Sujet Précédent Sujet Suivant

Lenteur PC

manucool Messages postés 139 Statut Membre -  
manucool Messages postés 139 Statut Membre -
Bonjour ,

Mon PC semble très lent au démarrage depuis plusieurs jours. Il n'arrete pas de "crépiter" pendant 10 minutes après l'ouverture ce qui laisse à penser que le DD travaille un peu trop...
J'ai d'ailleurs un fichier type svchost.exe ouverts qui prend 110000Ko de mémoire. Je ne sais pas s'il est à l'origine du problème mais dès que je les vire, cela semble accélérer.
Voici un log pour ceux qui savent le décrypter... Merci pour votre aide !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:43:19, on 02/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/qfr9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Userinit] C:\WINDOWS\system32\cologsver.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/024ab0f3e7c9b9e6ee16/netzip/RdxIE601_fr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1236109979802&h=a4790264b0bba4697cb2cd1242a621de/&filename=jinstall-6u12-windows-i586-jc.cab
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} - http://www.pixdiscount.fr/clients/ImageUploader3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Service Google Update (gupdate1c9d8a71961d5f0) (gupdate1c9d8a71961d5f0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
A voir également:

38 réponses

Précédent
  • 1
  • 2
Réponse 21 / 38
Utilisateur anonyme
 
Refait findykill en option 2
########### [ Option 2 ( Suppression ) XP ]
! Déconnecte toi et ferme toutes application en cours ( navigateur compris ) .
• Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)
• Relance "FindyKill" : au menu principal choisis l'option " F " pour français et tape sur [entrée] .
• Au second menu choisis l'option 2 (suppression) et tape sur [entrée]
• Le pc va redémarrer automatiquement ...
▶ le programme va travailler , ne touche à rien ... , ton bureau ne sera pas accessible c est normal !
--> Poste le rapport qui apparait à la fin ( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
/!\ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide
Aides en images : http://pagesperso-orange.fr/NosTools/findykill.html

0
Réponse 22 / 38
manucool Messages postés 139 Statut Membre 1
 
############################## | FindyKill V5.005 |

# User : Propriétaire (Administrateurs) # NOM-Y6G795SKGF6
# Update on 27/07/09 by Chiquitine29
# Start at: 22:14:52 | 06/08/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# AMD Athlon(tm) XP 2800+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# FW : ZoneAlarm Firewall[ Enabled ]7.0.483.000

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 70.61 Go (14.82 Go free) [PRESARIO] # NTFS
# D:\ # Disque fixe local # 3.9 Go (967.79 Mo free) [PRESARIO_RP] # FAT32
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | C: |

################## | C:\WINDOWS |

Supprimé ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-0F8DCEDB.pf

################## | C:\WINDOWS\system32 |

################## | C:\WINDOWS\system32\drivers |

################## | C:\Documents and Settings\Propri‚taire\Application Data |

################## | Autres ... |

################## | Temporary Internet Files |

################## | Registre / Clés infectieuses |

Value ! [HKLM\software\microsoft\security center] "AntiVirusOverride" -> Reset sucessfully !

################## | Etat / Services / Informations |

# Mode sans echec : OK

# Affichage des fichiers cachés : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

# Présent ! C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# Présent ! D:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.

################## | PEH ... |

Corrompu : C:\71332eb2285d5109bfcb\update\update.exe
[Offset = 000000E4 - Valeur = 0x0001]

Corrompu : C:\HijackThis\HijackThis.exe
[Offset = 000000C4 - Valeur = 0x0001]

Corrompu : C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
[Offset = 000000FC - Valeur = 0x0001]

Corrompu : C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
[Offset = 000000EC - Valeur = 0x0001]

Corrompu : C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
[Offset = 000000C4 - Valeur = 0x0001]

################## | Cracks / Keygens / Serials |

"C:\Documents and Settings\Propri‚taire\.housecall6.6\"patch.exe""
02/08/2009 20:26 |Size 218736 |Crc32 12c79c8b |Md5 b9a80ba0083fb8196f8ca0bef053ea4e

"C:\Documents and Settings\Propri‚taire\Application Data\ubi.com\Core\"GLPatcher2.exe""
28/03/2002 09:53 |Size 126976 |Crc32 6b571600 |Md5 1e4d5797ddfa082ea62dfa02ff67f8c6

################## | ! Fin du rapport # FindyKill V5.005 ! |
0
Réponse 23 / 38
Utilisateur anonyme
 
Il reste encore des infections .Ont va faire différemment.Pense a virer les antivirus inutile.

• Télécharger :
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/ sur ton Bureau
• Copier ce texte en gras
:Processes
explorer.exe

:Files
c:\windows\system32\wintems.exe
c:\documents and settings\propriétaire\application data\m\flec006.exe

• Maintenant, démarre en mode sans échec :
Tu n' auras pas accès à Internet pendant le "mode sans échec". Aussi, copie/colle toute cette procédure dans un fichier texte et mets-la sur le "Bureau" pour l'avoir à ta disposition. Ferme toutes les fenêtres et applications.
Redémarre ton ordinateur, puis tapote sur la touche F8 (F5 sur certains PC) avant l’apparition du logo Windows, un menu va apparaître, tu devra choisir de démarrer en mode sans échec. Choisis ta session habituelle, et ne t'inquiète pas si les couleurs et la taille des icônes changent, c'est normal !

• Double-clique sur OTM.exe afin de le lancer.
• Colle le script dans le cadre « Paste Instructions for Items to be Moved » et clique sur Moveit.
• Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.
• Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles
Le nom du rapport correspond au moment de sa création : date_heure.log
------------------------------------------------------------------------------------------------------------
Post un rapport rsit

0
Réponse 24 / 38
manucool Messages postés 139 Statut Membre 1
 
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
File/Folder c:\windows\system32\wintems.exe not found.
File/Folder c:\documents and settings\propriétaire\application data\m\flec006.exe not found.

OTM by OldTimer - Version 3.0.0.5 log created on 08072009_110214

Logfile of random's system information tool 1.06 (written by random/random)
Run by Propriétaire at 2009-08-07 11:06:47
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 15 GB (21%) free of 72 GB
Total RAM: 511 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:13, on 07/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\93Y9CE8V\RSIT[1].exe
C:\Documents and Settings\Propriétaire\Bureau\Propriétaire.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/024ab0f3e7c9b9e6ee16/netzip/RdxIE601_fr.cab
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} - http://www.pixdiscount.fr/clients/ImageUploader3.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 38
Utilisateur anonyme
 
/!\ A l'attention de ceux qui passent sur ce sujet /!\
Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts s'il est mal utilisé ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.

/!\ Désactive tous tes logiciels de protection /!\

• Télécharge combofix(de sUBs) sur ton Bureau.
• Double-clique sur ComboFix.exe afin de le lancer.
• Il va te demander d'installer la console de récupération : accepte.
• Ne touche à rien pendant le scan.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Tutoriel officiel de Combofix : http://www.bleepingcomputer.com/combofix/fr/comment-utiliser¬-combofix

0
Réponse 26 / 38
manucool Messages postés 139 Statut Membre 1
 
ComboFix 09-08-06.01 - Propriétaire 07/08/2009 16:01.1.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.282 [GMT 2:00]
Running from: c:\documents and settings\Propriétaire\Bureau\ComboFix.exe
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\RdxIE.dll
c:\windows\Installer\2ee57.msp
c:\windows\Installer\34bed2.msi
c:\windows\Installer\8f55d1.msi
c:\windows\patch.exe
c:\windows\system32\iAlmcoin.dll
c:\windows\system32\Ijl11.dll

.
((((((((((((((((((((((((( Files Created from 2009-07-07 to 2009-08-07 )))))))))))))))))))))))))))))))
.

2009-08-07 09:02 . 2009-08-07 09:02 -------- d-----w- C:\_OTM
2009-08-05 15:24 . 2009-08-05 15:24 3942047 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-04 13:38 . 2009-08-04 16:04 -------- d-----w- C:\UsbFix
2009-08-03 20:22 . 2009-08-06 20:42 -------- d-----w- C:\FindyKill
2009-08-03 19:24 . 2009-08-06 06:16 -------- d-----w- C:\rsit
2009-08-01 20:31 . 2009-08-01 20:31 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-07 14:11 . 2008-09-26 17:15 64034848 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-07 11:30 . 2008-09-26 17:15 750356 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-05 15:24 . 2008-08-18 08:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-04 19:49 . 2008-09-02 19:28 11845050 -c--a-w- c:\windows\Internet Logs\tvDebug.zip
2009-08-04 16:09 . 2004-11-18 07:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-04 13:21 . 2003-01-01 19:32 -------- d---a-w- c:\program files\Fichiers communs\Symantec Shared
2009-08-03 11:36 . 2008-08-18 08:51 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2008-08-18 08:51 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-10 06:33 . 2009-07-10 06:38 2621440 ----a-w- c:\windows\Internet Logs\xDB12.tmp
2009-07-03 16:57 . 2006-06-23 11:28 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-30 08:51 . 2008-11-29 19:59 -------- d-----w- c:\program files\adslTV
2009-06-24 06:17 . 2005-08-30 18:14 -------- d-----w- c:\program files\Google
2009-06-22 17:07 . 2006-11-19 20:04 -------- d-----w- c:\program files\emule2
2009-06-18 17:18 . 2009-06-18 17:20 2519040 ----a-w- c:\windows\Internet Logs\xDB11.tmp
2009-06-16 14:40 . 2003-01-01 09:58 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2003-01-01 09:54 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-11 13:58 . 2009-06-11 13:58 -------- d-----w- c:\program files\Microsoft
2009-06-11 13:57 . 2009-06-11 13:57 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-11 13:57 . 2008-11-19 21:26 -------- d-----w- c:\program files\Windows Live
2009-06-11 13:53 . 2009-06-11 13:53 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-06-03 19:10 . 2007-12-02 13:09 1297408 ----a-w- c:\windows\system32\quartz.dll
2009-05-23 11:08 . 2009-05-23 11:10 2817024 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2009-05-23 11:08 . 2009-05-23 11:10 2433536 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2009-05-22 17:54 . 2009-05-22 17:54 28904 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_05_22_19_46_44_small.dmp.zip
2009-05-10 11:13 . 2009-05-10 11:15 2335232 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2004-08-19 21:05 . 2004-08-19 21:05 61 -csh--w- c:\windows\cnerolf.dat
2005-01-14 19:21 . 2005-01-01 21:55 21 -csh--w- c:\windows\dpwtddxp.dll
2005-01-01 21:55 . 2005-01-01 21:55 14 -csh--w- c:\windows\dpwtpdxp.dll
2004-01-25 18:23 . 2004-01-25 18:23 32 -csha-w- c:\windows\{4D6F5508-DFB8-4576-92BC-B7D3B891AB89}.dat
2005-01-01 21:55 . 2005-01-01 21:55 21 -csh--w- c:\windows\system32\dpwtdaxp.dll
2005-01-01 21:55 . 2005-01-01 21:55 14 -csh--w- c:\windows\system32\dpwtpaxp.dll
2005-03-28 09:22 . 2005-03-28 09:06 10022 -csha-w- c:\windows\system32\KGyGaAvL.sys
2005-01-14 19:21 . 2005-01-01 21:55 12 -csh--w- c:\windows\system32\spwtpaxp.dll
2004-01-25 18:23 . 2004-01-25 18:23 32 -csha-w- c:\windows\system32\{3D1DEF9E-123D-4CB3-B553-194218865DFF}.dat
.

------- Sigcheck -------

[-] 2004-08-19 23:10 14336 2979B03D5382A602623C0535B16AB9C0 c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2008-04-14 02:34 14336 E4BDF223CD75478BF44567B4D5C2634D c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2004-08-19 23:10 14336 2979B03D5382A602623C0535B16AB9C0 c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\svchost.exe
[-] 2008-04-14 02:34 14336 E4BDF223CD75478BF44567B4D5C2634D c:\windows\system32\svchost.exe

[-] 2005-03-02 18:10 578048 0DF75FB73F705B011630159A43D7C354 c:\windows\$hf_mig$\KB890859\SP2GDR\user32.dll
[-] 2005-03-02 18:20 578048 C34920EB988CE98910BD6B0417F334EB c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2004-08-19 23:09 578048 61C8C283AD063BB697AE61A155C64A5A c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2004-12-29 01:32 575488 4C58E8FCACE40BB56975F12D9D3F2655 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2008-04-14 02:33 579584 E853F84D3CE2FAA2A802E33CF89AC023 c:\windows\ServicePackFiles\i386\user32.dll
[-] 2005-03-02 18:10 578048 0DF75FB73F705B011630159A43D7C354 c:\windows\SoftwareDistribution\Download\46faa4cd5c82200be099d1b1e8a12eed\sp2gdr\user32.dll
[-] 2004-08-19 23:09 578048 61C8C283AD063BB697AE61A155C64A5A c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\user32.dll
[-] 2008-04-14 02:33 579584 E853F84D3CE2FAA2A802E33CF89AC023 c:\windows\system32\user32.dll

[-] 2004-08-19 23:09 82944 EED74B969B2CA1ACC558FF60FB420E28 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2003-08-02 20:10 75264 20C6D9F9522DDA0F9A8E4B8641CA9245 c:\windows\$NtUninstallKB914388$\ws2_32.dll
[-] 2006-05-19 12:14 70656 93307E5F8389A7474511DC51165694E5 c:\windows\$NtUninstallKB922819$\ws2_32.dll
[-] 2008-04-14 02:33 82432 FB836F9E62D82904C983AD21296A5D9C c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2004-08-19 23:09 82944 EED74B969B2CA1ACC558FF60FB420E28 c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\ws2_32.dll
[-] 2008-04-14 02:33 82432 FB836F9E62D82904C983AD21296A5D9C c:\windows\system32\ws2_32.dll

[-] 2008-06-23 16:15 671232 8CA18FD7CCCABFF7E84702BC1BBF5DCB c:\windows\$hf_mig$\KB953838\SP2QFE\wininet.dll
[-] 2008-06-23 15:10 670208 D2177655BC338A07B99913F6A4BED52D c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll
[-] 2008-06-23 14:56 670720 4E00327DA458BEFFEA8F4B222F466B20 c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll
[-] 2008-08-26 09:10 827904 4B0E70D44297877A313045BD059770E1 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-10-16 10:23 671744 F9AE6DBB4EC5B4D1A82BF2F0CB7EE200 c:\windows\$hf_mig$\KB958215\SP2QFE\wininet.dll
[-] 2008-10-16 01:01 670208 05033943FF61ABD13B93C00337D04E92 c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll
[-] 2008-10-16 01:04 671232 1C6E9FDAB1F4CB983A39EFBA6F131ACC c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[-] 2008-10-16 19:33 827904 37D1A1BFE3D9904F2C3D11592456F9C0 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 23:47 827904 4E192082A5FCE9EF19198A24CDEA3442 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2009-03-03 00:15 828416 39F71B559A97ED722F939A0EA7235323 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2009-04-29 04:37 828928 754097815B575A721AB58B1C55476805 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[-] 2009-05-13 05:08 915456 722E8ABB39238BAD1B1E13D97C49DB4D c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[-] 2009-07-03 17:01 915456 B0249F1B9F68E55CB7D2656339D13323 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[-] 2004-08-19 23:09 660480 4E958B97EFC3D801F49283D1820F48B7 c:\windows\$NtServicePackUninstall$\wininet.dll
[-] 2004-11-11 18:51 593920 99E39F5BA4CFBE708BD5389B21C5C3EE c:\windows\$NtUninstallKB890923-IE6SP1-20050225.103456$\wininet.dll
[-] 2005-02-18 15:36 596992 C962156514A22D35A08C041FE9BBBC2E c:\windows\$NtUninstallKB896727-IE6SP1-20050719.165959$\wininet.dll
[-] 2005-06-17 22:26 580608 F9FE3D6849BEBE3914C7CF89F260408F c:\windows\$NtUninstallKB905915-IE6SP1-20051122.175908$\wininet.dll
[-] 2005-10-21 15:50 581120 8489FE29641F439D18611794A8431619 c:\windows\$NtUninstallKB912812-IE6SP1-20060322.182418$\wininet.dll
[-] 2003-08-02 20:26 603136 CBC50D46257C4A75644230507B488050 c:\windows\$NtUninstallKB918899-IE6SP1-20060725.123917$\wininet.dll
[-] 2004-08-19 23:09 660480 4E958B97EFC3D801F49283D1820F48B7 c:\windows\$NtUninstallKB953838$\wininet.dll
[-] 2008-06-23 15:40 663552 95D92788889B847309C63E2EC287D1C0 c:\windows\$NtUninstallKB958215$\wininet.dll
[-] 2008-10-16 10:38 663552 4BAD064ED3FB5008AF94D427DD77FDDD c:\windows\ie7\wininet.dll
[-] 2007-08-13 17:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-08-26 08:11 826368 E30CACD98479B36A3DBFA3267BF62DD0 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-10-16 20:18 826368 CFBFA47415E85018E2CDC509E5E3D011 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-12-20 22:47 826368 0551C946E305CEE0A79BA744DC141BFC c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2009-03-03 00:13 826368 68A2567FDD62AE7E31D8A885C5173EF9 c:\windows\ie7updates\KB969897-IE7\wininet.dll
[-] 2009-04-29 04:45 827392 08EFECB3F17F38F23F14148D374ACBC9 c:\windows\ie8\wininet.dll
[-] 2009-03-08 02:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\ie8updates\KB969897-IE8\wininet.dll
[-] 2009-05-13 05:04 915456 FEADC209186574B0471D694FF5634F70 c:\windows\ie8updates\KB972260-IE8\wininet.dll
[-] 2008-04-14 02:33 670208 4A6E04EA20F48D750D9BFED8600D516B c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2009-07-03 16:57 915456 995E2754D7FB0203A45351A1376836ED c:\windows\SoftwareDistribution\Download\0f3a0a7485e4c6588c69d8373eca4823\SP3GDR\wininet.dll
[-] 2009-07-03 17:01 915456 B0249F1B9F68E55CB7D2656339D13323 c:\windows\SoftwareDistribution\Download\0f3a0a7485e4c6588c69d8373eca4823\SP3QFE\wininet.dll
[-] 2009-05-13 05:04 915456 FEADC209186574B0471D694FF5634F70 c:\windows\SoftwareDistribution\Download\40bc3e8679e1bad2a30cd389d408d57e\SP3GDR\wininet.dll
[-] 2009-05-13 05:08 915456 722E8ABB39238BAD1B1E13D97C49DB4D c:\windows\SoftwareDistribution\Download\40bc3e8679e1bad2a30cd389d408d57e\SP3QFE\wininet.dll
[-] 2008-06-23 16:28 826368 AC0BD61DC2C64906FBFE50E005FEFA2C c:\windows\SoftwareDistribution\Download\848074f054596c97d2468deeb41d6ba1\SP2GDR\wininet.dll
[-] 2008-06-23 15:40 827904 52589BAE67DD9859724287372668690B c:\windows\SoftwareDistribution\Download\848074f054596c97d2468deeb41d6ba1\SP2QFE\wininet.dll
[-] 2006-04-28 13:08 581120 FBC2BB53E9AA8E775D57BFF836DD7445 c:\windows\SoftwareDistribution\Download\aeec9fb3604e3d5301683bcf10e5b4d2\rtmgdr\wininet.dll
[-] 2006-04-28 21:34 592896 EBF4A12C9E40B596553C06301C0F2594 c:\windows\SoftwareDistribution\Download\aeec9fb3604e3d5301683bcf10e5b4d2\RTMQFE\wininet.dll
[-] 2004-08-19 23:09 660480 4E958B97EFC3D801F49283D1820F48B7 c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\wininet.dll
[-] 2004-12-07 18:17 594944 5C46716E94F2698FD34B14F50DA1D6C9 c:\windows\SoftwareDistribution\Download\e2b2a65f5ac60f19171d8ab8040f71da\rtmgdr\wininet.dll
[-] 2004-12-08 03:24 585728 2414AC410C1F6D85AEC9596F82397D5E c:\windows\SoftwareDistribution\Download\e2b2a65f5ac60f19171d8ab8040f71da\RTMQFE\wininet.dll
[-] 2009-07-03 16:57 915456 995E2754D7FB0203A45351A1376836ED c:\windows\system32\wininet.dll
[-] 2009-07-03 16:57 915456 995E2754D7FB0203A45351A1376836ED c:\windows\system32\dllcache\wininet.dll

[-] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$hf_mig$\KB893066\SP2GDR\tcpip.sys
[-] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$hf_mig$\KB913446\SP2GDR\tcpip.sys
[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2003-08-02 20:02 332928 244A2F9816BC9B593957281EF577D976 c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 2005-05-25 19:41 339968 228B0385BBFCA24332FA22DB45A8B684 c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2006-01-13 01:13 340480 8C101C9C566E2384AF28EF7C1DE4A36E c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2004-08-04 06:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\SoftwareDistribution\Download\507067b70cd6d949aad91fc738213e69\sp2gdr\tcpip.sys
[-] 2004-08-04 06:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

[-] 2004-08-19 23:10 506368 123EEA158F74D0F67A51DCDF065D1091 c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 02:34 512000 DD73D6B9F6B4CB630CF35B438B540174 c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2004-08-19 23:10 506368 123EEA158F74D0F67A51DCDF065D1091 c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\winlogon.exe
[-] 2008-04-14 02:34 512000 DD73D6B9F6B4CB630CF35B438B540174 c:\windows\system32\winlogon.exe

[-] 2004-08-04 06:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2004-08-04 06:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

[-] 2004-08-04 06:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2004-08-04 06:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

[-] 2005-03-02 18:07 2058880 73FA9C95D235844A36968C7852C7DBDD c:\windows\$hf_mig$\KB890859\SP2GDR\ntkrnlpa.exe
[-] 2005-03-02 18:13 2059008 5311776074B6C13F983DC75BAEAC9C0C c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2009-02-09 11:17 2068224 ED5E20AE4AC5A63A4FF43FFE704A5153 c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 13:39 2065024 DCBC1A6D150B5EE1BD6257186157B0F3 c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 13:23 2068096 8DA71F1900721E1E4FCB5B02D55FB771 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 18:26 2068096 755B50949D0DBC0F0136B0DB58765331 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 13:44 2059776 F9720D61DF1E3E47614C4FC891F3FE44 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2004-10-28 01:27 1959424 939A0369E78BFB0BD342302E86390A09 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2008-08-14 13:23 2068096 8DA71F1900721E1E4FCB5B02D55FB771 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-14 03:07 2067968 B71A8F101CEFAF82FC5EC16130A54A3F c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2004-08-19 23:04 2058880 F252FAE094C54572ECE38A039F2103C4 c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
[-] 2009-02-10 17:06 2068096 F751E041E682F53EAF34F7FAEA78994D c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-04-14 03:07 2067968 0834052F1005445DFB3BE75B50A98B28 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2005-03-02 18:07 2058880 73FA9C95D235844A36968C7852C7DBDD c:\windows\SoftwareDistribution\Download\46faa4cd5c82200be099d1b1e8a12eed\sp2gdr\ntkrnlpa.exe
[-] 2004-08-19 23:04 2058880 F252FAE094C54572ECE38A039F2103C4 c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\ntkrnlpa.exe
[-] 2009-02-10 17:06 2068096 F751E041E682F53EAF34F7FAEA78994D c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-10 17:06 2068096 F751E041E682F53EAF34F7FAEA78994D c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2005-03-02 18:08 2181376 63729DD0F2AAE36CC52B89C05505146C c:\windows\$hf_mig$\KB890859\SP2GDR\ntoskrnl.exe
[-] 2005-03-02 18:13 2181632 3E2A0A4A0C0B19FC113618A9562A3B2A c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2009-02-10 17:16 2191232 BEF458B8424553279E95E250D1E0CE7E c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 13:39 2188032 C6649255E51F145B6E15C505AB68E459 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 13:23 2191232 C8D4D5974F9671DA0A37175650912960 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 18:26 2191232 D79210549BBF09B7638E860440504299 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 13:44 2182400 449566D74B5C261A3A54AA216F0C532B c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2004-10-28 01:27 2092032 A8A188AC824AAC564048C3A61A94AB9C c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2008-08-14 13:23 2191232 C8D4D5974F9671DA0A37175650912960 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-14 03:08 2191104 099D639DA1EF6968D4E41795BB507E6B c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2004-08-19 23:04 2183040 7D38CE4398E6AA6339B4644FEADCC0D8 c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
[-] 2009-02-09 11:24 2191104 AB896577F35CF5FED7A9F87D3C3205ED c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-04-14 03:08 2191104 099D639DA1EF6968D4E41795BB507E6B c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2005-03-02 18:08 2181376 63729DD0F2AAE36CC52B89C05505146C c:\windows\SoftwareDistribution\Download\46faa4cd5c82200be099d1b1e8a12eed\sp2gdr\ntoskrnl.exe
[-] 2004-08-19 23:04 2183040 7D38CE4398E6AA6339B4644FEADCC0D8 c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\ntoskrnl.exe
[-] 2009-02-09 11:24 2191104 AB896577F35CF5FED7A9F87D3C3205ED c:\windows\system32\ntoskrnl.exe
[-] 2009-02-09 11:24 2191104 AB896577F35CF5FED7A9F87D3C3205ED c:\windows\system32\dllcache\ntoskrnl.exe

[-] 2008-04-14 02:34 1037824 F2317622D29F9FF0F88AEECD5F60F0DD c:\windows\explorer.exe
[-] 2004-08-19 23:09 1036288 2A7BD330924252A2FD80344FC949BB72 c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2008-04-14 02:34 1037824 F2317622D29F9FF0F88AEECD5F60F0DD c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2004-08-19 23:09 1036288 2A7BD330924252A2FD80344FC949BB72 c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\explorer.exe

[-] 2009-02-09 11:16 111104 62789101F9C2401ED598AA2CDE7450C0 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2004-08-19 23:10 108544 63DCDE1A0D86EEB8924D6738FF616EAD c:\windows\$NtServicePackUninstall$\services.exe
[-] 2008-04-14 02:34 109056 54CB50058851D95E56EC70D09F70857F c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 02:34 109056 54CB50058851D95E56EC70D09F70857F c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-19 23:10 108544 63DCDE1A0D86EEB8924D6738FF616EAD c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\services.exe
[-] 2009-02-09 11:23 111104 C3FB1D70CB88722267949694BA51759E c:\windows\system32\services.exe
[-] 2009-02-09 11:23 111104 C3FB1D70CB88722267949694BA51759E c:\windows\system32\dllcache\services.exe

[-] 2004-08-19 23:09 13312 259AF82A0932EEA4F316F92DB94707B6 c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2008-04-14 02:34 13312 91E6024D6D4DCDECDB36C43ECF9BBECB c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2004-08-19 23:09 13312 259AF82A0932EEA4F316F92DB94707B6 c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\lsass.exe
[-] 2008-04-14 02:34 13312 91E6024D6D4DCDECDB36C43ECF9BBECB c:\windows\system32\lsass.exe

[-] 2004-08-19 23:09 15360 64E41E8FEE655B03E3F19DED21BA5118 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 02:33 15360 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2004-08-19 23:09 15360 64E41E8FEE655B03E3F19DED21BA5118 c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\ctfmon.exe
[-] 2008-04-14 02:33 15360 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 c:\windows\system32\ctfmon.exe

[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$hf_mig$\KB896423\SP2GDR\spoolsv.exe
[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2004-08-19 23:10 57856 DF9FC62AD51CB082B0AE371919A232CB c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2003-08-02 20:10 51200 B1CE5287F096895D9BE26EB86F4D5FAF c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2008-04-14 02:34 57856 460E4CE148BD07218DA0B6A3D31885A9 c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2004-08-19 23:10 57856 DF9FC62AD51CB082B0AE371919A232CB c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\spoolsv.exe
[-] 2008-04-14 02:34 57856 460E4CE148BD07218DA0B6A3D31885A9 c:\windows\system32\spoolsv.exe

[-] 2004-08-19 23:10 25088 84717891F0734C611721F56C60B5FBC3 c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2008-04-14 02:34 26624 E74DDB12188C2FF57A78624DBF7332FC c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2004-08-19 23:10 25088 84717891F0734C611721F56C60B5FBC3 c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\userinit.exe
[-] 2008-04-14 02:34 26624 E74DDB12188C2FF57A78624DBF7332FC c:\windows\system32\userinit.exe

[-] 2004-08-19 23:09 297984 78F90C3E230AD122BCB116ABAD5FEFE9 c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2008-04-14 02:33 297984 710BC85A8C22626EE094439E3EA0D38C c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2004-08-19 23:09 297984 78F90C3E230AD122BCB116ABAD5FEFE9 c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\termsrv.dll
[-] 2008-04-14 02:33 297984 710BC85A8C22626EE094439E3EA0D38C c:\windows\system32\termsrv.dll

[-] 2006-07-05 10:56 1049088 CE4AF1FA47A29ADF97CB107775CE395C c:\windows\$hf_mig$\KB917422\SP2GDR\kernel32.dll
[-] 2006-07-05 10:58 1050112 FB85EF2A6713E3A58A497E093626B93C c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2009-03-21 14:00 1056768 C3AF0EEE26B59484E674673E3016AAB7 c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2004-08-19 23:09 1048576 C88F74591579DBDE273C61312B2D3886 c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2003-08-02 20:06 995328 3F846A5513E8CC7DB6259585E60CB14D c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2008-04-14 02:33 1054720 3AC8886DFA5AB641417DF4D3B7F5512E c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 02:33 1054720 3AC8886DFA5AB641417DF4D3B7F5512E c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2006-07-05 10:56 1049088 CE4AF1FA47A29ADF97CB107775CE395C c:\windows\SoftwareDistribution\Download\2c61126e1b5afef4a119b36d8404bf1f\sp2gdr\kernel32.dll
[-] 2004-08-19 23:09 1048576 C88F74591579DBDE273C61312B2D3886 c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\kernel32.dll
[-] 2009-03-21 14:07 1054720 98F08549604D090B6B2514AF845F329F c:\windows\system32\kernel32.dll
[-] 2009-03-21 14:07 1054720 98F08549604D090B6B2514AF845F329F c:\windows\system32\dllcache\kernel32.dll

[-] 2004-08-19 23:09 17408 29D5E58FB089C41898A81BD4C8970F22 c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2008-04-14 02:33 17408 9F2C862E39BF8E8FC51C3F6A6BCEB415 c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2004-08-19 23:09 17408 29D5E58FB089C41898A81BD4C8970F22 c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\powrprof.dll
[-] 2008-04-14 02:33 17408 9F2C862E39BF8E8FC51C3F6A6BCEB415 c:\windows\system32\powrprof.dll

[-] 2004-08-19 23:09 110080 E55DAFA1A354BD5CB69151563DC9748A c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2008-04-14 02:33 110080 0469B73DB32E5520F342C5E163AA3CCA c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2004-08-19 23:09 110080 E55DAFA1A354BD5CB69151563DC9748A c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\imm32.dll
[-] 2008-04-14 02:33 110080 0469B73DB32E5520F342C5E163AA3CCA c:\windows\system32\imm32.dll

[-] 2008-06-23 16:15 3088384 A9D7198AAAC327D413D7941B2C0046A4 c:\windows\$hf_mig$\KB953838\SP2QFE\mshtml.dll
[-] 2008-06-23 15:10 3088384 DB0D7FB7B08ED1A861ACDD3A684049DD c:\windows\$hf_mig$\KB953838\SP3GDR\mshtml.dll
[-] 2008-06-25 04:26 3088896 8758CE41A129C23B1A1BD7C9FEE2CCCB c:\windows\$hf_mig$\KB953838\SP3QFE\mshtml.dll
[-] 2008-08-26 09:10 3594752 0F345A2FE55C3DC9693AAAF2E983F4AD c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-10-16 10:23 3088384 14BBFF7E52B9FF4645AB4EF9D4CE6182 c:\windows\$hf_mig$\KB958215\SP2QFE\mshtml.dll
[-] 2008-10-16 01:01 3088896 CC8B4DA84F4621329ACA3F7A81584F83 c:\windows\$hf_mig$\KB958215\SP3GDR\mshtml.dll
[-] 2008-10-16 05:34 3088896 72299C6CD21801EAB5CBBC3F7B1DB195 c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll
[-] 2008-10-16 19:33 3595264 EB75C0C66C633D0EFD0176450F8857F8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[-] 2008-12-12 17:29 3088384 19442577E63238262B8CA132E64FA5BE c:\windows\$hf_mig$\KB960714\SP2QFE\mshtml.dll
[-] 2008-12-12 17:02 3088896 A3C8A9D3F61F721FCA1A841164FB0CF2 c:\windows\$hf_mig$\KB960714\SP3GDR\mshtml.dll
[-] 2008-12-12 17:14 3088896 6F69E698F11B1214F05195873B73BED4 c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll
[-] 2009-01-16 16:20 3596288 F386435C5E0A5D86E9F90B659D4F6075 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 2009-02-21 06:48 3596800 D79AEC545A98057155099FB69BB3C4D3 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[-] 2009-04-29 04:37 3598336 246F148CD2E4F5AE164C1890D0A06420 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[-] 2009-05-13 05:07 5936128 C153CCC6BA78182DFA3CD23086EA5BDB c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[-] 2009-07-19 13:06 5938176 19C9FC84B91467171674D76EB0224D48 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[-] 2004-08-19 23:09 3003392 7CA9E0D2C4DCA6B710FD57F40E597337 c:\windows\$NtServicePackUninstall$\mshtml.dll
[-] 2004-11-11 18:51 2693120 D751F13A1A8653BFB92A481A315EC801 c:\windows\$NtUninstallKB890923-IE6SP1-20050225.103456$\mshtml.dll
[-] 2005-02-24 12:02 2811904 992794EB29711675EEC5F4904191D38D c:\windows\$NtUninstallKB896727-IE6SP1-20050719.165959$\mshtml.dll
[-] 2005-07-19 10:39 2699264 B23994326468D1EE073D1F4D2AE8E6F3 c:\windows\$NtUninstallKB905915-IE6SP1-20051122.175908$\mshtml.dll
[-] 2005-11-22 16:39 2700288 79D863AEE0283CBEDED1355F7854C063 c:\windows\$NtUninstallKB912812-IE6SP1-20060322.182418$\mshtml.dll
[-] 2003-08-02 20:03 2833920 195ECED9CA2D18CCEB5C383220D8ED44 c:\windows\$NtUninstallKB918899-IE6SP1-20060725.123917$\mshtml.dll
[-] 2004-08-19 23:09 3003392 7CA9E0D2C4DCA6B710FD57F40E597337 c:\windows\$NtUninstallKB953838$\mshtml.dll
[-] 2008-06-23 15:40 3080704 FAA707F1143B2CB58ED7BD4F0758BADE c:\windows\$NtUninstallKB960714$\mshtml.dll
[-] 2008-12-12 17:35 3081216 C4CAE99E2AB643B25D0484D5E985960D c:\windows\ie7\mshtml.dll
[-] 2007-08-13 17:54 3578368 C6EC2493346ED8888A549F59210A8ED3 c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2008-08-27 13:41 3593216 3CCDB836BBAB800FDED3181AF7EED38F c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[-] 2008-10-17 00:48 3593216 74BF6087086364FA96BF047DA7C9EB38 c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[-] 2009-01-16 19:15 3594752 0975BFBBCF2639C8BB5C0790F020DE6C c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[-] 2009-02-20 17:10 3595264 78068F040272D5EEF5198B3C75DD4D99 c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[-] 2009-04-29 04:45 3596288 9B6478E6F9E83A04B6DA76FA61BB1FA7 c:\windows\ie8\mshtml.dll
[-] 2009-03-08 02:41 5937152 D469A0EBA2EF5C6BEE8065B7E3196E5E c:\windows\ie8updates\KB969897-IE8\mshtml.dll
[-] 2009-05-13 05:04 5936128 F73E32A6674F1D59D6D88C88D2536BAC c:\windows\ie8updates\KB972260-IE8\mshtml.dll
[-] 2008-04-14 02:33 3066880 C4153F037157C7BE7C54FD88887F027D c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2009-07-19 13:15 5937152 29AA8EA1DAA83DBEC54916669BF09077 c:\windows\SoftwareDistribution\Download\0f3a0a7485e4c6588c69d8373eca4823\SP3GDR\mshtml.dll
[-] 2009-07-19 13:06 5938176 19C9FC84B91467171674D76EB0224D48 c:\windows\SoftwareDistribution\Download\0f3a0a7485e4c6588c69d8373eca4823\SP3QFE\mshtml.dll
[-] 2009-05-13 05:04 5936128 F73E32A6674F1D59D6D88C88D2536BAC c:\windows\SoftwareDistribution\Download\40bc3e8679e1bad2a30cd389d408d57e\SP3GDR\mshtml.dll
[-] 2009-05-13 05:07 5936128 C153CCC6BA78182DFA3CD23086EA5BDB c:\windows\SoftwareDistribution\Download\40bc3e8679e1bad2a30cd389d408d57e\SP3QFE\mshtml.dll
[-] 2008-06-24 08:28 3592192 03F74B51CC156B0E78D998DDF0EF31C1 c:\windows\SoftwareDistribution\Download\848074f054596c97d2468deeb41d6ba1\SP2GDR\mshtml.dll
[-] 2008-06-23 15:40 3594240 A01EF08ACFF24D6E4987804BFD306AA4 c:\windows\SoftwareDistribution\Download\848074f054596c97d2468deeb41d6ba1\SP2QFE\mshtml.dll
[-] 2006-05-19 14:09 2702848 377CF38C1E41B8E08110322C7E2C4A37 c:\windows\SoftwareDistribution\Download\aeec9fb3604e3d5301683bcf10e5b4d2\rtmgdr\mshtml.dll
[-] 2006-05-19 22:52 2709504 0883AF0197F69C54FE94EA17F03F52C9 c:\windows\SoftwareDistribution\Download\aeec9fb3604e3d5301683bcf10e5b4d2\RTMQFE\mshtml.dll
[-] 2004-08-19 23:09 3003392 7CA9E0D2C4DCA6B710FD57F40E597337 c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\mshtml.dll
[-] 2005-01-27 15:02 2806272 A8B32DA5B897FAFC0F1629DC20741B46 c:\windows\SoftwareDistribution\Download\e2b2a65f5ac60f19171d8ab8040f71da\rtmgdr\mshtml.dll
[-] 2005-01-28 00:23 2699776 5BFDBE1A7011B3318454EB0D36DC4927 c:\windows\SoftwareDistribution\Download\e2b2a65f5ac60f19171d8ab8040f71da\RTMQFE\mshtml.dll
[-] 2009-07-19 13:15 5937152 29AA8EA1DAA83DBEC54916669BF09077 c:\windows\system32\mshtml.dll
[-] 2009-07-19 13:15 5937152 29AA8EA1DAA83DBEC54916669BF09077 c:\windows\system32\dllcache\mshtml.dll

[-] 2004-08-19 23:00 25216 E798705E8DC7FAB596EF6BFDF167E007 c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2008-04-14 03:05 25216 16813155807C6881F4BFBF6657424659 c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2004-08-19 23:00 25216 E798705E8DC7FAB596EF6BFDF167E007 c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\kbdclass.sys
[-] 2008-04-14 03:05 25216 16813155807C6881F4BFBF6657424659 c:\windows\system32\drivers\kbdclass.sys
[-] 2003-08-02 20:40 24064 9BB4976AACD2C9DF788AFCC53ABB790C c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\kbdclass.sys
[-] 2003-08-02 20:40 24064 9BB4976AACD2C9DF788AFCC53ABB790C c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\kbdclass.sys
[-] 2003-08-02 20:40 24064 9BB4976AACD2C9DF788AFCC53ABB790C c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\kbdclass.sys
[-] 2003-08-02 20:40 24064 9BB4976AACD2C9DF788AFCC53ABB790C c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\kbdclass.sys
[-] 2003-08-02 20:40 24064 9BB4976AACD2C9DF788AFCC53ABB790C c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\kbdclass.sys
[-] 2003-08-02 20:40 24064 9BB4976AACD2C9DF788AFCC53ABB790C c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\kbdclass.sys

[-] 2004-08-19 23:09 851968 E2F47BBB69D1E4E5ED1AF720893B4460 c:\windows\$NtServicePackUninstall$\comres.dll
[-] 2008-04-14 02:33 851968 F4B7146C7EED6C4E158DCD9B5266C25A c:\windows\ServicePackFiles\i386\comres.dll
[-] 2004-08-19 23:09 851968 E2F47BBB69D1E4E5ED1AF720893B4460 c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\comres.dll
[-] 2008-04-14 02:33 851968 F4B7146C7EED6C4E158DCD9B5266C25A c:\windows\system32\comres.dll

[-] 2004-08-19 23:09 22016 3236A6A1650E6C055FD5E87D7C4A05AD c:\windows\$NtServicePackUninstall$\lpk.dll
[-] 2008-04-14 02:33 22016 982B2C204337C3B12211E1E1D9BA8C9C c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2004-08-19 23:09 22016 3236A6A1650E6C055FD5E87D7C4A05AD c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\lpk.dll
[-] 2008-04-14 02:33 22016 982B2C204337C3B12211E1E1D9BA8C9C c:\windows\system32\lpk.dll

[-] 2003-08-02 20:12 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\beep.sys
[-] 2003-08-02 20:12 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\drivers\beep.sys

[-] 2003-08-02 20:04 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\dllcache\null.sys
[-] 2003-08-02 20:04 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\drivers\null.sys

[-] 2004-08-04 05:39 142464 841F385C6CFAF66B58FBD898722BB4F0 c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2008-04-13 17:39 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\ServicePackFiles\i386\aec.sys
[-] 2004-08-04 05:39 142464 841F385C6CFAF66B58FBD898722BB4F0 c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\aec.sys
[-] 2008-04-13 17:39 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\system32\drivers\aec.sys

[-] 2003-08-02 20:14 924432 E1A34560BF6CE7C703BB67EC4FA70F43 c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2008-04-14 02:33 927504 CE21FE79AD3B913A79E0C742BED6BF85 c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 02:33 927504 CE21FE79AD3B913A79E0C742BED6BF85 c:\windows\system32\mfc40u.dll

[-] 2005-01-14 08:56 395776 EAB055D3580A4D7C66DA05C7160EE5C1 c:\windows\$hf_mig$\KB873333\SP2GDR\rpcss.dll
[-] 2005-01-14 05:08 395776 05E8F98BC17FCCE18D7DB332A81B8DDE c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll
[-] 2005-07-26 04:40 397824 CB7D37602638369A516757E994CBB31D c:\windows\$hf_mig$\KB902400\SP2GDR\rpcss.dll
[-] 2005-07-26 04:29 398336 B38D431ACE730452CD1FEE4FB7ECD6E2 c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2009-02-09 10:56 401408 F83B964469D230F445613C44DF9FE25D c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2005-01-14 08:56 395776 EAB055D3580A4D7C66DA05C7160EE5C1 c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2004-08-19 23:09 395776 C6FE0B727A5D13419D480150631ADC09 c:\windows\$NtUninstallKB873333$\rpcss.dll
[-] 2004-03-06 02:17 263680 7FED4B8DE8179DF20A4D16CBF0D95E1D c:\windows\$NtUninstallKB873333_0$\rpcss.dll
[-] 2005-01-14 05:34 284672 C69EAA314D3F4942DB7CE3DE59312FC2 c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2008-04-14 02:33 399360 3D65EB82E1FA6DB15A33E024C9E03CAB c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 02:33 399360 3D65EB82E1FA6DB15A33E024C9E03CAB c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2004-08-19 23:09 395776 C6FE0B727A5D13419D480150631ADC09 c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\rpcss.dll
[-] 2009-02-09 10:53 401408 0203B1AAD358F206CB0A3C1F93CCE17A c:\windows\system32\rpcss.dll
[-] 2009-02-09 10:53 401408 0203B1AAD358F206CB0A3C1F93CCE17A c:\windows\system32\dllcache\rpcss.dll

[-] 2004-08-19 23:09 33792 DE71362123E81D268088E78543752576 c:\windows\$NtServicePackUninstall$\msgsvc.dll
[-] 2008-04-14 02:33 33792 E67A66A3781C1A483F0F8992664CBE0D c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2004-08-19 23:09 33792 DE71362123E81D268088E78543752576 c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\msgsvc.dll
[-] 2008-04-14 02:33 33792 E67A66A3781C1A483F0F8992664CBE0D c:\windows\system32\msgsvc.dll

[-] 2006-08-25 15:51 617472 5BBCD65CFD7610F36BCA96B72BBAED4B c:\windows\$hf_mig$\KB923191\SP2QFE\comctl32.dll
[-] 2004-08-19 23:09 611328 7D3AA1F0E765054CB5F30114F2DB6888 c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2003-08-02 20:11 557056 676445DF1322A8DC49E99D2D3688D230 c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2003-08-03 10:09 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL
[-] 2008-04-14 02:33 617472 B4AA331468315B6A174C3F0D5B3BC135 c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2006-07-13 13:52 925184 6E1F6582179FB6C0531599DD03EF380A c:\windows\SoftwareDistribution\Download\58ef93a94d01d24242f4e233677924c2\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2004-12-21 11:00 921600 2528F189C51E036E0ADF687A233797B0 c:\windows\SoftwareDistribution\Download\7ecc3f6c769aa68938447d7a00ee2f8e\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2005-08-31 16:50 925184 7BCD276EEE605DF05B160DBD265DEB05 c:\windows\SoftwareDistribution\Download\a20dc986c94132560aec16a0ce3c192a\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2004-08-19 23:09 611328 7D3AA1F0E765054CB5F30114F2DB6888 c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\comctl32.dll
[-] 2004-08-19 23:07 1050624 7B5D86AF13CEF261180CC0F3BF094366 c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2008-04-14 02:33 617472 B4AA331468315B6A174C3F0D5B3BC135 c:\windows\system32\comctl32.dll
[-] 2006-03-17 05:04 925184 83F339913E0DC8CC16566D48C8310B13 c:\windows\WinSxS\InstallTemp\595630\comctl32.dll
[-] 2003-08-03 10:09 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2003-08-03 10:09 921600 4DB6E9BE9D620099256BA281654E1A73 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
[-] 2004-02-21 03:07 921600 8A9C54692387060AAD0AB02D75896A59 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1331_x-ww_7abf6d02\comctl32.dll
[-] 2004-08-20 13:53 921600 A80C4A6AB0C6B3B2CB7133AA1AD145A0 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1579_x-ww_7bbf8d08\comctl32.dll
[-] 2005-03-11 15:52 925184 9938636512E7DAFC2E5A0828915950B0 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
[-] 2005-08-31 16:50 925184 7BCD276EEE605DF05B160DBD265DEB05 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1740_x-ww_7cb8ab44\comctl32.dll
[-] 2006-03-16 20:04 925184 83F339913E0DC8CC16566D48C8310B13 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1816_x-ww_7d33ba0e\comctl32.dll
[-] 2006-07-13 13:52 925184 6E1F6582179FB6C0531599DD03EF380A c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1873_x-ww_7d39bb85\comctl32.dll
[-] 2006-08-25 15:54 925184 9724ECD4529AF317DD5BD6194EB6428C c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1891_x-ww_7d3bbc01\comctl32.dll
[-] 2004-08-19 23:07 1050624 7B5D86AF13CEF261180CC0F3BF094366 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2008-04-14 02:30 1054208 F92E6BEA9349D49341383F8403B4DFE5 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 2003-08-02 20:11 12032 E4ABC1212B70BB03D35E60681C447210 c:\windows\system32\dllcache\acpiec.sys
[-] 2003-08-02 20:11 12032 E4ABC1212B70BB03D35E60681C447210 c:\windows\system32\drivers\acpiec.sys

[-] 2004-08-19 23:09 5120 BB695F18354B38CFF693E67EE7A30C22 c:\windows\$NtServicePackUninstall$\sfc.dll
[-] 2008-04-14 02:33 5120 9A4E7ECBB5B7FB86F3B926AB039F4FEC c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2004-08-19 23:09 5120 BB695F18354B38CFF693E67EE7A30C22 c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\sfc.dll
[-] 2008-04-14 02:33 5120 9A4E7ECBB5B7FB86F3B926AB039F4FEC c:\windows\system32\sfc.dll

[-] 2004-08-19 23:09 407040 D4CFAC76926C24E32B7F25A35C31BC6E c:\windows\$NtServicePackUninstall$\netlogon.dll
[-] 2008-04-14 02:33 407040 04821179C3171554C1BD1F9888A113E2 c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2004-08-19 23:09 407040 D4CFAC76926C24E32B7F25A35C31BC6E c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\netlogon.dll
[-] 2008-04-14 02:33 407040 04821179C3171554C1BD1F9888A113E2 c:\windows\system32\netlogon.dll

[-] 2004-08-19 23:09 382464 659F7B6C502051BFA37910614B225548 c:\windows\$NtServicePackUninstall$\qmgr.dll
[-] 2008-04-14 02:33 409088 BAA0B6E647C1AD593E9BAE5CC31BCFFB c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2004-08-19 23:09 382464 659F7B6C502051BFA37910614B225548 c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\qmgr.dll
[-] 2008-04-14 02:33 409088 BAA0B6E647C1AD593E9BAE5CC31BCFFB c:\windows\system32\qmgr.dll
[-] 2008-04-14 02:33 409088 BAA0B6E647C1AD593E9BAE5CC31BCFFB c:\windows\system32\bits\qmgr.dll

[-] 2004-08-04 06:05 14336 02000ABF34AF4C218C35D257024807D6 c:\windows\$NtServicePackUninstall$\asyncmac.sys
[-] 2008-04-13 18:57 14336 B153AFFAC761E7F5FCFA822B9C4E97BC c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2004-08-04 06:05 14336 02000ABF34AF4C218C35D257024807D6 c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\asyncmac.sys
[-] 2008-04-13 18:57 14336 B153AFFAC761E7F5FCFA822B9C4E97BC c:\windows\system32\drivers\asyncmac.sys

[-] 2004-08-04 06:15 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2003-08-03 10:02 561920 E3AE9C79498210A5F39FE5A9AD62BC55 c:\windows\I386\NTFS.SYS
[-] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2004-08-04 06:15 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\ntfs.sys
[-] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\system32\drivers\ntfs.sys

[-] 2004-08-19 23:09 171008 CE978404558CE2D82896AC2032F06DBF c:\windows\$NtServicePackUninstall$\srsvc.dll
[-] 2008-04-14 02:33 171520 6ED29124A1C83BD0CF6B26BD01CA6F6F c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2004-08-19 23:09 171008 CE978404558CE2D82896AC2032F06DBF c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\srsvc.dll
[-] 2008-04-14 02:33 171520 6ED29124A1C83BD0CF6B26BD01CA6F6F c:\windows\system32\srsvc.dll

[-] 2004-08-19 23:10 13824 8558905BA81F6EFAAF9667139BB117DD c:\windows\$NtServicePackUninstall$\wscntfy.exe
[-] 2008-04-14 02:34 13824 02DA31AB433A6C1110A736C85701DECA c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2004-08-19 23:10 13824 8558905BA81F6EFAAF9667139BB117DD c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\wscntfy.exe
[-] 2008-04-14 02:34 13824 02DA31AB433A6C1110A736C85701DECA c:\windows\system32\wscntfy.exe

[-] 2004-08-19 23:09 438272 951543FFB84012D13F4CB09DA2EACE96 c:\windows\$NtServicePackUninstall$\ntmssvc.dll
[-] 2008-04-14 02:33 438272 037D92B3A7853A183FCAB77FB1D13D6C c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2004-08-19 23:09 438272 951543FFB84012D13F4CB09DA2EACE96 c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\ntmssvc.dll
[-] 2008-04-14 02:33 438272 037D92B3A7853A183FCAB77FB1D13D6C c:\windows\system32\ntmssvc.dll

[-] 2004-08-19 23:09 89088 03D5509F513EAC463D1C5B3601EBC62C c:\windows\$NtServicePackUninstall$\rasauto.dll
[-] 2008-04-14 02:33 88576 78DA9CCDAC683EF5AA87D1C919F6D221 c:\windows\ServicePackFiles\i386\rasauto.dll
[-] 2004-08-19 23:09 89088 03D5509F513EAC463D1C5B3601EBC62C c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\rasauto.dll
[-] 2008-04-14 02:33 88576 78DA9CCDAC683EF5AA87D1C919F6D221 c:\windows\system32\rasauto.dll

[-] 2004-08-19 23:09 1548288 6D8F3AC555E3F8A569AA9B2A817698C1 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2008-04-14 02:33 1571840 E17C85D5B5CF477638433B851A98499E c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2004-08-19 23:09 1548288 6D8F3AC555E3F8A569AA9B2A817698C1 c:\windows\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\sfcfiles.dll
[-] 2008-04-14 02:33 1571840 E17C85D5B5CF477638433B851A98499E c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-19 39408]
"NVIEW"="nview.dll" - c:\windows\system32\nview.dll [2003-05-03 835654]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-03 4640768]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-03 148888]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-05 28672]

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 8.0 Icône AOL.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 8.0 Icône AOL.lnk
backup=c:\windows\pss\AOL 8.0 Icône AOL.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Gestionnaire de APM.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Gestionnaire de APM.lnk
backup=c:\windows\pss\Gestionnaire de APM.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Gestionnaire de lancement d'application fax.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Gestionnaire de lancement d'application fax.lnk
backup=c:\windows\pss\Gestionnaire de lancement d'application fax.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinScheduler.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinScheduler.lnk
backup=c:\windows\pss\InterVideo WinScheduler.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkvMon.exe.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\NkvMon.exe.lnk
backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^PyGrenouille.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\PyGrenouille.lnk
backup=c:\windows\pss\PyGrenouille.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^ubisoft register.lnk]
path=c:\documents and settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\ubisoft register.lnk
backup=c:\windows\pss\ubisoft register.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"G6FTPServer"=2 (0x2)
"XCOMM"=2 (0x2)
"bdss"=2 (0x2)
"SharedAccess"=2 (0x2)
"MDM"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate1c9d8a71961d5f0"=2 (0x2)
"ccPxySvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\emule\\emule.exe"=
"c:\\Program Files\\emule2\\emule.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

S1 tvtool;tvtool;\??\c:\program files\TVTool 9.6.1\tvtool.sys --> c:\program files\TVTool 9.6.1\tvtool.sys [?]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [17/11/2008 18:58 69656]
S2 FILESpy;FILESpy;\??\c:\program files\Softwin\BitDefender Professional Edition\filespy.sys --> c:\program files\Softwin\BitDefender Professional Edition\filespy.sys [?]
S3 e4usbae;USB ADSL2 LAN Adapter;c:\windows\system32\drivers\e4usbae.sys [17/11/2008 18:58 89600]
S3 fbxusb;FreeBox USB Network Adapter;c:\windows\system32\drivers\fbxusb.sys [01/04/2004 22:43 18848]
S3 NUVision;NUVision II Video Service;c:\windows\system32\drivers\nuvvid2.sys [27/01/2005 22:47 153760]
S4 gupdate1c9d8a71961d5f0;Service Google Update (gupdate1c9d8a71961d5f0);c:\program files\Google\Update\GoogleUpdate.exe [19/05/2009 19:27 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-19 17:27]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-Symantec NetDriver Warning - c:\progra~1\SYMNET~1\SNDWarn.exe
ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - (no file)
SafeBoot-sglfb.sys
SafeBoot-tga.sys
SafeBoot-wd.sys
SafeBoot-sacsvr

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://srch-qfr9.hpwis.com/
mWindow Title =
uInternet Settings,ProxyServer = proxy.free.fr:3128
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} - hxxp://www.pixdiscount.fr/clients/ImageUploader3.cab
FF - ProfilePath - c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\yeyytcji.default\
FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://fr.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npornap.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-07 16:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,a6,8f,04,38,4d,93,44,a4,45,d0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,a6,8f,04,38,4d,93,44,a4,45,d0,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Dbgagt\1*]
"value"="?\0b\05\09\0b\07\1aú"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1260)
c:\windows\system32\sockspy.dll

- - - - - - - > 'lsass.exe'(1332)
c:\windows\system32\sockspy.dll
.
Completion time: 2009-08-07 16:17
ComboFix-quarantined-files.txt 2009-08-07 14:17

Pre-Run: 15 642 144 768 octets libres
Post-Run: 15 652 827 136 octets libres

568 --- E O F --- 2009-08-02 21:03
0
Réponse 27 / 38
Utilisateur anonyme
 
Les derniers rapports sont bizarres.Désinstalles le programme rsit .Tu le retélécharges et tu l'installes a nouveau .Post le rapport qu'il va générer.a+
0
Réponse 28 / 38
manucool Messages postés 139 Statut Membre 1
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by Propriétaire at 2009-08-07 18:31:05
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 15 GB (21%) free of 72 GB
Total RAM: 511 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:31:32, on 07/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Propriétaire\Bureau\RSIT.exe
C:\Documents and Settings\Propriétaire\Bureau\Propriétaire.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} - http://www.pixdiscount.fr/clients/ImageUploader3.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
0
Réponse 29 / 38
Utilisateur anonyme
 
• Télécharger : http://www.gmer.net#files
• Dézipper le programme.
• Double cliquer sur Gmer.exe
• Le programme se lance et fait un auto scan (il s'agit de l'onglet : Rootkit/Malware).

=> Des lignes rouges doivent apparaitre en cas d'infection :
• sur ces lignes rouges:
o Services: Clique droit puis delete service
o Process: Clique droit puis kill process
o Adl, file: Clique droit puis delete files
• Copie le contenu et colle le dans ta réponse.

0
Réponse 30 / 38
manucool Messages postés 139 Statut Membre 1
 
Aucune ligne rouge...

GMER 1.0.15.15020 - http://www.gmer.net
Autostart scan 2009-08-10 12:49:35
Windows 5.1.2600 Service Pack 3

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
igfxcui@DLLName = igfxsrvc.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
JavaQuickStarterService@ = "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
NVSvc@ = %SystemRoot%\System32\nvsvc32.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
UMWdf@ = C:\WINDOWS\System32\wdfmgr.exe
vsmon@ = C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
WANMiniportService@ = "C:\WINDOWS\wanmpsvc.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
@hpsysdrvc:\windows\system\hpsysdrv.exe = c:\windows\system\hpsysdrv.exe
@HotKeysCmdsC:\WINDOWS\System32\hkcmd.exe = C:\WINDOWS\System32\hkcmd.exe
@ATIModeChangeAti2mdxx.exe = Ati2mdxx.exe
@ZoneAlarm Client"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
@SunJavaUpdateSched"C:\Program Files\Java\jre6\bin\jusched.exe" = "C:\Program Files\Java\jre6\bin\jusched.exe"
@QuickTime Task"C:\Program Files\QuickTime\qttask.exe" -atboottime /*file not found*/ = "C:\Program Files\QuickTime\qttask.exe" -atboottime /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NVIEWrundll32.exe nview.dll,nViewLoadHook = rundll32.exe nview.dll,nViewLoadHook
@swgC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Extension Affichage Panorama du Panneau de configuration*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7F67036B-66F1-411A-AD85-759FB9C5B0DB} /*SampleView*/C:\WINDOWS\System32\ShellvRTF.dll = C:\WINDOWS\System32\ShellvRTF.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Explorateur de Bureau*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Dossiers Web*/C:\PROGRA~1\FICHIE~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FICHIE~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office10\msohev.dll = C:\Program Files\Microsoft Office\Office10\msohev.dll
@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} /*BitDefender Antivirus v7*/C:\Program Files\Softwin\BitDefender Professional Edition\bdshelxt.dll = C:\Program Files\Softwin\BitDefender Professional Edition\bdshelxt.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{D3581EB7-5E16-4182-9F58-86FA713B42F9} /*AOL*/C:\PROGRA~1\FICHIE~1\aolshare\shell\fr\shellext.dll = C:\PROGRA~1\FICHIE~1\aolshare\shell\fr\shellext.dll
@{310A0C95-EA11-42AE-A8E4-53E69E650310} /*ZipGenius Zip Drop handler*/C:\ZIPGEN~1\DROPHA~1.DLL = C:\ZIPGEN~1\DROPHA~1.DLL
@{FE8D01BF-610A-4261-9C6E-32D65A42C907} /*ZipGenius 5.5 DnD Extract handler*/C:\ZIPGEN~1\ZGDRAG~1.DLL = C:\ZIPGEN~1\ZGDRAG~1.DLL
@{2E5AC2E0-406D-11D4-86B3-FA5861508E25} /*ZipGenius Zip InfoTip*/C:\ZIPGEN~1\zgtips.dll = C:\ZIPGEN~1\zgtips.dll
@{3E307794-57B9-473A-98CC-4A039255063F} /*OpenOffice.org/ZipGenius Shell Extension*/C:\ZIPGEN~1\oodll.dll = C:\ZIPGEN~1\oodll.dll
@{C169E5F0-E2B3-41F3-B81A-7BA529CBE193} /*ZipGenius Shell Extension*/C:\ZIPGEN~1\contmenu.dll = C:\ZIPGEN~1\contmenu.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/(null) =
@{2AA59FC0-31E8-42DA-9D3C-E9A52953853B} /*CopyToCD shell extension*/(null) =
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Program Files\Real\RealPlayer\rpshell.dll = C:\Program Files\Real\RealPlayer\rpshell.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/c:\WINDOWS\system32\dfshim.dll = c:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/c:\WINDOWS\system32\dfshim.dll = c:\WINDOWS\system32\dfshim.dll
@{BD88A479-9623-4897-8546-BC62B9628F44} /*SPTHandler*/(null) =
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll = C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\msoshext.dll
@{D9872D13-7651-4471-9EEE-F0A00218BEBB} /*Multiscan*/C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{11016101-E366-4D22-BC06-4ADA335C892B} /*IE History and Feeds Shell Data Source for Windows Search*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Dossiers Web*/ = C:\PROGRA~1\FICHIE~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
BitDefender Antivirus v7@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = C:\Program Files\Softwin\BitDefender Professional Edition\bdshelxt.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
ZipGenius 5@{C169E5F0-E2B3-41F3-B81A-7BA529CBE193} = C:\ZIPGEN~1\contmenu.dll
ZLAVShExt@{D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
ZipGenius 5@{C169E5F0-E2B3-41F3-B81A-7BA529CBE193} = C:\ZIPGEN~1\contmenu.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
BitDefender Antivirus v7@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = C:\Program Files\Softwin\BitDefender Professional Edition\bdshelxt.dll
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
ZLAVShExt@{D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{18DF081C-E8AD-4283-A596-FA578C2EBDC3}C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll = C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
@{3049C3E9-B461-4BC5-8870-4C09146192CA}C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll = C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll = C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
@{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll = C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
@{C451C08A-EC37-45DF-AAAD-18B51AB5E837}C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll = C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
@{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll = C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll = C:\Program Files\Java\jre6\bin\jp2ssv.dll
@{E7E6F031-17CE-4C07-BC86-EABFE594F69C}C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll = C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttps://www.msn.com/fr-fr/?ocid=iehp = https://www.msn.com/fr-fr/?ocid=iehp
@Start Pagehttps://www.msn.com/fr-fr = https://www.msn.com/fr-fr
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttps://www.google.fr/?gws_rd=ssl = https://www.google.fr/?gws_rd=ssl
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\x-sdch@CLSID = C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll
msnim@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005@LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll

---- EOF - GMER 1.0.15 ----
0
Réponse 31 / 38
manucool Messages postés 139 Statut Membre 1
 
Aucune ligne rouge...

GMER 1.0.15.15020 - http://www.gmer.net
Autostart scan 2009-08-10 12:49:35
Windows 5.1.2600 Service Pack 3

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
igfxcui@DLLName = igfxsrvc.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
JavaQuickStarterService@ = "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
NVSvc@ = %SystemRoot%\System32\nvsvc32.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
UMWdf@ = C:\WINDOWS\System32\wdfmgr.exe
vsmon@ = C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
WANMiniportService@ = "C:\WINDOWS\wanmpsvc.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
@hpsysdrvc:\windows\system\hpsysdrv.exe = c:\windows\system\hpsysdrv.exe
@HotKeysCmdsC:\WINDOWS\System32\hkcmd.exe = C:\WINDOWS\System32\hkcmd.exe
@ATIModeChangeAti2mdxx.exe = Ati2mdxx.exe
@ZoneAlarm Client"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
@SunJavaUpdateSched"C:\Program Files\Java\jre6\bin\jusched.exe" = "C:\Program Files\Java\jre6\bin\jusched.exe"
@QuickTime Task"C:\Program Files\QuickTime\qttask.exe" -atboottime /*file not found*/ = "C:\Program Files\QuickTime\qttask.exe" -atboottime /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NVIEWrundll32.exe nview.dll,nViewLoadHook = rundll32.exe nview.dll,nViewLoadHook
@swgC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Extension Affichage Panorama du Panneau de configuration*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7F67036B-66F1-411A-AD85-759FB9C5B0DB} /*SampleView*/C:\WINDOWS\System32\ShellvRTF.dll = C:\WINDOWS\System32\ShellvRTF.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Explorateur de Bureau*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Dossiers Web*/C:\PROGRA~1\FICHIE~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FICHIE~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office10\msohev.dll = C:\Program Files\Microsoft Office\Office10\msohev.dll
@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} /*BitDefender Antivirus v7*/C:\Program Files\Softwin\BitDefender Professional Edition\bdshelxt.dll = C:\Program Files\Softwin\BitDefender Professional Edition\bdshelxt.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{D3581EB7-5E16-4182-9F58-86FA713B42F9} /*AOL*/C:\PROGRA~1\FICHIE~1\aolshare\shell\fr\shellext.dll = C:\PROGRA~1\FICHIE~1\aolshare\shell\fr\shellext.dll
@{310A0C95-EA11-42AE-A8E4-53E69E650310} /*ZipGenius Zip Drop handler*/C:\ZIPGEN~1\DROPHA~1.DLL = C:\ZIPGEN~1\DROPHA~1.DLL
@{FE8D01BF-610A-4261-9C6E-32D65A42C907} /*ZipGenius 5.5 DnD Extract handler*/C:\ZIPGEN~1\ZGDRAG~1.DLL = C:\ZIPGEN~1\ZGDRAG~1.DLL
@{2E5AC2E0-406D-11D4-86B3-FA5861508E25} /*ZipGenius Zip InfoTip*/C:\ZIPGEN~1\zgtips.dll = C:\ZIPGEN~1\zgtips.dll
@{3E307794-57B9-473A-98CC-4A039255063F} /*OpenOffice.org/ZipGenius Shell Extension*/C:\ZIPGEN~1\oodll.dll = C:\ZIPGEN~1\oodll.dll
@{C169E5F0-E2B3-41F3-B81A-7BA529CBE193} /*ZipGenius Shell Extension*/C:\ZIPGEN~1\contmenu.dll = C:\ZIPGEN~1\contmenu.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/(null) =
@{2AA59FC0-31E8-42DA-9D3C-E9A52953853B} /*CopyToCD shell extension*/(null) =
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Program Files\Real\RealPlayer\rpshell.dll = C:\Program Files\Real\RealPlayer\rpshell.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/c:\WINDOWS\system32\dfshim.dll = c:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/c:\WINDOWS\system32\dfshim.dll = c:\WINDOWS\system32\dfshim.dll
@{BD88A479-9623-4897-8546-BC62B9628F44} /*SPTHandler*/(null) =
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll = C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\msoshext.dll
@{D9872D13-7651-4471-9EEE-F0A00218BEBB} /*Multiscan*/C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{11016101-E366-4D22-BC06-4ADA335C892B} /*IE History and Feeds Shell Data Source for Windows Search*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Dossiers Web*/ = C:\PROGRA~1\FICHIE~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
BitDefender Antivirus v7@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = C:\Program Files\Softwin\BitDefender Professional Edition\bdshelxt.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
ZipGenius 5@{C169E5F0-E2B3-41F3-B81A-7BA529CBE193} = C:\ZIPGEN~1\contmenu.dll
ZLAVShExt@{D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
ZipGenius 5@{C169E5F0-E2B3-41F3-B81A-7BA529CBE193} = C:\ZIPGEN~1\contmenu.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
BitDefender Antivirus v7@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = C:\Program Files\Softwin\BitDefender Professional Edition\bdshelxt.dll
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
ZLAVShExt@{D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{18DF081C-E8AD-4283-A596-FA578C2EBDC3}C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll = C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
@{3049C3E9-B461-4BC5-8870-4C09146192CA}C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll = C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll = C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
@{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll = C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
@{C451C08A-EC37-45DF-AAAD-18B51AB5E837}C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll = C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
@{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll = C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll = C:\Program Files\Java\jre6\bin\jp2ssv.dll
@{E7E6F031-17CE-4C07-BC86-EABFE594F69C}C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll = C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttps://www.msn.com/fr-fr/?ocid=iehp = https://www.msn.com/fr-fr/?ocid=iehp
@Start Pagehttps://www.msn.com/fr-fr = https://www.msn.com/fr-fr
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttps://www.google.fr/?gws_rd=ssl = https://www.google.fr/?gws_rd=ssl
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\x-sdch@CLSID = C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll
msnim@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005@LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll

---- EOF - GMER 1.0.15 ----
0
Réponse 32 / 38
Utilisateur anonyme
 
Télécharger Avenger : iciet décompressez sur votre bureau.
Ouvrir Avenger. Assurez-vous que la case "Scan for rootkits" et "Automatically disable any rootkits found"soit cochée. Copier, collez le texte suivant en gras dans la partie blanche sous input script here.
Files to delete:
c:\program files\altnet\points manager\points manager.exe -s
c:\Documents and Settings\Propriétaire\Application Data\drivers\winupgro.exe
c:\WINDOWS\system32\wintems.exe
c:\Documents and Settings\Propriétaire\Application Data\m\flec006.exe
c:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
c:\WINDOWS\system32\cologsver.exe

Registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drvsyskit
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\german.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mule_st_key
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Userinit
Cliquez sur "Exécute". Il vous sera demandé Etes-vous sûr que vous voulez exécuter le script courant?.. Cliquez sur Oui. Avenger va vous demandez si vous voulez redémmarer le pc . Cliquez sur Oui. Votre PC va maintenant être redémarré
Post le rapport avenger
------------------------------------------------------------------------------------------------
Apres avenger post un nouveau rapport rsit.a+

0
Réponse 33 / 38
manucool Messages postés 139 Statut Membre 1
 
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: could not open file "c:\program files\altnet\points manager\points manager.exe -s"
Deletion of file "c:\program files\altnet\points manager\points manager.exe -s" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: could not open file "c:\Documents and Settings\Propriétaire\Application Data\drivers\winupgro.exe"
Deletion of file "c:\Documents and Settings\Propriétaire\Application Data\drivers\winupgro.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: file "c:\WINDOWS\system32\wintems.exe" not found!
Deletion of file "c:\WINDOWS\system32\wintems.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: could not open file "c:\Documents and Settings\Propriétaire\Application Data\m\flec006.exe"
Deletion of file "c:\Documents and Settings\Propriétaire\Application Data\m\flec006.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: could not open file "c:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART"
Deletion of file "c:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: file "c:\WINDOWS\system32\cologsver.exe" not found!
Deletion of file "c:\WINDOWS\system32\cologsver.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry key "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drvsyskit" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\german.exe" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mule_st_key" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Userinit" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
0
Réponse 34 / 38
Utilisateur anonyme
 
Désactive et réactive la Restauration du système sous windows xp.
Le fait de faire cette manipulation va supprimer tous les virus qui auraient pu se loger dans les
points de restauration que tu avais créé auparavant.. Il est donc recommandé de la faire :
[1] Dans la barre des tâches de Windows, clique sur Démarrer.
[2] Clique avec le bouton droit de la souris sur Poste de travail puis clique sur Propriétés.
[3 ] Dans l'onglet Restauration du système, coche "Désactiver la Restauration du système"
[4 ] Clique sur Appliquer.
[5 ] Ensuite décoche "Désactiver la restauration du systeme"
[6 ] clique sur appliquer puis ok
[7 ] vas créer un point de restauration en cliquant sur démarrer => tous les programmes => accessoires => outils systeme => restauration du systeme => créer un point de restauration => tu mets un nom :(exemple :fin de désinfections) puis tu valides.
[8]Pensé a vider la corbeille.
----------------------------------------------------------------------------------------------------------------------
Comment se comporte ton pc ?
Pour vérification post un rsit.a+
0
Réponse 35 / 38
manucool Messages postés 139 Statut Membre 1
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by Propriétaire at 2009-08-10 20:54:47
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 17 GB (24%) free of 72 GB
Total RAM: 511 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:55:00, on 10/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Propriétaire\Bureau\RSIT.exe
C:\Documents and Settings\Propriétaire\Bureau\Propriétaire.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} - http://www.pixdiscount.fr/clients/ImageUploader3.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
0
Réponse 36 / 38
Utilisateur anonyme
 
PLus d'infection.Par contre tu as bcp trop de protections :Je rappelle un seul antivirus et anti spyware.
• Pour naviguer sur internet plus en sécurité et à l’abri des publicités, je te conseille vivement d’installer et d'utiliser le navigateur firefox Une fois que c'est fait, lance le et installe l’ extension de sécurité suivantes : https://addons.mozilla.org/fr/firefox/addon/adblock-plus/

• WOT - Extension pour ton navigateur internet :
Voici une extension à télécharger qui te permettra, en faisant tes recherches sur google, de savoir si le site proposé lors de tes recherches est un site de confiance ou un site à éviter car il pourrait infecter ton PC :
Pour Firefox : https://addons.mozilla.org/fr/firefox/addon/wot-safe-browsing-tool/
Pour internet explorer : https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp
-------------------------------------------------------------------------------------------------------------------------

 Je conseille de mettre a jour internet explorer même si vous ne l’utilisé jamais. Les MAJ systéme se font par le biais de IE. Par conséquent on évite les failles de sécurité.
• Télécharger IE8 : ici

• Si Java n'est pas à jour, c'est une faille de sécurité.
Il faut d'abord désinstaller l'ancienne version : Ouvre le menu démarrer --> panneau de configuration --> ajout/suppression de programmes --> sélectionne toutes les versions de java présentes et désinstalle les.
Ensuite, télécharge et installe la nouvelle version depuis le site officiel de java : https://java.com/fr/
Ou utilises ce programme pour désinstaller les anciennes versions et faire en meme temps les maj. javara: https://sourceforge.net/projects/javara/files/
tuto: http://blog-informatique.blogspot.com/2 ... avara.html
----------------------------------------------------------------------------------------------------------------------
• Tu dois aussi mettre à jour tous tes autres programmes pour combler des failles de sécurité... Vérifie les mises disponibles à l'aide de ce petit programme (choisis la version sans installation) : Update Checker https://filehippo.com/windows/tuning-utilities/
Installe le avec les paramètres par défaut en cliquant chaques fois sur Suivant.

Une fois installé, patiente quelques secondes et tu verras apparaître une icône verte dans ta barre des tâches te signalant qu'il y a des mises à jour disponibles.

Double-cliques sur l'icône pour être redirrigé sur le site de téléchargement des mises à jour.

* Un conseil : n'installe pas les BETA
====================================================
Pour éliminer les programmes de desinfections.

• Télécharge ToolsCleaner de A.Roshtein sur ton Bureau.(sur un des 2 liens)
http://pc-system.fr/
https://www.commentcamarche.net/telecharger/ 34055291 toolscleaner
• Clique sur Recherche et laisse le scan se terminer.
• Clique, sur Suppression pour finaliser.
• Tu peux, si tu le souhaites, te servir des Options facultatives.
• Clique sur Quitter, pour que le rapport puisse se créer.
• Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).
-----------------------------------------------------------------------------------------------------------------------
Tu peux mettre ton problème résolu !!Comment mettre résolu ??

0
Réponse 37 / 38
manucool Messages postés 139 Statut Membre 1
 
[ Rapport ToolsCleaner version 2.3.10 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\HijackThis.lnk: trouvé !
C:\Combofix.txt: trouvé !
C:\fixnavi.txt: trouvé !
C:\cleannavi.txt: trouvé !
C:\lopR.txt: trouvé !
C:\TB.txt: trouvé !
C:\FindyKill.txt: trouvé !
C:\UsbFix.txt: trouvé !
C:\avenger: trouvé !
C:\Lop SD: trouvé !
C:\HijackThis: trouvé !
C:\Qoobox: trouvé !
C:\_OTM: trouvé !
C:\Toolbar SD: trouvé !
C:\UsbFix: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\hijackthis.log: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\Rsit.exe: trouvé !
C:\HijackThis\HijackThis.exe: trouvé !
C:\HijackThis\hijackthis.log: trouvé !
C:\Lop SD\catchme.exe: trouvé !
C:\Program Files\FindyKill: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\QooBox\Quarantine\catchme.log: trouvé !

---------------------------------
--> Suppression:

C:\HijackThis.lnk: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe: supprimé !
C:\HijackThis\HijackThis.exe: supprimé !
C:\Lop SD\catchme.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\fixnavi.txt: supprimé !
C:\cleannavi.txt: supprimé !
C:\lopR.txt: supprimé !
C:\TB.txt: supprimé !
C:\FindyKill.txt: supprimé !
C:\UsbFix.txt: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\hijackthis.log: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\Rsit.exe: supprimé !
C:\HijackThis\hijackthis.log: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\QooBox\Quarantine\catchme.log: supprimé !
C:\avenger: ERREUR DE SUPPRESSION !!
C:\Lop SD: supprimé !
C:\HijackThis: supprimé !
C:\Qoobox: supprimé !
C:\_OTM: supprimé !
C:\Toolbar SD: supprimé !
C:\UsbFix: supprimé !
C:\Rsit: supprimé !
C:\Program Files\FindyKill: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

un petit log hijakthis pour la route

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:03:01, on 10/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Propriétaire\Bureau\Propriétaire.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} - http://www.pixdiscount.fr/clients/ImageUploader3.cab
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
0
Réponse 38 / 38
manucool Messages postés 139 Statut Membre 1
 
[ Rapport ToolsCleaner version 2.3.10 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\HijackThis.lnk: trouvé !
C:\Combofix.txt: trouvé !
C:\fixnavi.txt: trouvé !
C:\cleannavi.txt: trouvé !
C:\lopR.txt: trouvé !
C:\TB.txt: trouvé !
C:\FindyKill.txt: trouvé !
C:\UsbFix.txt: trouvé !
C:\avenger: trouvé !
C:\Lop SD: trouvé !
C:\HijackThis: trouvé !
C:\Qoobox: trouvé !
C:\_OTM: trouvé !
C:\Toolbar SD: trouvé !
C:\UsbFix: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\hijackthis.log: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\Rsit.exe: trouvé !
C:\HijackThis\HijackThis.exe: trouvé !
C:\HijackThis\hijackthis.log: trouvé !
C:\Lop SD\catchme.exe: trouvé !
C:\Program Files\FindyKill: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\QooBox\Quarantine\catchme.log: trouvé !

---------------------------------
--> Suppression:

C:\HijackThis.lnk: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe: supprimé !
C:\HijackThis\HijackThis.exe: supprimé !
C:\Lop SD\catchme.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\fixnavi.txt: supprimé !
C:\cleannavi.txt: supprimé !
C:\lopR.txt: supprimé !
C:\TB.txt: supprimé !
C:\FindyKill.txt: supprimé !
C:\UsbFix.txt: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\hijackthis.log: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\Rsit.exe: supprimé !
C:\HijackThis\hijackthis.log: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\QooBox\Quarantine\catchme.log: supprimé !
C:\avenger: ERREUR DE SUPPRESSION !!
C:\Lop SD: supprimé !
C:\HijackThis: supprimé !
C:\Qoobox: supprimé !
C:\_OTM: supprimé !
C:\Toolbar SD: supprimé !
C:\UsbFix: supprimé !
C:\Rsit: supprimé !
C:\Program Files\FindyKill: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

un petit log hijakthis pour la route

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:03:01, on 10/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Propriétaire\Bureau\Propriétaire.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} - http://www.pixdiscount.fr/clients/ImageUploader3.cab
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
0