pb de virus

Question

bonjour jai ete contaminé par un virus et je narrive pa a lenleverg norton antivirus mais il a ete desactiver et je narrive pas a le reinstallervoici le log de hijackthisLogfile of HijackThis v1.99.1Scan saved at 17:19:25, on 10/12/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Documents and Settings\magali\Mes documents\Ma musique\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.frR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = WanadooR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLLO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exeO4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exeO4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exeO4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1
avapw32.exeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exeO4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exeO4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\system32\yaemu.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXEO4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeO9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dllO9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dllO9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exeO9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{18779D05-C696-4CDA-9A81-999933615D91}: NameServer = 85.255.114.93,85.255.112.61O17 - HKLM\System\CS1\Services\Tcpip\..\{18779D05-C696-4CDA-9A81-999933615D91}: NameServer = 85.255.114.93,85.255.112.61O17 - HKLM\System\CS2\Services\Tcpip\..\{18779D05-C696-4CDA-9A81-999933615D91}: NameServer = 85.255.114.93,85.255.112.61O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - AppInit_DLLs: MsgPlusLoader.dllO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus
avapsvc.exeO23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXEO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exeO23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1
opdb.exejespere ke vous pourrez maider

Utilisateur anonyme · Answer

salut

Telecharge ceci
http://www.silentrunners.org/Silent%20Runners.vbs
Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera

A+

fleudelys · Answer

merci de maider
voila

"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"desktop" = "C:\WINDOWS\system32\idemlog.exe" [empty string]
"UnSpyPC" = ""C:\Program Files\UnSpyPC\UnSpyPC.exe"" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
"wininet.dll" = "mscornet.exe" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Smapp" = "C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" ["Analog Devices, Inc."]
"ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]
"WooCnxMon" = "C:\PROGRA~1\Wanadoo\CnxMon.exe" [empty string]
"WOOWATCH" = "C:\PROGRA~1\Wanadoo\Watch.exe" ["France Télécom R&D"]
"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" ["HP"]
"Omnipage" = "C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" ["ScanSoft, Inc"]
"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"WOOTASKBARICON" = "C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [null data]
"NAV Agent" = "C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe" ["Symantec Corporation"]
"WFXSwtch" = "C:\PROGRA~1\NORTON~1\DelFax\WFXSWTCH.exe" [null data]
"WinFaxAppPortStarter" = "wfxsnt40.exe" [MS]
"yaemu.exe" = "C:\WINDOWS\system32\yaemu.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\soa800.dll" [MS]
"{57C51AF9-DEF7-11D3-A801-00C04F163490}" = "Ghost Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton Ghost\GhoShExt.dll" ["Symantec Corporation"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
INFECTION WARNING! "AppInit_DLLs" = "MsgPlusLoader.dll" ["Patchou"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "cszhz.exe" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Lobel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Startup items in "Lobel" & "All Users" startup folders:
-------------------------------------------------------

C:\Documents and Settings\Lobel\Menu Démarrer\Programmes\Démarrage
"Démarrage d'Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA.EXE -b" [MS]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [empty string]

Enabled Scheduled Tasks:
------------------------

"Norton AntiVirus - Analyser mon ordinateur" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.exe /task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca" ["Symantec Corporation"]
"Norton SystemWorks One Button Checkup" -> launches: "C:\Program Files\Fichiers communs\Symantec Shared\NMain.exe /dat:C:\Program Files\Norton SystemWorks\swplugin.nsi /NSWCMD:OBCSchedule" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

Extensions (Tools menu items, main toolbar menu buttons)

HKCU\Software\Microsoft\Internet Explorer\Extensions\
{1462651F-F4BA-4C76-A001-C4284D0FE16E}\
"ButtonText" = "Wanadoo"
"Exec" = "http://www.wanadoo.fr" [file not found]

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{36ECAF82-3300-8F84-092E-AFF36D6C7040}\
"ButtonText" = "Run WinHTTrack"
"MenuText" = "Launch WinHTTrack"
"CLSIDExtension" = "{86529161-034E-4F8A-88D2-3C625E612E04}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll" [null data]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messager Wanadoo"
"MenuText" = "Messager Wanadoo"
"Exec" = "C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe" ["France Telecom"]

Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

Missing lines (compared with English-language version):
[Strings]: 1 line

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
"{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = "Search Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\SEARCH~1.DLL" [empty string]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
Norton Unerase Protection, NProtectService, "C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE" ["Symantec Corporation"]
Service Norton AntiVirus Auto-Protect, navapsvc, "C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe" ["Symantec Corporation"]
SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
DelFax Ports\Driver = "WFXMNT40.DLL" [MS]
hpzlnt05\Driver = "hpzlnt05.dll" ["HP"]
Ports DelrinaFax (qualité photo)\Driver = "WFXMNTHQ.DLL" [MS]

----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 17 seconds, including 4 seconds for message boxes)

Utilisateur anonyme · Answer

Re moi,Ton antivirus te detecte un certain hclean?*Telecharge cecihttp://cjoint.com/?mksAlUS0sYLance Hcsrch.batIl va generer un rapportcopie/colle le sur le foruma+

fleurdelys · Answer

jarrive pas a faire aller mon antivirus, j'ai essaye de le reinstaller ms il se desactive automatiquement.

voila le rapport

Rapport fait à 18:30:22,39 le 10/12/2005
Executé à partir de C:\Documents and Settings\mag\Bureau
OS: Microsoft Windows XP [version 5.1.2600]

*********************************************

Vérification HKLM\...\...\...\...\ruins

*********************************************

Fichiers détectés :

*********************************************

Recherche des processus aleatoires
d'après les modèles : cs***.exe, dm***.exe, ya***.exe

C:\WINDOWS\System32

*********************************************

Recherche presence hclean32.exe...

non trouvé...

encor merci...

Utilisateur anonyme · Answer

re,

Télécharge: Pocket Killbox ici
http://www.downloads.subratam.org/KillBox.exe

:: Démo d utilisation (merci a Balltrap34 pour cette réalisation) ::
http://pageperso.aol.fr/balltrap34/killbox.htm

- - -----------------------------------------------------------------
¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\system32\yaemu.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{18779D05-C696-4CDA-9A81-999933615D91}: NameServer = 85.255.114.93,85.255.112.61

O17 - HKLM\System\CS1\Services\Tcpip\..\{18779D05-C696-4CDA-9A81-999933615D91}: NameServer = 85.255.114.93,85.255.112.61

O17 - HKLM\System\CS2\Services\Tcpip\..\{18779D05-C696-4CDA-9A81-999933615D91}: NameServer = 85.255.114.93,85.255.112.61
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

Déconnecte toi d'internet c'est important

puis vérifie ceci:
demarrer > connection > clic droit sur ta connection > propriétés
gestion de reseau
assure toi que protocole internet tcp/ip est en surbrillance (attention, ne décoche pas la case)> clic sur propriétés > selectionne "obtenir les adresses des serveurs automatiquement"
valide avec ok

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

1- Double-clic sur KillBox.exe (Pocket Killbox)

- coche: delete on reboot
- Dans "Full Path of File to Delete"
copie et colle:

C:\WINDOWS\system32\yaemu.exe

- clique sur la croix rouge
- une fenêtre va apparaître pour confirmation clique sur YES
- une seconde fenêtre te demande si tu veux redémarrer clique sur YES
-Si le pc ne redemarre pas tout seul, redemarre le par toi meme

Reposte un hijack this + silent runner

a+

fleurdelys · Answer

re

g executer ad-aware et spybot en mode sans echec
ensuite g executer hijack et la la ligne "04-HKLM....yaemu.exe" avai disparu
g fixer les autres comme tu ma dis

apres g chercher le fichier "yaemu.exe" ms il a ete effacer de pc.
g quand mm executer killbox et o redemarrage g encor eu l'apparition d une pub (due o virus)

g executer msconfig et dans demarrage g decocher le lancement de "yaemu.exe" et un autre truc "UNSpyPC"
g encor redemarrer et g tjrs le pb

jespere ke c un peu pres clair lol

voila le log

Logfile of HijackThis v1.99.1
Scan saved at 20:42:21, on 10/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\PROGRA~1\NORTON~1\DelFax\WFXSWTCH.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\magali\Mes documents\Ma musique\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\DelFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"desktop" = "C:\WINDOWS\system32\idemlog.exe" [empty string]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
"wininet.dll" = "mscornet.exe" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Smapp" = "C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" ["Analog Devices, Inc."]
"ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]
"WooCnxMon" = "C:\PROGRA~1\Wanadoo\CnxMon.exe" [empty string]
"WOOWATCH" = "C:\PROGRA~1\Wanadoo\Watch.exe" ["France Télécom R&D"]
"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" ["HP"]
"Omnipage" = "C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" ["ScanSoft, Inc"]
"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"WOOTASKBARICON" = "C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [null data]
"NAV Agent" = "C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe" ["Symantec Corporation"]
"WFXSwtch" = "C:\PROGRA~1\NORTON~1\DelFax\WFXSWTCH.exe" [null data]
"WinFaxAppPortStarter" = "wfxsnt40.exe" [MS]
"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\soa800.dll" [MS]
"{57C51AF9-DEF7-11D3-A801-00C04F163490}" = "Ghost Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton Ghost\GhoShExt.dll" ["Symantec Corporation"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
INFECTION WARNING! "AppInit_DLLs" = "MsgPlusLoader.dll" ["Patchou"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "cszgb.exe" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Lobel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Startup items in "Lobel" & "All Users" startup folders:
-------------------------------------------------------

C:\Documents and Settings\Lobel\Menu Démarrer\Programmes\Démarrage
"Démarrage d'Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA.EXE -b" [MS]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [empty string]

Enabled Scheduled Tasks:
------------------------

"Norton AntiVirus - Analyser mon ordinateur" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.exe /task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca" ["Symantec Corporation"]
"Norton SystemWorks One Button Checkup" -> launches: "C:\Program Files\Fichiers communs\Symantec Shared\NMain.exe /dat:C:\Program Files\Norton SystemWorks\swplugin.nsi /NSWCMD:OBCSchedule" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

Extensions (Tools menu items, main toolbar menu buttons)

HKCU\Software\Microsoft\Internet Explorer\Extensions\
{1462651F-F4BA-4C76-A001-C4284D0FE16E}\
"ButtonText" = "Wanadoo"
"Exec" = "http://www.wanadoo.fr" [file not found]

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messager Wanadoo"
"MenuText" = "Messager Wanadoo"
"Exec" = "C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe" ["France Telecom"]

Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

Missing lines (compared with English-language version):
[Strings]: 1 line

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
"{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = "Search Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\SEARCH~1.DLL" [empty string]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
Norton Unerase Protection, NProtectService, "C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE" ["Symantec Corporation"]
Service Norton AntiVirus Auto-Protect, navapsvc, "C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe" ["Symantec Corporation"]
SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]
Speed Disk service, Speed Disk service, "C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
DelFax Ports\Driver = "WFXMNT40.DLL" [MS]
hpzlnt05\Driver = "hpzlnt05.dll" ["HP"]
Ports DelrinaFax (qualité photo)\Driver = "WFXMNTHQ.DLL" [MS]

incognito02 · Answer

Bonsoir Fleurdelys, Bonsoir Msiter Régis59 ;-))

Pour avancer le travail de Mister Régis59, que je salue au passage !,

Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

Coche « afficher les fichiers et dossiers cachés »

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décoche « masquer les extensions dont le type est connu »
Puis fais «Ok» pour valider les changements.

Et appliquer !
----------------------------------------------------------------------------

Rend toi sur ce site :
http://www.virustotal.com/xhtml/virustotal_en.html
Clik sur parcourir
Recherche ceci :
C:\WINDOWS\system32\wdfmgr.exe
Clik send et colle le rapport stp

Bon courage.

A+

fleurdelys · Answer

bonsoir merci de maider

Antivirus Version Update Result
AntiVir 6.33.0.61 12.09.2005 no virus found
Avast 4.6.695.0 12.10.2005 no virus found
AVG 718 12.08.2005 no virus found
Avira 6.33.0.61 12.09.2005 no virus found
BitDefender 7.2 12.10.2005 no virus found
CAT-QuickHeal 8.00 12.09.2005 no virus found
ClamAV devel-20051108 12.09.2005 no virus found
DrWeb 4.33 12.10.2005 no virus found
eTrust-Iris 7.1.194.0 12.09.2005 no virus found
eTrust-Vet 11.9.1.0 12.09.2005 no virus found
Fortinet 2.54.0.0 12.10.2005 no virus found
F-Prot 3.16c 12.09.2005 no virus found
Ikarus 0.2.59.0 12.10.2005 no virus found
Kaspersky 4.0.2.24 12.10.2005 no virus found
McAfee 4647 12.09.2005 no virus found
NOD32v2 1.1317 12.09.2005 no virus found
Norman 5.70.10 12.09.2005 no virus found
Panda 8.02.00 12.10.2005 no virus found
Sophos 4.00.0 12.10.2005 no virus found
Symantec 8.0 12.10.2005 no virus found
TheHacker 5.9.1.052 12.09.2005 no virus found
VBA32 3.10.5 12.10.2005 no virus found

voila apparemment c pas un virus

incognito02 · Answer

On continu ! ;-)idem avec ce fichier :C:\WINDOWS\system32\wbem\wmiprvse.exeNorton ne fonctionne toujours pas ?A+

fleurdelys · Answer

tjrs rien :-(

Antivirus Version Update Result
AntiVir 6.33.0.61 12.09.2005 no virus found
Avast 4.6.695.0 12.10.2005 no virus found
AVG 718 12.08.2005 no virus found
Avira 6.33.0.61 12.09.2005 no virus found
BitDefender 7.2 12.10.2005 no virus found
CAT-QuickHeal 8.00 12.09.2005 no virus found
ClamAV devel-20051108 12.09.2005 no virus found
DrWeb 4.33 12.10.2005 no virus found
eTrust-Iris 7.1.194.0 12.09.2005 no virus found
eTrust-Vet 11.9.1.0 12.09.2005 no virus found
Fortinet 2.54.0.0 12.10.2005 no virus found
F-Prot 3.16c 12.09.2005 no virus found
Ikarus 0.2.59.0 12.10.2005 no virus found
Kaspersky 4.0.2.24 12.10.2005 no virus found
McAfee 4647 12.09.2005 no virus found
NOD32v2 1.1317 12.09.2005 no virus found
Norman 5.70.10 12.09.2005 no virus found
Panda 8.02.00 12.10.2005 no virus found
Sophos 4.00.0 12.10.2005 no virus found
Symantec 8.0 12.10.2005 no virus found
TheHacker 5.9.1.052 12.09.2005 no virus found
VBA32 3.10.5 12.10.2005 no virus found

non norton ne marche pas j'ai fini par le desinstaler

incognito02 · Answer

Bien,Scanne en ligne avec bitdefender http://www.bitdefender.fr/bd/site/page.phpmerci de poster le rapport ici.A+

Utilisateur anonyme · Answer

salut

merci d avoir pris le relai

un fichier me semble suspect:
Télécharge ceci: (merci a S!RI pour ce petit programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.

a+

fleurdelys · Answer

voila le rapport de bitdefenderC:\RECYCLER\NPROTECT\00090619.exe Infecté par: Trojan.DNSChanger.R C:\RECYCLER\NPROTECT\00090619.exe Echec de la désinfection C:\RECYCLER\NPROTECT\00090619.exe Supprimé C:\RECYCLER\NPROTECT\00090644.exe Infecté par: Trojan.DNSChanger.R C:\RECYCLER\NPROTECT\00090644.exe Echec de la désinfection C:\RECYCLER\NPROTECT\00090644.exe Supprimé C:\RECYCLER\NPROTECT\00090645.exe Infecté par: Trojan.DNSChanger.R C:\RECYCLER\NPROTECT\00090645.exe Echec de la désinfection C:\RECYCLER\NPROTECT\00090645.exe Supprimé C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP33\A0011413.exe Infecté par: Trojan.Downloader.FFZ C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP33\A0011413.exe Echec de la désinfection C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP33\A0011413.exe Supprimé C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP33\A0011423.exe Infecté par: Trojan.Downloader.FFZ C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP33\A0011423.exe Echec de la désinfection C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP33\A0011423.exe Supprimé C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP33\A0011428.exe Infecté par: Trojan.Downloader.FFZ C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP33\A0011428.exe Echec de la désinfection C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP33\A0011428.exe Supprimé C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP33\A0011442.exe Infecté par: Trojan.Downloader.FFZ C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP33\A0011442.exe Echec de la désinfection C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP33\A0011442.exe Supprimé C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP35\A0011630.exe Infecté par: Trojan.Downloader.FFZ C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP35\A0011630.exe Echec de la désinfection C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP35\A0011630.exe Supprimé C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP35\A0011636.exe Infecté par: Trojan.DNSChanger.R C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP35\A0011636.exe Echec de la désinfection C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP35\A0011636.exe Supprimé C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011731.exe Infecté par: Trojan.Downloader.FFZ C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011731.exe Echec de la désinfection C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011731.exe Supprimé C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011750.exe Infecté par: Trojan.Downloader.FFZ C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011750.exe Echec de la désinfection C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011750.exe Supprimé C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011758.exe Infecté par: Trojan.Downloader.FFZ C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011758.exe Echec de la désinfection C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011758.exe Supprimé C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011767.exe Infecté par: Trojan.Downloader.FFZ C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011767.exe Echec de la désinfection C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011767.exe Supprimé C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011799.exe Infecté par: Trojan.DNSChanger.R C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011799.exe Echec de la désinfection C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011799.exe Supprimé C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011801.exe Infecté par: Trojan.Downloader.FFZ C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011801.exe Echec de la désinfection C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011801.exe Supprimé C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011809.exe Infecté par: Trojan.Downloader.FFZ C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011809.exe Echec de la désinfection C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011809.exe Supprimé C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011823.exe Infecté par: Trojan.Downloader.FFZ C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011823.exe Echec de la désinfection C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP38\A0011823.exe Supprimé C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP40\A0011982.exe Infecté par: Trojan.DNSChanger.R C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP40\A0011982.exe Echec de la désinfection C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP40\A0011982.exe Supprimé C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP40\A0011983.sys Suspecté de: Trojan.Downloader.Msys.A C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP40\A0011983.sys Echec de la désinfection C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP40\A0011983.sys Supprimé C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP40\A0011984.exe Infecté par: Trojan.Downloader.FFZ C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP40\A0011984.exe Echec de la désinfection C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP40\A0011984.exe Supprimé C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012009.exe Infecté par: Trojan.DNSChanger.R C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012009.exe Echec de la désinfection C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012009.exe Supprimé C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012011.exe Infecté par: Trojan.DNSChanger.R C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012011.exe Echec de la désinfection C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012011.exe Supprimé C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012012.exe Infecté par: Trojan.DNSChanger.R C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012012.exe Echec de la désinfection C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012012.exe Supprimé C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012525.exe Infecté par: Trojan.Downloader.FFZ C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012525.exe Echec de la désinfection C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012525.exe Supprimé C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012533.exe Infecté par: Trojan.DNSChanger.R C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012533.exe Echec de la désinfection C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012533.exe Supprimé C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012534.exe Infecté par: Trojan.DNSChanger.R C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012534.exe Echec de la désinfection C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012534.exe Supprimé C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012535.exe Infecté par: Trojan.DNSChanger.R C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012535.exe Echec de la désinfection C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0012535.exe Supprimé C:\WINDOWS\system32\mscornet.exe Infecté par: BehavesLike:Win32.ExplorerHijack C:\WINDOWS\system32\mscornet.exe Echec de la désinfection C:\WINDOWS\system32\mscornet.exe Supprimé ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~et celui de SmitfraudfixRapport fait à 23:12:10,56 le 10/12/2005Executé à partir de C:\Documents and Settings\magali\Bureau\SmitfraudFixOS: Microsoft Windows XP [version 5.1.2600]»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32C:\WINDOWS\system32
compat.tlb PRESENT !»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\magali\Application Data»»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer»»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues»»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]"Source"="About:Home""SubscribedURL"="About:Home""FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pr‚-chargeur Browseui""{8C7461EF-2B13-11d2-BE35-3078302C2030}"="D‚mon de cache des cat‚gories de composant"»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dllgrd merci a vs deuxbiz

incognito02 · Answer

On s'accroche !

Démarre en mode sans échec (tapoter sur F8 dés le demarrage de windows
Relance le programme Smitfraud,
Cette fois choisir l’option 2, répondre oui a tous ;
Sauvegarder le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum

---
Nobody is perfect, mais j'essaye .....

fleurdelys · Answer

voilaRapport fait à 23:23:46,57 le 10/12/2005Executé à partir de C:\Documents and Settings\magali\Bureau\virus\SmitfraudFixOS: Microsoft Windows XP [version 5.1.2600]»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectésC:\WINDOWS\system32
compat.tlb supprimé »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

incognito02 · Answer

Ouf !Où en sont tes soucis ?A+

fleurdelys · Answer

rien de nouveau qd j'ai redemarrer en mode normal ya encor une pub qui c'est afficher dans le bureau :-(

g rechercher ds mon registre pour voir si il y avait ancor des traces de "yaemu" ou de "unspypc", ki je pence st les responsable, ms rien g tout suppr.

en attendant 1 rep
merci

Utilisateur anonyme · Answer

Tu peux remettre un silent runner?a+

fleurdelys · Answer

voila .

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"desktop" = "C:\WINDOWS\system32\idemlog.exe" [empty string]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Smapp" = "C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" ["Analog Devices, Inc."]
"ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]
"WooCnxMon" = "C:\PROGRA~1\Wanadoo\CnxMon.exe" [empty string]
"WOOWATCH" = "C:\PROGRA~1\Wanadoo\Watch.exe" ["France Télécom R&D"]
"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" ["HP"]
"Omnipage" = "C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" ["ScanSoft, Inc"]
"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"WOOTASKBARICON" = "C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [null data]
"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\soa800.dll" [MS]

Utilisateur anonyme · Answer

Tu peux analyser cela?C:\WINDOWS\system32\idemlog.exea+

fleurdelys · Answer

ya kelke choseAntivirus Version Update Result AntiVir 6.33.0.61 12.09.2005 no virus found Avast 4.6.695.0 12.10.2005 no virus found AVG 718 12.08.2005 no virus found Avira 6.33.0.61 12.09.2005 no virus found BitDefender 7.2 12.10.2005 no virus found CAT-QuickHeal 8.00 12.09.2005 no virus found ClamAV devel-20051108 12.09.2005 no virus found DrWeb 4.33 12.10.2005 no virus found eTrust-Iris 7.1.194.0 12.09.2005 no virus found eTrust-Vet 11.9.1.0 12.09.2005 no virus found Fortinet 2.54.0.0 12.10.2005 suspicious F-Prot 3.16c 12.09.2005 no virus found Ikarus 0.2.59.0 12.10.2005 no virus found Kaspersky 4.0.2.24 12.10.2005 no virus found McAfee 4647 12.09.2005 no virus found NOD32v2 1.1317 12.09.2005 no virus found Norman 5.70.10 12.09.2005 no virus found Panda 8.02.00 12.10.2005 Adware/IdeskBar Sophos 4.00.0 12.10.2005 no virus found Symantec 8.0 12.10.2005 no virus found TheHacker 5.9.1.052 12.09.2005 no virus found VBA32 3.10.5 12.10.2005 Adware.Idesk

Utilisateur anonyme · Answer

reDouble clic sur killbox.exe (Pocket Killbox) - coche: delete on reboot - Dans "Full Path of File to Delete" copie et colle: C:\WINDOWS\system32\idemlog.exe - clique sur la croix rouge - une fenêtre va apparaître pour confirmation clique sur YES - une seconde fenêtre te demande si tu veux redémarrer clique sur YES Laisse le pc redémarrer.Et après reposte un log HijackThis + silent runner + smitfraud fix option 1A+

fleurdelys · Answer

killbox na pas marcher j'ai chercher pk et apparemment j'ai pas de fichier "idemlog.exe" ds le dossier system32.c bizarre non ?  parce j'ai refait une analyse avc le site virustotal et il me redonne le mm rapport

Utilisateur anonyme · Answer

redemarre ton pc et remet un silent runner stp

fleurdelys · Answer

j'ai redemarrerkillbox de marche tjrs pasvoila les rapportsRapport fait à  0:42:53,42 le 11/12/2005Executé à partir de C:\Documents and Settings\magali\Bureau\virus\SmitfraudFixOS: Microsoft Windows XP [version 5.1.2600]»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\Lobel\Application Data»»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer»»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues»»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]"Source"="About:Home""SubscribedURL"="About:Home""FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pr‚-chargeur Browseui""{8C7461EF-2B13-11d2-BE35-3078302C2030}"="D‚mon de cache des cat‚gories de composant"»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"Silent Runners.vbs", revision 41, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]"desktop" = "C:\WINDOWS\system32\idemlog.exe" [empty string]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"Smapp" = "C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" ["Analog Devices, Inc."]"ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]"WooCnxMon" = "C:\PROGRA~1\Wanadoo\CnxMon.exe" [empty string]"WOOWATCH" = "C:\PROGRA~1\Wanadoo\Watch.exe" ["France Télécom R&D"]"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" ["HP"]"Omnipage" = "C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" ["ScanSoft, Inc"]"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot" ["RealNetworks, Inc."]"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]"WOOTASKBARICON" = "C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [null data]"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Logfile of HijackThis v1.99.1Scan saved at 00:45:16, on 11/12/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wdfmgr.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Analog Devices\SoundMAX\SMTray.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\PROGRA~1\Wanadoo\CnxMon.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exeC:\Program Files\ScanSoft\OmniPageSE\opware32.exeC:\Program Files\Fichiers communs\Real\Update_OB\realsched.exeC:\Program Files\QuickTime\qttask.exeC:\PROGRA~1\Wanadoo\TaskbarIcon.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeC:\Program Files\Microsoft Office\Office\OSA.EXEC:\Program Files\Wanadoo\EspaceWanadoo.exeC:\Program Files\Wanadoo\ComComp.exeC:\Program Files\Wanadoo\Watch.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\Documents and Settings\magali\Mes documents\Ma musique\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = WanadooR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLLO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exeO4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exeO4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exeO4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exeO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXEO4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exeO9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exeO9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{9BAF614D-7EA9-4421-A30F-266504D9EC43}: NameServer = 80.10.246.130 80.10.246.3O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - AppInit_DLLs: MsgPlusLoader.dllO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exeau faite g vu ds ton profil ke t du nord, t de kel coin ?

Utilisateur anonyme · Answer

salutbien dormi pour attaquer ce beau dimanche?je suis sur Cambrai; prkoi?---------------------------------------------------------------------------- ¤Affiche tous les fichiers et dossiers : Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage Coche « afficher les fichiers et dossiers cachés » Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)" Décoche « masquer les extensions dont le type est connu » Puis fais «Ok» pour valider les changements. Et appliquer !---------------------------------------------------------------------------- Recherche ceci en suivant ce chemin:C:\WINDOWS\system32\idemlog.exeet celui ci cszgb.exetu trouves?a+

fleurdelys · Answer

salut regis59jte demandé ca parce que je ss aussi du coin (a wambrechies) dc voilaj'ai fai la recherche et j'ai trouvé aucun des 2 fichiersmerci de pa mavoir oublier a+

Utilisateur anonyme · Answer

re,J essaie d oublier personne lol.Enchantée Nordiste !!**telecharge ceci http://pageperso.aol.fr/Balltrap34/recherchealea.exe double clik sur le fichier et copie colle ceci idemlog.exe copie/colle le rapportde meme avec  celui ci cszgb.exe a+

fleurdelys · Answer

la recherche est infructueuse, ils ne sont present nulle parta+

Utilisateur anonyme · Answer

Tu peux remettre un silent runner en entier?

fleurdelys · Answer

j'ss ss repasser par bitdefender et voila le rapport Infectés Fichiers 5 Virus Détectés  Trojan.Downloader.FFZ 4 BehavesLike:Win32.ExplorerHijack 1

fleurdelys · Answer

voila le silent runners"Silent Runners.vbs", revision 41, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]"desktop" = "C:\WINDOWS\system32\idemlog.exe" [empty string]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"Smapp" = "C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" ["Analog Devices, Inc."]"ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]"WooCnxMon" = "C:\PROGRA~1\Wanadoo\CnxMon.exe" [empty string]"WOOWATCH" = "C:\PROGRA~1\Wanadoo\Watch.exe" ["France Télécom R&D"]"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" ["HP"]"Omnipage" = "C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" ["ScanSoft, Inc"]"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot" ["RealNetworks, Inc."]"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]"WOOTASKBARICON" = "C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [null data]"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]"{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\soa800.dll" [MS]HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\INFECTION WARNING! "AppInit_DLLs" = "MsgPlusLoader.dll" ["Patchou"]HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\INFECTION WARNING! "System" = "csfrw.exe" [null data]HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]HKLM\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]Active Desktop and Wallpaper:-----------------------------Active Desktop is disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateHKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\Lobel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"Startup items in "Lobel" & "All Users" startup folders:-------------------------------------------------------C:\Documents and Settings\Lobel\Menu Démarrer\Programmes\Démarrage"Démarrage d'Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA.EXE -b" [MS]C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [empty string]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------Extensions (Tools menu items, main toolbar menu buttons)HKCU\Software\Microsoft\Internet Explorer\Extensions\{1462651F-F4BA-4C76-A001-C4284D0FE16E}\"ButtonText" = "Wanadoo""Exec" = "http://www.wanadoo.fr" [file not found]HKLM\Software\Microsoft\Internet Explorer\Extensions\{85D1F590-48F4-11D9-9669-0800200C9A66}\"MenuText" = "Uninstall BitDefender Online Scanner v8""Exec" = "%windir%\bdoscandel.exe" [null data]{FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messager Wanadoo""MenuText" = "Messager Wanadoo""Exec" = "C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe" ["France Telecom"]Miscellaneous IE Hijack Points------------------------------C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")Added lines (compared with English-language version):[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"Missing lines (compared with English-language version):[Strings]: 1 lineHKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\"{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = "Search Class" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\SEARCH~1.DLL" [empty string]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]Print Monitors:---------------HKLM\System\CurrentControlSet\Control\Print\Monitors\hpzlnt05\Driver = "hpzlnt05.dll" ["HP"]

Utilisateur anonyme · Answer

re,Lance ce scan en ligne: http://www.bitdefender.fr/scan8/ie.html  Copie/colle le rapporta+

fleurdelys · Answer

voilaC:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0013407.exe Infecté par: Trojan.Downloader.FFZ C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0013407.exe Echec de la désinfection C:\System Volume Information\_restore{BBDAE3C7-4B30-4FC8-8810-A27D4D96DB19}\RP41\A0013407.exe Supprimé a+

fleurdelys · Answer

j'ai essayer de repasser ad-aware et spybot en mode sans echec et j'ai desactiver la restauration du systeme et j'ai tjrs le pb :-(

Utilisateur anonyme · Answer

re,ad aware et spybot sont cleans, ils ne detectent rien? si ils sont pas cleans, copie/colle les rapportsA+

fleurdelys · Answer

contente de te revoirnon ils st clean ts les 2a+

Utilisateur anonyme · Answer

re,tu peux me dire ou en sont tes soucis?a+

fleurdelys · Answer

qd je demarre mon pc ya une pub ki apparait sur mon bureau (ya la possibilite de l'enlever en clikan sur une croix)et dc voila

Utilisateur anonyme · Answer

re,1/a quoi ressemble t elle stp?grrr a tout les coups c est celle qui resiste lol2/Télécharge aussi DLLcompare ici: http://www.downloads.subratam.org/DllCompare.exe lance le et clique sur "Run locate.com" Quand "completed the scan, click compare to continue" apparaît en bleu, clique sur le bouton COMPARE en bas à droite Une fois le scan terminé clique sur "make a log of what was found" Fait un copier coller du log sur le foruma+

fleurdelys · Answer

c une grosse bande horizontale composeé de plusieur gros carres qui correspondent a des rubriques (du genre spyware, xxl, game ...) avant kan je metté ma souris sur un des carre yavai un nouveau menu ki se derouler ms maintenant ca me marqur (page non trouvée)dc voila jespere ke c clair :-S*    DLLCompare Log version(1.0.0.127)Files Found that Windows does not See or cannot Access*Not everything listed here means you are infected!________________________________________________O^E says: "There were no files found :)"________________________________________________1 237 items found:  1 237 files, 0 directories.Total of file sizes:  263 387 752 bytes    251,18 MAdministrator Account =  VraiAppInit_DLLs value = MsgPlusLoader.dll (not hidden)--------------------End log---------------------A+

Utilisateur anonyme · Answer

re,dis moi si c est cahttp://img213.imageshack.us/my.php?image=prsentation15bb.jpg

fleurdelys · Answer

oui !!!

Utilisateur anonyme · Answer

re,je penses avoir trouvé (j espere !!)je recherche un programme...j arrive

fleurdelys · Answer

ok merci

Utilisateur anonyme · Answer

re,telecharge cecihttp://cjoint.com/?mlsdUY4sVZDouble clik sur le programmepuis lance leune fois finit, il genere un rapportcopie/colle lea+

fleurdelys · Answer

voila jespere ke c ce ke tu attendaisVérification HKLM\...\...\...\...\ruins*********************************************Fichiers détectés :C:\WINDOWS\Help\SPAlert.chm Présent !*********************************************Recherche des processus aleatoiresd'après les modèles : cs***.exe, dm***.exe, ya***.exeC:\WINDOWS\System32*********************************************Recherche presence  hclean32.exe... non trouvé...

Utilisateur anonyme · Answer

re,Vérifie ceci: Démarrer > panneau de configuration > affichage clique sur l'onglet bureau clique sur personnalisation du bureau clique sur l'onglet Web supprime tout ce qui se trouve ici, sauf "Ma page d'accueil" qui doit rester DECOCHE  ***Télécharge: Pocket Killbox ici http://www.downloads.subratam.org/KillBox.exe :: Démo d utilisation (merci a Balltrap34 pour cette réalisation) ::http://pageperso.aol.fr/balltrap34/killbox.htmAvec la methode du bloc note (cf video), voici la liste:C:\WINDOWS\Help\SPAlert.chmC:\WINDOWS\system32\idemlog.exeC:\WINDOWS\system32\csfrw.exeLaisse le pc redemarrer et remet un silent runnera+

fleurdelys · Answer

voila j'ai tjrs le pbStartup items buried in registry:---------------------------------HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]"desktop" = "C:\WINDOWS\system32\idemlog.exe" [empty string]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"Smapp" = "C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" ["Analog Devices, Inc."]"ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]"WooCnxMon" = "C:\PROGRA~1\Wanadoo\CnxMon.exe" [empty string]"WOOWATCH" = "C:\PROGRA~1\Wanadoo\Watch.exe" ["France Télécom R&D"]"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" ["HP"]"Omnipage" = "C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" ["ScanSoft, Inc"]"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot" ["RealNetworks, Inc."]"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]"WOOTASKBARICON" = "C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [null data]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]"{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\soa800.dll" [MS]HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\INFECTION WARNING! "AppInit_DLLs" = "MsgPlusLoader.dll" ["Patchou"]HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\INFECTION WARNING! "System" = "csbsz.exe" [null data]HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]HKLM\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]Active Desktop and Wallpaper:-----------------------------Active Desktop is disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateHKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\Lobel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"Startup items in "Lobel" & "All Users" startup folders:-------------------------------------------------------C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [empty string]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------Extensions (Tools menu items, main toolbar menu buttons)HKCU\Software\Microsoft\Internet Explorer\Extensions\{1462651F-F4BA-4C76-A001-C4284D0FE16E}\"ButtonText" = "Wanadoo""Exec" = "http://www.wanadoo.fr" [file not found]HKLM\Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messager Wanadoo""MenuText" = "Messager Wanadoo""Exec" = "C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe" ["France Telecom"]Miscellaneous IE Hijack Points------------------------------C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")Added lines (compared with English-language version):[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"Missing lines (compared with English-language version):[Strings]: 1 lineHKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\"{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = "Search Class" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\SEARCH~1.DLL" [empty string]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]Print Monitors:---------------HKLM\System\CurrentControlSet\Control\Print\Monitors\hpzlnt05\Driver = "hpzlnt05.dll" ["HP"]a+

Utilisateur anonyme · Answer

re,Utilise identiquement avec cette liste:Nouvelle liste:C:\WINDOWS\Help\SPAlert.chm C:\WINDOWS\system32\idemlog.exe C:\WINDOWS\system32\csfrw.exe C:\WINDOWS\balloon.wav C:\WINDOWS\ACD Wallpaper.bmp C:\WINDOWS\system32\insurance.bmp C:\WINDOWS\system32\close.bmp C:\WINDOWS\system32\spyware.bmp C:\WINDOWS\system32\xxx.bmp C:\WINDOWS\system32\pharmacy.bmp C:\WINDOWS\system32\gambling.bmp C:\WINDOWS\system32\dating.bmp C:\WINDOWS\system32\idesk.conf C:\WINDOWS\system32\Help.ico C:\WINDOWS\system32\AddQuit.ico C:\WINDOWS\system32\Desktop.ico C:\WINDOWS\system32\Uninstall.ico C:\WINDOWS\system32\IE.ico C:\WINDOWS\system32\Open.ico C:\WINDOWS\system32\Quick.ico C:\WINDOWS\system32\dgprpsetup.exe C:\WINDOWS\system32\dmhwj.exe C:\WINDOWS\system32\filesafer23.exe C:\WINDOWS\system32\idemlog.exe C:\WINDOWS\system32\favset.exe  C:\WINDOWS\system32\howiper.exe  C:\WINDOWS\system32\csqrv.exeRedemarre et dis moi ou ca en est (avec un silent runner)a+

fluerdelys · Answer

killbox a pas voulu me prd ts les fichiers il ma selectionne ke ceux laC:\WINDOWS\ACD Wallpaper.bmp C:\WINDOWS\system32\insurance.bmp C:\WINDOWS\system32\close.bmp C:\WINDOWS\system32\spyware.bmp C:\WINDOWS\system32\xxx.bmp C:\WINDOWS\system32\pharmacy.bmp C:\WINDOWS\system32\gambling.bmp C:\WINDOWS\system32\dating.bmp C:\WINDOWS\system32\idesk.conf Startup items buried in registry:---------------------------------HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]"desktop" = "C:\WINDOWS\system32\idemlog.exe" [empty string]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"Smapp" = "C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" ["Analog Devices, Inc."]"ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]"WooCnxMon" = "C:\PROGRA~1\Wanadoo\CnxMon.exe" [empty string]"WOOWATCH" = "C:\PROGRA~1\Wanadoo\Watch.exe" ["France Télécom R&D"]"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" ["HP"]"Omnipage" = "C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" ["ScanSoft, Inc"]"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot" ["RealNetworks, Inc."]"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]"WOOTASKBARICON" = "C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [null data]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]"{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\soa800.dll" [MS]HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\INFECTION WARNING! "AppInit_DLLs" = "MsgPlusLoader.dll" ["Patchou"]HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\INFECTION WARNING! "System" = "csocj.exe" [null data]HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]HKLM\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]Active Desktop and Wallpaper:-----------------------------Active Desktop is disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateHKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\Lobel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"Startup items in "Lobel" & "All Users" startup folders:-------------------------------------------------------C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [empty string]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------Extensions (Tools menu items, main toolbar menu buttons)HKCU\Software\Microsoft\Internet Explorer\Extensions\{1462651F-F4BA-4C76-A001-C4284D0FE16E}\"ButtonText" = "Wanadoo""Exec" = "http://www.wanadoo.fr" [file not found]HKLM\Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messager Wanadoo""MenuText" = "Messager Wanadoo""Exec" = "C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe" ["France Telecom"]Miscellaneous IE Hijack Points------------------------------C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")Added lines (compared with English-language version):[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"Missing lines (compared with English-language version):[Strings]: 1 lineHKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\"{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = "Search Class" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\SEARCH~1.DLL" [empty string]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]a+

Utilisateur anonyme · Answer

okon y presque.....il manque pas grand choseTelecharge cecihttp://virus-protect.net/bat/datFind.batExecute leIl va te dire d appuyer sur une touche, puis il te donne un rapportcopie/colle en entierpuis une 2nd fois, un deuxieme rapport/copie/colle leet idem une 3emeUne fois qu il aura finit le programme se fermera tout seula+

Utilisateur anonyme · Answer

re,excuse moi si cela tarde a resoudre ton soucis, c est un cas vraiment tres special, tres peu d infos donc nous cherchons par nous meme, pas toujours evident ....mais tiens bon stp c est qqchose de tres interressant pour moi en tout cas lol**peux tu faire ceci egalement?Télécharge l2mfix ici: http://www.downloads.subratam.org/l2mfix.exe Double clic sur l2mfix.exe pour lancer l'extraction Dans le dossier l2mfix, double clic sur l2mfix.bat, appuie sur n'importe quelle touche puis choisis l'option #1 (et pas autre chose) et valide avec la touche entrée. Le bloc note va s'ouvrir avec le résultat du scan. Fais un copier coller du résultat ici.

balltrap34 · Answer

salut regisen foction des fichiers a suppr fait le avec un bfu

fleurdelys · Answer

re dsl j'ai pa ete chez moi de la semaineje ss prete a continuer la "chasse" lolvoila les rapports de datfind : Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est C82D-BE27 R‚pertoire de C:\WINDOWS\system3217/12/2005  17:48             2ÿ422 wpa.dbl10/12/2005  16:09             4ÿ984 close.bmp10/12/2005  16:08            11ÿ772 spyware.bmp10/12/2005  16:08            21ÿ224 xxx.bmp10/12/2005  16:08            21ÿ872 pharmacy.bmp10/12/2005  16:08            21ÿ872 dating.bmp10/12/2005  16:08            23ÿ480 gambling.bmp10/12/2005  16:08               387 idesk.conf09/12/2005  01:21         2ÿ721ÿ632 MRT.exe01/12/2005  05:01         1ÿ492ÿ992 shdocvw.dll27/11/2005  16:10                92 Loadwer.bwz27/11/2005  10:35           120ÿ872 MSForms.TWD27/11/2005  10:35           152ÿ384 FNTCACHE.DAT26/11/2005  11:57            69ÿ632 system.mdw24/11/2005  01:08         3ÿ013ÿ632 mshtml.dll24/11/2005  01:08         1ÿ022ÿ976 browseui.dll05/11/2005  04:17           606ÿ208 urlmon.dll05/11/2005  04:17         1ÿ056ÿ768 danim.dll30/10/2005  19:15           176ÿ167 rmoc3260.dll30/10/2005  19:15             5ÿ632 pndx5032.dll30/10/2005  19:15             6ÿ656 pndx5016.dll30/10/2005  19:15           278ÿ528 pncrt.dll30/10/2005  11:39            48ÿ616 perfc00C.dat30/10/2005  11:39           367ÿ658 perfh00C.dat30/10/2005  11:39           311ÿ604 perfh009.dat30/10/2005  11:39            39ÿ992 perfc009.dat30/10/2005  11:39           775ÿ210 PerfStringBackup.INI27/10/2005  19:32            45ÿ640 MsgPlusLoader.dll27/10/2005  14:04           151ÿ566 UninstIPP.isu27/10/2005  13:30            16ÿ832 amcompat.tlb27/10/2005  13:30            23ÿ392 nscompat.tlb26/10/2005  08:28             2ÿ422 wpa.bak25/10/2005  16:55                 0 h323log.txt25/10/2005  15:27                44 msssc.dll25/10/2005  15:00               386 $winnt$.inf25/10/2005  14:58             3ÿ072 CONFIG.NT25/10/2005  14:58               488 logonui.exe.manifest25/10/2005  14:58               488 WindowsLogon.manifest25/10/2005  14:58               749 cdplayer.exe.manifest25/10/2005  14:58               749 sapi.cpl.manifest25/10/2005  14:58               749 wuaucpl.cpl.manifest25/10/2005  14:58               749 ncpa.cpl.manifest25/10/2005  14:58               749 nwc.cpl.manifest25/10/2005  14:56            21ÿ892 emptyregdb.dat21/10/2005  04:41           662ÿ528 wininet.dll21/10/2005  04:41           474ÿ112 shlwapi.dll21/10/2005  04:41            39ÿ424 pngfilt.dll21/10/2005  04:41           448ÿ512 mshtmled.dll21/10/2005  04:41           530ÿ944 mstime.dll21/10/2005  04:41           146ÿ432 msrating.dll21/10/2005  04:41            55ÿ808 extmgr.dll21/10/2005  04:41           205ÿ312 dxtrans.dll21/10/2005  04:41            96ÿ768 inseng.dll21/10/2005  04:41           251ÿ392 iepeers.dll21/10/2005  04:41           152ÿ064 cdfview.dll20/10/2005  23:25         1ÿ097ÿ728 esent.dll13/10/2005  00:15            15ÿ072 spmsg.dll12/10/2005  23:11           118ÿ784 sirenacm.dll11/10/2005  20:03            65ÿ536 QuickTimeVR.qtx11/10/2005  20:03            49ÿ152 QuickTime.qts06/10/2005  04:18           280ÿ064 gdi32.dll06/10/2005  04:08         1ÿ839ÿ616 win32k.sys23/09/2005  04:06         8ÿ506ÿ880 shell32.dll15/09/2005  06:32           307ÿ200 atiiiexx.dll15/09/2005  05:55           253ÿ952 ATIDEMGR.dll15/09/2005  05:14         6ÿ680ÿ576 atioglx1.dll15/09/2005  04:13         4ÿ837ÿ376 atioglxx.dll15/09/2005  03:58           241ÿ664 ati2dvag.dll15/09/2005  03:53           106ÿ496 atipdlxx.dll15/09/2005  03:53            73ÿ728 Oemdspif.dll15/09/2005  03:53            25ÿ088 Ati2mdxx.exe15/09/2005  03:53            39ÿ936 ati2edxx.dll15/09/2005  03:53            46ÿ080 ati2evxx.dll15/09/2005  03:52           376ÿ832 ati2evxx.exe15/09/2005  03:51            53ÿ248 ATIDDC.DLL15/09/2005  03:44         2ÿ429ÿ952 ati3duag.dll15/09/2005  03:39           602ÿ016 ativvaxx.dll15/09/2005  03:27           147ÿ456 atikvmag.dll15/09/2005  03:04            17ÿ408 atitvo32.dll15/09/2005  02:59           233ÿ472 ati2cqag.dll14/09/2005  20:05           516ÿ096 ati2sgag.exe10/09/2005  02:55         2ÿ067ÿ968 cdosys.dll06/09/2005  21:04           104ÿ373 atiicdxx.dat01/09/2005  02:43           292ÿ352 winsrv.dll01/09/2005  02:43            19ÿ968 linkinfo.dll30/08/2005  04:55         1ÿ293ÿ312 quartz.dll29/08/2005  12:27           520ÿ968 LegitCheckControl.DLL23/08/2005  04:39           124ÿ928 umpnpmgr.dll22/08/2005  19:35           197ÿ632 netman.dll16/08/2005  21:57             5ÿ607 atifglpf.xml26/07/2005  05:40            37ÿ888 olecnv32.dll26/07/2005  05:40            75ÿ264 olecli32.dll26/07/2005  05:40         1ÿ284ÿ608 ole32.dll26/07/2005  05:40           397ÿ824 rpcss.dll26/07/2005  05:40            11ÿ776 xolehlp.dll26/07/2005  05:40           101ÿ376 txflog.dll26/07/2005  05:39            66ÿ560 mtxclu.dll26/07/2005  05:39           161ÿ280 msdtcuiu.dll26/07/2005  05:39            91ÿ136 mtxoci.dll26/07/2005  05:39           945ÿ152 msdtctm.dll26/07/2005  05:39           425ÿ472 msdtcprx.dll26/07/2005  05:39           540ÿ160 comuid.dll26/07/2005  05:39         1ÿ267ÿ200 comsvcs.dll26/07/2005  05:39           243ÿ200 es.dll26/07/2005  05:39            97ÿ792 comrepl.dll26/07/2005  05:39            60ÿ416 colbact.dll26/07/2005  05:39           110ÿ080 clbcatex.dll26/07/2005  05:39           498ÿ688 clbcatq.dll26/07/2005  05:39           625ÿ152 catsrvut.dll26/07/2005  05:39           225ÿ792 catsrv.dll12/07/2005  17:04            23ÿ304 GWFSPidGen.dll08/07/2005  17:28           249ÿ344 tapisrv.dll08/07/2005  17:28            76ÿ800 remotesp.tsp29/06/2005  02:49            74ÿ240 mscms.dll29/06/2005  02:49           254ÿ976 icm32.dll15/06/2005  18:50           295ÿ936 kerberos.dll11/06/2005  00:53            57ÿ856 spoolsv.exe27/05/2005  03:08           137ÿ216 itss.dll27/05/2005  03:08           546ÿ304 hhctrl.ocx27/05/2005  03:08            41ÿ472 hhsetup.dll27/05/2005  03:08           155ÿ136 itircl.dll26/05/2005  03:19           173ÿ536 wuweb.dll26/05/2005  03:16           128ÿ792 wucltui.dll26/05/2005  03:16           175ÿ896 wuaucpl.cpl26/05/2005  03:16           195ÿ352 wuaueng1.dll26/05/2005  03:16           175ÿ896 wuauclt1.exe26/05/2005  03:16           125ÿ720 wuauclt.exe26/05/2005  03:16           467ÿ224 wuapi.dll26/05/2005  03:16         1ÿ343ÿ768 wuaueng.dll26/05/2005  03:16            41ÿ240 wups.dll26/05/2005  03:16            18ÿ200 wups2.dll26/05/2005  03:16            75ÿ544 cdm.dll26/05/2005  03:16           198ÿ424 iuengine.dll17/05/2005  01:42            16ÿ896 xpsp3res.dll11/05/2005  03:30            78ÿ336 telnet.exe04/05/2005  13:45            78ÿ848 msiexec.exe04/05/2005  13:45           884ÿ736 msimsg.dll04/05/2005  13:45           271ÿ360 msihnd.dll04/05/2005  13:45            15ÿ360 msisip.dll04/05/2005  13:45         2ÿ890ÿ240 msi.dll02/03/2005  19:10           578ÿ048 user32.dll02/03/2005  19:10            56ÿ832 authz.dll02/03/2005  19:08         2ÿ181ÿ376 ntoskrnl.exe02/03/2005  19:07         2ÿ058ÿ880 ntkrnlpa.exe25/02/2005  04:35            22ÿ752 spupdsvc.exe07/12/2004  20:34            96ÿ768 srvsvc.dll17/11/2004  18:42           354ÿ304 hypertrm.dll16/11/2004  22:17            68ÿ608 hlink.dll28/10/2004  02:23           728ÿ576 lsasrv.dll13/10/2004  15:12            32ÿ768 WooDial2000.dll11/08/2004  19:49             8ÿ704 asferror.dll11/08/2004  19:49           226ÿ304 wmerror.dll11/08/2004  19:49            86ÿ016 wmpshell.dll11/08/2004  19:49         3ÿ424ÿ256 wmploc.dll11/08/2004  19:49           311ÿ808 MSWMDM.dll11/08/2004  19:49           483ÿ328 Audiodev.dll11/08/2004  00:39         2ÿ362ÿ104 wmvcore.dll11/08/2004  00:39           773ÿ368 wmsdmod.dll11/08/2004  00:38           871ÿ160 wmvdmod.dll11/08/2004  00:38           531ÿ192 wmspdmod.dll11/08/2004  00:38         1ÿ181ÿ944 wmvadvd.dll11/08/2004  00:38           380ÿ144 wmadmod.dll11/08/2004  00:38           253ÿ688 drmclien.dll11/08/2004  00:38           360ÿ176 MSSCP.dll11/08/2004  00:37           290ÿ816 WMDRMNet.dll11/08/2004  00:37           344ÿ064 WMDRMdev.dll11/08/2004  00:36           527ÿ360 drmv2clt.dll11/08/2004  00:36           233ÿ472 blackbox.dll11/08/2004  00:36            95ÿ232 drmstor.dll11/08/2004  00:36           141ÿ312 msnetobj.dll10/08/2004  23:45         1ÿ509ÿ376 WMVADVE.DLL10/08/2004  23:45           221ÿ184 qasf.dll10/08/2004  23:45           712ÿ704 wmadmoe.dll10/08/2004  23:45           161ÿ792 cewmdm.dll10/08/2004  23:45           135ÿ168 wmpasf.dll10/08/2004  23:45           169ÿ472 MsPMSP.dll10/08/2004  23:45            34ÿ304 WMDMPS.dll10/08/2004  23:45           282ÿ624 wmpdxm.dll10/08/2004  23:45            25ÿ088 MsPMSNSv.dll10/08/2004  23:45            30ÿ208 WMDMLOG.dll10/08/2004  23:45         1ÿ589ÿ760 wmpencen.dll10/08/2004  23:45           936ÿ960 wmspdmoe.dll10/08/2004  23:45           999ÿ424 wmvdmoe2.dll10/08/2004  23:45           175ÿ104 wmpsrcwp.dll10/08/2004  23:45         1ÿ116ÿ160 wmsdmoe2.dll10/08/2004  23:41         5ÿ550ÿ080 setb9.tmp10/08/2004  23:41         5ÿ550ÿ080 wmp.dll10/08/2004  23:41         1ÿ027ÿ072 wmnetmgr.dll10/08/2004  23:41           229ÿ376 wmasf.dll10/08/2004  21:07           150ÿ016 wmidx.dll10/08/2004  21:07             6ÿ656 laprxy.dll10/08/2004  21:05            38ÿ912 wpd_ci.dll10/08/2004  21:05           327ÿ680 wpdsp.dll10/08/2004  21:05           331ÿ776 wpdmtpdr.dll10/08/2004  21:05           114ÿ176 wpdmtp.dll10/08/2004  21:05            66ÿ560 wpdmtpus.dll10/08/2004  21:05            61ÿ952 wpdconns.dll10/08/2004  21:05            10ÿ752 wpdtrace.dll10/08/2004  21:05            47ÿ104 uwdf.exe10/08/2004  21:05            38ÿ912 wdfmgr.exe10/08/2004  21:05            15ÿ872 wdfapi.dll10/08/2004  20:52           360ÿ448 l3codecp.acm10/08/2004  20:52            20ÿ480 wmpui.dll10/08/2004  20:52            20ÿ480 wmpcore.dll10/08/2004  20:52            20ÿ480 wmpcd.dll10/08/2004  20:52            20ÿ480 wmp.ocx10/08/2004  20:46            96ÿ768 logagent.exe05/08/2004  13:00             8ÿ192 control.exe05/08/2004  13:00            13ÿ824 convert.exe05/08/2004  13:00            35ÿ328 corpol.dll05/08/2004  13:00            27ÿ097 country.sys05/08/2004  13:00           165ÿ888 credui.dll05/08/2004  13:00           149ÿ019 crtdll.dll05/08/2004  13:00           604ÿ672 crypt32.dll05/08/2004  13:00            75ÿ776 cryptdlg.dll05/08/2004  13:00            33ÿ280 cryptdll.dll05/08/2004  13:00            54ÿ784 cryptext.dll05/08/2004  13:00            63ÿ488 cryptnet.dll05/08/2004  13:00            60ÿ416 cryptsvc.dll05/08/2004  13:00           530ÿ432 cryptui.dll05/08/2004  13:00           102ÿ912 cscdll.dll05/08/2004  13:00            98ÿ304 cscript.exe05/08/2004  13:00           337ÿ920 cscui.dll05/08/2004  13:00            32ÿ768 csrsrv.dll05/08/2004  13:00             6ÿ144 csrss.exe05/08/2004  13:00            73ÿ728 csseqchk.dll05/08/2004  13:00            15ÿ360 ctfmon.exe05/08/2004  13:00            27ÿ136 ctl3d32.dll05/08/2004  13:00            27ÿ200 ctl3dv2.dll05/08/2004  13:00             8ÿ386 ctype.nls05/08/2004  13:00            66ÿ082 c_037.nls05/08/2004  13:00            66ÿ082 c_10000.nls05/08/2004  13:00            66ÿ082 c_10006.nls05/08/2004  13:00            66ÿ082 c_10007.nls05/08/2004  13:00            66ÿ082 c_10010.nls05/08/2004  13:00            66ÿ082 c_10017.nls05/08/2004  13:00            66ÿ082 c_10029.nls05/08/2004  13:00            66ÿ082 c_10079.nls05/08/2004  13:00            66ÿ082 c_10081.nls05/08/2004  13:00            66ÿ082 c_10082.nls05/08/2004  13:00            66ÿ082 c_1026.nls05/08/2004  13:00            66ÿ082 c_1250.nls05/08/2004  13:00            66ÿ082 c_1251.nls05/08/2004  13:00            66ÿ082 c_1252.nls05/08/2004  13:00            66ÿ082 c_1253.nls05/08/2004  13:00            66ÿ082 c_1254.nls05/08/2004  13:00            66ÿ082 c_1255.nls05/08/2004  13:00            66ÿ082 c_1256.nls05/08/2004  13:00            66ÿ082 c_1257.nls05/08/2004  13:00            66ÿ082 c_1258.nls05/08/2004  13:00            66ÿ082 c_20127.nls05/08/2004  13:00           139ÿ810 c_20261.nls05/08/2004  13:00            66ÿ082 c_20866.nls05/08/2004  13:00            66ÿ082 c_20905.nls05/08/2004  13:00            66ÿ082 c_21866.nls05/08/2004  13:00            66ÿ082 c_28591.nls05/08/2004  13:00            66ÿ082 c_28592.nls05/08/2004  13:00            66ÿ082 c_28593.nls05/08/2004  13:00            66ÿ082 C_28594.NLS05/08/2004  13:00            66ÿ082 C_28595.NLS05/08/2004  13:00            66ÿ082 C_28597.NLS05/08/2004  13:00            66ÿ082 c_28598.nls05/08/2004  13:00            66ÿ082 c_28599.nls05/08/2004  13:00            66ÿ082 c_28603.nls05/08/2004  13:00            66ÿ082 c_28605.nls05/08/2004  13:00            66ÿ594 c_437.nls05/08/2004  13:00            66ÿ082 c_500.nls05/08/2004  13:00            66ÿ594 c_737.nls05/08/2004  13:00            66ÿ594 c_775.nls05/08/2004  13:00            66ÿ594 c_850.nls05/08/2004  13:00            66ÿ594 c_852.nls05/08/2004  13:00            66ÿ594 c_855.nls05/08/2004  13:00            66ÿ594 c_857.nls05/08/2004  13:00            66ÿ594 c_860.nls05/08/2004  13:00            66ÿ594 c_861.nls05/08/2004  13:00            66ÿ594 c_863.nls05/08/2004  13:00            66ÿ594 c_865.nls05/08/2004  13:00            66ÿ594 c_866.nls05/08/2004  13:00            66ÿ594 c_869.nls05/08/2004  13:00            66ÿ594 c_874.nls05/08/2004  13:00            66ÿ082 c_875.nls05/08/2004  13:00           162ÿ850 c_932.nls05/08/2004  13:00           196ÿ642 c_936.nls05/08/2004  13:00           196ÿ642 c_949.nls05/08/2004  13:00           196ÿ642 c_950.nls05/08/2004  13:00         1ÿ179ÿ648 d3d8.dll05/08/2004  13:00             8ÿ192 d3d8thk.dll05/08/2004  13:00         1ÿ689ÿ088 d3d9.dll05/08/2004  13:00           436ÿ224 d3dim.dll05/08/2004  13:00           825ÿ344 d3dim700.dll05/08/2004  13:00            34ÿ816 d3dpmesh.dll05/08/2004  13:00           590ÿ336 d3dramp.dll05/08/2004  13:00           350ÿ208 d3drm.dll05/08/2004  13:00            47ÿ616 d3dxof.dll05/08/2004  13:00            70ÿ656 amstream.dll05/08/2004  13:00            55ÿ296 dataclen.dll05/08/2004  13:00           152ÿ064 datime.dll05/08/2004  13:00            17ÿ408 alrsvc.dll05/08/2004  13:00            25ÿ088 davclnt.dll05/08/2004  13:00           153ÿ088 daxctle.ocx05/08/2004  13:00           847ÿ872 dbgeng.dll05/08/2004  13:00           640ÿ000 dbghelp.dll05/08/2004  13:00            24ÿ576 dbmsrpcn.dll05/08/2004  13:00           110ÿ592 dbnetlib.dll05/08/2004  13:00            28ÿ672 dbnmpntw.dll05/08/2004  13:00             1ÿ788 Dcache.bin05/08/2004  13:00             8ÿ704 dciman32.dll05/08/2004  13:00             5ÿ120 dcomcnfg.exe05/08/2004  13:00            39ÿ424 ddeml.dll05/08/2004  13:00            31ÿ744 ddeshare.exe05/08/2004  13:00           266ÿ240 ddraw.dll05/08/2004  13:00            27ÿ136 ddrawex.dll05/08/2004  13:00            21ÿ162 debug.exe05/08/2004  13:00            25ÿ088 defrag.exe05/08/2004  13:00           138ÿ240 desk.cpl05/08/2004  13:00            16ÿ896 deskadp.dll05/08/2004  13:00            16ÿ896 deskmon.dll05/08/2004  13:00            18ÿ944 deskperf.dll05/08/2004  13:00                 2 desktop.ini05/08/2004  13:00            59ÿ904 devenum.dll05/08/2004  13:00            32ÿ738 devmgmt.msc05/08/2004  13:00           290ÿ816 devmgr.dll05/08/2004  13:00            41ÿ131 dfrg.msc05/08/2004  13:00            82ÿ432 dfrgfat.exe05/08/2004  13:00           104ÿ960 dfrgntfs.exe05/08/2004  13:00            55ÿ808 dfrgres.dll05/08/2004  13:00            39ÿ424 dfrgsnap.dll05/08/2004  13:00           123ÿ904 dfrgui.dll05/08/2004  13:00            28ÿ672 dfsshlex.dll05/08/2004  13:00           115ÿ200 dgnet.dll05/08/2004  13:00           176ÿ157 dgrpsetu.dll05/08/2004  13:00            86ÿ044 dgsetup.dll05/08/2004  13:00           111ÿ616 dhcpcsvc.dll05/08/2004  13:00           401ÿ408 dhcpmon.dll05/08/2004  13:00            78ÿ848 dhcpsapi.dll05/08/2004  13:00           395ÿ264 diactfrm.dll05/08/2004  13:00            85ÿ504 diantz.exe05/08/2004  13:00            68ÿ608 digest.dll05/08/2004  13:00            44ÿ032 dimap.dll05/08/2004  13:00           165ÿ376 dinput.dll05/08/2004  13:00           187ÿ904 dinput8.dll05/08/2004  13:00             9ÿ216 diskcomp.com05/08/2004  13:00             7ÿ168 diskcopy.com05/08/2004  13:00         1ÿ502ÿ208 diskcopy.dll05/08/2004  13:00            33ÿ311 diskmgmt.msc05/08/2004  13:00           167ÿ936 diskpart.exe05/08/2004  13:00            19ÿ456 diskperf.exe05/08/2004  13:00            45ÿ083 dispex.dll05/08/2004  13:00            32ÿ256 wupdmgr.exe05/08/2004  13:00           230ÿ912 compstui.dll05/08/2004  13:00             5ÿ120 dllhost.exe05/08/2004  13:00             4ÿ608 dllhst3g.exe05/08/2004  13:00           225ÿ280 dmadmin.exe05/08/2004  13:00            28ÿ672 dmband.dll05/08/2004  13:00            61ÿ440 dmcompos.dll05/08/2004  13:00           330ÿ752 dmconfig.dll05/08/2004  13:00           273ÿ920 dmdlgs.dll05/08/2004  13:00           200ÿ704 dmdskmgr.dll05/08/2004  13:00           134ÿ656 dmdskres.dll05/08/2004  13:00           181ÿ248 dmime.dll05/08/2004  13:00            18ÿ432 dmintf.dll05/08/2004  13:00            35ÿ840 dmloader.dll05/08/2004  13:00            19ÿ456 dmocx.dll05/08/2004  13:00            15ÿ872 dmremote.exe05/08/2004  13:00            82ÿ432 dmscript.dll05/08/2004  13:00            24ÿ576 dmserver.dll05/08/2004  13:00           105ÿ984 dmstyle.dll05/08/2004  13:00           103ÿ424 dmsynth.dll05/08/2004  13:00           104ÿ448 dmusic.dll05/08/2004  13:00            58ÿ880 dmutil.dll05/08/2004  13:00            61ÿ440 dmview.ocx05/08/2004  13:00           148ÿ480 dnsapi.dll05/08/2004  13:00            45ÿ568 dnsrslvr.dll05/08/2004  13:00             6ÿ656 wuauserv.dll05/08/2004  13:00            47ÿ616 docprop.dll05/08/2004  13:00            48ÿ640 docprop2.dll05/08/2004  13:00            10ÿ752 doskey.exe05/08/2004  13:00            54ÿ080 dosx.exe05/08/2004  13:00            97ÿ792 dpcdll.dll05/08/2004  13:00            33ÿ040 dplay.dll05/08/2004  13:00            30ÿ208 dplaysvr.exe05/08/2004  13:00           229ÿ888 dplayx.dll05/08/2004  13:00            24ÿ064 dpmodemx.dll05/08/2004  13:00             3ÿ584 dpnaddr.dll05/08/2004  13:00           375ÿ296 dpnet.dll05/08/2004  13:00            35ÿ328 dpnhpast.dll05/08/2004  13:00            60ÿ928 dpnhupnp.dll05/08/2004  13:00             3ÿ584 dpnlobby.dll05/08/2004  13:00            62ÿ464 dpnmodem.dll05/08/2004  13:00            18ÿ432 dpnsvr.exe05/08/2004  13:00            61ÿ952 dpnwsock.dll05/08/2004  13:00            54ÿ032 dpserial.dll05/08/2004  13:00            21ÿ504 dpvacm.dll05/08/2004  13:00           213ÿ504 dpvoice.dll05/08/2004  13:00            83ÿ456 dpvsetup.exe05/08/2004  13:00           116ÿ736 dpvvox.dll05/08/2004  13:00            42ÿ768 dpwsock.dll05/08/2004  13:00            57ÿ856 dpwsockx.dll05/08/2004  13:00            30ÿ160 compobj.dll05/08/2004  13:00            37ÿ357 compmgmt.msc05/08/2004  13:00           253ÿ440 compatUI.dll05/08/2004  13:00            14ÿ336 drprov.dll05/08/2004  13:00            28ÿ400 drwatson.exe05/08/2004  13:00            47ÿ104 drwtsn32.exe05/08/2004  13:00             4ÿ656 ds16gt.dLL05/08/2004  13:00            16ÿ384 ds32gt.dll05/08/2004  13:00            62ÿ976 dsauth.dll05/08/2004  13:00           181ÿ760 dsdmo.dll05/08/2004  13:00            72ÿ192 dsdmoprp.dll05/08/2004  13:00            93ÿ696 dskquota.dll05/08/2004  13:00           150ÿ016 dskquoui.dll05/08/2004  13:00            18ÿ432 compact.exe05/08/2004  13:00           367ÿ616 dsound.dll05/08/2004  13:00                81 dsound.vxd05/08/2004  13:00         1ÿ294ÿ336 dsound3d.dll05/08/2004  13:00           145ÿ408 dsprop.dll05/08/2004  13:00             4ÿ096 dsprpres.dll05/08/2004  13:00           240ÿ640 dsquery.dll05/08/2004  13:00           218ÿ003 dssec.dat05/08/2004  13:00            52ÿ736 dssec.dll05/08/2004  13:00           137ÿ216 dssenh.dll05/08/2004  13:00           113ÿ664 dsuiext.dll05/08/2004  13:00            19ÿ456 dswave.dll05/08/2004  13:00            10ÿ752 dumprep.exe05/08/2004  13:00           304ÿ128 duser.dll05/08/2004  13:00            59ÿ392 dvdplay.exe05/08/2004  13:00            17ÿ920 dvdupgrd.exe05/08/2004  13:00            15ÿ872 comp.exe05/08/2004  13:00           180ÿ224 dwwin.exe05/08/2004  13:00           619ÿ008 dx7vb.dll05/08/2004  13:00         1ÿ227ÿ264 dx8vb.dll05/08/2004  13:00         1ÿ298ÿ432 dxdiag.exe05/08/2004  13:00         2ÿ113ÿ536 dxdiagn.dll05/08/2004  13:00           499ÿ741 dxmasf.dll05/08/2004  13:00           357ÿ888 dxtmsft.dll05/08/2004  13:00            33ÿ904 commdlg.dll05/08/2004  13:00            71ÿ102 edit.com05/08/2004  13:00            13ÿ781 edit.hlp05/08/2004  13:00            13ÿ010 edlin.exe05/08/2004  13:00           127ÿ213 ega.cpi05/08/2004  13:00           187ÿ392 els.dll05/08/2004  13:00            52ÿ103 command.com05/08/2004  13:00            20ÿ480 encapi.dll05/08/2004  13:00           186ÿ368 encdec.dll05/08/2004  13:00           103ÿ424 EqnClass.Dll05/08/2004  13:00            23ÿ040 ersvc.dll05/08/2004  13:00            10ÿ544 comm.drv05/08/2004  13:00           281ÿ088 comdlg32.dll05/08/2004  13:00         1ÿ114ÿ896 esent97.dll05/08/2004  13:00            17ÿ408 esentprf.dll05/08/2004  13:00             6ÿ708 esentprf.hxx05/08/2004  13:00         1ÿ015ÿ477 esentprf.ini05/08/2004  13:00            39ÿ424 esentutl.exe05/08/2004  13:00           195ÿ072 eudcedit.exe05/08/2004  13:00            42ÿ303 eula.txt05/08/2004  13:00            33ÿ280 eventcls.dll05/08/2004  13:00            55ÿ808 eventlog.dll05/08/2004  13:00             9ÿ216 eventvwr.exe05/08/2004  13:00            56ÿ286 eventvwr.msc05/08/2004  13:00             8ÿ424 exe2bin.exe05/08/2004  13:00            16ÿ896 expand.exe05/08/2004  13:00           380ÿ957 expsrv.dll05/08/2004  13:00           611ÿ328 COMCTL32.NU605/08/2004  13:00            45ÿ568 extrac32.exe05/08/2004  13:00           121ÿ856 exts.dll05/08/2004  13:00               882 fastopen.exe05/08/2004  13:00            80ÿ896 faultrep.dll05/08/2004  13:00            14ÿ848 fc.exe05/08/2004  13:00            21ÿ504 feclient.dll05/08/2004  13:00           611ÿ328 comctl32.dll05/08/2004  13:00           348ÿ160 filemgmt.dll05/08/2004  13:00             9ÿ216 find.exe05/08/2004  13:00            29ÿ184 findstr.exe05/08/2004  13:00            10ÿ240 finger.exe05/08/2004  13:00            80ÿ384 firewall.cpl05/08/2004  13:00             3ÿ072 fixmapi.exe05/08/2004  13:00            88ÿ064 fldrclnr.dll05/08/2004  13:00            16ÿ896 fltlib.dll05/08/2004  13:00            22ÿ528 fltMc.exe05/08/2004  13:00             3ÿ584 comcat.dll05/08/2004  13:00            25ÿ600 comaddin.dll05/08/2004  13:00            16ÿ384 fmifs.dll05/08/2004  13:00            44ÿ544 alg.exe05/08/2004  13:00           386ÿ560 fontext.dll05/08/2004  13:00            79ÿ360 fontsub.dll05/08/2004  13:00            21ÿ504 fontview.exe05/08/2004  13:00             7ÿ168 forcedos.exe05/08/2004  13:00            25ÿ600 format.com05/08/2004  13:00             9ÿ344 framebuf.dll05/08/2004  13:00            55ÿ808 freecell.exe05/08/2004  13:00            32ÿ409 fsmgmt.msc05/08/2004  13:00           193ÿ024 fsquirt.exe05/08/2004  13:00            81ÿ920 fsusd.dll05/08/2004  13:00            61ÿ952 fsutil.exe05/08/2004  13:00            46ÿ080 ftp.exe05/08/2004  13:00           177ÿ152 ftsrch.dll05/08/2004  13:00            60ÿ416 fwcfg.dll05/08/2004  13:00            41ÿ472 g711codc.ax05/08/2004  13:00            98ÿ304 ahui.exe05/08/2004  13:00            24ÿ006 gb2312.uce05/08/2004  13:00            77ÿ824 gcdef.dll05/08/2004  13:00            24ÿ576 gdi.exe05/08/2004  13:00           378ÿ880 wzcdlg.dll05/08/2004  13:00            24ÿ772 geo.nls05/08/2004  13:00           634ÿ880 getuname.dll05/08/2004  13:00           285ÿ184 glmf32.dll05/08/2004  13:00           123ÿ904 glu32.dll05/08/2004  13:00           101ÿ888 gpkcsp.dll05/08/2004  13:00            10ÿ240 gpkrsrc.dll05/08/2004  13:00            26ÿ112 graftabl.com05/08/2004  13:00            19ÿ902 graphics.com05/08/2004  13:00            21ÿ232 graphics.pro05/08/2004  13:00            39ÿ424 grpconv.exe05/08/2004  13:00            26ÿ624 cnvfat.dll05/08/2004  13:00           266ÿ752 h323.tsp05/08/2004  13:00           101ÿ888 advpack.dll05/08/2004  13:00           614ÿ912 h323msp.dll05/08/2004  13:00           131ÿ968 hal.dll05/08/2004  13:00             7ÿ168 hccoin.dll05/08/2004  13:00           157ÿ184 hdwwiz.cpl05/08/2004  13:00            16ÿ384 help.exe05/08/2004  13:00            51ÿ712 wzcsapi.dll05/08/2004  13:00           359ÿ936 wzcsvc.dll05/08/2004  13:00            20ÿ992 hid.dll05/08/2004  13:00            30ÿ208 hidphone.tsp05/08/2004  13:00             4ÿ912 himem.sys05/08/2004  13:00            91ÿ648 xactsrv.dll05/08/2004  13:00            32ÿ768 cnetcfg.dll05/08/2004  13:00            50ÿ688 cnbjmon.dll05/08/2004  13:00           347ÿ648 hnetcfg.dll05/08/2004  13:00            15ÿ360 hnetmon.dll05/08/2004  13:00           336ÿ384 hnetwiz.dll05/08/2004  13:00               929 homepage.inf05/08/2004  13:00             8ÿ704 hostname.exe05/08/2004  13:00           146ÿ944 hotplug.dll05/08/2004  13:00            18ÿ432 wtsapi32.dll05/08/2004  13:00            51ÿ200 wstdecod.dll05/08/2004  13:00            25ÿ088 wsock32.dll05/08/2004  13:00            44ÿ544 hticons.dll05/08/2004  13:00           425ÿ472 html.iec05/08/2004  13:00            24ÿ576 httpapi.dll05/08/2004  13:00            43ÿ008 htui.dll05/08/2004  13:00            40ÿ960 cmutil.dll05/08/2004  13:00           199ÿ680 iac25_32.ax05/08/2004  13:00            23ÿ552 iasacct.dll05/08/2004  13:00            41ÿ472 iasads.dll05/08/2004  13:00            32ÿ256 iashlpr.dll05/08/2004  13:00            62ÿ464 iasnap.dll05/08/2004  13:00            17ÿ920 iaspolcy.dll05/08/2004  13:00           119ÿ808 iasrad.dll05/08/2004  13:00           141ÿ312 iasrecst.dll05/08/2004  13:00            86ÿ528 iassam.dll05/08/2004  13:00           253ÿ440 iassdo.dll05/08/2004  13:00            62ÿ976 iassvcs.dll05/08/2004  13:00            11ÿ264 icaapi.dll05/08/2004  13:00            80ÿ384 iccvid.dll05/08/2004  13:00            16ÿ384 icfgnt5.dll05/08/2004  13:00            65ÿ536 cmstp.exe05/08/2004  13:00             3ÿ584 icmp.dll05/08/2004  13:00            56ÿ320 icmui.dll05/08/2004  13:00            73ÿ728 icwdial.dll05/08/2004  13:00            65ÿ536 icwphbk.dll05/08/2004  13:00            60ÿ458 ideograf.uce05/08/2004  13:00           685ÿ056 advapi32.dll05/08/2004  13:00           121ÿ856 idq.dll05/08/2004  13:00            34ÿ304 ie4uinit.exe05/08/2004  13:00           139ÿ264 ieakeng.dll05/08/2004  13:00           221ÿ696 ieaksie.dll05/08/2004  13:00           245ÿ760 ieakui.dll05/08/2004  13:00           323ÿ584 iedkcs32.dll05/08/2004  13:00            81ÿ920 ieencode.dll05/08/2004  13:00            13ÿ824 cmsetACL.dll05/08/2004  13:00            49ÿ152 iernonce.dll05/08/2004  13:00            63ÿ488 iesetup.dll05/08/2004  13:00            46ÿ298 ieuinit.inf05/08/2004  13:00           114ÿ688 iexpress.exe05/08/2004  13:00           142ÿ848 ifmon.dll05/08/2004  13:00            70ÿ656 ifsutil.dll05/08/2004  13:00             8ÿ192 igmpagnt.dll05/08/2004  13:00            81ÿ920 ils.dll05/08/2004  13:00            16ÿ384 imaadp32.acm05/08/2004  13:00           144ÿ384 imagehlp.dll05/08/2004  13:00            42ÿ496 wsnmp32.dll05/08/2004  13:00            19ÿ968 wshtcpip.dll05/08/2004  13:00            11ÿ776 WshRm.dll05/08/2004  13:00            98ÿ304 wshom.ocx05/08/2004  13:00           150ÿ016 imapi.exe05/08/2004  13:00            36ÿ921 imeshare.dll05/08/2004  13:00            35ÿ840 imgutil.dll05/08/2004  13:00           110ÿ080 imm32.dll05/08/2004  13:00           282ÿ624 inetcfg.dll05/08/2004  13:00           678ÿ400 inetcomm.dll05/08/2004  13:00           359ÿ936 inetcpl.cpl05/08/2004  13:00           121ÿ856 inetcplc.dll05/08/2004  13:00            33ÿ280 inetmib1.dll05/08/2004  13:00            75ÿ264 inetpp.dll05/08/2004  13:00            16ÿ384 inetppui.dll05/08/2004  13:00            50ÿ688 inetres.dll05/08/2004  13:00           450ÿ560 infosoft.dll05/08/2004  13:00           147ÿ456 initpki.dll05/08/2004  13:00             7ÿ168 wshnetbs.dll05/08/2004  13:00           126ÿ464 input.dll05/08/2004  13:00           191ÿ488 cmprops.dll05/08/2004  13:00           956ÿ990 instcat.sql05/08/2004  13:00           134ÿ144 intl.cpl05/08/2004  13:00            39ÿ936 iologmsg.dll05/08/2004  13:00            17ÿ408 ipconf.tsp05/08/2004  13:00            58ÿ368 ipconfig.exe05/08/2004  13:00            11ÿ776 wshisn.dll05/08/2004  13:00            95ÿ744 iphlpapi.dll05/08/2004  13:00           167ÿ424 ipmontr.dll05/08/2004  13:00           332ÿ800 ipnathlp.dll05/08/2004  13:00            14ÿ336 wship6.dll05/08/2004  13:00            57ÿ392 wshfr.dll05/08/2004  13:00            65ÿ536 wshext.dll05/08/2004  13:00            28ÿ672 wshcon.dll05/08/2004  13:00           108ÿ032 wshbth.dll05/08/2004  13:00             9ÿ216 wshatm.dll05/08/2004  13:00           148ÿ480 wscui.cpl05/08/2004  13:00           355ÿ840 ippromon.dll05/08/2004  13:00            81ÿ408 wscsvc.dll05/08/2004  13:00           114ÿ688 wscript.exe05/08/2004  13:00            13ÿ824 wscntfy.exe05/08/2004  13:00            82ÿ944 ws2_32.dll05/08/2004  13:00             3ÿ584 iprop.dll05/08/2004  13:00             4ÿ096 iprtprio.dll05/08/2004  13:00           169ÿ984 iprtrmgr.dll05/08/2004  13:00            27ÿ648 conime.exe05/08/2004  13:00           361ÿ472 ipsecsnp.dll05/08/2004  13:00           184ÿ320 ipsecsvc.dll05/08/2004  13:00           388ÿ096 ipsmsnap.dll05/08/2004  13:00            53ÿ760 ipv6.exe05/08/2004  13:00            59ÿ904 ipv6mon.dll05/08/2004  13:00            91ÿ648 ipxmontr.dll05/08/2004  13:00            74ÿ240 ipxpromn.dll05/08/2004  13:00            21ÿ504 ipxrip.dll05/08/2004  13:00            24ÿ576 ipxroute.exe05/08/2004  13:00            39ÿ936 ipxrtmgr.dll05/08/2004  13:00            66ÿ560 ipxsap.dll05/08/2004  13:00            20ÿ992 ipxwan.dll05/08/2004  13:00           199ÿ168 ir32_32.dll05/08/2004  13:00           848ÿ384 ir41_32.ax05/08/2004  13:00           120ÿ320 ir41_qc.dll05/08/2004  13:00           338ÿ432 ir41_qcx.dll05/08/2004  13:00           755ÿ200 ir50_32.dll05/08/2004  13:00           200ÿ192 ir50_qc.dll05/08/2004  13:00           183ÿ808 ir50_qcx.dll05/08/2004  13:00            13ÿ312 irclass.dll05/08/2004  13:00           380ÿ928 irprops.cpl05/08/2004  13:00            86ÿ016 isign32.dll05/08/2004  13:00            32ÿ768 isrdbg32.dll05/08/2004  13:00            14ÿ336 cmpbk32.dll05/08/2004  13:00                64 cmos.ram05/08/2004  13:00            40ÿ448 cmmon32.exe05/08/2004  13:00           154ÿ624 ivfsrc.ax05/08/2004  13:00            54ÿ784 ixsso.dll05/08/2004  13:00            47ÿ616 iyuv_32.dll05/08/2004  13:00           362ÿ496 jet500.dll05/08/2004  13:00            19ÿ968 ws2help.dll05/08/2004  13:00             5ÿ632 write.exe05/08/2004  13:00            32ÿ768 wpnpinst.exe05/08/2004  13:00            44ÿ544 jgaw400.dll05/08/2004  13:00           144ÿ896 jgdw400.dll05/08/2004  13:00            35ÿ840 jgmd400.dll05/08/2004  13:00            42ÿ496 jgpl400.dll05/08/2004  13:00            45ÿ568 jgsd400.dll05/08/2004  13:00            65ÿ536 jgsh400.dll05/08/2004  13:00            49ÿ488 jobexec.dll05/08/2004  13:00            70ÿ144 joy.cpl05/08/2004  13:00           450ÿ560 jscript.dll05/08/2004  13:00            28ÿ719 jsfr.dll05/08/2004  13:00            15ÿ872 jsproxy.dll05/08/2004  13:00             6ÿ948 kanji_1.uce05/08/2004  13:00             8ÿ484 kanji_2.uce05/08/2004  13:00            14ÿ841 kb16.com05/08/2004  13:00             6ÿ656 KBDAL.DLL05/08/2004  13:00             5ÿ632 kbdaze.dll05/08/2004  13:00             5ÿ632 kbdazel.dll05/08/2004  13:00             6ÿ144 kbdbe.dll05/08/2004  13:00             6ÿ144 kbdbene.dll05/08/2004  13:00             5ÿ632 kbdblr.dll05/08/2004  13:00             6ÿ144 kbdbr.dll05/08/2004  13:00             5ÿ632 kbdbu.dll05/08/2004  13:00             6ÿ144 kbdca.dll05/08/2004  13:00             7ÿ680 kbdcan.dll05/08/2004  13:00             6ÿ656 kbdcr.dll05/08/2004  13:00             7ÿ168 kbdcz.dll05/08/2004  13:00             6ÿ656 kbdcz1.dll05/08/2004  13:00             6ÿ656 kbdcz2.dll05/08/2004  13:00             6ÿ144 kbdda.dll05/08/2004  13:00             5ÿ120 kbddv.dll05/08/2004  13:00             6ÿ144 kbdes.dll05/08/2004  13:00             6ÿ144 kbdest.dll05/08/2004  13:00             6ÿ144 kbdfc.dll05/08/2004  13:00             6ÿ144 kbdfi.dll05/08/2004  13:00             7ÿ168 kbdfi1.dll05/08/2004  13:00             6ÿ144 kbdfo.dll05/08/2004  13:00             6ÿ144 kbdfr.dll05/08/2004  13:00             5ÿ632 kbdgae.dll05/08/2004  13:00             6ÿ144 kbdgkl.dll05/08/2004  13:00             6ÿ144 kbdgr.dll05/08/2004  13:00             6ÿ144 kbdgr1.dll05/08/2004  13:00             5ÿ632 kbdhe.dll05/08/2004  13:00             5ÿ632 kbdhe220.dll05/08/2004  13:00             5ÿ632 kbdhe319.dll05/08/2004  13:00             6ÿ144 kbdhela2.dll05/08/2004  13:00             6ÿ656 kbdhela3.dll05/08/2004  13:00             8ÿ192 kbdhept.dll05/08/2004  13:00             6ÿ656 kbdhu.dll05/08/2004  13:00             5ÿ632 kbdhu1.dll05/08/2004  13:00             6ÿ144 kbdic.dll05/08/2004  13:00             6ÿ144 kbdinbe1.dll05/08/2004  13:00             6ÿ656 kbdinben.dll05/08/2004  13:00             6ÿ656 kbdinmal.dll05/08/2004  13:00             5ÿ632 kbdir.dll05/08/2004  13:00             5ÿ632 kbdit.dll05/08/2004  13:00             5ÿ632 kbdit142.dll05/08/2004  13:00             5ÿ632 kbdkaz.dll05/08/2004  13:00             5ÿ632 kbdkyr.dll05/08/2004  13:00             6ÿ656 kbdla.dll05/08/2004  13:00             5ÿ632 kbdlt.dll05/08/2004  13:00             5ÿ632 kbdlt1.dll05/08/2004  13:00             6ÿ144 kbdlv.dll05/08/2004  13:00             6ÿ144 kbdlv1.dll05/08/2004  13:00             6ÿ144 kbdmac.dll05/08/2004  13:00             5ÿ632 kbdmaori.dll05/08/2004  13:00             6ÿ144 kbdmlt47.dll05/08/2004  13:00             6ÿ144 kbdmlt48.dll05/08/2004  13:00             5ÿ632 kbdmon.dll05/08/2004  13:00             6ÿ144 kbdne.dll05/08/2004  13:00             7ÿ168 kbdnec.dll05/08/2004  13:00             6ÿ144 kbdno.dll05/08/2004  13:00             7ÿ168 kbdno1.dll05/08/2004  13:00             6ÿ656 kbdpl.dll05/08/2004  13:00             5ÿ632 kbdpl1.dll05/08/2004  13:00             6ÿ144 kbdpo.dll05/08/2004  13:00             5ÿ632 kbdro.dll05/08/2004  13:00             5ÿ632 kbdru.dll05/08/2004  13:00             5ÿ632 kbdru1.dll05/08/2004  13:00             6ÿ144 kbdsf.dll05/08/2004  13:00             6ÿ656 kbdsg.dll05/08/2004  13:00             6ÿ656 kbdsl.dll05/08/2004  13:00             6ÿ656 kbdsl1.dll05/08/2004  13:00             7ÿ680 kbdsmsfi.dll05/08/2004  13:00             7ÿ680 kbdsmsno.dll05/08/2004  13:00             6ÿ144 kbdsp.dll05/08/2004  13:00             6ÿ144 kbdsw.dll05/08/2004  13:00             5ÿ632 kbdtat.dll05/08/2004  13:00             6ÿ144 kbdtuf.dll05/08/2004  13:00             6ÿ144 kbdtuq.dll05/08/2004  13:00             5ÿ632 kbduk.dll05/08/2004  13:00             7ÿ168 kbdukx.dll05/08/2004  13:00             5ÿ632 kbdur.dll05/08/2004  13:00             5ÿ632 kbdus.dll05/08/2004  13:00             6ÿ144 kbdusl.dll05/08/2004  13:00             6ÿ144 kbdusr.dll05/08/2004  13:00             6ÿ144 kbdusx.dll05/08/2004  13:00             5ÿ632 kbduzb.dll05/08/2004  13:00             5ÿ632 kbdycc.dll05/08/2004  13:00             6ÿ656 kbdycl.dll05/08/2004  13:00             7ÿ424 kd1394.dll05/08/2004  13:00             7ÿ040 kdcom.dll05/08/2004  13:00            72ÿ365 cmmgr32.hlp05/08/2004  13:00         1ÿ048ÿ576 kernel32.dll05/08/2004  13:00            42ÿ809 key01.sys05/08/2004  13:00             2ÿ000 keyboard.drv05/08/2004  13:00            42ÿ537 keyboard.sys05/08/2004  13:00           157ÿ184 keymgr.dll05/08/2004  13:00            33ÿ280 kmddsp.tsp05/08/2004  13:00            12ÿ876 korean.uce05/08/2004  13:00            92ÿ608 krnl386.exe05/08/2004  13:00            47ÿ104 cmdl32.exe05/08/2004  13:00           352ÿ256 cmdial32.dll05/08/2004  13:00           290ÿ816 l3codeca.acm05/08/2004  13:00           346ÿ112 confmsp.dll05/08/2004  13:00            83ÿ456 l3codecx.ax05/08/2004  13:00             9ÿ728 label.exe05/08/2004  13:00            89ÿ600 langwrbk.dll05/08/2004  13:00           224ÿ448 lanman.drv05/08/2004  13:00           400ÿ896 cmd.exe05/08/2004  13:00            15ÿ872 cmcfg32.dll05/08/2004  13:00            57ÿ856 clusapi.dll05/08/2004  13:00           102ÿ912 apcups.dll05/08/2004  13:00            33ÿ280 clipsrv.exe05/08/2004  13:00           104ÿ448 clipbrd.exe05/08/2004  13:00            28ÿ672 cliconfg.rll05/08/2004  13:00            32ÿ256 wpabaln.exe05/08/2004  13:00           263ÿ680 adsnt.dll05/08/2004  13:00            68ÿ096 adsmsext.dll05/08/2004  13:00            14ÿ336 wowfaxui.dll05/08/2004  13:00             3ÿ200 wowfax.dll05/08/2004  13:00            10ÿ608 wowexec.exe05/08/2004  13:00             2ÿ736 wowdeb.exe05/08/2004  13:00           424ÿ960 licdll.dll05/08/2004  13:00            22ÿ528 licmgr10.dll05/08/2004  13:00            58ÿ880 licwmi.dll05/08/2004  13:00            30ÿ208 lights.exe05/08/2004  13:00            20ÿ480 cliconfg.exe05/08/2004  13:00            13ÿ824 lmhsvc.dll05/08/2004  13:00           399ÿ872 lmrt.dll05/08/2004  13:00            26ÿ624 lnkstub.exe05/08/2004  13:00             1ÿ187 loadfix.com05/08/2004  13:00           100ÿ352 loadperf.dll05/08/2004  13:00           143ÿ360 adsldpc.dll05/08/2004  13:00           249ÿ270 locale.nls05/08/2004  13:00           228ÿ352 localsec.dll05/08/2004  13:00           344ÿ576 localspl.dll05/08/2004  13:00            11ÿ776 localui.dll05/08/2004  13:00            75ÿ264 locator.exe05/08/2004  13:00             5ÿ120 lodctr.exe05/08/2004  13:00            67ÿ072 console.dll05/08/2004  13:00            50ÿ688 loghours.dll05/08/2004  13:00            61ÿ952 logman.exe05/08/2004  13:00            15ÿ872 logoff.exe05/08/2004  13:00           221ÿ696 logon.scr05/08/2004  13:00           515ÿ584 logonui.exe05/08/2004  13:00           175ÿ616 adsldp.dll05/08/2004  13:00            22ÿ016 lpk.dll05/08/2004  13:00             6ÿ144 lpq.exe05/08/2004  13:00             9ÿ216 lpr.exe05/08/2004  13:00            10ÿ240 lprhelp.dll05/08/2004  13:00             9ÿ216 lprmonui.dll05/08/2004  13:00            77ÿ824 cliconfg.dll05/08/2004  13:00            13ÿ312 lsass.exe05/08/2004  13:00           265ÿ216 wow32.dll05/08/2004  13:00            61ÿ126 cliconf.chm05/08/2004  13:00           258ÿ048 wmvds32.ax05/08/2004  13:00            30ÿ720 xcopy.exe05/08/2004  13:00            65ÿ536 cleanmgr.exe05/08/2004  13:00            41ÿ847 lusrmgr.msc05/08/2004  13:00             2ÿ560 lz32.dll05/08/2004  13:00             9ÿ936 lzexpand.dll05/08/2004  13:00               168 l_except.nls05/08/2004  13:00             7ÿ046 l_intl.nls05/08/2004  13:00            73ÿ216 magnify.exe05/08/2004  13:00             8ÿ192 mag_hook.dll05/08/2004  13:00           189ÿ952 main.cpl05/08/2004  13:00            85ÿ504 makecab.exe05/08/2004  13:00           112ÿ128 mapi32.dll05/08/2004  13:00           112ÿ128 mapistub.dll05/08/2004  13:00            14ÿ848 mcastmib.dll05/08/2004  13:00            10ÿ240 mcd32.dll05/08/2004  13:00            10ÿ496 mcdsrv32.dll05/08/2004  13:00             4ÿ608 mchgrcoi.dll05/08/2004  13:00            73ÿ680 mciavi.drv05/08/2004  13:00            85ÿ504 mciavi32.dll05/08/2004  13:00            17ÿ408 mcicda.dll05/08/2004  13:00             8ÿ192 mciole16.dll05/08/2004  13:00             7ÿ680 mciole32.dll05/08/2004  13:00            35ÿ328 mciqtz32.dll05/08/2004  13:00            23ÿ040 mciseq.dll05/08/2004  13:00            25ÿ280 mciseq.drv05/08/2004  13:00            23ÿ552 mciwave.dll05/08/2004  13:00            28ÿ160 mciwave.drv05/08/2004  13:00            50ÿ176 mdhcp.dll05/08/2004  13:00           120ÿ320 mdminst.dll05/08/2004  13:00           147ÿ968 mdwmdmsp.dll05/08/2004  13:00            39ÿ434 mem.exe05/08/2004  13:00            39ÿ936 mf3216.dll05/08/2004  13:00           924ÿ432 mfc40.dll05/08/2004  13:00            45ÿ568 mfc40loc.dll05/08/2004  13:00           924ÿ432 mfc40u.dll05/08/2004  13:00         1ÿ028ÿ096 mfc42.dll05/08/2004  13:00            57ÿ344 mfc42loc.dll05/08/2004  13:00         1ÿ024ÿ000 mfc42u.dll05/08/2004  13:00            11ÿ264 clb.dll05/08/2004  13:00            22ÿ528 mfcsubs.dll05/08/2004  13:00             7ÿ680 ckcnv.exe05/08/2004  13:00            14ÿ848 mgmtapi.dll05/08/2004  13:00            46ÿ258 mib.bin05/08/2004  13:00            18ÿ944 midimap.dll05/08/2004  13:00            60ÿ928 miglibnt.dll05/08/2004  13:00            52ÿ736 migpwd.exe05/08/2004  13:00            18ÿ944 mimefilt.dll05/08/2004  13:00             5ÿ632 cisvc.exe05/08/2004  13:00           673ÿ088 mlang.dat05/08/2004  13:00           586ÿ240 mlang.dll05/08/2004  13:00             3ÿ584 mll_hp.dll05/08/2004  13:00             7ÿ680 mll_mtf.dll05/08/2004  13:00             5ÿ632 mll_qic.dll05/08/2004  13:00           816ÿ128 mmc.exe05/08/2004  13:00            79ÿ872 mmcbase.dll05/08/2004  13:00         1ÿ198ÿ080 mmcndmgr.dll05/08/2004  13:00            26ÿ112 adptif.dll05/08/2004  13:00             1ÿ490 mmdriver.inf05/08/2004  13:00            12ÿ288 mmdrv.dll05/08/2004  13:00            17ÿ920 mmfutil.dll05/08/2004  13:00           278ÿ559 wmv8ds32.ax05/08/2004  13:00           626ÿ176 mmsys.cpl05/08/2004  13:00            70ÿ688 mmsystem.dll05/08/2004  13:00            69ÿ120 ciodm.dll05/08/2004  13:00           119ÿ808 mmutilse.dll05/08/2004  13:00            34ÿ560 mnmdd.dll05/08/2004  13:00            32ÿ768 mnmsrvc.exe05/08/2004  13:00           210ÿ432 mobsync.dll05/08/2004  13:00           144ÿ384 mobsync.exe05/08/2004  13:00            19ÿ456 mode.com05/08/2004  13:00           156ÿ160 modemui.dll05/08/2004  13:00            10ÿ112 modex.dll05/08/2004  13:00            15ÿ872 more.com05/08/2004  13:00             8ÿ192 cidaemon.exe05/08/2004  13:00             8ÿ192 mountvol.exe05/08/2004  13:00             2ÿ032 mouse.drv05/08/2004  13:00           310ÿ272 mp43dmod.dll05/08/2004  13:00           384ÿ512 mp4sdmod.dll05/08/2004  13:00           118ÿ272 mpeg2data.ax05/08/2004  13:00           148ÿ992 mpg2splt.ax05/08/2004  13:00           240ÿ640 mpg4dmod.dll05/08/2004  13:00           262ÿ144 mpg4ds32.ax05/08/2004  13:00           124ÿ928 mplay32.exe05/08/2004  13:00            22ÿ016 mpnotify.exe05/08/2004  13:00            59ÿ904 mpr.dll05/08/2004  13:00            87ÿ040 mprapi.dll05/08/2004  13:00            69ÿ120 mprddm.dll05/08/2004  13:00            49ÿ152 mprdim.dll05/08/2004  13:00           114ÿ688 mprmsg.dll05/08/2004  13:00            47ÿ616 mprui.dll05/08/2004  13:00            14ÿ336 mrinfo.exe05/08/2004  13:00            61ÿ440 admparse.dll05/08/2004  13:00           102ÿ912 msaatext.dll05/08/2004  13:00            61ÿ312 msacm.dll05/08/2004  13:00            72ÿ192 msacm32.dll05/08/2004  13:00            20ÿ992 msacm32.drv05/08/2004  13:00           221ÿ184 msadds32.ax05/08/2004  13:00            14ÿ848 msadp32.acm05/08/2004  13:00             3ÿ584 msafd.dll05/08/2004  13:00            86ÿ016 msapsspc.dll05/08/2004  13:00            57ÿ344 msasn1.dll05/08/2004  13:00           294ÿ912 msaud32.acm05/08/2004  13:00            77ÿ312 msaudite.dll05/08/2004  13:00           303ÿ616 wmstream.dll05/08/2004  13:00             7ÿ168 mscat32.dll05/08/2004  13:00               817 mscdexnt.exe05/08/2004  13:00           109ÿ568 cic.dll05/08/2004  13:00            69ÿ632 msconf.dll05/08/2004  13:00            12ÿ288 mscpx32r.dLL05/08/2004  13:00            36ÿ864 mscpxl32.dLL05/08/2004  13:00           294ÿ400 MSCTF.dll05/08/2004  13:00           177ÿ152 MSCTFIME.IME05/08/2004  13:00            69ÿ120 MSCTFP.dll05/08/2004  13:00           118ÿ784 msdadiag.dll05/08/2004  13:00           151ÿ552 msdart.dll05/08/2004  13:00            12ÿ288 msdatsrc.tlb05/08/2004  13:00            14ÿ336 msdmo.dll05/08/2004  13:00             6ÿ144 msdtc.exe05/08/2004  13:00            58ÿ880 msdtclog.dll05/08/2004  13:00               768 msdtcprf.h05/08/2004  13:00             3ÿ914 msdtcprf.ini05/08/2004  13:00            41ÿ461 ciadv.msc05/08/2004  13:00           166ÿ400 ciadmin.dll05/08/2004  13:00            11ÿ264 chkntfs.exe05/08/2004  13:00           848ÿ922 msdxm.ocx05/08/2004  13:00             4ÿ126 msdxmlc.dll05/08/2004  13:00            94ÿ282 msencode.dll05/08/2004  13:00           512ÿ029 msexch40.dll05/08/2004  13:00           319ÿ517 msexcl40.dll05/08/2004  13:00            50ÿ176 xmlprovi.dll05/08/2004  13:00           537ÿ088 msftedit.dll05/08/2004  13:00            22ÿ528 msg.exe05/08/2004  13:00             9ÿ216 msg711.acm05/08/2004  13:00           118ÿ784 msg723.acm05/08/2004  13:00         1ÿ004ÿ032 msgina.dll05/08/2004  13:00            11ÿ776 chkdsk.exe05/08/2004  13:00            19ÿ968 msgsm32.acm05/08/2004  13:00            33ÿ792 msgsvc.dll05/08/2004  13:00           188ÿ416 msh261.drv05/08/2004  13:00           294ÿ912 msh263.drv05/08/2004  13:00           128ÿ000 mshearts.exe05/08/2004  13:00            29ÿ184 mshta.exe05/08/2004  13:00           445ÿ440 xpob2res.dll05/08/2004  13:00         1ÿ351ÿ168 mshtml.tlb05/08/2004  13:00             7ÿ680 chcp.com05/08/2004  13:00            57ÿ344 mshtmler.dll05/08/2004  13:00                75 ChaŒnes.scf05/08/2004  13:00            51ÿ712 msident.dll05/08/2004  13:00             6ÿ656 msidle.dll05/08/2004  13:00            16ÿ896 msidntld.dll05/08/2004  13:00           252ÿ416 msieftp.dll05/08/2004  13:00            80ÿ896 charmap.exe05/08/2004  13:00            16ÿ896 cfgmgr32.dll05/08/2004  13:00             4ÿ608 msimg32.dll05/08/2004  13:00            39ÿ424 cfgbkend.dll05/08/2004  13:00            41ÿ990 certmgr.msc05/08/2004  13:00           159ÿ232 MSIMTF.dll05/08/2004  13:00           467ÿ968 certmgr.dll05/08/2004  13:00           200ÿ192 certcli.dll05/08/2004  13:00            15ÿ872 cdmodem.dll05/08/2004  13:00         1ÿ507ÿ356 msjet40.dll05/08/2004  13:00           358ÿ976 msjetoledb40.dll05/08/2004  13:00           115ÿ200 wmsdmoe.dll05/08/2004  13:00           184ÿ351 msjint40.dll05/08/2004  13:00            27ÿ648 ccfgnt.dll05/08/2004  13:00            53ÿ279 msjter40.dll05/08/2004  13:00           241ÿ693 msjtes40.dll05/08/2004  13:00            25ÿ600 mslbui.dll05/08/2004  13:00             3ÿ072 CONFIG.TMP05/08/2004  13:00           146ÿ432 msls31.dll05/08/2004  13:00           213ÿ023 msltus40.dll05/08/2004  13:00            85ÿ504 catsrvps.dll05/08/2004  13:00           290ÿ816 msnsspc.dll05/08/2004  13:00            37ÿ376 msobjs.dll05/08/2004  13:00           252ÿ928 msoeacct.dll05/08/2004  13:00           105ÿ984 msoert2.dll05/08/2004  13:00            24ÿ576 msorc32r.dll05/08/2004  13:00           143ÿ360 msorcl32.dll05/08/2004  13:00           359ÿ936 cards.dll05/08/2004  13:00           347ÿ648 mspaint.exe05/08/2004  13:00            30ÿ208 mspatcha.dll05/08/2004  13:00           348ÿ189 mspbde40.dll05/08/2004  13:00           146ÿ432 capesnpn.dll05/08/2004  13:00            50ÿ688 camocx.dll05/08/2004  13:00            43ÿ008 msports.dll05/08/2004  13:00            48ÿ128 msprivs.dll05/08/2004  13:00            69ÿ632 msr2c.dll05/08/2004  13:00             7ÿ168 msr2cenu.dll05/08/2004  13:00            65ÿ536 msratelc.dll05/08/2004  13:00           115ÿ200 calc.exe05/08/2004  13:00            73ÿ802 msrclr40.dll05/08/2004  13:00            19ÿ456 cacls.exe05/08/2004  13:00           421ÿ919 msrd2x40.dll05/08/2004  13:00           315ÿ423 msrd3x40.dll05/08/2004  13:00            85ÿ504 cabview.dll05/08/2004  13:00            28ÿ746 msrecr40.dll05/08/2004  13:00            59ÿ904 cabinet.dll05/08/2004  13:00           552ÿ989 msrepl40.dll05/08/2004  13:00            11ÿ264 msrle32.dll05/08/2004  13:00           134ÿ656 mssap.dll05/08/2004  13:00            69ÿ632 msscds32.ax05/08/2004  13:00            50ÿ688 btpanui.dll05/08/2004  13:00           102ÿ400 msscript.ocx05/08/2004  13:00            36ÿ352 mssign32.dll05/08/2004  13:00             4ÿ608 mssip32.dll05/08/2004  13:00           101ÿ888 actxprxy.dll05/08/2004  13:00            30ÿ208 bthserv.dll05/08/2004  13:00             9ÿ037 ansi.sys05/08/2004  13:00            13ÿ312 msswch.dll05/08/2004  13:00             6ÿ656 msswchx.exe05/08/2004  13:00           281ÿ600 mstask.dll05/08/2004  13:00           258ÿ077 mstext40.dll05/08/2004  13:00           110ÿ592 bthprops.cpl05/08/2004  13:00            12ÿ288 mstinit.exe05/08/2004  13:00           115ÿ712 mstlsapi.dll05/08/2004  13:00           411ÿ648 mstsc.exe05/08/2004  13:00           655ÿ360 mstscax.dll05/08/2004  13:00           195ÿ584 msutb.dll05/08/2004  13:00           129ÿ536 msv1_0.dll05/08/2004  13:00         1ÿ355ÿ776 msvbvm50.dll05/08/2004  13:00         1ÿ392ÿ671 msvbvm60.dll05/08/2004  13:00           851ÿ968 comres.dll05/08/2004  13:00            54ÿ784 msvcirt.dll05/08/2004  13:00           565ÿ760 msvcp50.dll05/08/2004  13:00           413ÿ696 msvcp60.dll05/08/2004  13:00            20ÿ992 bthci.dll05/08/2004  13:00            46ÿ080 ipsec6.exe05/08/2004  13:00           343ÿ040 msvcrt.dll05/08/2004  13:00           253ÿ952 msvcrt20.dll05/08/2004  13:00            61ÿ440 msvcrt40.dll05/08/2004  13:00           121ÿ856 msvfw32.dll05/08/2004  13:00            25ÿ600 msvidc32.dll05/08/2004  13:00         1ÿ433ÿ600 msvidctl.dll05/08/2004  13:00           127ÿ168 msvideo.dll05/08/2004  13:00            72ÿ704 msw3prt.dll05/08/2004  13:00           831ÿ519 mswdat10.dll05/08/2004  13:00           204ÿ800 mswebdvd.dll05/08/2004  13:00            78ÿ336 browsewm.dll05/08/2004  13:00           247ÿ808 mswsock.dll05/08/2004  13:00           614ÿ429 mswstr10.dll05/08/2004  13:00           348ÿ189 msxbde40.dll05/08/2004  13:00           506ÿ368 msxml.dll05/08/2004  13:00           701ÿ440 msxml2.dll05/08/2004  13:00            43ÿ792 msxml2r.dll05/08/2004  13:00         1ÿ236ÿ480 msxml3.dll05/08/2004  13:00            51ÿ200 msxml3r.dll05/08/2004  13:00            12ÿ642 append.exe05/08/2004  13:00            77ÿ312 browser.dll05/08/2004  13:00            30ÿ720 msxmlr.dll05/08/2004  13:00            17ÿ408 msyuv.dll05/08/2004  13:00            70ÿ144 browselc.dll05/08/2004  13:00            20ÿ480 mtxdm.dll05/08/2004  13:00             4ÿ096 mtxex.dll05/08/2004  13:00            25ÿ088 mtxlegih.dll05/08/2004  13:00            22ÿ984 bopomofo.uce05/08/2004  13:00            90ÿ624 mycomput.dll05/08/2004  13:00            91ÿ648 mydocs.dll05/08/2004  13:00            55ÿ296 narrator.exe05/08/2004  13:00            36ÿ352 narrhook.dll05/08/2004  13:00            21ÿ504 nbtstat.exe05/08/2004  13:00            36ÿ352 ncobjapi.dll05/08/2004  13:00            35ÿ840 ncpa.cpl05/08/2004  13:00             5ÿ120 bootvrfy.exe05/08/2004  13:00             7ÿ680 ncxpnt.dll05/08/2004  13:00            18ÿ432 nddeapi.dll05/08/2004  13:00             4ÿ096 nddeapir.exe05/08/2004  13:00            19ÿ456 nddenb32.dll05/08/2004  13:00            57ÿ344 ndptsp.tsp05/08/2004  13:00            19ÿ456 wmiprop.dll05/08/2004  13:00            42ÿ496 net.exe05/08/2004  13:00           121ÿ876 net.hlp05/08/2004  13:00           124ÿ928 net1.exe05/08/2004  13:00           108ÿ512 netapi.dll05/08/2004  13:00           332ÿ288 netapi32.dll05/08/2004  13:00           633ÿ856 netcfgx.dll05/08/2004  13:00           114ÿ176 netdde.exe05/08/2004  13:00           251ÿ392 netevent.dll05/08/2004  13:00           291ÿ328 neth.dll05/08/2004  13:00           144ÿ896 netid.dll05/08/2004  13:00           407ÿ040 netlogon.dll05/08/2004  13:00            12ÿ288 bootvid.dll05/08/2004  13:00           200ÿ192 netmsg.dll05/08/2004  13:00           885ÿ248 netplwiz.dll05/08/2004  13:00            12ÿ288 netrap.dll05/08/2004  13:00            25ÿ600 netsetup.cpl05/08/2004  13:00           332ÿ800 netsetup.exe05/08/2004  13:00            88ÿ576 netsh.exe05/08/2004  13:00         1ÿ723ÿ904 netshell.dll05/08/2004  13:00            37ÿ888 netstat.exe05/08/2004  13:00            83ÿ456 netui0.dll05/08/2004  13:00           245ÿ760 netui1.dll05/08/2004  13:00           312ÿ832 netui2.dll05/08/2004  13:00           251ÿ392 newdev.dll05/08/2004  13:00           103ÿ936 nlhtml.dll05/08/2004  13:00             7ÿ116 nlsfunc.exe05/08/2004  13:00            12ÿ288 nmevtmsg.dll05/08/2004  13:00            28ÿ672 nmmkcert.dll05/08/2004  13:00             1ÿ696 noise.chs05/08/2004  13:00             1ÿ696 noise.cht05/08/2004  13:00               741 noise.dat05/08/2004  13:00           149ÿ848 noise.deu05/08/2004  13:00               751 noise.eng05/08/2004  13:00               751 noise.enu05/08/2004  13:00            19ÿ684 noise.esn05/08/2004  13:00            49ÿ196 noise.fra05/08/2004  13:00            19ÿ618 noise.ita05/08/2004  13:00            13ÿ256 noise.nld05/08/2004  13:00            13ÿ730 noise.sve05/08/2004  13:00               697 noise.tha05/08/2004  13:00            70ÿ656 notepad.exe05/08/2004  13:00            55ÿ296 npptools.dll05/08/2004  13:00             4ÿ096 actmovie.exe05/08/2004  13:00            79ÿ360 nslookup.exe05/08/2004  13:00           733ÿ184 ntdll.dll05/08/2004  13:00            27ÿ916 ntdos.sys05/08/2004  13:00            29ÿ146 ntdos404.sys05/08/2004  13:00            29ÿ370 ntdos411.sys05/08/2004  13:00            29ÿ274 ntdos412.sys05/08/2004  13:00            29ÿ146 ntdos804.sys05/08/2004  13:00            67ÿ072 ntdsapi.dll05/08/2004  13:00            48ÿ794 ntimage.gif05/08/2004  13:00            34ÿ000 ntio.sys05/08/2004  13:00            34ÿ560 ntio404.sys05/08/2004  13:00            35ÿ648 ntio411.sys05/08/2004  13:00            35ÿ424 ntio412.sys05/08/2004  13:00            34ÿ560 ntio804.sys05/08/2004  13:00             4ÿ608 bootok.exe05/08/2004  13:00            43ÿ520 ntlanman.dll05/08/2004  13:00            59ÿ392 ntlanui.dll05/08/2004  13:00            14ÿ848 ntlanui2.dll05/08/2004  13:00             8ÿ192 ntlsapi.dll05/08/2004  13:00           119ÿ808 ntmarta.dll05/08/2004  13:00            40ÿ960 ntmsapi.dll05/08/2004  13:00           181ÿ248 ntmsdba.dll05/08/2004  13:00            45ÿ056 ntmsevt.dll05/08/2004  13:00           496ÿ640 ntmsmgr.dll05/08/2004  13:00            25ÿ901 ntmsmgr.msc05/08/2004  13:00            32ÿ590 ntmsoprq.msc05/08/2004  13:00           438ÿ272 ntmssvc.dll05/08/2004  13:00            71ÿ680 blastcln.exe05/08/2004  13:00            91ÿ648 ntprint.dll05/08/2004  13:00            31ÿ744 ntsd.exe05/08/2004  13:00            36ÿ864 ntsdexts.dll05/08/2004  13:00           145ÿ920 ntshrui.dll05/08/2004  13:00           420ÿ864 ntvdm.exe05/08/2004  13:00            13ÿ312 ntvdmd.dll05/08/2004  13:00           261ÿ120 nusrmgr.cpl05/08/2004  13:00             7ÿ168 bitsprx3.dll05/08/2004  13:00           147ÿ968 nwprovau.dll05/08/2004  13:00           267ÿ776 oakley.dll05/08/2004  13:00           288ÿ768 objsel.dll05/08/2004  13:00            97ÿ280 occache.dll05/08/2004  13:00            63ÿ488 wmimgmt.msc05/08/2004  13:00            62ÿ976 ocmanage.dll05/08/2004  13:00            26ÿ224 odbc16gt.dll05/08/2004  13:00           249ÿ856 odbc32.dll05/08/2004  13:00            16ÿ384 odbc32gt.dll05/08/2004  13:00            32ÿ768 odbcad32.exe05/08/2004  13:00            24ÿ576 odbcbcp.dll05/08/2004  13:00           135ÿ168 odbcconf.dll05/08/2004  13:00            69ÿ632 odbcconf.exe05/08/2004  13:00             4ÿ310 odbcconf.rsp05/08/2004  13:00            32ÿ768 odbccp32.cpl05/08/2004  13:00           106ÿ496 odbccp32.dll05/08/2004  13:00            65ÿ536 odbccr32.dll05/08/2004  13:00            65ÿ536 odbccu32.dll05/08/2004  13:00             8ÿ192 bitsprx2.dll05/08/2004  13:00             5ÿ632 wmi.dll05/08/2004  13:00            98ÿ304 odbcint.dll05/08/2004  13:00            61ÿ712 odbcji32.dll05/08/2004  13:00           278ÿ559 odbcjt32.dll05/08/2004  13:00             8ÿ191 bios4.rom05/08/2004  13:00            12ÿ288 odbcp32r.dll05/08/2004  13:00            60ÿ928 wmerrFRA.dll05/08/2004  13:00            28ÿ420 bios1.rom05/08/2004  13:00           147ÿ456 odbctrac.dll05/08/2004  13:00            20ÿ511 oddbse32.dll05/08/2004  13:00            20ÿ510 odexl32.dll05/08/2004  13:00            20ÿ510 odfox32.dll05/08/2004  13:00            20ÿ510 odpdx32.dll05/08/2004  13:00            20ÿ511 odtext32.dll05/08/2004  13:00        13ÿ107ÿ200 oembios.bin05/08/2004  13:00             4ÿ461 oembios.dat05/08/2004  13:00             6ÿ761 oembios.sig05/08/2004  13:00            17ÿ408 bidispl.dll05/08/2004  13:00           120ÿ832 offfilt.dll05/08/2004  13:00            39ÿ744 ole2.dll05/08/2004  13:00           169ÿ520 ole2disp.dll05/08/2004  13:00           153ÿ008 ole2nls.dll05/08/2004  13:00             8ÿ704 batt.dll05/08/2004  13:00           163ÿ328 oleacc.dll05/08/2004  13:00            18ÿ944 oleaccrc.dll05/08/2004  13:00           553ÿ472 oleaut32.dll05/08/2004  13:00            83ÿ456 olecli.dll05/08/2004  13:00            28ÿ672 batmeter.dll05/08/2004  13:00            52ÿ736 basesrv.dll05/08/2004  13:00           119ÿ808 oledlg.dll05/08/2004  13:00           110ÿ592 oleprn.dll05/08/2004  13:00            83ÿ456 olepro32.dll05/08/2004  13:00            24ÿ064 olesvr.dll05/08/2004  13:00            22ÿ016 olesvr32.dll05/08/2004  13:00            69ÿ120 olethk32.dll05/08/2004  13:00           713ÿ728 opengl32.dll05/08/2004  13:00           216ÿ576 osk.exe05/08/2004  13:00            68ÿ096 osuninst.dll05/08/2004  13:00            41ÿ984 osuninst.exe05/08/2004  13:00           116ÿ224 p2p.dll05/08/2004  13:00            86ÿ016 p2pgasvc.dll05/08/2004  13:00           312ÿ320 p2pgraph.dll05/08/2004  13:00            88ÿ064 p2pnetsh.dll05/08/2004  13:00           526ÿ848 p2psvc.dll05/08/2004  13:00            59ÿ904 packager.exe05/08/2004  13:00            10ÿ240 panmap.dll05/08/2004  13:00           157ÿ696 paqsp.dll05/08/2004  13:00            22ÿ528 pathping.exe05/08/2004  13:00            65ÿ024 pautoenr.dll05/08/2004  13:00            73ÿ216 avwav.dll05/08/2004  13:00               114 pcl.sep05/08/2004  13:00           286ÿ208 pdh.dll05/08/2004  13:00            15ÿ360 pentnt.exe05/08/2004  13:00           111ÿ104 activeds.tlb05/08/2004  13:00           194ÿ048 activeds.dll05/08/2004  13:00               427 perfci.h05/08/2004  13:00             3ÿ030 perfci.ini05/08/2004  13:00            42ÿ496 perfctrs.dll05/08/2004  13:00            28ÿ626 perfd009.dat05/08/2004  13:00            34ÿ108 perfd00C.dat05/08/2004  13:00            27ÿ136 perfdisk.dll05/08/2004  13:00               140 perffilt.h05/08/2004  13:00             1ÿ293 perffilt.ini05/08/2004  13:00           119ÿ296 aclui.dll05/08/2004  13:00           135ÿ680 acledit.dll05/08/2004  13:00           272ÿ128 perfi009.dat05/08/2004  13:00           322ÿ810 perfi00C.dat05/08/2004  13:00            15ÿ872 perfmon.exe05/08/2004  13:00

fleurdelys · Answer

ca t'en fait des lignes a controler !! lol  merciLe volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est C82D-BE27 R‚pertoire de C:\DOCUME~1\Mag\LOCALS~1\Temp14/12/2005  15:27         2ÿ048ÿ000 Acr13.tmp11/12/2005  19:12            16ÿ384 ~DFE39B.tmp11/12/2005  18:48            16ÿ384 ~DFA0F5.tmp11/12/2005  16:19             4ÿ764 bt7825.bat11/12/2005  14:25               717 control.xml11/12/2005  12:44         1ÿ584ÿ415 TFRA.tmp11/12/2005  11:55               932 spng_redir.html               7 fichier(s)        3ÿ671ÿ596 octets               0 R‚p(s)  121ÿ229ÿ254ÿ656 octets libres Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est C82D-BE27 R‚pertoire de C:\WINDOWS18/12/2005  16:04                 0 0.log18/12/2005  16:04           898ÿ185 WindowsUpdate.log18/12/2005  16:04               159 wiadebug.log18/12/2005  16:04                50 wiaservc.log18/12/2005  16:04             2ÿ048 bootstat.dat17/12/2005  19:23            32ÿ612 SchedLgU.Txt15/12/2005  19:40            12ÿ513 ocmsn.log15/12/2005  19:40             9ÿ393 KB910437.log15/12/2005  19:40            50ÿ031 ntdtcsetup.log15/12/2005  19:40             1ÿ393 imsins.log15/12/2005  19:40            85ÿ566 comsetup.log15/12/2005  19:40            88ÿ532 tsoc.log15/12/2005  19:40            34ÿ687 iis6.log15/12/2005  19:40            11ÿ377 msgsocm.log15/12/2005  19:40           221ÿ750 FaxSetup.log15/12/2005  19:40           113ÿ829 ocgen.log15/12/2005  19:40           482ÿ030 setupapi.log15/12/2005  19:40            19ÿ520 updspapi.log15/12/2005  19:40             1ÿ393 imsins.BAK15/12/2005  19:40            16ÿ379 KB905915.log11/12/2005  17:00                69 NeroDigital.ini11/12/2005  16:41           570ÿ480 ntbtlog.txt11/12/2005  15:59           176ÿ518 setupact.log11/12/2005  15:25               259 SYSTEM.INI11/12/2005  15:25               739 win.ini11/12/2005  14:25            12ÿ159 wmsetup.log11/12/2005  13:43             8ÿ192 Lobel.pcb11/12/2005  12:52            54ÿ156 QTFont.qfn10/12/2005  17:52                58 WFXDEL.BAT10/12/2005  14:39           638ÿ428 Bobsaver.exe10/12/2005  14:39           362ÿ880 Bobsaver.scr10/12/2005  14:39            29ÿ696 mickey32.dll03/12/2005  17:36             1ÿ409 QTFont.for19/11/2005  14:08                28 Lobel.acl19/11/2005  14:06                50 cdplayer.ini10/11/2005  19:32            11ÿ862 KB896424.log27/10/2005  14:35               237 wmsetup10.log27/10/2005  14:04               105 UMXADDIN.INI27/10/2005  14:03               525 MAXLINK.INI27/10/2005  13:29           316ÿ640 WMSysPr9.prx27/10/2005  13:14               154 adidsl.ini27/10/2005  13:09                21 Fast800.ini26/10/2005  08:43            32ÿ704 KB900725.log26/10/2005  08:42            30ÿ137 KB905749.log26/10/2005  08:42            25ÿ589 KB896688.log26/10/2005  08:42            24ÿ634 KB904706.log26/10/2005  08:42            24ÿ929 KB905414.log26/10/2005  08:42            24ÿ115 KB901017.log26/10/2005  08:42            29ÿ469 KB902400.log26/10/2005  08:42            20ÿ654 KB894391.log26/10/2005  08:42            18ÿ779 KB896423.log26/10/2005  08:42            18ÿ272 KB899587.log26/10/2005  08:42            17ÿ767 KB899591.log26/10/2005  08:42            17ÿ949 KB893756.log26/10/2005  08:42            17ÿ316 KB896358.log26/10/2005  08:42            18ÿ898 KB890859.log26/10/2005  08:42            14ÿ847 KB901214.log26/10/2005  08:42            14ÿ994 KB893066.log26/10/2005  08:41            14ÿ654 KB896428.log26/10/2005  08:41            14ÿ983 KB896422.log26/10/2005  08:41            15ÿ360 KB890046.log26/10/2005  08:41            13ÿ792 KB885250.log26/10/2005  08:41            14ÿ244 KB885835.log26/10/2005  08:41            13ÿ219 KB887742.log26/10/2005  08:41            12ÿ664 KB888113.log26/10/2005  08:41            12ÿ708 KB891781.log26/10/2005  08:41            12ÿ619 KB887472.log26/10/2005  08:41            12ÿ641 KB888302.log26/10/2005  08:41            12ÿ103 KB885836.log26/10/2005  08:41             8ÿ435 KB886185.log26/10/2005  08:41            12ÿ094 KB873339.log26/10/2005  08:28           793ÿ192 setuplog.txt25/10/2005  16:54                 0 Sti_Trace.log25/10/2005  16:52             1ÿ470 regopt.log25/10/2005  16:51                 0 setuperr.log25/10/2005  16:02             7ÿ712 KB898461.log25/10/2005  16:02             6ÿ420 KB893803v2.log25/10/2005  15:40            20ÿ998 ydi.log25/10/2005  15:38             3ÿ994 Ascd_tmp.ini25/10/2005  15:04               833 OEWABLog.txt25/10/2005  15:01             8ÿ192 REGLOCS.OLD25/10/2005  14:58                 0 control.ini25/10/2005  14:58             4ÿ205 ODBCINST.INI25/10/2005  14:58               749 WindowsShell.Manifest25/10/2005  14:56                37 vbaddin.ini25/10/2005  14:56                36 vb.ini25/10/2005  14:56               133 DtcInstall.log25/10/2005  14:56             1ÿ022 sessmgr.setup.log25/10/2005  14:55               200 cmsetacl.log27/05/2005  00:22            10ÿ752 hh.exe14/03/2005  13:38               469 bdoscandellang.ini04/03/2005  14:10           106ÿ496 bdoscandel.exe05/08/2004  13:00         1ÿ086ÿ058 SET4.tmp05/08/2004  13:00            14ÿ043 SET8.tmp05/08/2004  13:00                 2 desktop.ini05/08/2004  13:00            16ÿ730 Plume.bmp05/08/2004  13:00            26ÿ582 Granit vert.bmp05/08/2004  13:00         1ÿ014ÿ836 SET3.tmp05/08/2004  13:00            70ÿ656 NOTEPAD.EXE05/08/2004  13:00            65ÿ832 Mur de Santa Fe.bmp05/08/2004  13:00            39ÿ340 wmprfFRA.prx05/08/2004  13:00             1ÿ272 Rosace bleue 16.bmp05/08/2004  13:00            15ÿ872 TASKMAN.EXE05/08/2004  13:00            17ÿ062 Tasse … caf‚.bmp05/08/2004  13:00            82ÿ944 clock.avi05/08/2004  13:00            94ÿ864 twain.dll05/08/2004  13:00            50ÿ688 twain_32.dll05/08/2004  13:00            49ÿ680 twunk_16.exe05/08/2004  13:00            25ÿ600 twunk_32.exe05/08/2004  13:00             9ÿ522 Zapotec.bmp05/08/2004  13:00            49ÿ102 winnt256.bmp05/08/2004  13:00             1ÿ405 msdfmap.ini05/08/2004  13:00            26ÿ680 RiviŠre Sumida.bmp05/08/2004  13:00            17ÿ362 Rhododendron.bmp05/08/2004  13:00            65ÿ954 Vent de prairie.bmp05/08/2004  13:00            18ÿ944 vmmreg32.dll05/08/2004  13:00            65ÿ978 Bulles de savon.bmp05/08/2004  13:00         1ÿ036ÿ288 explorer.exe05/08/2004  13:00           153ÿ088 regedit.exe05/08/2004  13:00            17ÿ336 Jour de pˆche.bmp05/08/2004  13:00                80 explorer.scf05/08/2004  13:00            49ÿ102 winnt.bmp05/08/2004  13:00           256ÿ768 winhelp.exe05/08/2004  13:00           288ÿ256 winhlp32.exe05/08/2004  13:00               707 _default.pif12/05/2003  15:55           978ÿ944 SynthCoreA.Dll17/02/2003  08:36               342 adiras.ini03/01/2003  16:28                74 PMINI.ini30/08/2002  12:59           380ÿ928 SynCor.exe14/08/2001  16:38           308ÿ736 IsUn040c.exe17/12/1999  11:13            86ÿ016 unvise32.exe29/10/1998  16:45           306ÿ688 IsUninst.exe17/12/1996  00:00            38ÿ468 MSO97.ACL             133 fichier(s)       12ÿ582ÿ420 octets               0 R‚p(s)  121ÿ229ÿ246ÿ464 octets libres Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est C82D-BE27 R‚pertoire de C:\18/12/2005  16:10                 0 sys.txt18/12/2005  16:10             6ÿ857 system.txt18/12/2005  16:10               593 systemtemp.txt18/12/2005  16:09            92ÿ978 system32.txt18/12/2005  16:04       805ÿ306ÿ368 pagefile.sys11/12/2005  19:38                 8 rech.txt)11/12/2005  15:25               216 boot.ini04/12/2005  17:47             9ÿ836 hpfr5550.log25/10/2005  14:58                 0 AUTOEXEC.BAT25/10/2005  14:58                 0 IO.SYS25/10/2005  14:58                 0 CONFIG.SYS25/10/2005  14:58                 0 MSDOS.SYS05/08/2004  13:00             4ÿ952 Bootfont.bin05/08/2004  13:00            47ÿ564 NTDETECT.COM05/08/2004  13:00           251ÿ712 ntldr              15 fichier(s)      805ÿ721ÿ084 octets               0 R‚p(s)  121ÿ229ÿ242ÿ368 octets libres

fleurdelys · Answer

voila L2MFIX find log 121605 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] "DLLName"="Ati2evxx.dll" "Asynchronous"=dword:00000000 "Impersonate"=dword:00000001 "Lock"="AtiLockEvent" "Logoff"="AtiLogoffEvent" "Logon"="AtiLogonEvent" "Disconnect"="AtiDisConnectEvent" "Reconnect"="AtiReConnectEvent" "Safe"=dword:00000000 "Shutdown"="AtiShutdownEvent" "StartScreenSaver"="AtiStartScreenSaverEvent" "StartShell"="AtiStartShellEvent" "Startup"="AtiStartupEvent" "StopScreenSaver"="AtiStopScreenSaverEvent" "Unlock"="AtiUnLockEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify ermsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia" "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo" "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Page de propri‚t‚s des versions pr‚c‚dentes" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Versions pr‚c‚dentes" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{BB7DF450-F119-11CD-8465-00AA00425D90}"="Microsoft Access Custom Icon Handler" "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band" ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ browseui.dll Thu 24 Nov 2005 1:08:34 A.... 1 022 976 999,00 K cdfview.dll Fri 21 Oct 2005 4:41:00 A.... 152 064 148,50 K danim.dll Sat 5 Nov 2005 4:17:22 A.... 1 056 768 1,01 M dxtrans.dll Fri 21 Oct 2005 4:41:00 A.... 205 312 200,50 K esent.dll Thu 20 Oct 2005 23:25:54 A.... 1 097 728 1,05 M extmgr.dll Fri 21 Oct 2005 4:41:00 A.... 55 808 54,50 K gdi32.dll Thu 6 Oct 2005 4:18:12 A.... 280 064 273,50 K iepeers.dll Fri 21 Oct 2005 4:41:00 A.... 251 392 245,50 K inseng.dll Fri 21 Oct 2005 4:41:00 A.... 96 768 94,50 K msgplu~1.dll Thu 27 Oct 2005 19:32:48 A.... 45 640 44,57 K mshtml.dll Thu 24 Nov 2005 1:08:36 A.... 3 013 632 2,87 M mshtmled.dll Fri 21 Oct 2005 4:41:04 A.... 448 512 438,00 K msrating.dll Fri 21 Oct 2005 4:41:04 A.... 146 432 143,00 K msssc.dll Tue 25 Oct 2005 15:27:18 A.... 44 0,04 K mstime.dll Fri 21 Oct 2005 4:41:04 A.... 530 944 518,50 K pncrt.dll Sun 30 Oct 2005 19:15:36 A.... 278 528 272,00 K pndx5016.dll Sun 30 Oct 2005 19:15:38 A.... 6 656 6,50 K pndx5032.dll Sun 30 Oct 2005 19:15:38 A.... 5 632 5,50 K pngfilt.dll Fri 21 Oct 2005 4:41:04 A.... 39 424 38,50 K rmoc3260.dll Sun 30 Oct 2005 19:15:44 A.... 176 167 172,04 K shdocvw.dll Thu 1 Dec 2005 5:01:16 A.... 1 492 992 1,42 M shell32.dll Fri 23 Sep 2005 4:07:00 A.... 8 506 880 8,11 M shlwapi.dll Fri 21 Oct 2005 4:41:04 A.... 474 112 463,00 K sirenacm.dll Wed 12 Oct 2005 23:11:06 A.... 118 784 116,00 K spmsg.dll Thu 13 Oct 2005 0:15:24 ..... 15 072 14,72 K urlmon.dll Sat 5 Nov 2005 4:17:26 A.... 606 208 592,00 K wininet.dll Fri 21 Oct 2005 4:41:06 A.... 662 528 647,00 K 27 items found: 27 files, 0 directories. Total of file sizes: 20 787 067 bytes 19,82 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est C82D-BE27 R‚pertoire de C:\WINDOWS\System32 15/12/2005 19:40 dllcache 25/10/2005 15:02 Microsoft 0 fichier(s) 0 octets 2 R‚p(s) 121ÿ227ÿ517ÿ952 octets libres

Utilisateur anonyme · Answer

salutdepuis j ai eu le temps de confectionner un petit programme avec Moe31Telecharge cecihttp://cjoint.com/?mrlUOG2MIa Execute le, ouvre HcsrchPuis le bloc note s ouvre, copie/colle le rapporta+

fleurdelys · Answer

sltle lien est mort je crois, j'arrive pas a le telecharger

Utilisateur anonyme · Answer

re,chez moi il marche pourtant...Essai celui la, je viens de le creerhttp://cjoint.com/?msr2FKfjVpa+

fleurdelys · Answer

voilaRapport fait à 18:02:06,71 le 18/12/2005Executé à partir de C:\Documents and Settings\magOS: Microsoft Windows XP [version 5.1.2600]*********************************************Vérification HKLM\...\...\...\...\ruins*********************************************Fichiers détectés :C:\WINDOWS\System32\close.bmp Présent !C:\WINDOWS\System32\dating.bmp Présent !C:\WINDOWS\System32\gambling.bmp Présent !C:\WINDOWS\System32\idesk.conf Présent !C:\WINDOWS\System32\pharmacy.bmp Présent !C:\WINDOWS\System32\spyware.bmp Présent !C:\WINDOWS\System32\xxx.bmp Présent !*********************************************Recherche des processus aleatoiresd'après les modèles : cs***.exe, dm***.exe, ya***.exeC:\WINDOWS\System32*********************************************Recherche presence  C:\WINDOWS\System32\idemlog.exe... non trouvé...

Utilisateur anonyme · Answer

saluttu peux remettre un hijack this et jte donne la manipa+

fleurdelys · Answer

voila  Logfile of HijackThis v1.99.1Scan saved at 18:18:13, on 18/12/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wdfmgr.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Analog Devices\SoundMAX\SMTray.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\PROGRA~1\Wanadoo\CnxMon.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exeC:\Program Files\ScanSoft\OmniPageSE\opware32.exeC:\Program Files\Fichiers communs\Real\Update_OB\realsched.exeC:\Program Files\QuickTime\qttask.exeC:\PROGRA~1\Wanadoo\TaskbarIcon.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeC:\Program Files\Wanadoo\EspaceWanadoo.exeC:\Program Files\Wanadoo\ComComp.exeC:\Program Files\Wanadoo\Watch.exeC:\Program Files\Windows Media Player\wmplayer.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\mag\Mes documents\Ma musique\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = WanadooR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLLO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exeO4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exeO4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exeO4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeO9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exeO9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exeO9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{9BAF614D-7EA9-4421-A30F-266504D9EC43}: NameServer = 80.10.246.130 80.10.246.3O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - AppInit_DLLs: MsgPlusLoader.dllO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Utilisateur anonyme · Answer

Merci,Télécharge: Pocket Killbox ici http://www.downloads.subratam.org/KillBox.exe :: Démo d utilisation (merci a Balltrap34 pour cette réalisation) ::http://pageperso.aol.fr/balltrap34/killbox.htm **Avec la methode du bloc note(cf video), voici la liste:C:\WINDOWS\System32\close.bmp C:\WINDOWS\System32\dating.bmp C:\WINDOWS\System32\gambling.bmp C:\WINDOWS\System32\idesk.conf C:\WINDOWS\System32\pharmacy.bmp C:\WINDOWS\System32\spyware.bmp C:\WINDOWS\System32\xxx.bmp Laisse le pc redemarrer ou redemarre le toi meme s il ne le fait pasPuis remet le rapport du prog stpA+

fleurdelys · Answer

ca yé j'ai plus rien ki apparait !! ya encor des truc a suppr ?merciLogfile of HijackThis v1.99.1Scan saved at 18:58:02, on 18/12/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wdfmgr.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wbem\wmiprvse.exeC:\Program Files\Analog Devices\SoundMAX\SMTray.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\PROGRA~1\Wanadoo\CnxMon.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exeC:\Program Files\ScanSoft\OmniPageSE\opware32.exeC:\Program Files\Fichiers communs\Real\Update_OB\realsched.exeC:\Program Files\QuickTime\qttask.exeC:\PROGRA~1\Wanadoo\TaskbarIcon.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Wanadoo\EspaceWanadoo.exeC:\Program Files\Wanadoo\ComComp.exeC:\Program Files\Wanadoo\Watch.exeC:\Documents and Settings\mag\Mes documents\Ma musique\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = WanadooR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLLO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exeO4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exeO4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exeO4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeO9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exeO9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exeO9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{9BAF614D-7EA9-4421-A30F-266504D9EC43}: NameServer = 80.10.246.130 80.10.246.3O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - AppInit_DLLs: MsgPlusLoader.dllO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"Silent Runners.vbs", revision 41, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]"desktop" = "C:\WINDOWS\system32\idemlog.exe" [empty string]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"Smapp" = "C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" ["Analog Devices, Inc."]"ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]"WooCnxMon" = "C:\PROGRA~1\Wanadoo\CnxMon.exe" [empty string]"WOOWATCH" = "C:\PROGRA~1\Wanadoo\Watch.exe" ["France Télécom R&D"]"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" ["HP"]"Omnipage" = "C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" ["ScanSoft, Inc"]"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot" ["RealNetworks, Inc."]"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]"WOOTASKBARICON" = "C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [null data]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]"{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\soa800.dll" [MS]"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\INFECTION WARNING! "AppInit_DLLs" = "MsgPlusLoader.dll" ["Patchou"]HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\INFECTION WARNING! "System" = "cszdh.exe" [null data]HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]HKLM\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]Active Desktop and Wallpaper:-----------------------------Active Desktop is disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateHKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\mag\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"Startup items in "mag" & "All Users" startup folders:-------------------------------------------------------C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [empty string]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------Extensions (Tools menu items, main toolbar menu buttons)HKCU\Software\Microsoft\Internet Explorer\Extensions\{1462651F-F4BA-4C76-A001-C4284D0FE16E}\"ButtonText" = "Wanadoo""Exec" = "http://www.wanadoo.fr" [file not found]HKLM\Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messager Wanadoo""MenuText" = "Messager Wanadoo""Exec" = "C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe" ["France Telecom"]Miscellaneous IE Hijack Points------------------------------C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")Added lines (compared with English-language version):[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"Missing lines (compared with English-language version):[Strings]: 1 lineHKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\"{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = "Search Class" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\SEARCH~1.DLL" [empty string]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]Print Monitors:---------------HKLM\System\CurrentControlSet\Control\Print\Monitors\hpzlnt05\Driver = "hpzlnt05.dll" ["HP"]

Utilisateur anonyme · Answer

reet l autre programme stp?a+

fleurdelys · Answer

Rapport fait à 19:33:47,95 le 18/12/2005Executé à partir de C:\Documents and Settings\magOS: Microsoft Windows XP [version 5.1.2600]*********************************************Vérification HKLM\...\...\...\...\ruins*********************************************Fichiers détectés :*********************************************Recherche des processus aleatoiresd'après les modèles : cs***.exe, dm***.exe, ya***.exeC:\WINDOWS\System32*********************************************Recherche presence  C:\WINDOWS\System32\idemlog.exe... non trouvé...

Utilisateur anonyme · Answer

ok ou en sont t es soucisa+

fleurdelys · Answer

apparemment c nikel la pub ne s'affiche plusj'v essayer de reinstaller mon antivirus jte tien au courantya plus de risques ?a+

Utilisateur anonyme · Answer

non pas de risque qu il reviennea+

fleurdelys · Answer

rej'ai reinstaller norton ms il ne vt pa se lancer et j'ai toujours une alerte XP m'informant que norton est installer mais que son statut est inconnu !

Utilisateur anonyme · Answer

salutdesinstalle norton et installe avasthttp://www.avast.com/eng/download-avast-home.htmla+

fleurdelys · Answer

tu c pa d'ou ca pt venir ?Quand j'ai ete contaminer par le spyware ya un antivirus qui s'est installer (unspypc) ca pt pas venir de la ? le pc ma mis le spyware par default ?a+

Utilisateur anonyme · Answer

Installe avast, norton est une usine a gaza+

Pb de virus

74 réponses

Votre réponse

Discussions similaires

Newsletters