19 14:09:56 C:\WINDOWS\system32\ipv6.exe
----a-w 61,440 2004-08-19 14:09:20 C:\WINDOWS\system32\admparse.dll
----a-w 143,360 2004-08-19 14:09:20 C:\WINDOWS\system32\adsldpc.dll
----a-w 68,096 2004-08-19 14:09:20 C:\WINDOWS\system32\adsmsext.dll
------w 50,176 2004-08-19 14:09:50 C:\WINDOWS\system32\xmlprovi.dll
----a-w 176,640 2004-08-19 14:09:20 C:\WINDOWS\system32\appmgmts.dll
----a-w 114,688 2004-08-19 14:09:50 C:\WINDOWS\system32\wmpasf.dll
----a-w 65,024 2004-08-19 14:09:20 C:\WINDOWS\system32\asycfilt.dll
----a-w 616,960 2004-08-19 14:09:52 C:\WINDOWS\system32\autofmt.exe
----a-w 2,985,984 2004-08-19 14:09:12 C:\WINDOWS\system32\wmploc.dll
----a-w 16,896 2004-08-19 14:08:04 C:\WINDOWS\system32\cfgmgr32.dll
----a-w 15,872 2004-08-19 14:09:22 C:\WINDOWS\system32\cmcfg32.dll
----a-w 352,256 2004-08-19 14:09:22 C:\WINDOWS\system32\cmdial32.dll
----a-w 253,440 2004-08-19 14:09:22 C:\WINDOWS\system32\compatUI.dll
----a-w 604,672 2004-08-19 14:09:22 C:\WINDOWS\system32\crypt32.dll
----a-w 825,344 2004-08-19 14:09:24 C:\WINDOWS\system32\d3dim700.dll
----a-w 640,000 2004-08-19 14:09:24 C:\WINDOWS\system32\dbghelp.dll
----a-w 24,576 2004-08-19 14:09:24 C:\WINDOWS\system32\dbmsrpcn.dll
----a-w 731,136 2004-08-19 14:09:48 C:\WINDOWS\system32\userenv.dll
----a-w 59,904 2004-08-19 14:09:24 C:\WINDOWS\system32\devenum.dll
----a-w 123,904 2004-08-19 14:09:24 C:\WINDOWS\system32\dfrgui.dll
----a-w 104,960 2004-08-19 14:09:52 C:\WINDOWS\system32\dfrgntfs.exe
----a-w 39,424 2004-08-19 14:09:24 C:\WINDOWS\system32\dfrgsnap.dll
----a-w 28,672 2004-08-19 14:09:24 C:\WINDOWS\system32\dfsshlex.dll
----a-w 85,504 2004-08-19 14:09:52 C:\WINDOWS\system32\diantz.exe
----a-w 68,608 2004-08-19 14:09:24 C:\WINDOWS\system32\digest.dll
----a-w 165,376 2004-08-19 14:09:24 C:\WINDOWS\system32\dinput.dll
------w 17,408 2004-08-19 14:09:48 C:\WINDOWS\system32\winshfhc.dll
----a-w 45,568 2004-08-19 14:09:24 C:\WINDOWS\system32\dnsrslvr.dll
----a-w 79,360 2004-08-19 14:10:00 C:\WINDOWS\system32\nslookup.exe
----a-w 25,088 2004-08-19 14:10:04 C:\WINDOWS\system32\userinit.exe
----a-w 14,336 2004-08-19 14:09:24 C:\WINDOWS\system32\drprov.dll
----a-w 1,294,336 2004-08-19 14:09:24 C:\WINDOWS\system32\dsound3d.dll
----a-w 1,689,088 2004-08-19 14:09:22 C:\WINDOWS\system32\d3d9.dll
----a-w 145,408 2004-08-19 14:09:24 C:\WINDOWS\system32\dsprop.dll
----a-w 19,456 2004-08-19 14:09:24 C:\WINDOWS\system32\dswave.dll
----a-w 108,544 2004-08-19 14:10:04 C:\WINDOWS\system32\services.exe
----a-w 100,352 2004-08-19 14:10:04 C:\WINDOWS\system32\scardsvr.exe
----a-w 45,568 2004-08-19 14:09:54 C:\WINDOWS\system32\extrac32.exe
----a-w 382,464 2004-08-19 14:09:40 C:\WINDOWS\system32\qmgr.dll
----a-w 4,126 2004-08-19 14:08:26 C:\WINDOWS\system32\msdxmlc.dll
----a-w 27,136 2004-08-19 14:09:24 C:\WINDOWS\system32\efsadu.dll
----a-w 29,184 2004-08-19 14:09:56 C:\WINDOWS\system32\findstr.exe
----a-w 386,560 2004-08-19 14:09:26 C:\WINDOWS\system32\fontext.dll
----a-w 21,504 2004-08-19 14:09:56 C:\WINDOWS\system32\fontview.exe
----a-w 577,536 2004-08-19 14:09:28 C:\WINDOWS\system32\gpedit.dll
----a-w 123,392 2004-08-19 14:09:56 C:\WINDOWS\system32\gpresult.exe
----a-w 12,288 2004-08-19 14:09:38 C:\WINDOWS\system32\netrap.dll
----a-w 80,384 2004-08-19 14:09:28 C:\WINDOWS\system32\iccvid.dll
----a-w 65,536 2004-08-19 14:09:28 C:\WINDOWS\system32\icwphbk.dll
----a-w 34,304 2004-08-19 14:09:56 C:\WINDOWS\system32\ie4uinit.exe
----a-w 139,264 2004-08-19 14:09:28 C:\WINDOWS\system32\ieakeng.dll
----a-w 323,584 2004-08-19 14:09:28 C:\WINDOWS\system32\iedkcs32.dll
----a-w 49,152 2004-08-19 14:09:28 C:\WINDOWS\system32\iernonce.dll
----a-w 81,920 2004-08-19 14:09:28 C:\WINDOWS\system32\ils.dll
----a-w 150,016 2004-08-19 14:09:56 C:\WINDOWS\system32\imapi.exe
----a-w 36,921 2004-08-19 14:09:28 C:\WINDOWS\system32\imeshare.dll
----a-w 147,456 2004-08-19 14:09:30 C:\WINDOWS\system32\initpki.dll
----a-w 126,464 2004-08-19 14:09:30 C:\WINDOWS\system32\input.dll
----a-w 120,320 2004-08-19 14:09:32 C:\WINDOWS\system32\mdminst.dll
----a-w 332,800 2004-08-19 14:09:32 C:\WINDOWS\system32\ipnathlp.dll
----a-w 65,536 2004-08-19 14:09:50 C:\WINDOWS\system32\wshext.dll
----a-w 47,616 2004-08-19 14:09:32 C:\WINDOWS\system32\iyuv_32.dll
----a-w 424,960 2004-08-19 14:09:32 C:\WINDOWS\system32\licdll.dll
----a-w 228,352 2004-08-19 14:09:32 C:\WINDOWS\system32\localsec.dll
----a-w 79,872 2004-08-19 14:09:32 C:\WINDOWS\system32\mmcbase.dll
----a-w 156,160 2004-08-19 14:09:32 C:\WINDOWS\system32\modemui.dll
----a-w 885,248 2004-08-19 14:09:38 C:\WINDOWS\system32\netplwiz.dll
----a-w 61,952 2004-08-19 14:09:56 C:\WINDOWS\system32\logman.exe
----a-w 47,104 2004-08-19 14:09:32 C:\WINDOWS\system32\mqdscli.dll
----a-w 225,280 2004-08-19 14:09:32 C:\WINDOWS\system32\mqoa.dll
----a-w 660,992 2004-08-19 14:09:32 C:\WINDOWS\system32\mqqm.dll
----a-w 123,392 2004-08-19 14:09:32 C:\WINDOWS\system32\mqrtdep.dll
----a-w 95,744 2004-08-19 14:09:32 C:\WINDOWS\system32\mqsec.dll
----a-w 117,248 2004-08-19 14:10:00 C:\WINDOWS\system32\mqtgsvc.exe
----a-w 48,640 2004-08-19 14:09:34 C:\WINDOWS\system32\mqupgrd.dll
----a-w 72,192 2004-08-19 14:09:34 C:\WINDOWS\system32\msacm32.dll
----a-w 57,344 2004-08-19 14:09:34 C:\WINDOWS\system32\msasn1.dll
----a-w 406,528 2004-08-19 14:09:48 C:\WINDOWS\system32\usp10.dll
----a-w 151,552 2004-08-19 14:09:34 C:\WINDOWS\system32\msdart.dll
----a-w 6,656 2004-08-19 14:09:34 C:\WINDOWS\system32\msidle.dll
----a-w 1,507,356 2004-08-19 14:09:34 C:\WINDOWS\system32\msjet40.dll
----a-w 25,600 2004-08-19 14:09:34 C:\WINDOWS\system32\mslbui.dll
----a-w 30,208 2004-08-19 14:09:34 C:\WINDOWS\system32\mspatcha.dll
----a-w 421,919 2004-08-19 14:09:34 C:\WINDOWS\system32\msrd2x40.dll
----a-w 259,072 2004-08-19 14:10:10 C:\WINDOWS\system32\msnetobj.dll
----a-w 14,848 2004-08-19 14:09:32 C:\WINDOWS\system32\mgmtapi.dll
----a-w 48,128 2004-08-19 14:08:36 C:\WINDOWS\system32\msprivs.dll
----a-w 552,989 2004-08-19 14:09:34 C:\WINDOWS\system32\msrepl40.dll
----a-w 52,736 2004-08-19 14:09:34 C:\WINDOWS\system32\mspmsnsv.dll
----a-w 11,264 2004-08-19 14:09:34 C:\WINDOWS\system32\msrle32.dll
----a-w 356,352 2004-08-19 14:10:12 C:\WINDOWS\system32\msscp.dll
----a-w 258,077 2004-08-19 14:09:36 C:\WINDOWS\system32\mstext40.dll
----a-w 32,768 2004-08-19 14:09:32 C:\WINDOWS\system32\isrdbg32.dll
----a-w 506,368 2004-08-19 14:09:36 C:\WINDOWS\system32\msxml.dll
----a-w 4,096 2004-08-19 14:10:00 C:\WINDOWS\system32\nddeapir.exe
----a-w 633,856 2004-08-19 14:09:36 C:\WINDOWS\system32\netcfgx.dll
----a-w 407,040 2004-08-19 14:09:38 C:\WINDOWS\system32\netlogon.dll
----a-w 144,896 2004-08-19 14:09:36 C:\WINDOWS\system32\netid.dll
----a-w 124,928 2004-08-19 14:10:00 C:\WINDOWS\system32\net1.exe
----a-w 19,456 2004-08-19 14:09:36 C:\WINDOWS\system32\nddenb32.dll
----a-w 36,352 2004-08-19 14:09:36 C:\WINDOWS\system32\ncobjapi.dll
----a-w 55,296 2004-08-19 14:10:00 C:\WINDOWS\system32\narrator.exe
----a-w 8,192 2004-08-19 14:09:38 C:\WINDOWS\system32\ntlsapi.dll
----a-w 420,864 2004-08-19 14:10:00 C:\WINDOWS\system32\ntvdm.exe
----a-w 1,230,848 2004-08-19 14:10:00 C:\WINDOWS\system32\ntbackup.exe
------w 445,440 2004-08-19 14:08:44 C:\WINDOWS\system32\xpob2res.dll
----a-w 17,408 2004-08-19 14:09:36 C:\WINDOWS\system32\msyuv.dll
----a-w 701,440 2004-08-19 14:09:36 C:\WINDOWS\system32\msxml2.dll
----a-w 246,272 2004-08-19 14:09:36 C:\WINDOWS\system32\mswmdm.dll
----a-w 831,519 2004-08-19 14:09:36 C:\WINDOWS\system32\mswdat10.dll
----a-w 72,704 2004-08-19 14:09:36 C:\WINDOWS\system32\msw3prt.dll
----a-w 121,856 2004-08-19 14:09:36 C:\WINDOWS\system32\msvfw32.dll
----a-w 343,040 2004-08-19 14:09:36 C:\WINDOWS\system32\msvcrt.dll
----a-w 13,312 2004-08-19 14:09:56 C:\WINDOWS\system32\lsass.exe
----a-w 413,696 2004-08-19 14:09:36 C:\WINDOWS\system32\msvcp60.dll
----a-w 89,088 2004-08-19 14:09:40 C:\WINDOWS\system32\rasauto.dll
----a-w 54,784 2004-08-19 14:09:36 C:\WINDOWS\system32\msvcirt.dll
----a-w 61,440 2004-08-19 14:09:40 C:\WINDOWS\system32\rasman.dll
----a-w 655,360 2004-08-03 20:59:44 C:\WINDOWS\system32\mstscax.dll
----a-w 411,648 2004-08-19 13:52:00 C:\WINDOWS\system32\mstsc.exe
----a-w 115,712 2004-08-19 14:09:36 C:\WINDOWS\system32\mstlsapi.dll
------w 118,784 2004-08-19 14:09:34 C:\WINDOWS\system32\msdadiag.dll
----a-w 58,880 2004-08-19 14:09:40 C:\WINDOWS\system32\rastapi.dll
----a-w 9,728 2004-08-19 14:10:04 C:\WINDOWS\system32\proxycfg.exe
----a-w 197,632 2004-08-19 14:08:56 C:\WINDOWS\system32\xpsp1res.dll
----a-w 12,288 2004-08-19 14:10:00 C:\WINDOWS\system32\mstinit.exe
----a-w 431,104 2004-08-19 14:09:40 C:\WINDOWS\system32\samsrv.dll
----a-w 55,808 2004-08-19 14:09:26 C:\WINDOWS\system32\eventlog.dll
----a-w 270,848 2004-08-19 14:09:40 C:\WINDOWS\system32\sbe.dll
----a-w 281,600 2004-08-19 14:09:36 C:\WINDOWS\system32\mstask.dll
----a-w 107,520 2004-08-19 14:10:04 C:\WINDOWS\system32\rsnotify.exe
----a-w 201,728 2004-08-19 14:09:34 C:\WINDOWS\system32\mspmsp.dll
----a-w 347,648 2004-08-19 14:10:00 C:\WINDOWS\system32\mspaint.exe
----a-w 143,360 2004-08-19 14:09:34 C:\WINDOWS\system32\msorcl32.dll
----a-w 24,576 2004-08-19 14:08:36 C:\WINDOWS\system32\msorc32r.dll
----a-w 105,984 2004-08-19 14:09:34 C:\WINDOWS\system32\msoert2.dll
----a-w 290,816 2004-08-19 14:09:34 C:\WINDOWS\system32\msnsspc.dll
----a-w 241,693 2004-08-19 14:09:34 C:\WINDOWS\system32\msjtes40.dll
----a-w 358,976 2004-07-17 09:34:48 C:\WINDOWS\system32\msjetoledb40.dll
----a-w 159,232 2004-08-19 14:09:34 C:\WINDOWS\system32\msimtf.dll
------w 60,416 2004-08-19 14:09:28 C:\WINDOWS\system32\fwcfg.dll
----a-w 171,008 2004-08-19 14:09:46 C:\WINDOWS\system32\srsvc.dll
----a-w 708,608 2004-08-19 14:10:08 C:\WINDOWS\system32\ss3dfo.scr
----a-w 71,680 2004-08-19 14:09:46 C:\WINDOWS\system32\ssdpsrv.dll
----a-w 393,216 2004-08-19 14:10:08 C:\WINDOWS\system32\ssflwbox.scr
----a-w 47,104 2004-08-19 14:10:08 C:\WINDOWS\system32\ssmypics.scr
----a-w 18,944 2004-08-19 14:10:08 C:\WINDOWS\system32\ssmyst.scr
----a-w 610,304 2004-08-19 14:10:08 C:\WINDOWS\system32\sspipes.scr
----a-w 14,336 2004-08-19 14:10:08 C:\WINDOWS\system32\ssstars.scr
----a-w 68,096 2004-08-19 14:09:46 C:\WINDOWS\system32\sti.dll
----a-w 76,800 2004-08-19 14:09:46 C:\WINDOWS\system32\storprop.dll
----a-w 75,264 2004-08-19 14:09:56 C:\WINDOWS\system32\locator.exe
----a-w 197,120 2004-08-19 14:09:46 C:\WINDOWS\system32\syncui.dll
----a-w 75,264 2004-08-19 14:10:04 C:\WINDOWS\system32\tlntsvr.exe
----a-w 63,488 2004-08-19 14:10:04 C:\WINDOWS\system32\tlntadmn.exe
----a-w 130,560 2004-08-19 14:10:04 C:\WINDOWS\system32\schtasks.exe
----a-w 80,384 2004-08-19 14:10:04 C:\WINDOWS\system32\tlntsess.exe
----a-w 7,168 2004-08-19 14:09:48 C:\WINDOWS\system32\tlntsvrp.dll
----a-w 26,112 2004-08-19 14:09:48 C:\WINDOWS\system32\vdmdbg.dll
----a-w 136,192 2004-08-19 14:09:48 C:\WINDOWS\system32\webvw.dll
----a-w 465,920 2004-08-19 14:09:48 C:\WINDOWS\system32\wiadefui.dll
------w 15,872 2004-08-19 14:09:48 C:\WINDOWS\system32\w3ssl.dll
----a-w 8,192 2004-08-19 14:10:04 C:\WINDOWS\system32\spdwnwxp.exe
----a-w 126,976 2004-08-19 14:09:20 C:\WINDOWS\system32\apphelp.dll
----a-w 4,608 2004-08-19 14:09:34 C:\WINDOWS\system32\msimg32.dll
----a-w 614,400 2004-08-19 14:09:50 C:\WINDOWS\system32\wsecedit.dll
----a-w 252,416 2004-08-19 14:09:34 C:\WINDOWS\system32\msieftp.dll
----a-w 759,296 2004-08-19 14:09:50 C:\WINDOWS\system32\wmsdmod.dll
----a-w 115,200 2004-08-19 14:09:50 C:\WINDOWS\system32\wmsdmoe.dll
----a-w 303,616 2004-08-19 14:09:50 C:\WINDOWS\system32\wmstream.dll
----a-w 16,384 2004-08-19 14:09:30 C:\WINDOWS\system32\inetppui.dll
----a-w 809,984 2004-08-19 14:09:50 C:\WINDOWS\system32\wmvdmod.dll
----a-w 260,096 2004-08-19 14:10:04 C:\WINDOWS\system32\tracerpt.exe
----a-w 19,968 2004-08-19 14:09:50 C:\WINDOWS\system32\wshtcpip.dll
----a-w 378,880 2004-08-19 14:09:50 C:\WINDOWS\system32\wzcdlg.dll
----a-w 359,936 2004-08-19 14:09:50 C:\WINDOWS\system32\wzcsvc.dll
----a-w 30,720 2004-08-19 14:10:06 C:\WINDOWS\system32\xcopy.exe
----a-w 294,400 2004-08-19 14:09:34 C:\WINDOWS\system32\msctf.dll
----a-w 51,712 2004-08-19 14:09:34 C:\WINDOWS\system32\msident.dll
----a-w 6,144 2004-08-19 14:09:52 C:\WINDOWS\system32\csrss.exe
----a-w 57,344 2004-08-19 14:08:28 C:\WINDOWS\system32\mshtmler.dll
----a-w 29,184 2004-08-19 14:10:00 C:\WINDOWS\system32\mshta.exe
----a-w 384,512 2004-08-19 14:09:32 C:\WINDOWS\system32\mp4sdmod.dll
------w 11,776 2004-08-19 14:10:04 C:\WINDOWS\system32\spnpinst.exe
----a-w 512,029 2004-08-19 14:09:34 C:\WINDOWS\system32\msexch40.dll
----a-w 1,004,032 2004-08-19 14:09:34 C:\WINDOWS\system32\msgina.dll
----a-w 319,517 2004-08-19 14:09:34 C:\WINDOWS\system32\msexcl40.dll
----a-w 219,648 2004-08-19 14:09:48 C:\WINDOWS\system32\uxtheme.dll
----a-w 18,432 2004-08-19 14:09:50 C:\WINDOWS\system32\wtsapi32.dll
----a-w 46,080 2004-08-19 14:09:56 C:\WINDOWS\system32\ftp.exe
----a-w 192,184 2007-10-09 01:22:50 C:\WINDOWS\system32\FNTCACHE.DAT
----a-w 282,624 2004-08-19 14:09:30 C:\WINDOWS\system32\inetcfg.dll
----a-w 94,208 2004-08-19 14:09:48 C:\WINDOWS\system32\tscfgwmi.dll
----a-w 122,368 2004-08-19 14:09:46 C:\WINDOWS\system32\stobject.dll
----a-w 58,880 2004-08-19 14:09:34 C:\WINDOWS\system32\msdtclog.dll
----a-w 28,672 2004-08-19 14:09:22 C:\WINDOWS\system32\batmeter.dll
----a-w 177,784 2004-07-17 09:39:04 C:\WINDOWS\system32\xenroll.dll
----a-w 6,144 2004-08-19 14:10:00 C:\WINDOWS\system32\msdtc.exe
----a-w 14,336 2004-08-19 14:09:34 C:\WINDOWS\system32\msdmo.dll
----a-w 69,120 2004-08-19 14:09:34 C:\WINDOWS\system32\msctfp.dll
----a-w 90,624 2004-08-19 14:09:48 C:\WINDOWS\system32\trkwks.dll
----a-w 69,632 2004-08-19 14:09:34 C:\WINDOWS\system32\msconf.dll
----a-w 40,448 2004-08-19 14:09:52 C:\WINDOWS\system32\cmmon32.exe
----a-w 50,688 2004-08-19 14:09:32 C:\WINDOWS\system32\mmcshext.dll
----a-w 5,632 2004-08-19 14:09:52 C:\WINDOWS\system32\cisvc.exe
----a-w 86,016 2004-08-19 14:09:34 C:\WINDOWS\system32\msapsspc.dll
----a-w 51,712 2004-08-19 14:09:50 C:\WINDOWS\system32\wzcsapi.dll
----a-w 87,040 2004-08-19 14:09:32 C:\WINDOWS\system32\mprapi.dll
----a-w 59,904 2004-08-19 14:09:32 C:\WINDOWS\system32\mpr.dll
----a-w 124,928 2004-08-19 14:10:00 C:\WINDOWS\system32\mplay32.exe
----a-w 240,640 2004-08-19 14:09:32 C:\WINDOWS\system32\mpg4dmod.dll
----a-w 16,896 2004-08-19 14:09:48 C:\WINDOWS\system32\usbmon.dll
----a-w 51,200 2004-08-19 14:09:50 C:\WINDOWS\system32\wstdecod.dll
----a-w 42,496 2004-08-19 14:09:50 C:\WINDOWS\system32\wsnmp32.dll
----a-w 216,064 2004-08-19 14:08:24 C:\WINDOWS\system32\moricons.dll
----a-w 144,384 2004-08-19 14:09:58 C:\WINDOWS\system32\mobsync.exe
----a-w 22,528 2004-08-19 14:09:32 C:\WINDOWS\system32\licmgr10.dll
------w 88,064 2004-08-19 14:09:38 C:\WINDOWS\system32\p2pnetsh.dll
------w 116,224 2004-08-19 14:09:38 C:\WINDOWS\system32\p2p.dll
----a-w 34,560 2004-08-19 14:09:32 C:\WINDOWS\system32\mnmdd.dll
------w 86,016 2004-08-19 14:09:38 C:\WINDOWS\system32\p2pgasvc.dll
----a-w 159,232 2004-08-19 14:09:22 C:\WINDOWS\system32\cewmdm.dll
----a-w 54,784 2004-08-19 14:09:32 C:\WINDOWS\system32\ixsso.dll
----a-w 70,688 2004-08-19 13:52:22 C:\WINDOWS\system32\mmsystem.dll
------w 81,920 2004-08-19 14:09:28 C:\WINDOWS\system32\ieencode.dll
----a-w 60,928 2004-08-19 14:09:32 C:\WINDOWS\system32\miglibnt.dll
----a-w 110,592 2004-08-19 14:09:24 C:\WINDOWS\system32\DBnetlib.dll
------w 312,320 2004-08-19 14:09:38 C:\WINDOWS\system32\p2pGraph.dll
------w 48,640 2004-08-19 14:09:38 C:\WINDOWS\system32\pnrpNsp.dll
------w 120,320 2004-08-19 14:09:32 C:\WINDOWS\system32\ir41_qc.dll
----a-w 20,480 2004-08-19 14:09:26 C:\WINDOWS\system32\encapi.dll
----a-w 22,528 2004-08-19 14:09:32 C:\WINDOWS\system32\mfcsubs.dll
----a-w 23,552 2004-08-19 14:09:32 C:\WINDOWS\system32\mciwave.dll
----a-w 85,504 2004-08-19 14:09:32 C:\WINDOWS\system32\mciavi32.dll
----a-w 10,240 2004-08-19 14:09:32 C:\WINDOWS\system32\lprhelp.dll
----a-w 18,944 2004-08-19 14:09:48 C:\WINDOWS\system32\version.dll
----a-w 58,880 2004-08-19 14:09:32 C:\WINDOWS\system32\licwmi.dll
----a-w 92,608 2004-08-03 20:49:58 C:\WINDOWS\system32\krnl386.exe
----a-w 157,184 2004-08-19 14:09:32 C:\WINDOWS\system32\keymgr.dll
----a-w 7,424 2004-08-03 20:59:24 C:\WINDOWS\system32\kd1394.dll
----a-w 8,192 2004-08-19 14:09:28 C:\WINDOWS\system32\igmpagnt.dll
----a-w 86,016 2004-08-19 14:09:32 C:\WINDOWS\system32\isign32.dll
----a-w 110,080 2004-08-19 14:09:30 C:\WINDOWS\system32\imm32.dll
----a-w 24,576 2004-08-19 14:09:56 C:\WINDOWS\system32\ipxroute.exe
----a-w 3,584 2004-08-19 14:08:16 C:\WINDOWS\system32\icmp.dll
----a-w 73,728 2004-08-19 14:09:28 C:\WINDOWS\system32\icwdial.dll
----a-w 184,320 2004-08-19 14:09:32 C:\WINDOWS\system32\ipsecsvc.dll
----a-w 361,472 2004-08-19 14:09:32 C:\WINDOWS\system32\ipsecsnp.dll
----a-w 58,368 2004-08-19 14:09:56 C:\WINDOWS\system32\ipconfig.exe
----a-w 33,280 2004-08-19 14:09:30 C:\WINDOWS\system32\inetmib1.dll
----a-w 8,192 2004-08-19 14:09:22 C:\WINDOWS\system32\d3d8thk.dll
----a-w 31,744 2004-08-19 14:09:52 C:\WINDOWS\system32\ddeshare.exe
----a-w 266,240 2004-08-19 14:09:24 C:\WINDOWS\system32\ddraw.dll
----a-w 54,080 2004-08-03 20:51:28 C:\WINDOWS\system32\dosx.exe
----a-w 30,208 2004-08-19 14:09:52 C:\WINDOWS\system32\dplaysvr.exe
----a-w 229,888 2004-08-19 14:09:24 C:\WINDOWS\system32\dplayx.dll
----a-w 116,736 2004-08-19 14:09:24 C:\WINDOWS\system32\dpvvox.dll
----a-w 35,840 2004-08-19 14:09:30 C:\WINDOWS\system32\imgutil.dll
----a-w 93,696 2004-08-19 14:09:24 C:\WINDOWS\system32\dskquota.dll
----a-w 367,616 2004-08-19 14:09:24 C:\WINDOWS\system32\dsound.dll
----a-w 82,944 2004-08-19 14:09:50 C:\WINDOWS\system32\ws2_32.dll
----a-w 180,224 2004-08-19 14:09:52 C:\WINDOWS\system32\dwwin.exe
----a-w 1,179,648 2004-08-19 14:09:22 C:\WINDOWS\system32\d3d8.dll
----a-w 619,008 2004-08-19 14:09:24 C:\WINDOWS\system32\dx7vb.dll
----a-w 32,768 2004-08-19 14:10:06 C:\WINDOWS\system32\wpnpinst.exe
----a-w 24,064 2004-08-19 14:09:24 C:\WINDOWS\system32\dpmodemx.dll
----a-w 3,584 2004-08-19 14:08:08 C:\WINDOWS\system32\dpnaddr.dll
----a-w 375,296 2004-08-19 14:09:24 C:\WINDOWS\system32\dpnet.dll
----a-w 35,328 2004-08-19 14:09:24 C:\WINDOWS\system32\dpnhpast.dll
----a-w 60,928 2004-08-19 14:09:24 C:\WINDOWS\system32\dpnhupnp.dll
----a-w 3,584 2004-08-19 14:08:08 C:\WINDOWS\system32\dpnlobby.dll
----a-w 18,432 2004-08-19 14:09:52 C:\WINDOWS\system32\dpnsvr.exe
----a-w 21,504 2004-08-19 14:09:24 C:\WINDOWS\system32\dpvacm.dll
----a-w 213,504 2004-08-19 14:09:24 C:\WINDOWS\system32\dpvoice.dll
----a-w 83,456 2004-08-19 14:09:52 C:\WINDOWS\system32\dpvsetup.exe
----a-w 16,384 2004-08-19 14:09:24 C:\WINDOWS\system32\ds32gt.dll
----a-w 181,760 2004-08-19 14:09:24 C:\WINDOWS\system32\dsdmo.dll
----a-w 1,227,264 2004-08-19 14:09:24 C:\WINDOWS\system32\dx8vb.dll
----a-w 17,408 2004-08-19 14:09:20 C:\WINDOWS\system32\alrsvc.dll
----a-w 25,088 2004-08-19 14:09:52 C:\WINDOWS\system32\defrag.exe
----a-w 2,113,536 2004-08-19 14:09:24 C:\WINDOWS\system32\dxdiagn.dll
----a-w 119,808 2004-08-19 14:09:28 C:\WINDOWS\system32\iasrad.dll
----a-w 20,992 2004-08-19 14:09:28 C:\WINDOWS\system32\hid.dll
----a-w 39,424 2004-08-19 14:09:56 C:\WINDOWS\system32\grpconv.exe
----a-w 9,344 2004-08-19 14:08:14 C:\WINDOWS\system32\framebuf.dll
----a-w 80,896 2004-08-19 14:09:26 C:\WINDOWS\system32\faultrep.dll
----a-w 195,072 2004-08-19 14:09:52 C:\WINDOWS\system32\eudcedit.exe
----a-w 15,360 2004-08-19 14:09:52 C:\WINDOWS\system32\ctfmon.exe
----a-w 15,872 2004-08-19 14:09:52 C:\WINDOWS\system32\dmremote.exe
----a-w 113,664 2004-08-19 14:09:24 C:\WINDOWS\system32\dsuiext.dll
----a-w 225,280 2004-08-19 14:09:52 C:\WINDOWS\system32\dmadmin.exe
----a-w 28,672 2004-08-19 14:09:24 C:\WINDOWS\system32\dmband.dll
----a-w 200,704 2004-08-19 14:09:24 C:\WINDOWS\system32\dmdskmgr.dll
----a-w 181,248 2004-08-19 14:09:24 C:\WINDOWS\system32\dmime.dll
----a-w 24,576 2004-08-19 14:09:24 C:\WINDOWS\system32\dmserver.dll
----a-w 105,984 2004-08-19 14:09:24 C:\WINDOWS\system32\dmstyle.dll
----a-w 103,424 2004-08-19 14:09:24 C:\WINDOWS\system32\dmsynth.dll
------w 13,824 2004-08-19 14:09:22 C:\WINDOWS\system32\cmsetacl.dll
----a-w 4,096 2004-08-19 14:08:10 C:\WINDOWS\system32\dsprpres.dll
----a-w 8,704 2004-08-19 14:09:22 C:\WINDOWS\system32\batt.dll
----a-w 23,040 2004-08-19 14:09:26 C:\WINDOWS\system32\ersvc.dll
----a-w 187,392 2004-08-19 14:09:26 C:\WINDOWS\system32\els.dll
----a-w 10,752 2004-08-19 14:09:52 C:\WINDOWS\system32\dumprep.exe
----a-w 52,736 2004-08-19 14:09:24 C:\WINDOWS\system32\dssec.dll
----a-w 695,296 2004-08-19 14:10:14 C:\WINDOWS\system32\drmv2clt.dll
----a-w 30,749 2004-08-19 14:09:48 C:\WINDOWS\system32\vbajet32.dll
----a-w 23,552 2004-08-19 14:09:48 C:\WINDOWS\system32\wmdmps.dll
----a-w 172,544 2004-08-19 14:09:48 C:\WINDOWS\system32\wldap32.dll
----a-w 5,632 2004-08-19 14:10:06 C:\WINDOWS\system32\winver.exe
----a-w 58,880 2004-08-19 14:09:24 C:\WINDOWS\system32\dmutil.dll
----a-w 53,760 2004-08-19 14:09:48 C:\WINDOWS\system32\winsta.dll
----a-w 100,352 2004-08-19 14:09:48 C:\WINDOWS\system32\winscard.dll
----a-w 16,896 2004-08-19 14:09:48 C:\WINDOWS\system32\winrnr.dll
----a-w 773,632 2004-08-19 14:09:08 C:\WINDOWS\system32\winntbbu.dll
----a-w 506,368 2004-08-19 14:10:06 C:\WINDOWS\system32\winlogon.exe
------w 49,152 2004-08-19 14:10:02 C:\WINDOWS\system32\powercfg.exe
----a-w 82,432 2004-08-19 14:09:24 C:\WINDOWS\system32\dmscript.dll
------w 14,336 2004-08-19 14:09:52 C:\WINDOWS\system32\auditusr.exe
----a-w 32,768 2004-08-19 14:09:48 C:\WINDOWS\system32\winipsec.dll
----a-w 111,104 2004-08-19 14:09:48 C:\WINDOWS\system32\wiavideo.dll
----a-w 75,776 2004-08-19 14:09:48 C:\WINDOWS\system32\wiascr.dll
----a-w 281,600 2004-08-19 14:09:48 C:\WINDOWS\system32\webcheck.dll
----a-w 49,152 2004-08-19 14:09:48 C:\WINDOWS\system32\wdigest.dll
----a-w 17,664 2004-08-03 21:07:34 C:\WINDOWS\system32\watchdog.sys
----a-w 295,424 2004-08-19 14:10:04 C:\WINDOWS\system32\vssvc.exe
----a-w 54,784 2004-08-19 14:09:48 C:\WINDOWS\system32\vfwwdm32.dll
----a-w 51,712 2004-08-19 14:09:48 C:\WINDOWS\system32\vdmredir.dll
----a-w 50,176 2004-08-19 14:10:04 C:\WINDOWS\system32\utilman.exe
----a-w 77,312 2004-08-19 14:09:48 C:\WINDOWS\system32\usbui.dll
----a-w 37,888 2004-08-19 14:09:48 C:\WINDOWS\system32\url.dll
----a-w 18,432 2004-08-19 14:10:04 C:\WINDOWS\system32\ups.exe
----a-w 13,824 2004-08-19 14:09:48 C:\WINDOWS\system32\uniplat.dll
----a-w 78,848 2004-08-19 14:09:48 C:\WINDOWS\system32\unimdmat.dll
----a-w 36,864 2004-08-19 14:09:48 C:\WINDOWS\system32\umandlg.dll
----a-w 13,312 2004-08-19 14:10:04 C:\WINDOWS\system32\tracert.exe
----a-w 297,984 2004-08-19 14:09:48 C:\WINDOWS\system32\termsrv.dll
----a-w 358,912 2004-08-19 14:09:48 C:\WINDOWS\system32\termmgr.dll
----a-w 14,848 2004-08-19 14:09:48 C:\WINDOWS\system32\tcpmib.dll
----a-w 181,760 2004-08-19 14:09:48 C:\WINDOWS\system32\tapi32.dll
----a-w 860,160 2004-08-19 14:09:48 C:\WINDOWS\system32\tapi3.dll
----a-w 14,336 2004-08-19 14:10:04 C:\WINDOWS\system32\svchost.exe
----a-w 14,848 2004-08-19 14:10:04 C:\WINDOWS\system32\stimon.exe
----a-w 684,032 2004-08-19 14:10:08 C:\WINDOWS\system32\sstext3d.scr
----a-w 34,816 2004-08-19 14:09:46 C:\WINDOWS\system32\ssdpapi.dll
----a-w 19,968 2004-08-19 14:10:08 C:\WINDOWS\system32\ssbezier.scr
----a-w 241,664 2004-08-19 14:09:46 C:\WINDOWS\system32\srrstr.dll
----a-w 55,296 2004-08-19 14:09:24 C:\WINDOWS\system32\dataclen.dll
----a-w 67,584 2004-08-19 14:09:46 C:\WINDOWS\system32\srclient.dll
----a-w 337,920 2004-08-19 14:09:22 C:\WINDOWS\system32\cscui.dll
----a-w 180,800 2004-08-19 14:09:46 C:\WINDOWS\system32\sqlunirl.dll
----a-w 98,304 2004-08-19 14:09:52 C:\WINDOWS\system32\cscript.exe
----a-w 530,432 2004-08-19 14:09:22 C:\WINDOWS\system32\cryptui.dll
----a-w 442,368 2004-08-19 14:09:46 C:\WINDOWS\system32\sqlsrv32.dll
----a-w 60,416 2004-08-19 14:09:22 C:\WINDOWS\system32\cryptsvc.dll
----a-w 63,488 2004-08-19 14:09:22 C:\WINDOWS\system32\cryptnet.dll
----a-w 74,752 2004-08-19 14:09:44 C:\WINDOWS\system32\spoolss.dll
----a-w 75,776 2004-08-19 14:09:22 C:\WINDOWS\system32\cryptdlg.dll
----a-w 539,136 2004-08-19 14:10:04 C:\WINDOWS\system32\spider.exe
----a-w 165,888 2004-08-19 14:09:22 C:\WINDOWS\system32\credui.dll
----a-w 184,320 2004-08-19 14:09:44 C:\WINDOWS\system32\snmpsnap.dll
----a-w 35,328 2004-08-19 14:09:22 C:\WINDOWS\system32\corpol.dll
----a-w 18,944 2004-08-19 14:09:44 C:\WINDOWS\system32\snmpapi.dll
----a-w 133,120 2004-08-19 14:10:04 C:\WINDOWS\system32\sndrec32.exe
----a-w 851,968 2004-08-19 14:09:22 C:\WINDOWS\system32\comres.dll
----a-w 93,184 2004-08-19 14:10:04 C:\WINDOWS\system32\smlogsvc.exe
----a-w 230,912 2004-08-19 14:09:22 C:\WINDOWS\system32\compstui.dll
----a-w 370,688 2004-08-19 14:09:42 C:\WINDOWS\system32\smlogcfg.dll
----a-w 50,688 2004-08-19 14:09:22 C:\WINDOWS\system32\cnbjmon.dll
----a-w 98,304 2004-08-19 14:09:42 C:\WINDOWS\system32\slbiop.dll
----a-w 40,960 2004-08-19 14:09:22 C:\WINDOWS\system32\cmutil.dll
----a-w 306,176 2004-08-03 20:31:44 C:\WINDOWS\system32\slbcsp.dll
----a-w 33,280 2004-08-19 14:09:52 C:\WINDOWS\system32\clipsrv.exe
----a-w 25,600 2004-08-19 14:09:42 C:\WINDOWS\system32\slayerxp.dll
----a-w 39,424 2004-08-19 14:09:22 C:\WINDOWS\system32\cfgbkend.dll
----a-w 26,112 2004-08-19 14:10:04 C:\WINDOWS\system32\skeys.exe
----a-w 85,504 2004-08-19 14:09:22 C:\WINDOWS\system32\catsrvps.dll
----a-w 71,168 2004-08-19 14:10:04 C:\WINDOWS\system32\sigverif.exe
----a-w 50,688 2004-08-19 14:09:22 C:\WINDOWS\system32\camocx.dll
----a-w 13,824 2004-08-19 14:09:42 C:\WINDOWS\system32\sigtab.dll
----a-w 78,336 2004-08-19 14:09:22 C:\WINDOWS\system32\browsewm.dll
----a-w 20,480 2004-08-19 14:10:04 C:\WINDOWS\system32\shutdown.exe
----a-w 77,312 2004-08-19 14:09:22 C:\WINDOWS\system32\browser.dll
----a-w 70,144 2004-08-19 14:08:04 C:\WINDOWS\system32\browselc.dll
----a-w 28,160 2004-08-19 14:09:42 C:\WINDOWS\system32\shscrap.dll
----a-w 286,208 2004-08-19 14:09:22 C:\WINDOWS\system32\blackbox.dll
----a-w 78,848 2004-08-19 14:10:04 C:\WINDOWS\system32\shrpubw.exe
----a-w 52,736 2004-08-19 14:09:22 C:\WINDOWS\system32\basesrv.dll
----a-w 42,496 2004-08-19 14:10:04 C:\WINDOWS\system32\shmgrate.exe
----a-w 85,504 2004-08-19 14:09:22 C:\WINDOWS\system32\avifil32.dll
----a-w 153,088 2004-08-19 14:09:42 C:\WINDOWS\system32\shmedia.dll
----a-w 42,496 2004-08-19 14:09:22 C:\WINDOWS\system32\audiosrv.dll
----a-w 30,208 2004-08-19 14:09:22 C:\WINDOWS\system32\atmlib.dll
----a-w 440,320 2004-08-19 14:09:42 C:\WINDOWS\system32\shimgvw.dll
----a-w 25,088 2004-08-19 14:09:52 C:\WINDOWS\system32\at.exe
----a-w 65,536 2004-08-19 14:09:42 C:\WINDOWS\system32\shimeng.dll
----a-w 70,656 2004-08-19 14:09:20 C:\WINDOWS\system32\amstream.dll
----a-w 68,096 2004-08-19 14:09:42 C:\WINDOWS\system32\shgina.dll
----a-w 98,304 2004-08-19 14:09:52 C:\WINDOWS\system32\ahui.exe
----a-w 25,088 2004-08-19 14:09:42 C:\WINDOWS\system32\shfolder.dll
----a-w 175,616 2004-08-19 14:09:20 C:\WINDOWS\system32\adsldp.dll
----a-w 4,096 2004-08-19 14:09:52 C:\WINDOWS\system32\actmovie.exe
----a-w 119,296 2004-08-19 14:09:20 C:\WINDOWS\system32\aclui.dll
----a-w 572,416 2004-08-19 14:08:52 C:\WINDOWS\system32\shdoclc.dll
------w 129,536 2004-08-19 14:09:50 C:\WINDOWS\system32\xmlprov.dll
----a-w 1,548,288 2004-08-19 14:09:42 C:\WINDOWS\system32\sfcfiles.dll
----a-w 6,656 2004-08-19 14:09:50 C:\WINDOWS\system32\wuauserv.dll
----a-w 142,336 2004-08-19 14:09:42 C:\WINDOWS\system32\sfc_os.dll
------w 184,320 2004-08-19 14:09:50 C:\WINDOWS\system32\wuaueng1.dll
----a-w 5,120 2004-08-19 14:09:42 C:\WINDOWS\system32\sfc.dll
------w 168,960 2004-08-19 14:10:06 C:\WINDOWS\system32\wuauclt1.exe
----a-w 23,040 2004-08-19 14:10:04 C:\WINDOWS\system32\setup.exe
------w 108,032 2004-08-19 14:09:50 C:\WINDOWS\system32\wshbth.dll
----a-w 32,768 2004-08-19 14:10:04 C:\WINDOWS\system32\sethc.exe
----a-w 56,320 2004-08-19 14:09:42 C:\WINDOWS\system32\servdeps.dll
------w 81,408 2004-08-19 14:09:50 C:\WINDOWS\system32\wscsvc.dll
----a-w 6,656 2004-08-19 14:09:42 C:\WINDOWS\system32\sensapi.dll
------w 13,824 2004-08-19 14:10:06 C:\WINDOWS\system32\wscntfy.exe
----a-w 38,912 2004-08-19 14:09:42 C:\WINDOWS\system32\sens.dll
----a-w 1,001,472 2004-08-19 14:09:50 C:\WINDOWS\system32\wmvdmoe2.dll
----a-w 55,296 2004-08-19 14:09:40 C:\WINDOWS\system32\sendmail.dll
----a-w 29,696 2004-08-19 14:09:40 C:\WINDOWS\system32\sendcmsg.dll
----a-w 938,496 2004-08-19 14:09:08 C:\WINDOWS\system32\winbrand.dll
----a-w 5,632 2004-08-19 14:09:40 C:\WINDOWS\system32\security.dll
----a-w 55,808 2004-08-19 14:09:40 C:\WINDOWS\system32\secur32.dll
------w 44,032 2004-08-19 14:09:48 C:\WINDOWS\system32\twext.dll
----a-w 18,944 2004-08-19 14:09:40 C:\WINDOWS\system32\seclogon.dll
------w 75,776 2004-08-19 14:09:46 C:\WINDOWS\system32\strmfilt.dll
----a-w 78,848 2004-08-19 14:10:04 C:\WINDOWS\system32\sdbinst.exe
------w 21,504 2004-08-19 14:10:04 C:\WINDOWS\system32\spupdwxp.exe
----a-w 151,552 2004-08-19 14:09:40 C:\WINDOWS\system32\scrrun.dll
------w 2,986,496 2004-08-19 14:08:58 C:\WINDOWS\system32\xpsp2res.dll
----a-w 159,744 2004-08-19 14:09:40 C:\WINDOWS\system32\scrobj.dll
------w 8,192 2004-08-19 14:10:04 C:\WINDOWS\system32\smbinst.exe
----a-w 9,216 2004-08-19 14:10:08 C:\WINDOWS\system32\scrnsave.scr
------w 73,796 2004-08-19 14:10:04 C:\WINDOWS\system32\slserv.exe
----a-w 22,016 2004-08-19 14:09:40 C:\WINDOWS\system32\sclgntfy.dll
------w 32,866 2004-08-19 14:10:04 C:\WINDOWS\system32\slrundll.exe
----a-w 193,024 2004-08-19 14:09:40 C:\WINDOWS\system32\schedsvc.dll
------w 188,508 2004-08-19 14:09:42 C:\WINDOWS\system32\slgen.dll
----a-w 328,704 2004-08-19 14:09:40 C:\WINDOWS\system32\scesrv.dll
------w 286,792 2004-08-19 14:09:42 C:\WINDOWS\system32\slextspk.dll
----a-w 186,368 2004-08-19 14:09:40 C:\WINDOWS\system32\scecli.dll
------w 73,832 2004-08-19 14:09:42 C:\WINDOWS\system32\slcoinst.dll
----a-w 171,520 2004-08-19 14:09:40 C:\WINDOWS\system32\sccsccp.dll
------w 29,184 2004-08-19 14:09:40 C:\WINDOWS\system32\sdhcinst.dll
----a-w 71,168 2004-08-19 14:09:40 C:\WINDOWS\system32\scarddlg.dll
----a-w 159,232 2004-08-19 14:09:40 C:\WINDOWS\system32\sbeio.dll
----a-w 45,568 2004-08-19 14:09:40 C:\WINDOWS\system32\safrslv.dll
------w 526,848 2004-08-19 14:09:38 C:\WINDOWS\system32\p2psvc.dll
----a-w 29,696 2004-08-19 14:09:40 C:\WINDOWS\system32\safrdm.dll
------w 1,737,856 2004-08-19 14:09:36 C:\WINDOWS\system32\mtxparhd.dll
----a-w 43,520 2004-08-19 14:09:40 C:\WINDOWS\system32\safrcdlg.dll
----a-w 134,656 2004-08-19 14:09:34 C:\WINDOWS\system32\mssap.dll
----a-w 14,336 2004-08-19 14:10:04 C:\WINDOWS\system32\runonce.exe
----a-w 44,032 2004-08-19 14:09:40 C:\WINDOWS\system32\rtutils.dll
------w 7,168 2004-08-19 14:08:20 C:\WINDOWS\system32\kbdukx.dll
----a-w 31,744 2004-08-19 14:09:40 C:\WINDOWS\system32\rtipxmib.dll
------w 7,680 2004-08-19 14:08:20 C:\WINDO
Zut c'est tellment long que ça rentre pas, la ya qu'un tiers du rapport!
Je te met le hijack qui lui est abordableLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:48:18, on 09/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bluetooth\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Mes Documents\Bureau\scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {EBC41EF6-189E-0211-F514-980CE1CCDDF8} - C:\DOCUME~1\ADMINI~1\APPLIC~1\SHIMKI~1\for skip.exe (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Network Service Monitor] C:\WINDOWS\system32\19.tmp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Bluetooth\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr
O16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version3/Applet/wchatsign.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://kit.carpediem.fr/15239/xgratos.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D43316F4-7398-4572-9FF1-275F4B059CC6}: NameServer = 193.252.19.3,193.252.19.4
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Bluetooth\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: cKhLd3IuQgV39agc72 - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe (file missing)
O23 - Service: D880g0dS+Ss25oQQQ2 - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe (file missing)
O23 - Service: EJCKi3Hn0dt12kf2Q1 - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IScL62iwp003hatHh0UTS+s2 - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe (file missing)
O23 - Service: LRqgC2IISz23uGK6h04GyBs2elBTQ2 - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe (file missing)
O23 - Service: M1BSB1L01AM1ALMnG17Hjfx3mwWHp1hDsSR1DydWi2 - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe (file missing)
O23 - Service: Microsoft Windows VHP Control - Unknown owner - C:\WINDOWS\System32\dllcache\winvhp.exe (file missing)
O23 - Service: Windows Network Service Monitor (nsmss) - Unknown owner - C:\WINDOWS\system32\19.tmp (file missing)
O23 - Service: Network Translation Service (NTS) - Unknown owner - C:\WINDOWS\nts.exe (file missing)
O23 - Service: Network Translation System Service (NTSS) - Unknown owner - C:\WINDOWS\system32\ntss.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Q+Ilf1Oc65S1jX2d703r3j01Ka3lh2 - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Windows Management Service (wms) - Unknown owner - C:\WINDOWS\System32\wms.exe (file missing)
--
End of file - 7173 bytes
1) Que dois je faire encore?
2) Avec dropmyrights, l'affichage des premieres pages internet est super lent, est ce normal?
3) Quel parefeu me recommande tu? (outpost tarde a menvoyer son mail)
4) merci pour tout!
Je te met le hijack qui lui est abordableLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:48:18, on 09/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bluetooth\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Mes Documents\Bureau\scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {EBC41EF6-189E-0211-F514-980CE1CCDDF8} - C:\DOCUME~1\ADMINI~1\APPLIC~1\SHIMKI~1\for skip.exe (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Network Service Monitor] C:\WINDOWS\system32\19.tmp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Bluetooth\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr
O16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version3/Applet/wchatsign.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://kit.carpediem.fr/15239/xgratos.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D43316F4-7398-4572-9FF1-275F4B059CC6}: NameServer = 193.252.19.3,193.252.19.4
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Bluetooth\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: cKhLd3IuQgV39agc72 - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe (file missing)
O23 - Service: D880g0dS+Ss25oQQQ2 - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe (file missing)
O23 - Service: EJCKi3Hn0dt12kf2Q1 - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IScL62iwp003hatHh0UTS+s2 - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe (file missing)
O23 - Service: LRqgC2IISz23uGK6h04GyBs2elBTQ2 - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe (file missing)
O23 - Service: M1BSB1L01AM1ALMnG17Hjfx3mwWHp1hDsSR1DydWi2 - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe (file missing)
O23 - Service: Microsoft Windows VHP Control - Unknown owner - C:\WINDOWS\System32\dllcache\winvhp.exe (file missing)
O23 - Service: Windows Network Service Monitor (nsmss) - Unknown owner - C:\WINDOWS\system32\19.tmp (file missing)
O23 - Service: Network Translation Service (NTS) - Unknown owner - C:\WINDOWS\nts.exe (file missing)
O23 - Service: Network Translation System Service (NTSS) - Unknown owner - C:\WINDOWS\system32\ntss.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Q+Ilf1Oc65S1jX2d703r3j01Ka3lh2 - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Avp32.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Windows Management Service (wms) - Unknown owner - C:\WINDOWS\System32\wms.exe (file missing)
--
End of file - 7173 bytes
1) Que dois je faire encore?
2) Avec dropmyrights, l'affichage des premieres pages internet est super lent, est ce normal?
3) Quel parefeu me recommande tu? (outpost tarde a menvoyer son mail)
4) merci pour tout!
Yop Michou!
1) http://www.badongo.com/file/4688853
C'est le rapport combofix, tellement long que je l'ai hébergé (c un .txt)
2) Le rapport antivir
AntiVir PersonalEdition Classic
Report file date: mardi 9 octobre 2007 14:44
Scanning for 869197 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Administrateur
Computer name: PC
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:30
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:52
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:22
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 04:58:02
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 04:58:02
ANTIVIR2.VDF : 7.0.0.57 446464 Bytes 07/10/2007 04:58:02
ANTIVIR3.VDF : 7.0.0.63 22016 Bytes 08/10/2007 04:58:02
AVEWIN32.DLL : 7.6.0.20 2753024 Bytes 09/10/2007 04:58:02
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:28
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:18
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:02
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:08
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:34
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:20
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:44
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:14
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:38
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:22
Configuration settings for the scan:
Jobname..........................: ShlExt
Configuration file...............: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\31b9deb6.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: off
Scan registry....................: off
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mardi 9 octobre 2007 14:44
Starting the file scan:
Begin scan in 'D:\'
D:\Mes Documents\Bureau\ComboFix.exe
[0] Archive type: RAR SFX (self extracting)
--> setpath.cfexe
[DETECTION] Contains suspicious code HEUR/Malware
[WARNING] The file was ignored!
D:\Mes Documents\Bureau\Dévérole\SDFIX\SDFix\backups\9.tmp
[DETECTION] Is the Trojan horse TR/Proxy.Bary.FL
[INFO] The file was moved to '477f8941.qua'!
D:\Mes Documents\Bureau\Dévérole\SDFIX\SDFix\backups\2.tmp
[DETECTION] Is the Trojan horse TR/Proxy.Bary.FL
[INFO] The file was moved to '477f8948.qua'!
D:\Mes Documents\Bureau\Dévérole\SDFIX\SDFix\backups\2B.tmp
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.bvy Backdoor server programs
[INFO] The file was moved to '47398961.qua'!
D:\Mes Documents\Bureau\Dévérole\SDFIX\SDFix\backups\2D.tmp
[DETECTION] Contains detection pattern of the backdoor control software BDC/Agent.NGP.
[INFO] The file was moved to '47398967.qua'!
D:\Mes Documents\Bureau\Dévérole\SDFIX\SDFix\backups\2E.tmp
[DETECTION] Contains detection pattern of the backdoor control software BDC/Agent.NGP.
[INFO] The file was moved to '4739896b.qua'!
D:\Mes Documents\Bureau\Dévérole\SDFIX\SDFix\backups\12.tmp
[DETECTION] Is the Trojan horse TR/Proxy.E
[INFO] The file was moved to '4739895a.qua'!
D:\Mes Documents\Bureau\Dévérole\SDFIX\SDFix\backups\15.tmp
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47398960.qua'!
D:\Mes Documents\Bureau\Dévérole\SDFIX\SDFix\backups\16.tmp
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47398963.qua'!
D:\Mes Documents\Bureau\Dévérole\SDFIX\SDFix\backups\17.tmp
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47398966.qua'!
D:\Mes Documents\Bureau\Dévérole\SDFIX\SDFix\backups\18.tmp
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47398969.qua'!
D:\Mes Documents\Bureau\Dévérole\SDFIX\SDFix\backups\19.tmp
[DETECTION] Is the Trojan horse TR/Proxy.Ranky.GV
[INFO] The file was moved to '4739896c.qua'!
D:\Mes Documents\Bureau\Dévérole\SDFIX\SDFix\backups\wfvs.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4781899a.qua'!
D:\Mes Documents\Bureau\Dévérole\SDFIX\SDFix\backups\winsvcmon.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.8149
[INFO] The file was moved to '4779899f.qua'!
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\wms.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.8482
[INFO] The file was moved to '477e971b.qua'!
C:\WINDOWS\system32\E1.tmp
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '473996e6.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C5EJ0LYJ\84785_winhtb[1].exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.FP
[INFO] The file was moved to '4742970a.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C5EJ0LYJ\84785_winhtb[2].exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.FP
[INFO] The file was moved to '4742970f.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C5EJ0LYJ\84785_winhtb[3].exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.FP
[INFO] The file was moved to '47429713.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OHIFOHMJ\84785_winhtb[1].exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.FP
[INFO] The file was moved to '4742971e.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OHIFOHMJ\84785_winhtb[2].exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.FP
[INFO] The file was moved to '47429721.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4XAB416F\84785_winhtb[1].exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.FP
[INFO] The file was moved to '4742972f.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OF1RAOAW\84785_winhtb[1].exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.FP
[INFO] The file was moved to '47429739.qua'!
C:\WINDOWS\system32\drivers\sptd0765.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\dtscsi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\dllcache\winvhp.exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.FP
[INFO] The file was moved to '477997c0.qua'!
C:\WINDOWS\Downloaded Program Files\video-player-b.exe
[DETECTION] Is the Trojan horse TR/Dialer.eg.7
[INFO] The file was moved to '476f98fb.qua'!
C:\WINDOWS\Downloaded Program Files\MadameSalope.exe
[DETECTION] Is the Trojan horse TR/Dialer.eg.7
[INFO] The file was moved to '46067824.qua'!
C:\Documents and Settings\All Users\Application Data\NEW DOWNLOAD MANAGER FIRST\RoadTick.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '476c9b3a.qua'!
C:\Documents and Settings\All Users\Application Data\NEW DOWNLOAD MANAGER FIRST\Noun Seek.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '47809b3f.qua'!
C:\Documents and Settings\Administrateur\Application Data\Bind Title Sect\rkkukgwz.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '47769bb7.qua'!
C:\Documents and Settings\Administrateur\Application Data\Bind Title Sect\belngkyz.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '47779bb4.qua'!
C:\Program Files\Fichiers communs\rplnapfa\trardenl\ndljperf.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.AY Backdoor server programs
[INFO] The file was moved to '47779c46.qua'!
C:\Program Files\Fichiers communs\rplnapfa\rjfrfnbcrj\fblhpfpjd.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.AY Backdoor server programs
[INFO] The file was moved to '47779c47.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP1\A0000006.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '473ba015.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP1\A0000021.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '473ba017.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP1\A0000022.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '473ba019.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP1\A0000023.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '473ba01b.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP1\A0000024.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '473ba01d.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP1\A0000025.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '473ba01f.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP1\A0000027.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '473ba021.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP1\A0000028.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '473ba022.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP1\A0000029.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '473ba024.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP1\A0000030.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '473ba026.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP1\A0000031.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '473ba027.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP1\A0000032.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '473ba029.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP1\A0000033.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '473ba02b.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP1\A0000034.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '473ba02c.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP1\A0000035.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '473ba02e.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP1\A0000043.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '473ba031.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP1\A0000044.DLL
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '473ba032.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP2\A0000055.EXE
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '473ba035.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP2\A0000056.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '473ba03a.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP2\A0000057.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '473ba03b.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP2\A0000058.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4641a0ac.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP2\A0000059.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '473ba03d.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP2\A0000060.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4641a0ae.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP2\A0000061.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '473ba03c.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP2\A0000068.DLL
[DETECTION] Is the Trojan horse TR/Agent.310881
[INFO] The file was moved to '473ba03f.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP2\A0000069.DLL
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4641a0d0.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP2\A0000124.exe
[DETECTION] Contains detection pattern of the backdoor control software BDC/Agent.NGP.
[INFO] The file was moved to '473ba040.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP2\A0000125.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.bvy Backdoor server programs
[INFO] The file was moved to '4641a0d1.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP2\A0000138.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '473ba042.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP7\A0004376.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.8482
[INFO] The file was moved to '473ba148.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP7\A0004377.exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.FP
[INFO] The file was moved to '473ba149.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP7\A0004378.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '4641a1da.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP7\A0004379.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '473ba14a.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP7\A0004380.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '4641a1db.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP7\A0004381.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '473ba14b.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP7\A0004382.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.AY Backdoor server programs
[INFO] The file was moved to '4641a1dc.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP7\A0004383.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.AY Backdoor server programs
[INFO] The file was moved to '473ba14d.qua'!
C:\FOUND.022\FILE0000.CHK
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4757a1dd.qua'!
C:\qoobox\Quarantine\C\WINDOWS\nts.exe.vir
[DETECTION] Contains detection pattern of the backdoor control software BDC/Agent.NGP.
[INFO] The file was moved to '477ea209.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\uwnxkjnh.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '4779a20c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ivfsmxdm.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '4771a20c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\aylvnhsa.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4777a20f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\byxvwuu.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4783a20f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\cbxussq.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4783a1f8.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\fcmutyhe.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4778a1fa.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\gljudpns.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4775a203.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\mljge.dll.vir
[DETECTION] Is the Trojan horse TR/Agent.310881
[INFO] The file was moved to '4775a204.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\iifcbyx.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4771a201.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ntss.exe.vir
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.bvy Backdoor server programs
[INFO] The file was moved to '477ea20c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\qomkjgf.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4778a208.qua'!
C:\VundoFix Backups\byxvuvu.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4783a212.qua'!
C:\VundoFix Backups\cbxvwxy.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4783a1fb.qua'!
C:\VundoFix Backups\fccdabb.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '476ea1fd.qua'!
C:\VundoFix Backups\fccddda.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4619547e.qua'!
C:\VundoFix Backups\fccddde.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '476ea1ff.qua'!
C:\VundoFix Backups\fccywts.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '476ea1fe.qua'!
C:\VundoFix Backups\iifcbyx.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4771a204.qua'!
C:\VundoFix Backups\ldpxfvcf.dll.bad
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '477ba1ff.qua'!
C:\VundoFix Backups\ljjiggd.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4775a205.qua'!
C:\VundoFix Backups\ljjjjhi.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4775a206.qua'!
C:\VundoFix Backups\nnnmmmk.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4779a20a.qua'!
C:\VundoFix Backups\opnmmjg.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '460e578d.qua'!
C:\VundoFix Backups\qtuabyni.dll.bad
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4780a211.qua'!
C:\VundoFix Backups\rqrpmlj.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '477da20e.qua'!
C:\VundoFix Backups\tuvsrqq.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4781a212.qua'!
C:\VundoFix Backups\vtuvusr.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '46f75792.qua'!
C:\VundoFix Backups\yaywwtu.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4784a1ff.qua'!
End of the scan: mardi 9 octobre 2007 17:44
Used time: 3:00:35 min
The scan has been done completely.
7598 Scanning directories
254402 Files were scanned
98 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
0 files were deleted
0 files were repaired
98 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
254304 Files not concerned
2065 Archives were scanned
5 Warnings
0 Notes
J'ai tout envoyé en quarantaine
3) Que dois-je faire encore? Le pc m'a l'air ok
4) Me conseille tu Outpost free comme firewall?
5) Les lenteurs a l'affichage de la 1ere page avec dropmyrights sont elles normales?
Demain j'irai aider une amie en galère sur son pc. Si je me révèle incompétent, je saurai ou appeler le supermichou, le serialkicker des malwares.
Merci pour ton aide mec, du bénévolat comme ça, ça m'épate
1) http://www.badongo.com/file/4688853
C'est le rapport combofix, tellement long que je l'ai hébergé (c un .txt)
2) Le rapport antivir
AntiVir PersonalEdition Classic
Report file date: mardi 9 octobre 2007 14:44
Scanning for 869197 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Administrateur
Computer name: PC
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:30
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:52
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:22
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 04:58:02
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 04:58:02
ANTIVIR2.VDF : 7.0.0.57 446464 Bytes 07/10/2007 04:58:02
ANTIVIR3.VDF : 7.0.0.63 22016 Bytes 08/10/2007 04:58:02
AVEWIN32.DLL : 7.6.0.20 2753024 Bytes 09/10/2007 04:58:02
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:28
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:18
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:02
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:08
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:34
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:20
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:44
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:14
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:38
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:22
Configuration settings for the scan:
Jobname..........................: ShlExt
Configuration file...............: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\31b9deb6.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: off
Scan registry....................: off
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mardi 9 octobre 2007 14:44
Starting the file scan:
Begin scan in 'D:\'
D:\Mes Documents\Bureau\ComboFix.exe
[0] Archive type: RAR SFX (self extracting)
--> setpath.cfexe
[DETECTION] Contains suspicious code HEUR/Malware
[WARNING] The file was ignored!
D:\Mes Documents\Bureau\Dévérole\SDFIX\SDFix\backups\9.tmp
[DETECTION] Is the Trojan horse TR/Proxy.Bary.FL
[INFO] The file was moved to '477f8941.qua'!
D:\Mes Documents\Bureau\Dévérole\SDFIX\SDFix\backups\2.tmp
[DETECTION] Is the Trojan horse TR/Proxy.Bary.FL
[INFO] The file was moved to '477f8948.qua'!
D:\Mes Documents\Bureau\Dévérole\SDFIX\SDFix\backups\2B.tmp
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.bvy Backdoor server programs
[INFO] The file was moved to '47398961.qua'!
D:\Mes Documents\Bureau\Dévérole\SDFIX\SDFix\backups\2D.tmp
[DETECTION] Contains detection pattern of the backdoor control software BDC/Agent.NGP.
[INFO] The file was moved to '47398967.qua'!
D:\Mes Documents\Bureau\Dévérole\SDFIX\SDFix\backups\2E.tmp
[DETECTION] Contains detection pattern of the backdoor control software BDC/Agent.NGP.
[INFO] The file was moved to '4739896b.qua'!
D:\Mes Documents\Bureau\Dévérole\SDFIX\SDFix\backups\12.tmp
[DETECTION] Is the Trojan horse TR/Proxy.E
[INFO] The file was moved to '4739895a.qua'!
D:\Mes Documents\Bureau\Dévérole\SDFIX\SDFix\backups\15.tmp
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47398960.qua'!
D:\Mes Documents\Bureau\Dévérole\SDFIX\SDFix\backups\16.tmp
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47398963.qua'!
D:\Mes Documents\Bureau\Dévérole\SDFIX\SDFix\backups\17.tmp
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47398966.qua'!
D:\Mes Documents\Bureau\Dévérole\SDFIX\SDFix\backups\18.tmp
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47398969.qua'!
D:\Mes Documents\Bureau\Dévérole\SDFIX\SDFix\backups\19.tmp
[DETECTION] Is the Trojan horse TR/Proxy.Ranky.GV
[INFO] The file was moved to '4739896c.qua'!
D:\Mes Documents\Bureau\Dévérole\SDFIX\SDFix\backups\wfvs.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4781899a.qua'!
D:\Mes Documents\Bureau\Dévérole\SDFIX\SDFix\backups\winsvcmon.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.8149
[INFO] The file was moved to '4779899f.qua'!
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\wms.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.8482
[INFO] The file was moved to '477e971b.qua'!
C:\WINDOWS\system32\E1.tmp
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '473996e6.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C5EJ0LYJ\84785_winhtb[1].exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.FP
[INFO] The file was moved to '4742970a.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C5EJ0LYJ\84785_winhtb[2].exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.FP
[INFO] The file was moved to '4742970f.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C5EJ0LYJ\84785_winhtb[3].exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.FP
[INFO] The file was moved to '47429713.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OHIFOHMJ\84785_winhtb[1].exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.FP
[INFO] The file was moved to '4742971e.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OHIFOHMJ\84785_winhtb[2].exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.FP
[INFO] The file was moved to '47429721.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4XAB416F\84785_winhtb[1].exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.FP
[INFO] The file was moved to '4742972f.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OF1RAOAW\84785_winhtb[1].exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.FP
[INFO] The file was moved to '47429739.qua'!
C:\WINDOWS\system32\drivers\sptd0765.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\dtscsi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\dllcache\winvhp.exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.FP
[INFO] The file was moved to '477997c0.qua'!
C:\WINDOWS\Downloaded Program Files\video-player-b.exe
[DETECTION] Is the Trojan horse TR/Dialer.eg.7
[INFO] The file was moved to '476f98fb.qua'!
C:\WINDOWS\Downloaded Program Files\MadameSalope.exe
[DETECTION] Is the Trojan horse TR/Dialer.eg.7
[INFO] The file was moved to '46067824.qua'!
C:\Documents and Settings\All Users\Application Data\NEW DOWNLOAD MANAGER FIRST\RoadTick.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '476c9b3a.qua'!
C:\Documents and Settings\All Users\Application Data\NEW DOWNLOAD MANAGER FIRST\Noun Seek.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '47809b3f.qua'!
C:\Documents and Settings\Administrateur\Application Data\Bind Title Sect\rkkukgwz.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '47769bb7.qua'!
C:\Documents and Settings\Administrateur\Application Data\Bind Title Sect\belngkyz.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '47779bb4.qua'!
C:\Program Files\Fichiers communs\rplnapfa\trardenl\ndljperf.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.AY Backdoor server programs
[INFO] The file was moved to '47779c46.qua'!
C:\Program Files\Fichiers communs\rplnapfa\rjfrfnbcrj\fblhpfpjd.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.AY Backdoor server programs
[INFO] The file was moved to '47779c47.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP1\A0000006.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '473ba015.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP1\A0000021.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '473ba017.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP1\A0000022.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '473ba019.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP1\A0000023.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '473ba01b.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP1\A0000024.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '473ba01d.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP1\A0000025.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '473ba01f.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP1\A0000027.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '473ba021.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP1\A0000028.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '473ba022.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP1\A0000029.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '473ba024.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP1\A0000030.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '473ba026.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP1\A0000031.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '473ba027.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP1\A0000032.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '473ba029.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP1\A0000033.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '473ba02b.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP1\A0000034.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '473ba02c.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP1\A0000035.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '473ba02e.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP1\A0000043.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '473ba031.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP1\A0000044.DLL
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '473ba032.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP2\A0000055.EXE
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '473ba035.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP2\A0000056.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '473ba03a.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP2\A0000057.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '473ba03b.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP2\A0000058.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4641a0ac.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP2\A0000059.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '473ba03d.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP2\A0000060.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4641a0ae.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP2\A0000061.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '473ba03c.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP2\A0000068.DLL
[DETECTION] Is the Trojan horse TR/Agent.310881
[INFO] The file was moved to '473ba03f.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP2\A0000069.DLL
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4641a0d0.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP2\A0000124.exe
[DETECTION] Contains detection pattern of the backdoor control software BDC/Agent.NGP.
[INFO] The file was moved to '473ba040.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP2\A0000125.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.bvy Backdoor server programs
[INFO] The file was moved to '4641a0d1.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP2\A0000138.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '473ba042.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP7\A0004376.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.8482
[INFO] The file was moved to '473ba148.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP7\A0004377.exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.FP
[INFO] The file was moved to '473ba149.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP7\A0004378.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '4641a1da.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP7\A0004379.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '473ba14a.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP7\A0004380.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '4641a1db.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP7\A0004381.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '473ba14b.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP7\A0004382.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.AY Backdoor server programs
[INFO] The file was moved to '4641a1dc.qua'!
C:\System Volume Information\_restore{89A427A7-E458-4679-BDD2-D8DA8DBB535B}\RP7\A0004383.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.AY Backdoor server programs
[INFO] The file was moved to '473ba14d.qua'!
C:\FOUND.022\FILE0000.CHK
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4757a1dd.qua'!
C:\qoobox\Quarantine\C\WINDOWS\nts.exe.vir
[DETECTION] Contains detection pattern of the backdoor control software BDC/Agent.NGP.
[INFO] The file was moved to '477ea209.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\uwnxkjnh.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '4779a20c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ivfsmxdm.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '4771a20c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\aylvnhsa.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4777a20f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\byxvwuu.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4783a20f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\cbxussq.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4783a1f8.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\fcmutyhe.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4778a1fa.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\gljudpns.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4775a203.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\mljge.dll.vir
[DETECTION] Is the Trojan horse TR/Agent.310881
[INFO] The file was moved to '4775a204.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\iifcbyx.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4771a201.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ntss.exe.vir
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.bvy Backdoor server programs
[INFO] The file was moved to '477ea20c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\qomkjgf.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4778a208.qua'!
C:\VundoFix Backups\byxvuvu.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4783a212.qua'!
C:\VundoFix Backups\cbxvwxy.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4783a1fb.qua'!
C:\VundoFix Backups\fccdabb.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '476ea1fd.qua'!
C:\VundoFix Backups\fccddda.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4619547e.qua'!
C:\VundoFix Backups\fccddde.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '476ea1ff.qua'!
C:\VundoFix Backups\fccywts.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '476ea1fe.qua'!
C:\VundoFix Backups\iifcbyx.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4771a204.qua'!
C:\VundoFix Backups\ldpxfvcf.dll.bad
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '477ba1ff.qua'!
C:\VundoFix Backups\ljjiggd.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4775a205.qua'!
C:\VundoFix Backups\ljjjjhi.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4775a206.qua'!
C:\VundoFix Backups\nnnmmmk.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4779a20a.qua'!
C:\VundoFix Backups\opnmmjg.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '460e578d.qua'!
C:\VundoFix Backups\qtuabyni.dll.bad
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4780a211.qua'!
C:\VundoFix Backups\rqrpmlj.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '477da20e.qua'!
C:\VundoFix Backups\tuvsrqq.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4781a212.qua'!
C:\VundoFix Backups\vtuvusr.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '46f75792.qua'!
C:\VundoFix Backups\yaywwtu.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4784a1ff.qua'!
End of the scan: mardi 9 octobre 2007 17:44
Used time: 3:00:35 min
The scan has been done completely.
7598 Scanning directories
254402 Files were scanned
98 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
0 files were deleted
0 files were repaired
98 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
254304 Files not concerned
2065 Archives were scanned
5 Warnings
0 Notes
J'ai tout envoyé en quarantaine
3) Que dois-je faire encore? Le pc m'a l'air ok
4) Me conseille tu Outpost free comme firewall?
5) Les lenteurs a l'affichage de la 1ere page avec dropmyrights sont elles normales?
Demain j'irai aider une amie en galère sur son pc. Si je me révèle incompétent, je saurai ou appeler le supermichou, le serialkicker des malwares.
Merci pour ton aide mec, du bénévolat comme ça, ça m'épate
Re,
Le site pour le rapport est temporairement indisponible.
Tu peux prendre Outpost comme Firewall oui![;)]( ";)")
Je n'ai jamais utilisé DropMyRights donc je ne sais pas.
Tu peux vider la quarantaine d'antivir.
Télécharge sur ton bureau : Clean
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé et poste le rapport ici.
Le rapport se trouve ici : C:\rapport_clean.txt
Tuto
Le site pour le rapport est temporairement indisponible.
Tu peux prendre Outpost comme Firewall oui
Je n'ai jamais utilisé DropMyRights donc je ne sais pas.
Tu peux vider la quarantaine d'antivir.
Télécharge sur ton bureau : Clean
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé et poste le rapport ici.
Le rapport se trouve ici : C:\rapport_clean.txt
Tuto
Voilà les rapports :
13/10/2007 a 2:11:14,15
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\cd_clint.dll FOUND
C:\WINDOWS\system32\cd_clint.dll FOUND
"C:\WINDOWS\Downloaded Program Files\CONFLICT.1" FOUND
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\180search Assistant\" FOUND
"C:\Program Files\MyWay\" FOUND
"C:\Program Files\RXToolBar\" FOUND
"C:\Program Files\Viewpoint\" FOUND
*** Fin du rapport !
Après pour le nettoyage :
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 13/10/2007 a 2:12:19,39
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\cd_clint.dll
tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.1"
*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\180search Assistant\"
tentative de suppression de "C:\Program Files\MyWay\"
tentative de suppression de "C:\Program Files\RXToolBar\"
tentative de suppression de "C:\Program Files\Viewpoint\"
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
Qu'est ce qu'à fait clean de + que antivir?
J'ai encore des choses a faire?
Merci
13/10/2007 a 2:11:14,15
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\cd_clint.dll FOUND
C:\WINDOWS\system32\cd_clint.dll FOUND
"C:\WINDOWS\Downloaded Program Files\CONFLICT.1" FOUND
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\180search Assistant\" FOUND
"C:\Program Files\MyWay\" FOUND
"C:\Program Files\RXToolBar\" FOUND
"C:\Program Files\Viewpoint\" FOUND
*** Fin du rapport !
Après pour le nettoyage :
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 13/10/2007 a 2:12:19,39
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\cd_clint.dll
tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.1"
*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\180search Assistant\"
tentative de suppression de "C:\Program Files\MyWay\"
tentative de suppression de "C:\Program Files\RXToolBar\"
tentative de suppression de "C:\Program Files\Viewpoint\"
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
Qu'est ce qu'à fait clean de + que antivir?
J'ai encore des choses a faire?
Merci
Re, fais ceci.
Télécharge AVG Anti-Spyware Installes-le.
Lance AVG et fais une mise à jour.
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglet comment réagir, clique sur Actions recommandées. Choisis Quarantaine.
Ne fais pas d’analyse pour le moment.
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Relance Avg.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport". Ceci génère un rapport qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
Poste le ici.
Ensuite.
Télécharge DiagHelp.zip sur ton bureau (Tuto)
Dézippe le ,ouvre le nouveau dossier DiagHelp, et double-clic sur go.cmd (le .cmd peut ne pas apparaître ! )
Choisis l’option 1 dans la fenêtre qui s’ouvrira.
Ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand cela t’est demandé..
ATTENTION : pendant l'analyse, après le rapport catchme, il te sera demandé d'appuyer sur une touche afin de poursuivre le scan, suis bien les instructions à l'écran !
A la fin de l'analyse, ton ordi devra peut-être être redémarré... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve également >> C:\resultat.txt <<
Poste le rapport ici.
Télécharge AVG Anti-Spyware Installes-le.
Lance AVG et fais une mise à jour.
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglet comment réagir, clique sur Actions recommandées. Choisis Quarantaine.
Ne fais pas d’analyse pour le moment.
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Relance Avg.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport". Ceci génère un rapport qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
Poste le ici.
Ensuite.
Télécharge DiagHelp.zip sur ton bureau (Tuto)
Dézippe le ,ouvre le nouveau dossier DiagHelp, et double-clic sur go.cmd (le .cmd peut ne pas apparaître ! )
Choisis l’option 1 dans la fenêtre qui s’ouvrira.
Ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand cela t’est demandé..
ATTENTION : pendant l'analyse, après le rapport catchme, il te sera demandé d'appuyer sur une touche afin de poursuivre le scan, suis bien les instructions à l'écran !
A la fin de l'analyse, ton ordi devra peut-être être redémarré... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve également >> C:\resultat.txt <<
Poste le rapport ici.
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumHijack virus
- ForumVirus descriptif hijack
- ForumSurement une virus .mon raport hijack
- ForumVirus dounloader.b lire hijack
- ForumPc lent virus hijack
- ForumLog hijack virus
- ForumVirus trojan.fake alert, hijack.
- ForumVirus , log hijack this .
- ForumVirus diverses infections rapport hijack
- ForumVirus win fixer et hijack
- Voir plus
