Sujet Précédent Sujet Suivant

Torjan à volonté

raff123 Messages postés 57 Statut Membre -  
La Taverne de Moe Messages postés 422 Statut Membre -
Bonjour,
Mon pc est ultra lent je suis pratiquement sur que j'ai un ou plusieurs torjans, comme je ne sais pas interpréter un rapport his jack je me fie à vos bon conseils merci d'avance.
voila le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10:30, on 02/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\iPScan.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Anti Trojan Elite\TJEnder.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VIA\RAID\vialogsv.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\jdhjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww1.comalgerie.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.zonealarm.com/software/extreme-security?source=Other&medium=InClient&campaign=ZoneAlarm+Pro&content=OEM+All&term=English&lid=en&cid=04056&app=inclient&prod=1&date=1367256704&version=7.0.483.000&lic=g3q3495bkgd0mx5jbfbi8kw0dg0&oem=1025&dest=try_product
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [FlashGet] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iPPCamScan] C:\WINDOWS\iPScan.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [VIARaidUtl] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S16A.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Administrateur.K-6EF732255ED54\Application Data\Mozilla\Firefox\Profiles\e9773f7g.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Administrateur.K-6EF732255ED54\Application Data\Mozilla\Firefox\Profiles/e9773f7g.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VRAID Log Service - Unknown owner - C:\Program Files\VIA\RAID\vialogsv.exe

24 réponses

  • 1
  • 2
Réponse 1 / 24
La Taverne de Moe Messages postés 422 Statut Membre 264
 
*Télécharge de AD-Remover de Cyrildu17 / C_XX) sur ton Bureau.

http://sd-1.archive-host.com/membres/up/16506160323759868/AD­-R.exe

/!\ Déconnecte-toi et ferme toutes applications en cours /!\

*Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
*Double-clique sur l'icône Ad-remover située sur ton Bureau.
*Au menu principal, choisis l'option "A".
* Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

Note :

"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
0
Réponse 2 / 24
raff123 Messages postés 57 Statut Membre
 
merci pour ton aide ^^!!!!!
voila le rapport:

------- LOGFILE OF AD-REMOVER 1.1.1.5 | ONLY XP/VISTA -------

Updated by C_XX on 25/02/2009 at 20:30

Start at: 16:13:36 | Lun 02/03/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 3 (version 5.1.2600)
Computer Name: K-6EF732255ED54
Current User: Administrateur - Administrator
Drive(s):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
- E:\ (File System: CDFS)
- F:\ (File System: CDFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 43

+-----------------| Boonty/Boonty Games Elements Found:

Service: Boonty Games
.
HKCU\Software\Boonty
HKLM\Software\Boonty
HKLM\System\CurrentControlSet\Services\Boonty Games
HKLM\System\ControlSet003\Services\Boonty Games
.
C:\Program Files\Boonty
C:\Program Files\BoontyGames
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Documents and Settings\All Users.WINDOWS\Application Data\BOONTY
C:\Documents and Settings\Administrateur.K-6EF732255ED54\Cookies\administrateur@shell.boonty[1].txt

+-----------------| Eorezo Elements Found:

.

+-----------------| Infected Poker Softwares Elements Found:

.

+-----------------| FunWebProducts/MyWay/MyWebSearch Elements Found:

.
.

+-----------------| It's TV Elements Found:

.

+-----------------| Sweetim Elements Found:

.

+-----------------| Other Adwares Found:

.
HKCR\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
.
C:\Program Files\Conduit

+-----------------| Added Scan:

---- Mozilla FireFox Version 3.0.6 ----

ProfilePath: e9773f7g.default
.
Prefs.js: Browser.Search.DefaultEngineName: "Yahoo"
Prefs.js: Browser.Search.SelectedEngine: "Yahoo"
Prefs.js: Browser.Search.DefaultUrl: "hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-divx&p="
.
.
.
.
.

---- Internet Explorer Version 6.0.2900.5512 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.comalgerie.com/

+-[HKEY_USERS\S-1-5-21-842925246-602609370-682003330-500\..\Internet Explorer\Main]

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.comalgerie.com/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

+---------------------------------------------------------------------------+

[~2907 Bytes] - C:\Ad-Report-Scan-02.03.2009.log

- C:\Program Files\Ad-remover\TOOLS\BACKUP
- C:\Program Files\Ad-remover\TOOLS\QUARANTINE

End at: 16:15:49 | 02/03/2009
.
+-----------------| E.O.F - 72 Lines
0
Réponse 3 / 24
La Taverne de Moe Messages postés 422 Statut Membre 264
 
*Relance "Ad-remover" : au menu principal choisi l'option "B" .

*A l'écran de sélection choisis de tout supprimer

*Puis choisis l'option "1", le programme va travailler
*Puis choisis "S", le programme va travailler,

*Poste le rapport qui apparait à la fin.

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide
0
Réponse 4 / 24
raff123 Messages postés 57 Statut Membre
 
merci et voila le rapport:

------- LOGFILE OF AD-REMOVER 1.1.1.5 | ONLY XP/VISTA -------

Updated by C_XX on 25/02/2009 at 20:30

*** LIMITED TO ***

Boonty/BoontyGames

******************

Start at: 16:34:28 | Lun 02/03/2009 | Boot mode: Normal Boot
Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 3 (version 5.1.2600)
Computer Name: K-6EF732255ED54
Current User: Administrateur - Administrator
Drive(s):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
- E:\ (File System: CDFS)
- F:\ (File System: CDFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 43

(!) ---- IE start pages/Tabs reset

+--------------------| Boonty/Boonty Games Elements Deleted :

Service: "Boonty Games"
.
HKCU\Software\Boonty
HKLM\Software\Boonty
.
C:\Program Files\Boonty
C:\Program Files\BoontyGames
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Documents and Settings\All Users.WINDOWS\Application Data\BOONTY
C:\Documents and Settings\Administrateur.K-6EF732255ED54\Cookies\administrateur@shell.boonty[1].txt

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.

+-----------------| Added Scan :

---- Mozilla FireFox Version 3.0.6 ----

ProfilePath: e9773f7g.default
.
Prefs.js: Browser.Search.DefaultEngineName: "Yahoo"
Prefs.js: Browser.Search.SelectedEngine: "Yahoo"
Prefs.js: Browser.Search.DefaultUrl: "hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-divx&p="
.
.
.
.
.

---- Internet Explorer Version 6.0.2900.5512 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_USERS\S-1-5-21-842925246-602609370-682003330-500\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://fr.msn.com/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

[~3085 Bytes] - C:\Ad-Report-Clean-02.03.2009.log
[~3128 Bytes] - C:\Ad-Report-Scan-02.03.2009.log

- C:\Program Files\Ad-remover\TOOLS\BACKUP
- C:\Program Files\Ad-remover\TOOLS\QUARANTINE

End at: 16:37:10 | 02/03/2009
.
+-----------------| E.O.F - 67 Lines
.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 24
La Taverne de Moe Messages postés 422 Statut Membre 264
 
*Télécharge Malwarebytes' Anti-Malware sur ton Bureau. :
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

*Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
*Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
*Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
*Sélectionne Exécuter un examen rapide.
*Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

*Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
*Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
*Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
*MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
0
Réponse 6 / 24
raff123 Messages postés 57 Statut Membre
 
merci!!!! voila le rapport:

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1814
Windows 5.1.2600 Service Pack 3

02/03/2009 16:57:18
mbam-log-2009-03-02 (16-57-18).txt

Type de recherche: Examen rapide
Eléments examinés: 86038
Temps écoulé: 6 minute(s), 23 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\free-downloads.net toolbar (Adware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.
0
Réponse 7 / 24
La Taverne de Moe Messages postés 422 Statut Membre 264
 
Télécharge ComboFix (par sUBs) sur ton Bureau (et pas ailleurs !):

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

--------------------------------- [ ! ATTENTION ! ] ------------------------------------------
!! Déconnecte toi,ferme tes applications en cours ( ainsi que ton navigateur ) et DESACTIVE TOUTES TES DEFENSES (anti-virus, guarde anti spy-ware, pare-feu) le temps de la manipe :
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Note : pour XP, bien installer la Console de Récupération de Windows comme il est indiqué dans le tuto ci-dessus ...
--------------------------------------------------------------------------------------------

* Impératif :
Branche toutes tes unités externes à ton PC (clé USB, DD externe, flash disk, lecteur MP3, etc...) succeptibles d'avoir été infectés ( mais sans les ouvrir ! ) . Bien vérifier que rien ne soit " bloqué en écriture " ( petit loquet sur certaines clé usb ... ) et que les DD externes soient bien sûr alimentés électriquement ...

* Ensuite :
double-clique sur l'icône "combofix.exe" pour lancer l'outil .

Appuie sur la touche Y (Yes) pour démarrer le scan .

Notes importantes :
-> n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
-> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisse le faire .
-> Si l'outil t'anonce ceci : "combofix a détecté la présence de rootkit et a besoin de faire redémarer votre machine", tu acceptes ...
-> si un message d'erreur windows apparait à un momment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... )

Le rapport sera crée ici : C:\Combofix.txt

Réactive bien tes défenses .

Poste le rapport Combofix pour analyse et attends la suite ...
0
Réponse 8 / 24
raff123 Messages postés 57 Statut Membre
 
Js n'arréte pas d'essayer avec recherche internet à l'appui mais je n'arrive pas à désactiver mon anti virus (avg 8.0)!!!!!! as tu une solution??? je me sens trop bête lol!!!!
0
Réponse 9 / 24
La Taverne de Moe Messages postés 422 Statut Membre 264
 
Tu as essayer de faire un clique droit sur la petite icone, pour suspendre la protection?
0
Réponse 10 / 24
^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 279
 
Salut

Pourquoi faire Combofix ??
AVANT

Merci

0
Réponse 11 / 24
La Taverne de Moe Messages postés 422 Statut Membre 264
 
Poste moi un nouveau rapport HIJACKTHIS, stp.
0
Réponse 12 / 24
raff123 Messages postés 57 Statut Membre
 
dzl pour le grand retard pb perso!!!! et heu...je n'ai désintaller avg 8.0 j'aéspére que sa a marché mais ce n'est pas sur. Voici le rapport:

ComboFix 09-03-01.01 - Administrateur 2009-03-05 12:32:33.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.703.435 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur.K-6EF732255ED54\Bureau\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-05 au 2009-03-05 ))))))))))))))))))))))))))))))))))))
.

2009-03-02 19:12 . 2009-03-02 19:12 <REP> d--h----- C:\$AVG8.VAULT$
2009-03-02 17:41 . 2002-12-29 01:14 81,920 --a------ c:\windows\system32\Startup.cpl
2009-03-02 16:12 . 2009-03-02 16:33 <REP> d-------- c:\program files\Ad-remover
2009-03-02 15:08 . 2009-03-02 15:08 <REP> d-------- c:\program files\Trend Micro
2009-03-02 15:06 . 2009-03-02 15:06 812,344 --a------ C:\hejack.exe
2009-02-27 14:06 . 2009-03-02 16:25 664 --a------ c:\windows\system32\d3d9caps.dat
2009-02-27 12:13 . 2008-05-12 01:08 32,768 --a------ c:\windows\system\VRAIDlog.dll
2009-02-27 11:37 . 2009-03-01 15:35 <REP> d-------- c:\program files\Driver Cleaner
2009-02-26 09:24 . 2009-03-02 17:21 <REP> d-------- c:\program files\Anti Trojan Elite
2009-02-11 21:52 . 2009-02-11 21:52 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet
2009-02-11 21:29 . 2009-02-11 21:29 <REP> d-------- c:\program files\Fichiers communs\Macrovision Shared
2009-02-11 15:00 . 2009-02-27 12:05 208 --a------ c:\windows\UChrmPro.uns
2009-02-11 14:51 . 2009-02-11 14:51 2,164 --a------ c:\windows\UChromeP.uns
2009-02-09 14:07 . 2009-02-09 14:08 <REP> d-------- C:\rsit
2009-02-09 14:07 . 2008-08-04 10:46 396,288 --a------ C:\Administrateur.exe
2009-02-07 12:06 . 2009-02-09 06:58 <REP> d-------- C:\Facebook ain sefra

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-05 11:31 --------- d-----w c:\documents and settings\Administrateur.K-6EF732255ED54\Application Data\Skype
2009-03-05 11:23 --------- d-----w c:\program files\FlashGet
2009-03-05 11:22 --------- d-----w c:\documents and settings\Administrateur.K-6EF732255ED54\Application Data\AVGTOOLBAR
2009-03-05 11:01 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2009-03-04 16:58 --------- d-----w c:\program files\eMule
2009-03-02 15:49 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-27 11:05 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-27 10:58 --------- d-----w c:\program files\VIA
2009-02-27 10:58 --------- d-----w c:\program files\S3
2009-02-26 10:33 --------- d-----w c:\program files\Image-Line
2009-02-26 10:32 --------- d-----w c:\program files\VstPlugins
2009-02-19 21:41 --------- d-----w c:\program files\Windows Live Safety Center
2009-02-19 11:14 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Messenger Plus!
2009-02-11 20:45 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-02-11 14:03 --------- d-----w c:\documents and settings\Administrateur.K-6EF732255ED54\Application Data\DivX
2009-02-11 14:02 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-02-11 13:34 --------- d-----w c:\program files\ma-config.com
2009-02-11 13:34 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\ma-config.com
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-07 10:16 --------- d-----w c:\program files\Messenger Plus! Live
2009-01-30 12:57 --------- d-----w c:\program files\ASIO4ALL v2
2009-01-30 12:55 --------- d-----w c:\program files\Outsim
2009-01-29 19:08 --------- d-----w c:\program files\Word Web Deluxe
2009-01-27 16:33 --------- d-----w c:\program files\Readon Technology
2009-01-26 18:38 --------- d-----w c:\documents and settings\Administrateur.K-6EF732255ED54\Application Data\Apple Computer
2009-01-18 22:05 --------- d-----w c:\program files\scrabbleproB
2009-01-17 20:25 --------- d-----w c:\program files\WinHTTrack
2009-01-17 15:56 --------- d-----w c:\program files\ConvertHelper
2009-01-11 19:49 --------- d-----w c:\program files\VideoLAN
2009-01-09 13:36 --------- d-----w c:\program files\S3Inc
2009-01-09 13:25 --------- d-----w c:\program files\Maize Studio
2008-12-29 14:25 4,608 ----a-w c:\windows\system32\w95inf32.dll
2008-12-29 14:25 2,272 ----a-w c:\windows\system32\w95inf16.dll
2008-12-11 21:42 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-11 11:01 108,144 ----a-w c:\windows\system32\CmdLineExt.dll
2008-08-28 10:25 47,360 ----a-w c:\documents and settings\Administrateur.K-6EF732255ED54\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((( snapshot@2008-10-30_13.48.11.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-07 09:07:23 135,168 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\cscript.exe
+ 2008-05-09 10:51:45 512,000 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\jscript.dll
+ 2008-05-09 10:51:45 180,224 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\scrobj.dll
+ 2008-05-09 10:51:45 172,032 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\scrrun.dll
+ 2008-05-09 10:51:45 430,080 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\vbscript.dll
+ 2008-05-08 11:24:44 155,648 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\wscript.exe
+ 2008-05-09 10:51:45 90,112 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\wshext.dll
+ 2007-11-30 12:39:29 18,296 ----a-w c:\windows\$hf_mig$\KB951978\spmsg.dll
+ 2007-11-30 12:39:29 234,872 ----a-w c:\windows\$hf_mig$\KB951978\spuninst.exe
+ 2007-11-30 12:39:29 26,488 ----a-w c:\windows\$hf_mig$\KB951978\update\spcustom.dll
+ 2007-11-30 12:39:26 767,352 ----a-w c:\windows\$hf_mig$\KB951978\update\update.exe
+ 2007-11-30 12:39:29 406,392 ----a-w c:\windows\$hf_mig$\KB951978\update\updspapi.dll
+ 2008-09-10 01:12:14 1,379,840 ----a-w c:\windows\$hf_mig$\KB954459\SP3QFE\msxml6.dll
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB954459\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB954459\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB954459\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB954459\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB954459\update\updspapi.dll
+ 2008-10-03 09:50:27 247,326 ----a-w c:\windows\$hf_mig$\KB954600\SP3QFE\strmdll.dll
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB954600\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB954600\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB954600\update\spcustom.dll
+ 2007-11-30 11:19:06 767,352 ----a-w c:\windows\$hf_mig$\KB954600\update\update.exe
+ 2007-11-30 11:19:10 406,392 ----a-w c:\windows\$hf_mig$\KB954600\update\updspapi.dll
+ 2008-09-04 17:12:47 1,106,944 ----a-w c:\windows\$hf_mig$\KB955069\SP3QFE\msxml3.dll
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB955069\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB955069\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB955069\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB955069\update\update.exe
+ 2008-07-09 12:10:36 406,392 ----a-w c:\windows\$hf_mig$\KB955069\update\updspapi.dll
+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-10-23 12:44:51 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:03:54 18,296 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:03:55 234,872 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:03:54 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:40:26 767,352 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:40:35 406,392 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-10-24 11:41:11 455,936 ----a-w c:\windows\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
+ 2008-07-08 13:03:54 18,296 ----a-w c:\windows\$hf_mig$\KB957097\spmsg.dll
+ 2008-07-08 13:03:55 234,872 ----a-w c:\windows\$hf_mig$\KB957097\spuninst.exe
+ 2008-07-08 13:03:54 26,488 ----a-w c:\windows\$hf_mig$\KB957097\update\spcustom.dll
+ 2008-07-08 13:03:57 767,352 ----a-w c:\windows\$hf_mig$\KB957097\update\update.exe
+ 2008-07-08 13:04:05 406,392 ----a-w c:\windows\$hf_mig$\KB957097\update\updspapi.dll
+ 2008-10-16 05:34:18 3,088,896 ----a-w c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll
+ 2008-10-16 01:04:15 1,499,648 ----a-w c:\windows\$hf_mig$\KB958215\SP3QFE\shdocvw.dll
+ 2008-10-16 01:04:15 621,056 ----a-w c:\windows\$hf_mig$\KB958215\SP3QFE\urlmon.dll
+ 2008-10-16 01:04:15 671,232 ----a-w c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
+ 2007-11-30 12:39:29 18,296 ----a-w c:\windows\$hf_mig$\KB958215\spmsg.dll
+ 2007-11-30 12:39:29 234,872 ----a-w c:\windows\$hf_mig$\KB958215\spuninst.exe
+ 2007-11-30 12:39:29 26,488 ----a-w c:\windows\$hf_mig$\KB958215\update\spcustom.dll
+ 2007-11-30 11:19:06 767,352 ----a-w c:\windows\$hf_mig$\KB958215\update\update.exe
+ 2008-07-09 07:40:35 406,392 ----a-w c:\windows\$hf_mig$\KB958215\update\updspapi.dll
+ 2008-12-11 12:33:59 333,952 ----a-w c:\windows\$hf_mig$\KB958687\SP3QFE\srv.sys
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB958687\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB958687\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB958687\update\spcustom.dll
+ 2007-11-30 11:19:06 767,352 ----a-w c:\windows\$hf_mig$\KB958687\update\update.exe
+ 2007-11-30 11:19:10 406,392 ----a-w c:\windows\$hf_mig$\KB958687\update\updspapi.dll
+ 2008-12-12 17:14:51 3,088,896 ----a-w c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB960714\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB960714\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB960714\update\spcustom.dll
+ 2008-07-09 07:40:26 767,352 ----a-w c:\windows\$hf_mig$\KB960714\update\update.exe
+ 2007-11-30 11:19:10 406,392 ----a-w c:\windows\$hf_mig$\KB960714\update\updspapi.dll
+ 2006-08-16 11:59:27 100,352 -c----w c:\windows\$NtServicePackUninstall$\6to4svc.dll
+ 2004-08-04 04:54:48 189,952 -c----w c:\windows\$NtServicePackUninstall$\accwiz.exe
+ 2004-08-04 04:54:22 1,852,416 -c----w c:\windows\$NtServicePackUninstall$\acgenral.dll
+ 2004-08-04 04:54:22 1,852,416 -c----w c:\windows\$NtServicePackUninstall$\acgenral.dll.000
+ 2004-08-04 04:54:22 450,048 -c----w c:\windows\$NtServicePackUninstall$\aclayers.dll
+ 2004-08-04 04:54:22 450,048 -c----w c:\windows\$NtServicePackUninstall$\aclayers.dll.000
+ 2004-08-04 04:54:22 137,728 -c----w c:\windows\$NtServicePackUninstall$\aclua.dll
+ 2004-08-04 04:54:22 137,728 -c----w c:\windows\$NtServicePackUninstall$\aclua.dll.000
+ 2004-08-04 04:54:22 119,296 -c----w c:\windows\$NtServicePackUninstall$\aclui.dll
+ 2004-08-04 04:36:58 188,672 -c----w c:\windows\$NtServicePackUninstall$\acpi.sys
+ 2004-08-04 04:54:22 244,736 -c----w c:\windows\$NtServicePackUninstall$\acspecfc.dll
+ 2004-08-04 04:54:22 244,736 -c----w c:\windows\$NtServicePackUninstall$\acspecfc.dll.000
+ 2004-08-04 04:54:22 194,048 -c----w c:\windows\$NtServicePackUninstall$\activeds.dll
+ 2004-08-04 04:54:50 4,096 -c----w c:\windows\$NtServicePackUninstall$\actmovie.exe
+ 2004-08-04 04:54:22 101,888 -c----w c:\windows\$NtServicePackUninstall$\actxprxy.dll
+ 2004-08-04 04:54:22 116,224 -c----w c:\windows\$NtServicePackUninstall$\acxtrnal.dll
+ 2004-08-04 04:54:22 116,224 -c----w c:\windows\$NtServicePackUninstall$\acxtrnal.dll.000
+ 2004-08-04 04:54:22 29,696 -c----w c:\windows\$NtServicePackUninstall$\admexs.dll
+ 2003-03-24 13:52:04 20,540 -c----w c:\windows\$NtServicePackUninstall$\admin.dll
+ 2003-03-24 13:52:04 16,439 -c----w c:\windows\$NtServicePackUninstall$\admin.exe
+ 2004-08-04 04:54:22 61,440 -c----w c:\windows\$NtServicePackUninstall$\admparse.dll
+ 2004-08-04 04:54:22 43,520 -c----w c:\windows\$NtServicePackUninstall$\admwprox.dll
+ 2004-08-04 04:54:22 290,816 -c----w c:\windows\$NtServicePackUninstall$\adsiis51.dll
+ 2004-08-04 04:54:22 175,616 -c----w c:\windows\$NtServicePackUninstall$\adsldp.dll
+ 2004-08-04 04:54:22 143,360 -c----w c:\windows\$NtServicePackUninstall$\adsldpc.dll
+ 2004-08-04 04:54:22 68,096 -c----w c:\windows\$NtServicePackUninstall$\adsmsext.dll
+ 2004-08-04 04:54:22 263,680 -c----w c:\windows\$NtServicePackUninstall$\adsnt.dll
+ 2002-09-07 00:00:00 109,568 -c----w c:\windows\$NtServicePackUninstall$\adsnw.dll
+ 2004-08-04 04:54:22 685,056 -c----w c:\windows\$NtServicePackUninstall$\advapi32.dll
+ 2004-08-04 04:54:22 101,888 -c----w c:\windows\$NtServicePackUninstall$\advpack.dll
+ 2004-08-03 20:39:38 142,464 -c----w c:\windows\$NtServicePackUninstall$\aec.sys
+ 2008-08-14 09:51:43 138,368 -c----w c:\windows\$NtServicePackUninstall$\afd.sys
+ 2004-08-04 04:54:22 24,064 -c----w c:\windows\$NtServicePackUninstall$\agentanm.dll
+ 2004-08-04 04:54:22 214,016 -c----w c:\windows\$NtServicePackUninstall$\agentctl.dll
+ 2004-08-04 04:54:22 41,984 -c----w c:\windows\$NtServicePackUninstall$\agentdp2.dll
+ 2004-08-04 04:54:22 58,880 -c----w c:\windows\$NtServicePackUninstall$\agentdpv.dll
+ 2004-08-04 04:54:22 49,152 -c----w c:\windows\$NtServicePackUninstall$\agentmpx.dll
+ 2004-08-04 04:54:22 24,064 -c----w c:\windows\$NtServicePackUninstall$\agentpsh.dll
+ 2004-08-04 04:54:22 44,032 -c----w c:\windows\$NtServicePackUninstall$\agentsr.dll
+ 2004-08-04 04:54:50 256,512 -c----w c:\windows\$NtServicePackUninstall$\agentsvr.exe
+ 2002-09-07 00:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0401.dll
+ 2002-09-07 00:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0404.dll
+ 2002-09-07 00:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0405.dll
+ 2002-09-07 00:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0406.dll
+ 2002-09-07 00:00:00 21,504 -c----w c:\windows\$NtServicePackUninstall$\agt0407.dll
+ 2002-09-07 00:00:00 22,016 -c----w c:\windows\$NtServicePackUninstall$\agt0408.dll
+ 2002-09-07 00:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0409.dll
+ 2002-09-07 00:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt040b.dll
+ 2002-09-07 00:00:00 21,504 -c----w c:\windows\$NtServicePackUninstall$\agt040c.dll
+ 2002-09-07 00:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt040d.dll
+ 2002-09-07 00:00:00 19,968 -c----w c:\windows\$NtServicePackUninstall$\agt040e.dll
+ 2002-09-07 00:00:00 20,992 -c----w c:\windows\$NtServicePackUninstall$\agt0410.dll
+ 2002-09-07 00:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0411.dll
+ 2002-09-07 00:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0412.dll
+ 2002-09-07 00:00:00 20,992 -c----w c:\windows\$NtServicePackUninstall$\agt0413.dll
+ 2002-09-07 00:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0414.dll
+ 2002-09-07 00:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0415.dll
+ 2002-09-07 00:00:00 20,480 -c----w c:\windows\$NtServicePackUninstall$\agt0416.dll
+ 2002-09-07 00:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0419.dll
+ 2002-09-07 00:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt041d.dll
+ 2002-09-07 00:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt041f.dll
+ 2002-09-07 00:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0804.dll
+ 2002-09-07 00:00:00 20,992 -c----w c:\windows\$NtServicePackUninstall$\agt0816.dll
+ 2002-09-07 00:00:00 20,480 -c----w c:\windows\$NtServicePackUninstall$\agt0c0a.dll
+ 2004-08-04 04:54:22 24,064 -c----w c:\windows\$NtServicePackUninstall$\agtintl.dll
+ 2004-08-04 04:54:50 98,304 -c----w c:\windows\$NtServicePackUninstall$\ahui.exe
+ 2004-08-04 04:54:50 44,544 -c----w c:\windows\$NtServicePackUninstall$\alg.exe
+ 2004-08-04 04:54:22 17,408 -c----w c:\windows\$NtServicePackUninstall$\alrsvc.dll
+ 2004-08-04 05:05:42 41,216 -c----w c:\windows\$NtServicePackUninstall$\amdk6.sys
+ 2004-08-04 05:05:42 41,600 -c----w c:\windows\$NtServicePackUninstall$\amdk7.sys
+ 2004-08-04 04:54:22 70,656 -c----w c:\windows\$NtServicePackUninstall$\amstream.dll
+ 2004-08-04 04:54:22 110,080 -c----w c:\windows\$NtServicePackUninstall$\appconf.dll
+ 2004-08-04 04:54:22 126,976 -c----w c:\windows\$NtServicePackUninstall$\apphelp.dll
+ 2004-08-04 04:54:22 176,640 -c----w c:\windows\$NtServicePackUninstall$\appmgmts.dll
+ 2004-08-04 04:54:22 302,592 -c----w c:\windows\$NtServicePackUninstall$\appmgr.dll
+ 2004-08-04 04:54:22 334,336 -c----w c:\windows\$NtServicePackUninstall$\aqueue.dll
+ 2004-08-04 05:05:42 60,800 -c----w c:\windows\$NtServicePackUninstall$\arp1394.sys
+ 2004-08-04 04:52:50 8,704 -c----w c:\windows\$NtServicePackUninstall$\asferror.dll
+ 2004-08-04 04:54:22 377,344 -c----w c:\windows\$NtServicePackUninstall$\asp51.dll
+ 2004-08-04 04:54:50 30,720 -c----w c:\windows\$NtServicePackUninstall$\asr_fmt.exe
+ 2004-08-04 04:54:50 32,768 -c----w c:\windows\$NtServicePackUninstall$\asr_pfu.exe
+ 2004-08-04 04:54:22 65,024 -c----w c:\windows\$NtServicePackUninstall$\asycfilt.dll
+ 2004-08-04 03:05:04 14,336 -c----w c:\windows\$NtServicePackUninstall$\asyncmac.sys
+ 2004-08-04 04:54:50 25,088 -c----w c:\windows\$NtServicePackUninstall$\at.exe
+ 2004-08-04 02:59:44 95,360 -c----w c:\windows\$NtServicePackUninstall$\atapi.sys
+ 2004-08-04 04:54:22 58,880 -c----w c:\windows\$NtServicePackUninstall$\atl.dll
+ 2004-08-04 04:54:50 11,264 -c----w c:\windows\$NtServicePackUninstall$\atmadm.exe
+ 2004-08-04 02:58:32 59,904 -c----w c:\windows\$NtServicePackUninstall$\atmarpc.sys
+ 2004-08-04 04:52:50 285,696 -c----w c:\windows\$NtServicePackUninstall$\atmfd.dll
+ 2004-08-04 02:58:36 55,936 -c----w c:\windows\$NtServicePackUninstall$\atmlane.sys
+ 2004-08-04 04:54:22 30,208 -c----w c:\windows\$NtServicePackUninstall$\atmlib.dll
+ 2002-09-07 00:00:00 11,264 -c----w c:\windows\$NtServicePackUninstall$\attrib.exe
+ 2004-08-04 04:54:22 42,496 -c----w c:\windows\$NtServicePackUninstall$\audiosrv.dll
+ 2004-08-04 04:54:50 14,336 -c----w c:\windows\$NtServicePackUninstall$\auditusr.exe
+ 2003-03-24 13:52:04 20,540 -c----w c:\windows\$NtServicePackUninstall$\author.dll
+ 2003-03-24 13:52:04 16,439 -c----w c:\windows\$NtServicePackUninstall$\author.exe
+ 2004-08-04 04:54:22 56,832 -c----w c:\windows\$NtServicePackUninstall$\authz.dll
+ 2004-08-04 04:54:50 625,152 -c----w c:\windows\$NtServicePackUninstall$\autochk.exe
+ 2004-08-04 04:54:50 638,976 -c----w c:\windows\$NtServicePackUninstall$\autoconv.exe
+ 2004-08-04 04:54:50 616,960 -c----w c:\windows\$NtServicePackUninstall$\autofmt.exe
+ 2004-08-04 04:54:50 11,264 -c----w c:\windows\$NtServicePackUninstall$\autolfn.exe
+ 2004-08-04 04:54:22 85,504 -c----w c:\windows\$NtServicePackUninstall$\avifil32.dll
+ 2004-08-04 04:54:22 52,736 -c----w c:\windows\$NtServicePackUninstall$\basesrv.dll
+ 2004-08-04 04:54:22 28,672 -c----w c:\windows\$NtServicePackUninstall$\batmeter.dll
+ 2004-08-04 04:54:22 8,704 -c----w c:\windows\$NtServicePackUninstall$\batt.dll
+ 2004-08-04 04:54:22 17,408 -c----w c:\windows\$NtServicePackUninstall$\bidispl.dll
+ 2004-08-04 04:54:22 8,192 -c----w c:\windows\$NtServicePackUninstall$\bitsprx2.dll
+ 2004-08-04 04:54:22 7,168 -c----w c:\windows\$NtServicePackUninstall$\bitsprx3.dll
+ 2004-08-04 04:54:50 71,680 -c----w c:\windows\$NtServicePackUninstall$\blastcln.exe
+ 2002-09-07 00:00:00 152,064 -c----w c:\windows\$NtServicePackUninstall$\bootcfg.exe
+ 2004-08-04 02:59:58 71,552 -c----w c:\windows\$NtServicePackUninstall$\bridge.sys
+ 2004-08-04 04:52:52 70,144 -c----w c:\windows\$NtServicePackUninstall$\browselc.dll
+ 2004-08-04 04:54:22 77,312 -c----w c:\windows\$NtServicePackUninstall$\browser.dll
+ 2008-08-20 05:37:16 1,024,000 -c----w c:\windows\$NtServicePackUninstall$\browseui.dll
+ 2004-08-04 04:54:22 78,336 -c----w c:\windows\$NtServicePackUninstall$\browsewm.dll
+ 2004-08-04 04:54:22 20,992 -c----w c:\windows\$NtServicePackUninstall$\bthci.dll
+ 2008-06-14 17:59:52 272,768 -c----w c:\windows\$NtServicePackUninstall$\bthport.sys
+ 2008-06-14 17:59:52 272,768 -c----w c:\windows\$NtServicePackUninstall$\bthport.sys.000
+ 2004-08-04 04:54:22 30,208 -c----w c:\windows\$NtServicePackUninstall$\bthserv.dll
+ 2004-08-04 04:54:22 50,688 -c----w c:\windows\$NtServicePackUninstall$\btpanui.dll
+ 2002-09-07 00:00:00 218,112 -c----w c:\windows\$NtServicePackUninstall$\c_g18030.dll
+ 2004-08-04 04:54:22 59,904 -c----w c:\windows\$NtServicePackUninstall$\cabinet.dll
+ 2004-08-04 04:54:22 85,504 -c----w c:\windows\$NtServicePackUninstall$\cabview.dll
+ 2002-09-07 00:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\cacls.exe
+ 2004-08-04 04:54:22 385,024 -c----w c:\windows\$NtServicePackUninstall$\callcont.dll
+ 2004-08-04 04:54:22 50,688 -c----w c:\windows\$NtServicePackUninstall$\camocx.dll
+ 2002-09-07 00:00:00 146,432 -c----w c:\windows\$NtServicePackUninstall$\capesnpn.dll
+ 2004-08-04 04:54:22 229,888 -c----w c:\windows\$NtServicePackUninstall$\catsrv.dll
+ 2004-08-04 04:54:22 85,504 -c----w c:\windows\$NtServicePackUninstall$\catsrvps.dll
+ 2004-08-04 04:54:22 628,224 -c----w c:\windows\$NtServicePackUninstall$\catsrvut.dll
+ 2004-08-03 21:10:18 17,024 -c----w c:\windows\$NtServicePackUninstall$\ccdecode.sys
+ 2004-08-04 03:14:12 63,744 -c----w c:\windows\$NtServicePackUninstall$\cdfs.sys
+ 2008-08-20 05:37:14 152,064 -c----w c:\windows\$NtServicePackUninstall$\cdfview.dll
+ 2004-08-04 04:54:22 2,067,968 -c----w c:\windows\$NtServicePackUninstall$\cdosys.dll
+ 2004-08-04 02:59:54 49,536 -c----w c:\windows\$NtServicePackUninstall$\cdrom.sys
+ 2004-08-04 04:54:22 200,192 -c----w c:\windows\$NtServicePackUninstall$\certcli.dll
+ 2004-08-04 04:54:24 467,968 -c----w c:\windows\$NtServicePackUninstall$\certmgr.dll
+ 2004-08-04 04:54:24 39,424 -c----w c:\windows\$NtServicePackUninstall$\cfgbkend.dll
+ 2004-08-04 04:52:52 16,896 -c----w c:\windows\$NtServicePackUninstall$\cfgmgr32.dll
+ 2003-03-24 13:52:04 188,480 -c----w c:\windows\$NtServicePackUninstall$\cfgwiz.exe
+ 2004-08-04 02:31:52 97,792 -c----w c:\windows\$NtServicePackUninstall$\chtmbx.dll
+ 2004-08-04 02:31:54 56,320 -c----w c:\windows\$NtServicePackUninstall$\chtskdic.dll
+ 2004-08-04 02:31:54 173,568 -c----w c:\windows\$NtServicePackUninstall$\chtskf.dll
+ 2002-09-07 00:00:00 109,568 -c----w c:\windows\$NtServicePackUninstall$\cic.dll
+ 2004-08-04 04:54:24 1,352,704 -c----w c:\windows\$NtServicePackUninstall$\cimwin32.dll
+ 2004-08-04 02:31:54 198,656 -c----w c:\windows\$NtServicePackUninstall$\cintime.dll
+ 2004-08-04 04:54:24 69,120 -c----w c:\windows\$NtServicePackUninstall$\ciodm.dll
+ 2004-08-04 04:54:50 56,832 -c----w c:\windows\$NtServicePackUninstall$\cipher.exe
+ 2004-08-04 04:54:50 5,632 -c----w c:\windows\$NtServicePackUninstall$\cisvc.exe
+ 2004-08-04 03:14:28 49,664 -c----w c:\windows\$NtServicePackUninstall$\classpnp.sys
+ 2004-08-04 04:54:24 110,080 -c----w c:\windows\$NtServicePackUninstall$\clbcatex.dll
+ 2004-08-04 04:54:24 501,248 -c----w c:\windows\$NtServicePackUninstall$\clbcatq.dll
+ 2004-08-04 04:54:50 65,536 -c----w c:\windows\$NtServicePackUninstall$\cleanmgr.exe
+ 2004-08-04 04:54:24 77,824 -c----w c:\windows\$NtServicePackUninstall$\cliconfg.dll
+ 2004-08-04 04:54:50 20,480 -c----w c:\windows\$NtServicePackUninstall$\cliconfg.exe
+ 2004-08-04 04:54:50 104,448 -c----w c:\windows\$NtServicePackUninstall$\clipbrd.exe
+ 2004-08-04 04:54:50 33,280 -c----w c:\windows\$NtServicePackUninstall$\clipsrv.exe
+ 2004-08-04 04:54:24 57,856 -c----w c:\windows\$NtServicePackUninstall$\clusapi.dll
+ 2004-08-04 04:54:24 15,872 -c----w c:\windows\$NtServicePackUninstall$\cmcfg32.dll
+ 2004-08-04 04:54:50 400,896 -c----w c:\windows\$NtServicePackUninstall$\cmd.exe
+ 2004-08-04 04:54:26 45,568 -c----w c:\windows\$NtServicePackUninstall$\cmdevtgprov.dll
+ 2004-08-04 04:54:24 352,256 -c----w c:\windows\$NtServicePackUninstall$\cmdial32.dll
+ 2004-08-04 04:54:50 47,104 -c----w c:\windows\$NtServicePackUninstall$\cmdl32.exe
+ 2004-08-04 04:54:50 40,448 -c----w c:\windows\$NtServicePackUninstall$\cmmon32.exe
+ 2004-08-04 04:54:24 191,488 -c----w c:\windows\$NtServicePackUninstall$\cmprops.dll
+ 2004-08-04 04:54:24 13,824 -c----w c:\windows\$NtServicePackUninstall$\cmsetacl.dll
+ 2004-08-04 04:54:50 65,536 -c----w c:\windows\$NtServicePackUninstall$\cmstp.exe
+ 2004-08-04 04:54:24 40,960 -c----w c:\windows\$NtServicePackUninstall$\cmutil.dll
+ 2004-08-04 05:05:42 50,688 -c----w c:\windows\$NtServicePackUninstall$\cnbjmon.dll
+ 2004-08-04 04:54:24 47,104 -c----w c:\windows\$NtServicePackUninstall$\coadmin.dll
+ 2004-08-04 04:54:24 62,464 -c----w c:\windows\$NtServicePackUninstall$\colbact.dll
+ 2002-09-07 00:00:00 25,600 -c----w c:\windows\$NtServicePackUninstall$\comaddin.dll
+ 2004-08-04 04:54:24 195,584 -c----w c:\windows\$NtServicePackUninstall$\comadmin.dll
+ 2004-08-04 04:54:24 611,328 -c----w c:\windows\$NtServicePackUninstall$\comctl32.dll
+ 2004-08-04 04:54:24 281,088 -c----w c:\windows\$NtServicePackUninstall$\comdlg32.dll
+ 2004-08-04 04:54:24 253,440 -c----w c:\windows\$NtServicePackUninstall$\compatui.dll
+ 2004-08-04 04:54:24 24,064 -c----w c:\windows\$NtServicePackUninstall$\compfilt.dll
+ 2004-08-04 04:54:24 230,912 -c----w c:\windows\$NtServicePackUninstall$\compstui.dll
+ 2002-09-07 00:00:00 82,432 -c----w c:\windows\$NtServicePackUninstall$\comrepl.dll
+ 2004-08-04 04:54:50 9,728 -c----w c:\windows\$NtServicePackUninstall$\comrepl.exe
+ 2002-09-07 00:00:00 5,120 -c----w c:\windows\$NtServicePackUninstall$\comrereg.exe
+ 2004-08-04 04:54:24 851,968 -c----w c:\windows\$NtServicePackUninstall$\comres.dll
+ 2002-09-07 00:00:00 259,584 -c----w c:\windows\$NtServicePackUninstall$\comsetup.dll
+ 2002-09-07 00:00:00 147,456 -c----w c:\windows\$NtServicePackUninstall$\comsnap.dll
+ 2004-08-04 04:54:24 1,251,840 -c----w c:\windows\$NtServicePackUninstall$\comsvcs.dll
+ 2004-08-04 04:54:24 540,160 -c----w c:\windows\$NtServicePackUninstall$\comuid.dll
+ 2004-08-04 04:54:50 1,044,480 -c----w c:\windows\$NtServicePackUninstall$\conf.exe
+ 2004-08-04 04:54:24 45,056 -c----w c:\windows\$NtServicePackUninstall$\confmrsl.dll
+ 2002-09-07 00:00:00 346,112 -c----w c:\windows\$NtServicePackUninstall$\confmsp.dll
+ 2004-08-04 04:54:50 27,648 -c----w c:\windows\$NtServicePackUninstall$\conime.exe
+ 2004-08-04 04:54:24 35,328 -c----w c:\windows\$NtServicePackUninstall$\corpol.dll
+ 2004-08-04 04:54:24 165,888 -c----w c:\windows\$NtServicePackUninstall$\credui.dll
+ 2004-08-04 05:05:42 40,704 -c----w c:\windows\$NtServicePackUninstall$\crusoe.sys
+ 2004-08-04 04:54:24 604,672 -c----w c:\windows\$NtServicePackUninstall$\crypt32.dll
+ 2004-08-04 04:54:24 75,776 -c----w c:\windows\$NtServicePackUninstall$\cryptdlg.dll
+ 2004-08-04 04:54:24 33,280 -c----w c:\windows\$NtServicePackUninstall$\cryptdll.dll
+ 2004-08-04 04:54:24 54,784 -c----w c:\windows\$NtServicePackUninstall$\cryptext.dll
+ 2004-08-04 04:54:24 63,488 -c----w c:\windows\$NtServicePackUninstall$\cryptnet.dll
+ 2004-08-04 04:54:24 60,416 -c----w c:\windows\$NtServicePackUninstall$\cryptsvc.dll
+ 2004-08-04 04:54:24 530,432 -c----w c:\windows\$NtServicePackUninstall$\cryptui.dll
+ 2004-08-04 04:54:24 102,912 -c----w c:\windows\$NtServicePackUninstall$\cscdll.dll
+ 2004-08-04 04:54:50 98,304 -c----w c:\windows\$NtServicePackUninstall$\cscript.exe
+ 2004-08-04 04:54:24 337,920 -c----w c:\windows\$NtServicePackUninstall$\cscui.dll
+ 2004-08-04 04:54:24 32,768 -c----w c:\windows\$NtServicePackUninstall$\csrsrv.dll
+ 2004-08-04 04:54:50 6,144 -c----w c:\windows\$NtServicePackUninstall$\csrss.exe
+ 2004-08-04 04:54:50 15,360 -c----w c:\windows\$NtServicePackUninstall$\ctfmon.exe
+ 2004-08-04 04:54:24 28,672 -c----w c:\windows\$NtServicePackUninstall$\custsat.dll
+ 2004-08-04 04:54:24 1,179,648 -c----w c:\windows\$NtServicePackUninstall$\d3d8.dll
+ 2004-08-04 04:54:24 8,192 -c----w c:\windows\$NtServicePackUninstall$\d3d8thk.dll
+ 2004-08-04 04:54:24 1,689,088 -c----w c:\windows\$NtServicePackUninstall$\d3d9.dll
+ 2004-08-04 04:54:24 825,344 -c----w c:\windows\$NtServicePackUninstall$\d3dim700.dll
+ 2008-08-20 05:37:14 1,056,768 -c----w c:\windows\$NtServicePackUninstall$\danim.dll
+ 2004-08-04 04:54:24 55,296 -c----w c:\windows\$NtServicePackUninstall$\dataclen.dll
+ 2002-09-07 00:00:00 152,064 -c----w c:\windows\$NtServicePackUninstall$\datime.dll
+ 2004-08-04 04:54:50 42,496 -c----w c:\windows\$NtServicePackUninstall$\davcdata.exe
+ 2004-08-04 04:54:24 25,088 -c----w c:\windows\$NtServicePackUninstall$\davclnt.dll
+ 2004-08-04 04:54:24 640,000 -c----w c:\windows\$NtServicePackUninstall$\dbghelp.dll
+ 2004-08-04 04:54:24 24,576 -c----w c:\windows\$NtServicePackUninstall$\dbmsrpcn.dll
+ 2004-08-04 04:54:24 110,592 -c----w c:\windows\$NtServicePackUninstall$\dbnetlib.dll
+ 2004-08-04 04:54:24 28,672 -c----w c:\windows\$NtServicePackUninstall$\dbnmpntw.dll
+ 2004-08-04 05:08:26 1,788 -c----w c:\windows\$NtServicePackUninstall$\dcache.bin
+ 2004-08-04 04:54:24 40,960 -c----w c:\windows\$NtServicePackUninstall$\dcap32.dll
+ 2004-08-04 04:54:24 8,704 -c----w c:\windows\$NtServicePackUninstall$\dciman32.dll
+ 2002-09-07 00:00:00 5,120 -c----w c:\windows\$NtServicePackUninstall$\dcomcnfg.exe
+ 2004-08-04 04:54:50 31,744 -c----w c:\windows\$NtServicePackUninstall$\ddeshare.exe
+ 2004-08-04 04:54:24 266,240 -c----w c:\windows\$NtServicePackUninstall$\ddraw.dll
+ 2004-08-04 04:54:24 27,136 -c----w c:\windows\$NtServicePackUninstall$\ddrawex.dll
+ 2004-08-04 04:54:50 25,088 -c----w c:\windows\$NtServicePackUninstall$\defrag.exe
+ 2004-08-04 04:54:24 59,904 -c----w c:\windows\$NtServicePackUninstall$\devenum.dll
+ 2004-08-04 04:54:24 290,816 -c----w c:\windows\$NtServicePackUninstall$\devmgr.dll
+ 2004-08-04 04:54:50 82,432 -c----w c:\windows\$NtServicePackUninstall$\dfrgfat.exe
+ 2004-08-04 04:54:50 104,960 -c----w c:\windows\$NtServicePackUninstall$\dfrgntfs.exe
+ 2004-08-04 04:54:24 39,424 -c----w c:\windows\$NtServicePackUninstall$\dfrgsnap.dll
+ 2004-08-04 04:54:24 123,904 -c----w c:\windows\$NtServicePackUninstall$\dfrgui.dll
+ 2004-08-04 04:54:24 28,672 -c----w c:\windows\$NtServicePackUninstall$\dfsshlex.dll
+ 2004-08-04 04:54:24 115,200 -c----w c:\windows\$NtServicePackUninstall$\dgnet.dll
+ 2004-08-04 04:54:24 111,616 -c----w c:\windows\$NtServicePackUninstall$\dhcpcsvc.dll
+ 2002-09-07 00:00:00 401,408 -c----w c:\windows\$NtServicePackUninstall$\dhcpmon.dll
+ 2004-08-04 04:54:50 548,352 -c----w c:\windows\$NtServicePackUninstall$\dialer.exe
+ 2004-08-04 04:54:50 85,504 -c----w c:\windows\$NtServicePackUninstall$\diantz.exe
+ 2004-08-04 04:54:24 68,608 -c----w c:\windows\$NtServicePackUninstall$\digest.dll
+ 2004-08-04 04:54:24 165,376 -c----w c:\windows\$NtServicePackUninstall$\dinput.dll
+ 2004-08-04 04:54:24 187,904 -c----w c:\windows\$NtServicePackUninstall$\dinput8.dll
+ 2004-08-04 04:54:24 81,408 -c----w c:\windows\$NtServicePackUninstall$\directdb.dll
+ 2004-08-04 02:59:56 36,352 -c----w c:\windows\$NtServicePackUninstall$\disk.sys
+ 2002-09-07 00:00:00 1,502,208 -c----w c:\windows\$NtServicePackUninstall$\diskcopy.dll
+ 2004-08-04 02:59:54 14,208 -c----w c:\windows\$NtServicePackUninstall$\diskdump.sys
+ 2004-08-04 04:54:50 167,936 -c----w c:\windows\$NtServicePackUninstall$\diskpart.exe
+ 2002-09-07 00:00:00 45,083 -c----w c:\windows\$NtServicePackUninstall$\dispex.dll
+ 2004-08-04 04:54:50 5,120 -c----w c:\windows\$NtServicePackUninstall$\dllhost.exe
+ 2004-08-04 04:54:50 225,280 -c----w c:\windows\$NtServicePackUninstall$\dmadmin.exe
+ 2004-08-04 04:54:24 28,672 -c----w c:\windows\$NtServicePackUninstall$\dmband.dll
+ 2004-08-04 04:46:08 800,256 -c----w c:\windows\$NtServicePackUninstall$\dmboot.sys
+ 2004-08-04 04:54:24 61,440 -c----w c:\windows\$NtServicePackUninstall$\dmcompos.dll
+ 2002-09-07 00:00:00 273,920 -c----w c:\windows\$NtServicePackUninstall$\dmdlgs.dll
+ 2004-08-04 04:54:24 200,704 -c----w c:\windows\$NtServicePackUninstall$\dmdskmgr.dll
+ 2004-08-04 04:54:24 181,248 -c----w c:\windows\$NtServicePackUninstall$\dmime.dll
+ 2004-08-04 04:46:20 154,496 -c----w c:\windows\$NtServicePackUninstall$\dmio.sys
+ 2004-08-04 04:54:24 35,840 -c----w c:\windows\$NtServicePackUninstall$\dmloader.dll
+ 2004-08-04 04:54:50 15,872 -c----w c:\windows\$NtServicePackUninstall$\dmremote.exe
+ 2004-08-04 04:54:24 82,432 -c----w c:\windows\$NtServicePackUninstall$\dmscript.dll
+ 2004-08-04 04:54:24 24,576 -c----w c:\windows\$NtServicePackUninstall$\dmserver.dll
+ 2004-08-04 04:54:24 105,984 -c----w c:\windows\$NtServicePackUninstall$\dmstyle.dll
+ 2004-08-04 04:54:24 103,424 -c----w c:\windows\$NtServicePackUninstall$\dmsynth.dll
+ 2004-08-04 04:54:24 104,448 -c----w c:\windows\$NtServicePackUninstall$\dmusic.dll
+ 2004-08-03 21:07:40 52,864 -c----w c:\windows\$NtServicePackUninstall$\dmusic.sys
+ 2004-08-04 05:05:42 58,880 -c----w c:\windows\$NtServicePackUninstall$\dmutil.dll
+ 2008-06-20 21:11:08 148,992 -c----w c:\windows\$NtServicePackUninstall$\dnsapi.dll
+ 2004-08-04 04:54:24 45,568 -c----w c:\windows\$NtServicePackUninstall$\dnsrslvr.dll
+ 2004-08-04 04:54:24 48,640 -c----w c:\windows\$NtServicePackUninstall$\docprop2.dll
+ 2004-08-04 04:53:44 97,280 -c----w c:\windows\$NtServicePackUninstall$\dpcdll.dll
+ 2004-08-04 04:54:50 30,208 -c----w c:\windows\$NtServicePackUninstall$\dplaysvr.exe
+ 2004-08-04 04:54:24 229,888 -c----w c:\windows\$NtServicePackUninstall$\dplayx.dll
+ 2004-08-04 04:54:24 24,064 -c----w c:\windows\$NtServicePackUninstall$\dpmodemx.dll
+ 2004-08-04 04:52:58 3,584 -c----w c:\windows\$NtServicePackUninstall$\dpnaddr.dll
+ 2004-08-04 04:54:24 375,296 -c----w c:\windows\$NtServicePackUninstall$\dpnet.dll
+ 2004-08-04 04:54:24 35,328 -c----w c:\windows\$NtServicePackUninstall$\dpnhpast.dll
+ 2004-08-04 04:54:24 60,928 -c----w c:\windows\$NtServicePackUninstall$\dpnhupnp.dll
+ 2004-08-04 04:52:58 3,584 -c----w c:\windows\$NtServicePackUninstall$\dpnlobby.dll
+ 2004-08-04 04:54:50 18,432 -c----w c:\windows\$NtServicePackUninstall$\dpnsvr.exe
+ 2004-08-04 04:54:24 21,504 -c----w c:\windows\$NtServicePackUninstall$\dpvacm.dll
+ 2004-08-04 04:54:24 213,504 -c----w c:\windows\$NtServicePackUninstall$\dpvoice.dll
+ 2004-08-04 04:54:50 83,456 -c----w c:\windows\$NtServicePackUninstall$\dpvsetup.exe
+ 2004-08-04 04:54:24 116,736 -c----w c:\windows\$NtServicePackUninstall$\dpvvox.dll
+ 2004-08-04 04:54:24 57,856 -c----w c:\windows\$NtServicePackUninstall$\dpwsockx.dll
+ 2002-09-07 00:00:00 60,928 -c----w c:\windows\$NtServicePackUninstall$\driverquery.exe
+ 2004-08-03 21:08:00 60,288 -c----w c:\windows\$NtServicePackUninstall$\drmk.sys
+ 2004-08-03 21:07:58 2,944 -c----w c:\windows\$NtServicePackUninstall$\drmkaud.sys
+ 2004-08-04 04:54:24 14,336 -c----w c:\windows\$NtServicePackUninstall$\drprov.dll
+ 2002-09-07 00:00:00 60,928 -c----w c:\windows\$NtServicePackUninstall$\drvqry.exe
+ 2004-08-04 04:54:24 16,384 -c----w c:\windows\$NtServicePackUninstall$\ds32gt.dll
+ 2004-08-04 04:54:24 181,760 -c----w c:\windows\$NtServicePackUninstall$\dsdmo.dll
+ 2004-08-04 04:54:24 72,192 -c----w c:\windows\$NtServicePackUninstall$\dsdmoprp.dll
+ 2004-08-04 04:54:24 93,696 -c----w c:\windows\$NtServicePackUninstall$\dskquota.dll
+ 2002-09-07 00:00:00 150,016 -c----w c:\windows\$NtServicePackUninstall$\dskquoui.dll
+ 2004-08-04 04:54:24 367,616 -c----w c:\windows\$NtServicePackUninstall$\dsound.dll
+ 2004-08-04 04:54:24 1,294,336 -c----w c:\windows\$NtServicePackUninstall$\dsound3d.dll
+ 2004-08-04 04:54:24 145,408 -c----w c:\windows\$NtServicePackUninstall$\dsprop.dll
+ 2004-08-04 04:52:58 4,096 -c----w c:\windows\$NtServicePackUninstall$\dsprpres.dll
+ 2004-08-04 04:54:24 240,640 -c----w c:\windows\$NtServicePackUninstall$\dsquery.dll
+ 2004-08-04 04:54:24 52,736 -c----w c:\windows\$NtServicePackUninstall$\dssec.dll
+ 2004-08-04 02:31:44 137,216 -c----w c:\windows\$NtServicePackUninstall$\dssenh.dll
+ 2004-08-04 04:54:24 113,664 -c----w c:\windows\$NtServicePackUninstall$\dsuiext.dll
+ 2004-08-04 04:54:24 19,456 -c----w c:\windows\$NtServicePackUninstall$\dswave.dll
+ 2004-08-04 04:54:50 10,752 -c----w c:\windows\$NtServicePackUninstall$\dumprep.exe
+ 2004-08-04 04:54:24 304,128 -c----w c:\windows\$NtServicePackUninstall$\duser.dll
+ 2004-08-04 04:54:50 17,920 -c----w c:\windows\$NtServicePackUninstall$\dvdupgrd.exe
+ 2004-08-04 04:54:50 180,224 -c----w c:\windows\$NtServicePackUninstall$\dwwin.exe
+ 2004-08-04 04:54:24 619,008 -c----w c:\windows\$NtServicePackUninstall$\dx7vb.dll
+ 2004-08-04 04:54:24 1,227,264 -c----w c:\windows\$NtServicePackUninstall$\dx8vb.dll
+ 2004-08-04 04:54:50 1,298,432 -c----w c:\windows\$NtServicePackUninstall$\dxdiag.exe
+ 2004-08-04 04:54:24 2,113,536 -c----w c:\windows\$NtServicePackUninstall$\dxdiagn.dll
+ 2004-08-04 03:00:56 71,040 -c----w c:\windows\$NtServicePackUninstall$\dxg.sys
+ 2004-08-04 04:54:24 499,741 -c----w c:\windows\$NtServicePackUninstall$\dxmasf.dll
+ 2008-08-20 05:37:14 357,888 -c----w c:\windows\$NtServicePackUninstall$\dxtmsft.dll
+ 2008-08-20 05:37:14 205,312 -c----w c:\windows\$NtServicePackUninstall$\dxtrans.dll
+ 2004-08-04 04:54:24 27,136 -c----w c:\windows\$NtServicePackUninstall$\efsadu.dll
+ 2004-08-04 04:54:26 187,392 -c----w c:\windows\$NtServicePackUninstall$\els.dll
+ 2004-08-04 04:54:26 20,480 -c----w c:\windows\$NtServicePackUninstall$\encapi.dll
+ 2004-08-04 04:54:26 186,368 -c----w c:\windows\$NtServicePackUninstall$\encdec.dll
+ 2004-08-04 04:54:26 23,040 -c----w c:\windows\$NtServicePackUninstall$\ersvc.dll
+ 2008-07-07 20:31:48 253,952 -c----w c:\windows\$NtServicePackUninstall$\es.dll
+ 2004-08-04 04:54:26 1,097,728 -c----w c:\windows\$NtServicePackUninstall$\esent.dll
+ 2004-08-04 04:54:26 247,808 -c----w c:\windows\$NtServicePackUninstall$\esscli.dll
+ 2004-08-04 04:54:50 195,072 -c----w c:\windows\$NtServicePackUninstall$\eudcedit.exe
+ 2004-08-04 04:54:50 52,736 -c----w c:\windows\$NtServicePackUninstall$\evcreate.exe
+ 2004-08-04 04:54:50 52,736 -c----w c:\windows\$NtServicePackUninstall$\eventcreate.exe
+ 2004-08-04 04:54:26 55,808 -c----w c:\windows\$NtServicePackUninstall$\eventlog.dll
+ 2002-09-07 00:00:00 81,408 -c----w c:\windows\$NtServicePackUninstall$\eventtriggers.exe
+ 2004-08-04 04:54:26 109,568 -c----w c:\windows\$NtServicePackUninstall$\evntagnt.dll
+ 2004-08-04 04:54:50 26,112 -c----w c:\windows\$NtServicePackUninstall$\evntcmd.exe
+ 2004-08-04 04:54:26 22,016 -c----w c:\windows\$NtServicePackUninstall$\evntrprv.dll
+ 2004-08-04 04:54:50 94,720 -c----w c:\windows\$NtServicePackUninstall$\evntwin.exe
+ 2004-08-04 04:54:26 45,568 -c----w c:\windows\$NtServicePackUninstall$\evtgprov.dll
+ 2002-09-07 00:00:00 81,408 -c----w c:\windows\$NtServicePackUninstall$\evtrig.exe
+ 2004-08-04 04:54:50 1,036,288 -c----w c:\windows\$NtServicePackUninstall$\explorer.exe
+ 2004-08-04 04:54:26 380,957 -c----w c:\windows\$NtServicePackUninstall$\expsrv.dll
+ 2004-08-04 04:54:26 14,336 -c----w c:\windows\$NtServicePackUninstall$\exstrace.dll
+ 2008-08-20 05:37:14 55,808 -c----w c:\windows\$NtServicePackUninstall$\extmgr.dll
+ 2004-08-04 04:54:50 45,568 -c----w c:\windows\$NtServicePackUninstall$\extrac32.exe
+ 2002-09-07 00:00:00 121,856 -c----w c:\windows\$NtServicePackUninstall$\exts.dll
+ 2002-09-07 00:00:00 7,168 -c----w c:\windows\$NtServicePackUninstall$\f3ahvoas.dll
+ 2004-08-04 03:14:18 143,360 -c----w c:\windows\$NtServicePackUninstall$\fastfat.sys
+ 2004-08-04 04:54:26 472,064 -c----w c:\windows\$NtServicePackUninstall$\fastprox.dll
+ 2004-08-04 04:54:26 80,896 -c----w c:\windows\$NtServicePackUninstall$\faultrep.dll
+ 2004-08-04 02:59:28 27,392 -c----w c:\windows\$NtServicePackUninstall$\fdc.sys
+ 2002-09-07 00:00:00 119,296 -c----w c:\windows\$NtServicePackUninstall$\fde.dll
+ 2004-08-04 04:54:26 76,288 -c----w c:\windows\$NtServicePackUninstall$\fdeploy.dll
+ 2004-08-04 04:54:26 21,504 -c----w c:\windows\$NtServicePackUninstall$\feclient.dll
+ 2004-08-04 04:54:26 348,160 -c----w c:\windows\$NtServicePackUninstall$\filemgmt.dll
+ 2004-08-04 04:54:50 29,184 -c----w c:\windows\$NtServicePackUninstall$\findstr.exe
+ 2002-09-07 00:00:00 35,072 -c----w c:\windows\$NtServicePackUninstall$\fips.sys
+ 2004-08-04 04:54:26 88,064 -c----w c:\windows\$NtServicePackUninstall$\fldrclnr.dll
+ 2004-08-04 02:59:28 20,480 -c----w c:\windows\$NtServicePackUninstall$\flpydisk.sys
+ 2004-08-04 04:54:26 16,896 -c----w c:\windows\$NtServicePackUninstall$\fltlib.dll
+ 2004-08-04 04:54:50 22,528 -c----w c:\windows\$NtServicePackUninstall$\fltmc.exe
+ 2004-08-04 03:01:20 124,800 -c----w c:\windows\$NtServicePackUninstall$\fltmgr.sys
+ 2004-08-04 04:54:26 386,560 -c----w c:\windows\$NtServicePackUninstall$\fontext.dll
+ 2002-09-07 00:00:00 79,360 -c----w c:\windows\$NtServicePackUninstall$\fontsub.dll
+ 2004-08-04 04:54:50 21,504 -c----w c:\windows\$NtServicePackUninstall$\fontview.exe
+ 2002-09-07 00:00:00 7,168 -c----w c:\windows\$NtServicePackUninstall$\forcedos.exe
+ 2002-09-07 00:00:00 25,600 -c----w c:\windows\$NtServicePackUninstall$\format.com
+ 2004-08-04 04:54:26 32,828 -c----w c:\windows\$NtServicePackUninstall$\fp40ext.dll
+ 2004-05-12 22:39:48 184,435 -c----w c:\windows\$NtServicePackUninstall$\fp4amsft.dll
+ 2003-03-24 13:52:04 82,035 -c----w c:\windows\$NtServicePackUninstall$\fp4anscp.dll
+ 2003-03-24 13:52:04 147,513 -c----w c:\windows\$NtServicePackUninstall$\fp4apws.dll
+ 2003-03-24 13:52:04 49,210 -c----w c:\windows\$NtServicePackUninstall$\fp4areg.dll
+ 2003-03-24 13:52:04 102,509 -c----w c:\windows\$NtServicePackUninstall$\fp4atxt.dll
+ 2003-03-24 14:52:04 618,605 -c----w c:\windows\$NtServicePackUninstall$\fp4autl.dll
+ 2003-03-24 13:52:04 41,020 -c----w c:\windows\$NtServicePackUninstall$\fp4avnb.dll
+ 2003-03-24 13:52:04 32,826 -c----w c:\windows\$NtServicePackUninstall$\fp4avss.dll
+ 2003-03-24 13:52:04 49,212 -c----w c:\windows\$NtServicePackUninstall$\fp4awebs.dll
+ 2004-05-12 22:39:48 876,653 -c----w c:\windows\$NtServicePackUninstall$\fp4awel.dll
+ 2002-05-14 11:08:54 14,608 -c----w c:\windows\$NtServicePackUninstall$\fp98sadm.exe
+ 2002-05-14 11:08:54 109,328 -c----w c:\windows\$NtServicePackUninstall$\fp98swin.exe
+ 2003-03-24 13:52:04 24,632 -c----w c:\windows\$NtServicePackUninstall$\fpadmcgi.exe
+ 2003-03-24 13:52:04 20,541 -c----w c:\windows\$NtServicePackUninstall$\fpadmdll.dll
+ 2003-03-24 13:52:04 188,494 -c----w c:\windows\$NtServicePackUninstall$\fpcount.exe
+ 2002-05-14 11:08:54 94,208 -c----w c:\windows\$NtServicePackUninstall$\fpencode.dll
+ 2003-03-24 13:52:04 20,541 -c----w c:\windows\$NtServicePackUninstall$\fpexedll.dll
+ 2004-05-12 22:39:48 598,071 -c----w c:\windows\$NtServicePackUninstall$\fpmmc.dll
+ 2003-03-24 13:52:04 20,538 -c----w c:\windows\$NtServicePackUninstall$\fpremadm.exe
+ 2004-08-04 04:53:02 9,344 -c----w c:\windows\$NtServicePackUninstall$\framebuf.dll
+ 2004-08-04 04:54:26 185,856 -c----w c:\windows\$NtServicePackUninstall$\framedyn.dll
+ 2004-08-04 04:54:52 193,024 -c----w c:\windows\$NtServicePackUninstall$\fsquirt.exe
+ 2004-08-04 04:54:52 46,080 -c----w c:\windows\$NtServicePackUninstall$\ftp.exe
+ 2004-08-04 04:54:28 6,144 -c----w c:\windows\$NtServicePackUninstall$\ftpmib.dll
+ 2004-08-04 04:54:28 127,488 -c----w c:\windows\$NtServicePackUninstall$\ftpsv251.dll
+ 2004-08-04 04:54:28 60,416 -c----w c:\windows\$NtServicePackUninstall$\fwcfg.dll
+ 2004-08-04 04:54:28 452,096 -c----w c:\windows\$NtServicePackUninstall$\fxsapi.dll
+ 2004-08-04 04:54:52 143,360 -c----w c:\windows\$NtServicePackUninstall$\fxsclnt.exe
+ 2004-08-04 04:54:28 72,192 -c----w c:\windows\$NtServicePackUninstall$\fxscom.dll
+ 2004-08-04 04:54:28 285,184 -c----w c:\windows\$NtServicePackUninstall$\fxscomex.dll
+ 2004-08-04 04:54:52 238,592 -c----w c:\windows\$NtServicePackUninstall$\fxscover.exe
+ 2004-08-04 04:54:28 27,136 -c----w c:\windows\$NtServicePackUninstall$\fxsdrv.dll
+ 2004-08-04 04:54:28 66,048 -c----w c:\windows\$NtServicePackUninstall$\fxsevent.dll
+ 2004-08-04 04:54:28 23,552 -c----w c:\windows\$NtServicePackUninstall$\fxsext32.dll
+ 2004-08-04 04:54:28 24,064 -c----w c:\windows\$NtServicePackUninstall$\fxsmon.dll
+ 2004-08-04 04:54:28 132,608 -c----w c:\windows\$NtServicePackUninstall$\fxsocm.dll
+ 2004-08-04 04:54:28 8,704 -c----w c:\windows\$NtServicePackUninstall$\fxsperf.dll
+ 2004-08-04 04:53:02 7,168 -c----w c:\windows\$NtServicePackUninstall$\fxsres.dll
+ 2004-08-04 04:54:28 563,712 -c----w c:\windows\$NtServicePackUninstall$\fxsst.dll
+ 2004-08-04 04:54:52 268,800 -c----w c:\windows\$NtServicePackUninstall$\fxssvc.exe
+ 2004-08-04 04:54:28 246,272 -c----w c:\windows\$NtServicePackUninstall$\fxst30.dll
+ 2004-08-04 04:54:28 397,312 -c----w c:\windows\$NtServicePackUninstall$\fxstiff.dll
+ 2004-08-04 04:54:28 156,672 -c----w c:\windows\$NtServicePackUninstall$\fxsui.dll
+ 2004-08-04 04:54:28 197,120 -c----w c:\windows\$NtServicePackUninstall$\fxswzrd.dll
+ 2004-08-04 04:54:28 400,896 -c----w c:\windows\$NtServicePackUninstall$\fxsxp32.dll
+ 2004-08-04 04:54:28 278,016 -c----w c:\windows\$NtServicePackUninstall$\gdi32.dll
+ 2002-09-07 00:00:00 57,344 -c----w c:\windows\$NtServicePackUninstall$\getmac.exe
+ 2004-08-04 04:54:28 123,904 -c----w c:\windows\$NtServicePackUninstall$\glu32.dll
+ 2004-08-04 04:54:28 577,536 -c----w c:\windows\$NtServicePackUninstall$\gpedit.dll
+ 2004-08-04 04:53:02 10,240 -c----w c:\windows\$NtServicePackUninstall$\gpkrsrc.dll
+ 2004-08-04 04:54:52 123,392 -c----w c:\windows\$NtServicePackUninstall$\gpresult.exe
+ 2004-08-04 04:54:52 123,392 -c----w c:\windows\$NtServicePackUninstall$\gprslt.exe
+ 2004-08-04 04:54:28 201,216 -c----w c:\windows\$NtServicePackUninstall$\gptext.dll
+ 2004-08-04 04:54:52 39,424 -c----w c:\windows\$NtServicePackUninstall$\grpconv.exe
+ 2004-08-04 04:54:28 125,440 -c----w c:\windows\$NtServicePackUninstall$\guitrn.dll
+ 2004-08-04 04:54:28 32,256 -c----w c:\windows\$NtServicePackUninstall$\gzip.dll
+ 2004-08-04 04:54:28 57,344 -c----w c:\windows\$NtServicePackUninstall$\h323cc.dll
+ 2004-08-04 04:54:28 614,912 -c----w c:\windows\$NtServicePackUninstall$\h323msp.dll
+ 2004-08-04 02:59:10 131,968 -c----w c:\windows\$NtServicePackUninstall$\hal.dll
+ 2004-08-04 04:54:28 7,168 -c----w c:\windows\$NtServicePackUninstall$\hccoin.dll
+ 2002-09-07 00:00:00 16,384 -c----w c:\windows\$NtServicePackUninstall$\help.exe
+ 2004-08-04 04:54:52 768,512 -c----w c:\windows\$NtServicePackUninstall$\helpctr.exe
+ 2004-08-04 04:54:52 743,936 -c----w c:\windows\$NtServicePackUninstall$\helpsvc.exe
+ 2004-08-04 04:54:52 10,752 -c----w c:\windows\$NtServicePackUninstall$\hh.exe
+ 2004-08-04 04:54:28 38,912 -c----w c:\windows\$NtServicePackUninstall$\hhsetup.dll
+ 2004-08-04 05:05:42 20,992 -c----w c:\windows\$NtServicePackUninstall$\hid.dll
+ 2004-08-04 03:08:20 36,224 -c----w c:\windows\$NtServicePackUninstall$\hidclass.sys
+ 2004-08-04 03:08:18 24,960 -c----w c:\windows\$NtServicePackUninstall$\hidparse.sys
+ 2004-08-04 00:54:28 21,504 -c----w c:\windows\$NtServicePackUninstall$\hidserv.dll
+ 2002-09-07 00:00:00 9,600 -c----w c:\windows\$NtServicePackUninstall$\hidusb.sys
+ 2002-09-07 00:00:00 77,850 -c----w c:\windows\$NtServicePackUninstall$\hlink.dll
+ 2004-08-04 04:54:28 38,912 -c----w c:\windows\$NtServicePackUninstall$\hmmapi.dll
+ 2004-08-04 04:54:28 347,648 -c----w c:\windows\$NtServicePackUninstall$\hnetcfg.dll
+ 2004-08-04 04:54:28 336,384 -c----w c:\windows\$NtServicePackUninstall$\hnetwiz.dll
+ 2004-08-04 04:54:28 39,936 -c----w c:\windows\$NtServicePackUninstall$\hostmib.dll
+ 2004-08-04 04:54:28 146,944 -c----w c:\windows\$NtServicePackUninstall$\hotplug.dll
+ 2004-08-04 04:54:52 18,944 -c----w c:\windows\$NtServicePackUninstall$\hscupd.exe
+ 2004-08-04 03:00:14 263,040 -c----w c:\windows\$NtServicePackUninstall$\http.sys
+ 2004-08-04 04:54:28 24,576 -c----w c:\windows\$NtServicePackUninstall$\httpapi.dll
+ 2004-08-04 04:54:28 268,288 -c----w c:\windows\$NtServicePackUninstall$\httpext.dll
+ 2004-08-04 04:54:28 8,192 -c----w c:\windows\$NtServicePackUninstall$\httpmb51.dll
+ 2004-08-04 04:54:28 62,464 -c----w c:\windows\$NtServicePackUninstall$\httpod51.dll
+ 2004-08-04 04:54:28 43,008 -c----w c:\windows\$NtServicePackUninstall$\htui.dll
+ 2002-09-07 00:00:00 13,463,552 -c----w c:\windows\$NtServicePackUninstall$\hwxjpn.dll
+ 2004-08-04 04:54:28 352,256 -c----w c:\windows\$NtServicePackUninstall$\hypertrm.dll
+ 2004-08-04 04:41:24 54,400 -c----w c:\windows\$NtServicePackUninstall$\i8042prt.sys
+ 2004-08-04 04:54:28 119,808 -c----w c:\windows\$NtServicePackUninstall$\iasrad.dll
+ 2004-08-04 04:54:28 11,264 -c----w c:\windows\$NtServicePackUninstall$\icaapi.dll
+ 2004-08-04 04:54:28 80,384 -c----w c:\windows\$NtServicePackUninstall$\iccvid.dll
+ 2004-08-04 04:54:28 253,952 -c----w c:\windows\$NtServicePackUninstall$\icm32.dll
+ 2004-08-04 04:53:04 3,584 -c----w c:\windows\$NtServicePackUninstall$\icmp.dll
+ 2004-08-04 04:54:28 4,096 -c----w c:\windows\$NtServicePackUninstall$\iconlib.dll
+ 2004-08-04 04:54:28 61,440 -c----w c:\windows\$NtServicePackUninstall$\icwconn.dll
+ 2004-08-04 04:54:52 218,624 -c----w c:\windows\$NtServicePackUninstall$\icwconn1.exe
+ 2004-08-04 04:54:52 86,016 -c----w c:\windows\$NtServicePackUninstall$\icwconn2.exe
+ 2004-08-04 04:54:28 73,728 -c----w c:\windows\$NtServicePackUninstall$\icwdial.dll
+ 2004-08-04 04:54:28 32,768 -c----w c:\windows\$NtServicePackUninstall$\icwdl.dll
+ 2004-08-04 04:54:28 176,128 -c----w c:\windows\$NtServicePackUninstall$\icwhelp.dll
+ 2004-08-04 04:54:28 65,536 -c----w c:\windows\$NtServicePackUninstall$\icwphbk.dll
+ 2004-08-04 04:54:52 24,576 -c----w c:\windows\$NtServicePackUninstall$\icwrmind.exe
+ 2004-08-04 04:54:28 49,152 -c----w c:\windows\$NtServicePackUninstall$\icwutil.dll
+ 2004-08-04 04:54:28 121,856 -c----w c:\windows\$NtServicePackUninstall$\idq.dll
+ 2004-08-04 04:54:52 34,304 -c----w c:\windows\$NtServicePackUninstall$\ie4uinit.exe
+ 2004-08-04 04:54:28 139,264 -c----w c:\windows\$NtServicePackUninstall$\ieakeng.dll
+ 2004-08-04 04:54:28 221,696 -c----w c:\windows\$NtServicePackUninstall$\ieaksie.dll
+ 2004-08-04 04:54:28 323,584 -c----w c:\windows\$NtServicePackUninstall$\iedkcs32.dll
+ 2008-08-19 09:30:39 18,432 -c----w c:\windows\$NtServicePackUninstall$\iedw.exe
+ 2004-08-04 04:54:28 81,920 -c----w c:\windows\$NtServicePackUninstall$\ieencode.dll
+ 2008-08-20 05:37:14 251,392 -c----w c:\windows\$NtServicePackUninstall$\iepeers.dll
+ 2004-08-04 04:54:28 49,152 -c----w c:\windows\$NtServicePackUninstall$\iernonce.dll
+ 2004-08-04 04:54:28 63,488 -c----w c:\windows\$NtServicePackUninstall$\iesetup.dll
+ 2004-08-04 04:54:52 93,184 -c----w c:\windows\$NtServicePackUninstall$\iexplore.exe
+ 2004-08-04 04:54:52 114,688 -c----w c:\windows\$NtServicePackUninstall$\iexpress.exe
+ 2004-08-04 04:54:28 142,848 -c----w c:\windows\$NtServicePackUninstall$\ifmon.dll
+ 2004-08-04 04:54:28 8,192 -c----w c:\windows\$NtServicePackUninstall$\igmpagnt.dll
+ 2004-08-04 04:53:04 508,416 -c----w c:\windows\$NtServicePackUninstall$\iis.dll
+ 2004-08-04 04:54:28 25,088 -c----w c:\windows\$NtServicePackUninstall$\iisadmin.dll
+ 2004-08-04 04:54:28 145,408 -c----w c:\windows\$NtServicePackUninstall$\iische51.dll
+ 2004-08-04 04:54:30 68,608 -c----w c:\windows\$NtServicePackUninstall$\iisext51.dll
+ 2004-08-04 04:54:30 7,168 -c----w c:\windows\$NtServicePackUninstall$\iisfecnv.dll
+ 2004-08-04 04:54:30 79,872 -c----w c:\windows\$NtServicePackUninstall$\iislog51.dll
+ 2004-08-04 04:54:30 64,512 -c----w c:\windows\$NtServicePackUninstall$\iismap.dll
+ 2004-08-04 04:54:52 31,232 -c----w c:\windows\$NtServicePackUninstall$\iisrstas.exe
+ 2004-08-04 04:54:30 133,632 -c----w c:\windows\$NtServicePackUninstall$\iisrtl.dll
+ 2004-08-04 04:54:30 81,920 -c----w c:\windows\$NtServicePackUninstall$\ils.dll
+ 2004-08-04 04:54:30 144,384 -c----w c:\windows\$NtServicePackUninstall$\imagehlp.dll
+ 2004-08-04 04:54:52 150,016 -c----w c:\windows\$NtServicePackUninstall$\imapi.exe
+ 2004-08-04 03:00:16 41,856 -c----w c:\windows\$NtServicePackUninstall$\imapi.sys
+ 2004-08-04 03:04:38 106,496 -c----w c:\windows\$NtServicePackUninstall$\imekrcic.dll
+ 2004-08-04 03:04:34 86,016 -c----w c:\windows\$NtServicePackUninstall$\imekrmbx.dll
+ 2004-08-04 04:54:30 36,921 -c----w c:\windows\$NtServicePackUninstall$\imeshare.dll
+ 2004-08-04 04:54:30 35,840 -c----w c:\windows\$NtServicePackUninstall$\imgutil.dll
+ 2004-08-04 02:31:50 811,064 -c----w c:\windows\$NtServicePackUninstall$\imjp81k.dll
+ 2004-08-04 02:31:52 368,696 -c----w c:\windows\$NtServicePackUninstall$\imjpcic.dll
+ 2004-08-04 02:31:52 716,856 -c----w c:\windows\$NtServicePackUninstall$\imjpcus.dll
+ 2004-08-04 02:31:54 81,976 -c----w c:\windows\$NtServicePackUninstall$\imjpdct.dll
+ 2004-08-04 02:32:16 274,489 -c----w c:\windows\$NtServicePackUninstall$\imjputyc.dll
+ 2004-08-04 02:32:28 102,456 -c----w c:\windows\$NtServicePackUninstall$\imlang.dll
+ 2004-08-04 04:54:30 110,080 -c----w c:\windows\$NtServicePackUninstall$\imm32.dll
+ 2002-09-07 00:00:00 118,784 -c----w c:\windows\$NtServicePackUninstall$\imsinsnt.dll
+ 2002-09-07 00:00:00 315,452 -c----w c:\windows\$NtServicePackUninstall$\imskf.dll
+ 2004-08-04 04:54:30 282,624 -c----w c:\windows\$NtServicePackUninstall$\inetcfg.dll
+ 2008-04-11 18:51:06 683,520 -c----w c:\windows\$NtServicePackUninstall$\inetcomm.dll
+ 2004-08-04 04:54:52 15,872 -c----w c:\windows\$NtServicePackUninstall$\inetin51.exe
+ 2004-08-04 04:54:30 842,240 -c----w c:\windows\$NtServicePackUninstall$\inetmgr.dll
+ 2004-08-04 04:54:30 33,280 -c----w c:\windows\$NtServicePackUninstall$\inetmib1.dll
+ 2004-08-04 04:54:30 75,264 -c----w c:\windows\$NtServicePackUninstall$\inetpp.dll
+ 2004-08-04 04:54:30 16,384 -c----w c:\windows\$NtServicePackUninstall$\inetppui.dll
+ 2004-08-04 04:53:04 50,688 -c----w c:\windows\$NtServicePackUninstall$\inetres.dll
+ 2004-08-04 04:54:54 20,480 -c----w c:\windows\$NtServicePackUninstall$\inetwiz.exe
+ 2004-08-04 04:54:30 13,312 -c----w c:\windows\$NtServicePackUninstall$\infoadmn.dll
+ 2004-08-04 04:54:30 257,024 -c----w c:\windows\$NtServicePackUninstall$\infocomm.dll
+ 2004-08-04 04:54:30 147,456 -c----w c:\windows\$NtServicePackUninstall$\initpki.dll
+ 2004-08-04 04:54:30 126,464 -c----w c:\windows\$NtServicePackUninstall$\input.dll
+ 2008-08-20 05:37:14 96,768 -c----w c:\windows\$NtServicePackUninstall$\inseng.dll
+ 2004-08-04 04:43:40 40,320 -c----w c:\windows\$NtServicePackUninstall$\intelppm.sys
+ 2004-08-04 03:00:08 29,056 -c----w c:\windows\$NtServicePackUninstall$\ip6fw.sys
+ 2004-08-04 04:54:54 58,368 -c----w c:\windows\$NtServicePackUninstall$\ipconfig.exe
+ 2004-08-04 04:54:30 95,744 -c----w c:\windows\$NtServicePackUninstall$\iphlpapi.dll
+ 2004-08-04 03:04:46 20,992 -c----w c:\windows\$NtServicePackUninstall$\ipinip.sys
+ 2002-09-07 00:00:00 167,424 -c----w c:\windows\$NtServicePackUninstall$\ipmontr.dll
+ 2004-08-04 03:04:52 134,912 -c----w c:\windows\$NtServicePackUninstall$\ipnat.sys
+ 2004-08-04 04:54:30 332,800 -c----w c:\windows\$NtServicePackUninstall$\ipnathlp.dll
+ 2004-08-04 04:54:30 355,840 -c----w c:\windows\$NtServicePackUninstall$\ippromon.dll
+ 2004-08-04 04:54:30 36,864 -c----w c:\windows\$NtServicePackUninstall$\iprip.dll
+ 2002-09-07 00:00:00 169,984 -c----w c:\windows\$NtServicePackUninstall$\iprtrmgr.dll
+ 2004-08-04 03:14:30 74,752 -c----w c:\windows\$NtServicePackUninstall$\ipsec.sys
+ 2004-08-04 04:54:30 361,472 -c----w c:\windows\$NtServicePackUninstall$\ipsecsnp.dll
+ 2004-08-04 04:54:30 184,320 -c----w c:\windows\$NtServicePackUninstall$\ipsecsvc.dll
+ 2004-08-04 04:54:30 388,096 -c----w c:\windows\$NtServicePackUninstall$\ipsmsnap.dll
+ 2004-08-04 04:54:54 53,760 -c----w c:\windows\$NtServicePackUninstall$\ipv6.exe
+ 2004-08-04 04:54:30 59,904 -c----w c:\windows\$NtServicePackUninstall$\ipv6mon.dll
+ 2004-08-04 04:54:54 24,576 -c----w c:\windows\$NtServicePackUninstall$\ipxroute.exe
+ 2002-09-07 00:00:00 20,992 -c----w c:\windows\$NtServicePackUninstall$\ipxwan.dll
+ 2004-08-04 04:54:30 120,320 -c----w c:\windows\$NtServicePackUninstall$\ir41_qc.dll
+ 2004-08-04 04:54:30 338,432 -c----w c:\windows\$NtServicePackUninstall$\ir41_qcx.dll
+ 2004-08-04 04:54:30 755,200 -c----w c:\windows\$NtServicePackUninstall$\ir50_32.dll
+ 2004-08-04 04:54:30 200,192 -c----w c:\windows\$NtServicePackUninstall$\ir50_qc.dll
+ 2004-08-04 04:54:30 183,808 -c----w c:\windows\$NtServicePackUninstall$\ir50_qcx.dll
+ 2004-08-04 03:00:48 11,264 -c----w c:\windows\$NtServicePackUninstall$\irenum.sys
+ 2001-08-23 14:58:06 36,224 -c----w c:\windows\$NtServicePackUninstall$\isapnp.sys
+ 2004-08-04 04:54:30 68,608 -c----w c:\windows\$NtServicePackUninstall$\isatq.dll
+ 2004-08-04 04:54:30 27,648 -c----w c:\windows\$NtServicePackUninstall$\iscomlog.dll
+ 2004-08-04 04:54:30 86,016 -c----w c:\windows\$NtServicePackUninstall$\isign32.dll
+ 2004-08-04 04:54:30 32,768 -c----w c:\windows\$NtServicePackUninstall$\isrdbg32.dll
+ 2004-08-04 04:54:30 143,872 -c----w c:\windows\$NtServicePackUninstall$\itircl.dll
+ 2004-08-04 04:54:30 134,144 -c----w c:\windows\$NtServicePackUninstall$\itss.dll
+ 2004-08-04 04:54:30 192,000 -c----w c:\windows\$NtServicePackUninstall$\iuengine.dll
+ 2004-08-04 04:54:30 54,784 -c----w c:\windows\$NtServicePackUninstall$\ixsso.dll
+ 2004-08-03 22:54:30 47,616 -c----w c:\windows\$NtServicePackUninstall$\iyuv_32.dll
+ 2002-09-07 00:00:00 144,896 -c----w c:\windows\$NtServicePackUninstall$\jgdw400.dll
+ 2002-09-07 00:00:00 42,496 -c----w c:\windows\$NtServicePackUninstall$\jgpl400.dll
+ 2007-12-18 14:41:58 450,560 -c----w c:\windows\$NtServicePackUninstall$\jscript.dll
+ 2008-08-20 05:37:15 16,384 -c----w c:\windows\$NtServicePackUninstall$\jsproxy.dll
+ 2002-09-07 00:00:00 6,144 -c----w c:\windows\$NtServicePackUninstall$\kbd101.dll
+ 2001-08-17 22:55:56 6,144 -c----w c:\windows\$NtServicePackUninstall$\kbd106.dll
+ 2002-09-07 00:00:00 6,144 -c----w c:\windows\$NtServicePackUninstall$\kbd106n.dll
+ 2002-09-07 00:00:00 6,144 -c----w c:\windows\$NtServicePackUninstall$\kbdax2.dll
+ 2004-08-04 04:45:12 25,216 -c----w c:\windows\$NtServicePackUninstall$\kbdclass.sys
+ 2004-08-04 04:53:10 7,168 -c----w c:\windows\$NtServicePackUninstall$\kbdfi1.dll
+ 2004-08-04 04:45:14 14,848 -c----w c:\windows\$NtServicePackUninstall$\kbdhid.sys
+ 2002-09-07 00:00:00 7,168 -c----w c:\windows\$NtServicePackUninstall$\kbdibm02.dll
+ 2004-08-04 04:53:10 6,144 -c----w c:\windows\$NtServicePackUninstall$\kbdinbe1.dll
+ 2004-08-04 04:53:10 6,656 -c----w c:\windows\$NtServicePackUninstall$\kbdinben.dll
+ 2004-08-04 04:53:10 6,656 -c----w c:\windows\$NtServicePackUninstall$\kbdinmal.dll
+ 2002-09-07 00:00:00 6,656 -c----w c:\windows\$NtServicePackUninstall$\kbdlk41a.dll
+ 2002-09-07 00:00:00 6,144 -c----w c:\windows\$NtServicePackUninstall$\kbdlk41j.dll
+ 2004-08-04 04:53:10 5,632 -c----w c:\windows\$NtServicePackUninstall$\kbdmaori.dll
+ 2004-08-04 04:53:10 6,144 -c----w c:\windows\$NtServicePackUninstall$\kbdmlt47.dll
+ 2004-08-04 04:53:10 6,144 -c----w c:\windows\$NtServicePackUninstall$\kbdmlt48.dll
+ 2002-09-07 00:00:00 7,168 -c----w c:\windows\$NtServicePackUninstall$\kbdnec.dll
+ 2004-08-04 04:53:10 7,168 -c----w c:\windows\$NtServicePackUninstall$\kbdno1.dll
+ 2004-08-04 04:53:10 7,680 -c----w c:\windows\$NtServicePackUninstall$\kbdsmsfi.dll
+ 2004-08-04 04:53:10 7,680 -c----w c:\windows\$NtServicePackUninstall$\kbdsmsno.dll
+ 2004-08-04 04:53:10 7,168 -c----w c:\windows\$NtServicePackUninstall$\kbdukx.dll
+ 2004-08-04 02:59:24 7,424 -c----w c:\windows\$NtServicePackUninstall$\kd1394.dll
+ 2004-08-04 04:54:30 294,400 -c----w c:\windows\$NtServicePackUninstall$\kerberos.dll
+ 2004-08-04 04:54:30 1,048,576 -c----w c:\windows\$NtServicePackUninstall$\kernel32.dll
+ 2004-08-04 04:54:30 157,184 -c----w c:\windows\$NtServicePackUninstall$\keymgr.dll
+ 2004-08-03 21:07:50 171,77
0
Réponse 13 / 24
La Taverne de Moe Messages postés 422 Statut Membre 264
 
Salut,

Suis, la procedure suivante :

* Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix, puis valide avec la touche Entrée.
* Selectionnes l'option 1 (Recherche). Patienter jusqu'à la fin de la recherche.
* Copier/Poster le rapport généré. (C:\TB.txt)
0
Réponse 14 / 24
raff123 Messages postés 57 Statut Membre
 
mecri beaucoup pour ta réponse!!!
voila le rapport:

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
BIOS : Default System BIOS
USER : Administrateur ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus 8.0 (Activated)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:16 Go)
D:\ (Local Disk) - NTFS - Total:37 Go (Free:1 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (CD or DVD) - CDFS - Total:3 Go (Free:0 Go)
G:\ (CD or DVD)
L:\ (USB) - FAT32 - Total:3763 Mo (Free:1 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 05/03/2009|14:45 )

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ Extensions

(Administrateur.K-6EF732255ED54) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(Administrateur.K-6EF732255ED54) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper

(Kacha) - {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} => flashgot
(Kacha) - {991A772A-BA13-4c1d-A9EF-F897F31DEC7D} => megaupload
(Kacha) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr"
"Search bar"="http://www.bing.com/spresults.aspx"

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\ADMINI~1.K-6\Mes documents\Anti Torjan\Crack
C:\DOCUME~1\ADMINI~1.K-6\Mes documents\Anti Torjan\Crack\Anti Trojan Elite_4.x.x_Patch_Dr.XJ - Under SEH Team.exe

1 - "C:\ToolBar SD\TB_1.txt" - 05/03/2009|14:46 - Option : [1]

-----------\\ Fin du rapport a 14:46:35,79
0
Réponse 15 / 24
La Taverne de Moe Messages postés 422 Statut Membre 264
 
*Relance Toolbar-S&D en double-cliquant sur le raccourci.

*Tape sur "2" puis valide en appuyant sur "Entrée".

/!\ Ne ferme pas la fenêtre lors de la suppression /!\

*Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

Ensuite, fais ce qui suit :

On va utiliser l'outil GENPROC, voir ce qu'il nous propose.

*Clique sur le lien suivant :

http://forum.telecharger.01net.com/forum/

*Tu suis pas à pas, le tutorial.
*Tu postes le rapport généré ici.

Enfin, colle un rapport HIJACKTHIS.
0
Réponse 16 / 24
raff123 Messages postés 57 Statut Membre
 
voila pour les deux rapports et our que tu sache au cours de l'utilisation de combofix. J'ai désinstaller avg 8.0 mais le pb c'est que dans le centre de sécurtié windows ils ne m'ont pas dis que antivirus est désactivé. Voila c'est pour que tu saches. merci pour ton aide.

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
BIOS : Default System BIOS
USER : Administrateur ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus 8.0 (Activated)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:16 Go)
D:\ (Local Disk) - NTFS - Total:37 Go (Free:1 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (CD or DVD) - CDFS - Total:3 Go (Free:0 Go)
G:\ (CD or DVD)
L:\ (USB) - FAT32 - Total:3763 Mo (Free:1 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 05/03/2009|15:28 )

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ Extensions

(Administrateur.K-6EF732255ED54) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(Administrateur.K-6EF732255ED54) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper

(Kacha) - {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} => flashgot
(Kacha) - {991A772A-BA13-4c1d-A9EF-F897F31DEC7D} => megaupload
(Kacha) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
"Search bar"="http://www.bing.com/spresults.aspx"

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\ADMINI~1.K-6\Mes documents\Anti Torjan\Crack
C:\DOCUME~1\ADMINI~1.K-6\Mes documents\Anti Torjan\Crack\Anti Trojan Elite_4.x.x_Patch_Dr.XJ - Under SEH Team.exe

1 - "C:\ToolBar SD\TB_1.txt" - 05/03/2009|14:46 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 05/03/2009|15:30 - Option : [2]

-----------\\ Fin du rapport a 15:30:07,48

GenProc 2.116 [1] 05/03/2009 - Windows XP : Aucune infection caractéristique trouvée .
0
Réponse 17 / 24
La Taverne de Moe Messages postés 422 Statut Membre 264
 
Il faut de suite que tu remettes une protection sur ton PC. Tu as bien fait de désinstaller AVG.
Ca te permettra d'installer ANTIVIR, tres efficace.

* Tutorial pour te familiariser avec le logiciel :

https://www.malekal.com/avira-free-security-antivirus-gratuit/

*Pour télécharger ANTIVIR :

https://www.commentcamarche.net/telecharger/ 55 antivir

NB : l'antivirus "AVIRA ANTIVIR" est bien gratuit.
A la fin de la periode d'evaluation, la licence se renouvelle automatiquement

Une fois installé, tu lances ANTIVIR, voir si il trouve quelque chose.
Tu postes le rapport.

*Colle aussi un rapport HIJACKTHIS stp.
0
Réponse 18 / 24
raff123 Messages postés 57 Statut Membre
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:22:38, on 05/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\iPScan.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VIA\RAID\vialogsv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\jdhjack.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.zonealarm.com/software/extreme-security?source=Other&medium=InClient&campaign=ZoneAlarm+Pro&content=OEM+All&term=English&lid=en&cid=04056&app=inclient&prod=1&date=1367256704&version=7.0.483.000&lic=g3q3495bkgd0mx5jbfbi8kw0dg0&oem=1025&dest=try_product
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [FlashGet] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iPPCamScan] C:\WINDOWS\iPScan.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VIARaidUtl] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S16A.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Administrateur.K-6EF732255ED54\Application Data\Mozilla\Firefox\Profiles\e9773f7g.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Administrateur.K-6EF732255ED54\Application Data\Mozilla\Firefox\Profiles/e9773f7g.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VRAID Log Service - Unknown owner - C:\Program Files\VIA\RAID\vialogsv.exe
0
Réponse 19 / 24
La Taverne de Moe Messages postés 422 Statut Membre 264
 
Tu veux pas installer d'antivrus?
Je t'ai donné un lien afin que tu télécharges ANTIVIR, et ensuite faire un scan avec.

Relance HIJACKTHIS et fixe, les lignes suivantes (et seulement ces lignes!!) :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [iPPCamScan] C:\WINDOWS\iPScan.exe
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Administrateur.K-6EF732255ED54\Application Data\Mozilla\Firefox\Profiles\e9773f7g.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Administrateur.K-6EF732255ED54\Application Data\Mozilla\Firefox\Profiles/e9773f7g.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"

Poste un nouveau rapport HIJACKTHIS stp.
0
Réponse 20 / 24
raff123 Messages postés 57 Statut Membre
 
Merci pour tes promptes réponses ^^!!!!! et voila pour le rapport hisjack et antivir et en train de faire son scan. Je suis allé dans protection local, controler, demarrer la recherche c'est bon???????
et aussi lol ils trouvent des archives infectés en ce moments je supprime ou je met en 40aine???? merci

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:41:32, on 05/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VIA\RAID\vialogsv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Trend Micro\HijackThis\jdhjack.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.zonealarm.com/software/extreme-security?source=Other&medium=InClient&campaign=ZoneAlarm+Pro&content=OEM+All&term=English&lid=en&cid=04056&app=inclient&prod=1&date=1367256704&version=7.0.483.000&lic=g3q3495bkgd0mx5jbfbi8kw0dg0&oem=1025&dest=try_product
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [FlashGet] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VIARaidUtl] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S16A.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Planificateur Avira AntiVir Premium (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service d'assistance Avira AntiVir Premium MailGuard (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VRAID Log Service - Unknown owner - C:\Program Files\VIA\RAID\vialogsv.exe
0

Discussions similaires

virus Torjan
bachirrou -
totobetourne -

3 réponses
comment éliminer un virus torjan svp
njouba -
Wildou -

6 réponses
Pk cela mes afficher ?
Darren -
Darren -

2 réponses
virus toran.agent bloquè ds la zone quarantai
don_kichot -
don_kichot -

55 réponses
torjan
gentlepape -
gentlepape -

5 réponses