Sujet Précédent Sujet Suivant

Infecté par virus conhook et vundo:help

Résolu/Fermé
edom Messages postés 225 Date d'inscription lundi 10 juillet 2006 Statut Membre Dernière intervention 17 septembre 2012 - 9 nov. 2007 à 06:50
chrifleur Messages postés 1091 Date d'inscription samedi 29 septembre 2007 Statut Contributeur Dernière intervention 19 novembre 2008 - 12 nov. 2007 à 14:42
Bonjour à vous je post pour mon ami qui vient de se mettre à internet et qui s'est choppé des vilaines bêbêtes donc je post pour lui à partir de mon pc ,je prends les devants en quelque sorte,voici son rapport avec un scan bitdefender merci à vous d'avance pour pouvoir nous aidés:


BitDefender Online Scanner







Rapport d'analyse généré à: Thu, Nov 08, 2007 - 21:01:58









Voie d'analyse: C:\;D:\;E:\;G:\;I:\;J:\;















Statistiques

Temps


00:58:50

Fichiers


181525

Directoires


9176

Secteurs de boot


5

Archives


6625

Paquets programmes


10680







Résultats

Virus identifiés


4

Fichiers infectés


5

Fichiers suspects


0

Avertissements


0

Désinfectés


0

Fichiers effacés


3







Info sur les moteurs

Définition virus


860647

Version des moteurs


AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Analyse des plugins


14

Archive des plugins


38

Unpack des plugins


7

E-mail plugins


6

Système plugins


1







Paramètres d'analyse

Première action


Désinfecté

Seconde Action


Supprimé

Heuristique


Oui

Acceptez les avertissements


Oui

Extensions analysées


*;

Excludez les extensions




Analyse d'emails


Oui

Analyse des Archives


Oui

Analyser paquets programmes


Oui

Analyse des fichiers


Oui

Analyse de boot


Oui








Fichier analysé


Statut

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP623\A0237840.dll


Infecté par: Trojan.Conhook.CX

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP623\A0237840.dll


Echec de la désinfection

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP623\A0237840.dll


Supprimé

C:\WINDOWS\system32\i


Infecté par: Generic.Botget.98B8FA08

C:\WINDOWS\system32\i


Supprimé

C:\WINDOWS\system32\khfcdcc.dll


Infecté par: Trojan.Vundo.DOB

C:\WINDOWS\system32\khfcdcc.dll


Echec de la désinfection

C:\WINDOWS\system32\khfcdcc.dll


Supprimé

C:\WINDOWS\system32\mljgghi.dll


Infecté par: Trojan.Conhook.CX

C:\WINDOWS\system32\mljgghi.dll


Echec de la désinfection

C:\WINDOWS\system32\mljgghi.dll


Echec de la suppression

C:\WINDOWS\system32\mljgh.dll


Infecté par: Trojan.Vundo.DPP

C:\WINDOWS\system32\mljgh.dll


Echec de la désinfection

C:\WINDOWS\system32\mljgh.dll


Echec de la suppression

26 réponses

  • 1
  • 2
Réponse 1 / 26
chrifleur Messages postés 1091 Date d'inscription samedi 29 septembre 2007 Statut Contributeur Dernière intervention 19 novembre 2008 18
9 nov. 2007 à 10:24
Télécharge VundoFix.exe (par Atribune) sur ton Bureau
http://www.atribune.org/ccount/click.php?id=4
clic double sur VundoFix.exe afin de le lancer
clic sur le bouton Scan for Vundo
Lorsque le scan est complété, clic sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clic YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer;
clic OK
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci haut, à partir de "clic sur le bouton Scan for Vundo".
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

poste un rapport hijack this
télécharge et installe le logiciel HijackThis
https://www.pcastuces.com/logitheque/hijackthis.htm
tuto pour l’utiliser
regarde ici c'est parfaitement expliqué en images
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
0
Réponse 2 / 26
edom Messages postés 225 Date d'inscription lundi 10 juillet 2006 Statut Membre Dernière intervention 17 septembre 2012 6
9 nov. 2007 à 16:48
Bonjour j'ai fait un scan de vundofix mais il n'a pas trouvé de fichiers infectés(apparemment coriace la bestiole) donc voila mon hijack.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:45:45, on 09/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE
C:\Program Files\DefenseDuDisque\SysRep.exe
C:\PROGRA~1\DEFENS~1\ugescw.exe
C:\Program Files\Fichiers communs\DefenseDuDisque\strpmon.exe
C:\Program Files\MonContenuassistant\GDC.exe
C:\PROGRA~1\MONCON~1\UGDCcw.exe
C:\Program Files\Fichiers communs\MonContenuassistant\mc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\marconnet\Bureau\hijackthis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {25997E08-274A-4217-8F71-C89C754242C1} - C:\WINDOWS\System32\mljgghi.dll
O2 - BHO: (no name) - {E5217E9D-9EB8-4124-A5DC-F134B6EF0FB2} - C:\WINDOWS\System32\mljgh.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo RX640 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE /P31 "EPSON Stylus Photo RX640 Series" /O6 "USB001" /M "Stylus Photo RX640"
O4 - HKLM\..\Run: [DefenseDuDisque] C:\Program Files\DefenseDuDisque\SysRep.exe
O4 - HKLM\..\Run: [ugescw] "C:\PROGRA~1\DEFENS~1\ugescw.exe" -start
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\DefenseDuDisque\strpmon.exe" dm=http://defensedudisque.com; ad=http://defensedudisque.com
O4 - HKLM\..\Run: [MonContenuassistant] "C:\Program Files\MonContenuassistant\GDC.exe"
O4 - HKLM\..\Run: [ugdccw] "C:\PROGRA~1\MONCON~1\UGDCcw.exe" -start
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Fichiers communs\MonContenuassistant\mc.exe" dm=http://moncontenuassistant.com; ad=http://moncontenuassistant.com
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MonContenuassistant] C:\Program Files\MonContenuassistant\GDC.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O20 - Winlogon Notify: mljgghi - C:\WINDOWS\SYSTEM32\mljgghi.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
0
Réponse 3 / 26
chrifleur Messages postés 1091 Date d'inscription samedi 29 septembre 2007 Statut Contributeur Dernière intervention 19 novembre 2008 18
9 nov. 2007 à 17:46
il me faut le rapport vundo
tu le trouves là
C:\Vundofix.txt
0
Réponse 4 / 26
chrifleur Messages postés 1091 Date d'inscription samedi 29 septembre 2007 Statut Contributeur Dernière intervention 19 novembre 2008 18
9 nov. 2007 à 17:51
vundo est souvent récalcitrant
il en reste donc tu fais ceci en suivant bien les consignes
Relance Vundofix

http://www.atribune.org/ccount/click.php?id=4

* Ne clique pas sur "Scan for a vundo"
* Clique droit au milieu de la fenêtre
* Clique sur Add more files ?
* Copie/colle les fichiers ci-dessous ( un par case) :
C:\WINDOWS\System32\mljgghi.dl
C:\WINDOWS\System32\mljgh.dll
* Clique sur Add files
* Ensuite clique sur Close Windows
* Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaître dans la fenêtre principale)
* Si l'outils demande un redémarrage, accepte
· Poste le rapport Vundofix, ainsi qu'un nouveau log hijackthis



Télécharge VirtumundoBeGone sur ton bureau .

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

* double-clic sur VirtumundoBeGone.exe

* Suis les instructions à l'écran

* Quand le scan est terminé, enregistre le rapport.

* Copie/Colle le ici

poste les rapports obtenus et un rapport Hijack This

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 26
ymich71 Messages postés 7 Date d'inscription vendredi 9 novembre 2007 Statut Membre Dernière intervention 11 novembre 2007
9 nov. 2007 à 17:58
voici le rapport vundo:
VundoFix V6.5.11

Checking Java version...

Sun Java not detected
Scan started at 16:38:52 09/11/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V6.5.11

Checking Java version...

Sun Java not detected
Scan started at 16:41:47 09/11/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...
0
Réponse 6 / 26
ymich71 Messages postés 7 Date d'inscription vendredi 9 novembre 2007 Statut Membre Dernière intervention 11 novembre 2007
9 nov. 2007 à 18:18
voici mon hijack pour l'instant sans avoir fait le scan virtuomundobegone:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:18:23, on 09/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE
C:\Program Files\DefenseDuDisque\SysRep.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\DEFENS~1\ugescw.exe
C:\Program Files\Fichiers communs\DefenseDuDisque\strpmon.exe
C:\Program Files\MonContenuassistant\GDC.exe
C:\PROGRA~1\MONCON~1\UGDCcw.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\MonContenuassistant\mc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {25997E08-274A-4217-8F71-C89C754242C1} - C:\WINDOWS\System32\mljgghi.dll
O2 - BHO: (no name) - {5478F4DF-DA5D-4D97-B899-2A1946166DE2} - C:\WINDOWS\System32\mljgh.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo RX640 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE /P31 "EPSON Stylus Photo RX640 Series" /O6 "USB001" /M "Stylus Photo RX640"
O4 - HKLM\..\Run: [DefenseDuDisque] C:\Program Files\DefenseDuDisque\SysRep.exe
O4 - HKLM\..\Run: [ugescw] "C:\PROGRA~1\DEFENS~1\ugescw.exe" -start
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\DefenseDuDisque\strpmon.exe" dm=http://defensedudisque.com; ad=http://defensedudisque.com
O4 - HKLM\..\Run: [MonContenuassistant] "C:\Program Files\MonContenuassistant\GDC.exe"
O4 - HKLM\..\Run: [ugdccw] "C:\PROGRA~1\MONCON~1\UGDCcw.exe" -start
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Fichiers communs\MonContenuassistant\mc.exe" dm=http://moncontenuassistant.com; ad=http://moncontenuassistant.com
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MonContenuassistant] C:\Program Files\MonContenuassistant\GDC.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O20 - Winlogon Notify: mljgghi - C:\WINDOWS\SYSTEM32\mljgghi.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
0
Réponse 7 / 26
ymich71 Messages postés 7 Date d'inscription vendredi 9 novembre 2007 Statut Membre Dernière intervention 11 novembre 2007
9 nov. 2007 à 18:27
Voici le rapport virtumundobegone bon je vais vous refaire mon hijack car j'ai fait les choses à l'envers là ,et merci bien d'avance pour votre devouement:
[11/09/2007, 18:19:47] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\marconnet\Bureau\VirtumundoBeGone.exe" )
[11/09/2007, 18:19:53] - Detected System Information:
[11/09/2007, 18:19:54] - Windows Version: 5.1.2600, Service Pack 1
[11/09/2007, 18:19:54] - Current Username: marconnet (Admin)
[11/09/2007, 18:19:54] - Windows is in NORMAL mode.
[11/09/2007, 18:19:54] - Searching for Browser Helper Objects:
[11/09/2007, 18:19:54] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[11/09/2007, 18:19:54] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[11/09/2007, 18:19:54] - BHO 3: {25997E08-274A-4217-8F71-C89C754242C1} ()
[11/09/2007, 18:19:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/09/2007, 18:19:54] - Checking for HKLM\...\Winlogon\Notify\mljgghi
[11/09/2007, 18:19:54] - Found: HKLM\...\Winlogon\Notify\mljgghi - This is probably Virtumundo.
[11/09/2007, 18:19:54] - Assigning {25997E08-274A-4217-8F71-C89C754242C1} MSEvents Object
[11/09/2007, 18:19:54] - BHO list has been changed! Starting over...
[11/09/2007, 18:19:54] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[11/09/2007, 18:19:54] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[11/09/2007, 18:19:54] - BHO 3: {25997E08-274A-4217-8F71-C89C754242C1} (MSEvents Object)
[11/09/2007, 18:19:54] - ALERT: Found MSEvents Object!
[11/09/2007, 18:19:54] - BHO 4: {2ADB40B6-3D8B-4632-9553-E86851CC4CF1} ()
[11/09/2007, 18:19:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/09/2007, 18:19:54] - Checking for HKLM\...\Winlogon\Notify\vtstq
[11/09/2007, 18:19:54] - Key not found: HKLM\...\Winlogon\Notify\vtstq, continuing.
[11/09/2007, 18:19:54] - BHO 5: {5478F4DF-DA5D-4D97-B899-2A1946166DE2} ()
[11/09/2007, 18:19:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/09/2007, 18:19:55] - Checking for HKLM\...\Winlogon\Notify\mljgh
[11/09/2007, 18:19:55] - Key not found: HKLM\...\Winlogon\Notify\mljgh, continuing.
[11/09/2007, 18:19:55] - BHO 6: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[11/09/2007, 18:19:55] - Finished Searching Browser Helper Objects
[11/09/2007, 18:19:55] - *** Detected MSEvents Object
[11/09/2007, 18:19:55] - Trying to remove MSEvents Object...
[11/09/2007, 18:19:56] - Terminating Process: IEXPLORE.EXE
[11/09/2007, 18:19:56] - Terminating Process: RUNDLL32.EXE
[11/09/2007, 18:19:56] - Disabling Automatic Shell Restart
[11/09/2007, 18:19:56] - Terminating Process: EXPLORER.EXE
[11/09/2007, 18:19:56] - Suspending the NT Session Manager System Service
[11/09/2007, 18:19:58] - Terminating Windows NT Logon/Logoff Manager
[11/09/2007, 18:19:58] - Re-enabling Automatic Shell Restart
[11/09/2007, 18:19:59] - File to disable: C:\WINDOWS\System32\mljgghi.dll
[11/09/2007, 18:19:59] - Renaming C:\WINDOWS\System32\mljgghi.dll -> C:\WINDOWS\System32\mljgghi.dll.vir
[11/09/2007, 18:20:00] - File successfully renamed!
[11/09/2007, 18:20:00] - Removing HKLM\...\Browser Helper Objects\{25997E08-274A-4217-8F71-C89C754242C1}
[11/09/2007, 18:20:00] - Removing HKCR\CLSID\{25997E08-274A-4217-8F71-C89C754242C1}
[11/09/2007, 18:20:00] - Adding Kill Bit for ActiveX for GUID: {25997E08-274A-4217-8F71-C89C754242C1}
[11/09/2007, 18:20:00] - Deleting ATLEvents/MSEvents Registry entries
[11/09/2007, 18:20:00] - Removing HKLM\...\Winlogon\Notify\mljgghi
[11/09/2007, 18:20:00] - Searching for Browser Helper Objects:
[11/09/2007, 18:20:00] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[11/09/2007, 18:20:00] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[11/09/2007, 18:20:00] - BHO 3: {18E170CF-AA4A-4C5D-9F49-0A4A5C274611} ()
[11/09/2007, 18:20:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/09/2007, 18:20:00] - Checking for HKLM\...\Winlogon\Notify\vtstq
[11/09/2007, 18:20:00] - Key not found: HKLM\...\Winlogon\Notify\vtstq, continuing.
[11/09/2007, 18:20:00] - BHO 4: {5478F4DF-DA5D-4D97-B899-2A1946166DE2} ()
[11/09/2007, 18:20:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/09/2007, 18:20:00] - Checking for HKLM\...\Winlogon\Notify\mljgh
[11/09/2007, 18:20:00] - Key not found: HKLM\...\Winlogon\Notify\mljgh, continuing.
[11/09/2007, 18:20:00] - BHO 5: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[11/09/2007, 18:20:00] - Finished Searching Browser Helper Objects
[11/09/2007, 18:20:00] - Finishing up...
[11/09/2007, 18:20:00] - A restart is needed.
[11/09/2007, 18:20:09] - Attempting to Restart via STOP error (Blue Screen!)


et l'hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:27:37, on 09/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE
C:\Program Files\DefenseDuDisque\SysRep.exe
C:\PROGRA~1\DEFENS~1\ugescw.exe
C:\Program Files\Fichiers communs\DefenseDuDisque\strpmon.exe
C:\Program Files\MonContenuassistant\GDC.exe
C:\PROGRA~1\MONCON~1\UGDCcw.exe
C:\Program Files\Fichiers communs\MonContenuassistant\mc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo RX640 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE /P31 "EPSON Stylus Photo RX640 Series" /O6 "USB001" /M "Stylus Photo RX640"
O4 - HKLM\..\Run: [DefenseDuDisque] C:\Program Files\DefenseDuDisque\SysRep.exe
O4 - HKLM\..\Run: [ugescw] "C:\PROGRA~1\DEFENS~1\ugescw.exe" -start
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\DefenseDuDisque\strpmon.exe" dm=http://defensedudisque.com; ad=http://defensedudisque.com
O4 - HKLM\..\Run: [MonContenuassistant] "C:\Program Files\MonContenuassistant\GDC.exe"
O4 - HKLM\..\Run: [ugdccw] "C:\PROGRA~1\MONCON~1\UGDCcw.exe" -start
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Fichiers communs\MonContenuassistant\mc.exe" dm=http://moncontenuassistant.com; ad=http://moncontenuassistant.com
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MonContenuassistant] C:\Program Files\MonContenuassistant\GDC.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
0
Réponse 8 / 26
chrifleur Messages postés 1091 Date d'inscription samedi 29 septembre 2007 Statut Contributeur Dernière intervention 19 novembre 2008 18
9 nov. 2007 à 19:13
j'examine cela de retour vers 21h
0
Réponse 9 / 26
edom Messages postés 225 Date d'inscription lundi 10 juillet 2006 Statut Membre Dernière intervention 17 septembre 2012 6
9 nov. 2007 à 19:21
O.K je te remercie bien mais apparemment sur mon hijack les lignes "02" et "20" ou sont censé être les fichiers infectés n'existe plus alors.....bon je laisse le soin d'examiné cela par un oeil avisé qui est le tien @+tout en sacahant que je suis plus chez mon amie ymich71 donc si tu lui donne des manips à faire ,il seras peut etre pas apte à pouvoir le faire tout seul car il débute dans ce domaine donc on verra cela demain apres midi mais en tout cas merci bien d'avance @+ de te relire.Bye
0
Réponse 10 / 26
chrifleur Messages postés 1091 Date d'inscription samedi 29 septembre 2007 Statut Contributeur Dernière intervention 19 novembre 2008 18
9 nov. 2007 à 21:16
bonsoir
il encore pas mal infecté...

MonContenuassistant
j'espère que tu ne l'as pas acheté?
c'est un rogue, un faux utilitaire
de la lecture
http://forum.malekal.com/ftopic4302.php

supprime le par ajout suppression de programmes, en mode sanas échec si tu n'y arrives pas en mode normal
ensuite recherche ce fichier en gras et supprime le
C:\Program Files\Fichiers communs\MonContenuassistant
C:\Program Files\MonContenuassistant

Télécharge combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double clique combofix.exe.
Tape sur la touche Y (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse
NOTE : Le rapport se trouve également ici : C:\Combofix.txt


0
Réponse 11 / 26
ymich71 Messages postés 7 Date d'inscription vendredi 9 novembre 2007 Statut Membre Dernière intervention 11 novembre 2007
9 nov. 2007 à 22:01
Bonjour,
voici le résultat du scan combofix
salutations

ComboFix 07-11-08.1 - marconnet 2007-11-09 21:40:27.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.1.1252.1.1036.18.609 [GMT 1:00]
Running from: C:\Documents and Settings\marconnet\Bureau\ComboFix.exe
* Created a new restore point
.

Incapable d'obtenir les privilèges Système

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\marconnet\Application Data\installer_fr[1].exe
C:\Documents and Settings\marconnet\Application Data\setup_fr[1].exe
C:\WINDOWS\system32\egjlm.bak1
C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hgjlm.ini2
C:\WINDOWS\system32\kjllm.ini
C:\WINDOWS\system32\kjllm.ini2
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\qtstv.ini
C:\WINDOWS\system32\qtstv.ini2
C:\WINDOWS\system32\vtstq.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-09 to 2007-11-09 ))))))))))))))))))))))))))))))))))))
.

2007-11-09 21:39 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-09 17:33 <REP> d-------- C:\Documents and Settings\marconnet\Application Data\Grisoft
2007-11-09 17:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-09 17:33 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-09 16:45 <REP> d-------- C:\Program Files\Trend Micro
2007-11-09 16:38 <REP> d-------- C:\VundoFix Backups
2007-11-08 19:58 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-07 21:10 <REP> d-------- C:\WINDOWS\avxoscan
2007-11-07 19:49 <REP> d-------- C:\Documents and Settings\marconnet\Application Data\MonContenuassistant
2007-11-07 19:31 <REP> d-------- C:\Program Files\Fichiers communs\MonContenuassistant
2007-11-07 19:27 <REP> d-------- C:\Documents and Settings\marconnet\Application Data\defensedudisque
2007-11-07 19:22 <REP> d-------- C:\Program Files\Fichiers communs\DefenseDuDisque
2007-11-07 19:22 <REP> d-------- C:\Program Files\DefenseDuDisque
2007-11-07 19:22 <REP> dr------- C:\Documents and Settings\All Users\Application Data\defensedudisque
2007-11-02 23:12 <REP> d-------- C:\Program Files\Lavasoft
2007-11-02 23:12 <REP> d-------- C:\Documents and Settings\marconnet\Application Data\Lavasoft
2007-11-02 23:02 1,006,592 --a------ C:\WINDOWS\system32\esent.dll
2007-11-02 22:08 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-02 22:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-02 22:02 64,000 --a------ C:\WINDOWS\system32\webclnt.dll
2007-11-02 21:51 <REP> d-------- C:\Documents and Settings\marconnet\Application Data\Talkback
2007-11-02 21:50 <REP> d-------- C:\Program Files\Mozilla Thunderbird
2007-11-02 21:50 <REP> d-------- C:\Documents and Settings\marconnet\Application Data\Thunderbird
2007-11-02 21:50 4,184 --a------ C:\WINDOWS\mozver.dat
2007-11-02 21:33 <REP> d-------- C:\Program Files\Yahoo!
2007-11-02 21:33 <REP> d-------- C:\Program Files\CCleaner
2007-11-02 21:17 1,110,528 --a------ C:\WINDOWS\system32\msxml3.dll
2007-11-02 21:17 1,110,528 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-11-02 21:11 321,536 --------- C:\WINDOWS\system32\dllcache\srv.sys
2007-11-02 20:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-02 20:45 51,712 --a------ C:\WINDOWS\system32\dllcache\agentdpv.dll
2007-11-02 20:44 340,480 --------- C:\WINDOWS\system32\dllcache\tcpip.sys
2007-11-02 20:44 104,448 --------- C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
2007-11-02 20:43 8,410,112 --------- C:\WINDOWS\system32\dllcache\shell32.dll
2007-11-02 20:43 704,512 --------- C:\WINDOWS\system32\dllcache\sxs.dll
2007-11-02 20:43 561,664 --------- C:\WINDOWS\system32\dllcache\comctl32.dll
2007-11-02 20:43 82,944 --------- C:\WINDOWS\system32\dllcache\fldrclnr.dll
2007-11-02 20:36 112,640 --a------ C:\WINDOWS\system32\umpnpmgr.dll
2007-11-02 20:35 53,248 --a------ C:\WINDOWS\system32\spoolsv.exe
2007-11-02 19:01 <REP> d-------- C:\WINDOWS\system32\bits
2007-11-02 19:00 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-11-02 19:00 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-11-01 10:44 36,864 --a------ C:\WINDOWS\system32\mf3216.dll
2007-11-01 10:44 36,864 --a------ C:\WINDOWS\system32\dllcache\mf3216.dll
2007-11-01 10:43 16,384 --a------ C:\WINDOWS\system32\linkinfo.dll
2007-11-01 09:03 <REP> d-------- C:\WINDOWS\pss
2007-10-31 20:00 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2007-10-31 20:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2007-10-31 20:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-10-31 20:00 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2007-10-31 20:00 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2007-10-31 20:00 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2007-10-31 20:00 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2007-10-31 20:00 <REP> dr------- C:\Documents and Settings\Administrateur\Bureau
2007-10-31 20:00 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InterTrust
2007-10-29 19:51 360,960 --a------ C:\WINDOWS\system32\dllcache\qmgr.dll
2007-10-29 19:51 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-10-29 19:51 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-10-29 19:51 17,408 --a------ C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2007-10-29 19:51 7,680 --------- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2007-10-29 19:51 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-10-29 19:51 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2007-10-29 19:51 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-10-29 19:45 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-10-29 19:45 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-10-29 19:45 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-10-29 19:45 187,160 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-10-29 19:45 170,776 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-10-29 19:45 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-10-29 19:30 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-10-29 19:30 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-29 19:30 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-29 19:30 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-29 19:30 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-29 19:30 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-29 19:29 <REP> d-------- C:\Program Files\Alwil Software
2007-10-29 19:29 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-10-29 19:18 <REP> d---s---- C:\Documents and Settings\marconnet\UserData
2007-10-29 19:14 <REP> d-------- C:\WUTemp
2007-10-29 19:14 185,624 --a------ C:\WINDOWS\system32\iuengine.dll
2007-10-29 19:14 185,624 --a------ C:\WINDOWS\system32\dllcache\iuengine.dll
2007-10-09 16:53 <REP> d-------- C:\Documents and Settings\marconnet\Application Data\AdobeUM
2007-10-09 16:13 0 --a------ C:\WINDOWS\system32\setup_01203.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-10 15:52 --------- d-----w C:\Program Files\DVD Decrypter
2007-10-08 15:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-08 15:11 --------- d-----w C:\Program Files\Free
2007-10-07 10:35 --------- d-----w C:\Program Files\AWS
2007-10-06 07:31 --------- d-----w C:\Program Files\EPSON Print CD(2)
2007-10-06 07:31 --------- d-----w C:\Program Files\EPSON Print CD
2007-10-06 07:31 --------- d-----w C:\Program Files\epson
2007-10-02 16:30 --------- d-----w C:\Program Files\Canon
2007-10-02 16:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\SSScanWizard
2007-10-02 16:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\UDL
2006-03-23 13:35 75,304 -c--a-w C:\Documents and Settings\Nadine\Application Data\GDIPFONTCACHEV1.DAT
2005-12-13 12:24 47,680 -c--a-w C:\Documents and Settings\marconnet\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5478F4DF-DA5D-4D97-B899-2A1946166DE2}]
C:\WINDOWS\System32\mljgh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-04-24 15:53 C:\WINDOWS\SOUNDMAN.EXE]
"EPSON Stylus Photo RX640 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.exe" [2005-07-14 05:00]
"DefenseDuDisque"="C:\Program Files\DefenseDuDisque\SysRep.exe" [2007-10-09 14:29]
"ugescw"="C:\PROGRA~1\DEFENS~1\ugescw.exe" [2007-08-15 12:04]
"Salestart(1)"="C:\Program Files\Fichiers communs\MonContenuassistant\mc.exe" [2007-10-09 15:09]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2002-08-30 12:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 16:18]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\vtstq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SmartUI.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\SmartUI.lnk
backup=C:\WINDOWS\pss\SmartUI.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanEasyImg]
c:\apps\easydvd\cleanall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\Scansoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"C:\Program Files\Microsoft Money\System\mnyexpr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
"C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
C:\Program Files\Brother\BRMFLPRO\BrDefPrt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VCSPlayer]
"C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1

R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
R3 BENDER;Pinnacle DV/AV Capture;C:\WINDOWS\System32\drivers\bender.sys
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
S1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\System32\DRIVERS\vcsmpdrv.sys
S3 brfilt;Pilote de filtre Brother MFC;C:\WINDOWS\System32\Drivers\Brfilt.sys
S3 brparimg;Pilote d'image parallèle multifonction Brother;C:\WINDOWS\System32\DRIVERS\BrParImg.sys
S3 BrParWdm;Pilote parallèle WDM Brother;C:\WINDOWS\System32\Drivers\BrParwdm.sys
S3 BrSerWDM;Pilote série WDM Brother;C:\WINDOWS\System32\Drivers\BrSerWdm.sys
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys
S4 Asapi;Asapi;C:\WINDOWS\System32\drivers\Asapi.sys

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2004-04-26 16:54:39 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2004-04-26 16:54:39 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2004-04-26 16:54:39 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-09 21:47:52
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-09 21:50:20 - machine was rebooted
.
--- E O F ---
0
Réponse 12 / 26
chrifleur Messages postés 1091 Date d'inscription samedi 29 septembre 2007 Statut Contributeur Dernière intervention 19 novembre 2008 18
9 nov. 2007 à 22:27
Copie (Ctrl+C) le texte ci-dessous : 

Folder::

C:\Program Files\Fichiers communs\MonContenuassistant
C:\Program Files\Fichiers communs\DefenseDuDisque
C:\Program Files\DefenseDuDisque

File::

C:\Documents and Settings\marconnet\Application Data\MonContenuassistant
C:\Documents and Settings\marconnet\Application Data\defensedudisque
C:\Documents and Settings\All Users\Application Data\defensedudisque
C:\WINDOWS\System32\mljgh.dll 

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5478F4DF-DA5D-4D97-B899-2A1946166DE2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DefenseDuDisque"="-
"ugescw"="-
"Salestart(1)"="-


Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.

Sauvegarde ce fichier sous le nom de CFScript.txt

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


poste le rapport obtenu avec un hijack this
0
Réponse 13 / 26
edom Messages postés 225 Date d'inscription lundi 10 juillet 2006 Statut Membre Dernière intervention 17 septembre 2012 6
9 nov. 2007 à 23:03
Bon je suis plus chez mon ami là donc pas possible à faire(lol) je le voit demain aprés midi,on vas faire cela ensemble,j'espere que tu sera encore là pour nous aidez,bin en tout cas vraiment milles mercis de ta part @+ de te relire,j'espere demain et pour nous annoncez une bonne nouvelle:qu'on est plus infesté Bye et bonne nuit.
0
Réponse 14 / 26
chrifleur Messages postés 1091 Date d'inscription samedi 29 septembre 2007 Statut Contributeur Dernière intervention 19 novembre 2008 18
10 nov. 2007 à 11:03
je suis absente cet après midi mais serais là ce soir vers 21 h...
tu peux me copier coller le rapport obtenu..avec un rapport hijack this
0
Réponse 15 / 26
ymich71 Messages postés 7 Date d'inscription vendredi 9 novembre 2007 Statut Membre Dernière intervention 11 novembre 2007
10 nov. 2007 à 11:33
Salut chrifleur bon alors voila le scan Combofix (il y a du monde hein!!) et ensuite mon hijack ,bon voila donc j'attends de tes nouvelles ce soir,@+ de te relire.
ComboFix 07-11-08.1 - marconnet 2007-11-10 11:15:39.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.596 [GMT 1:00]
Running from: C:\Documents and Settings\marconnet\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\marconnet\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\All Users\Application Data\defensedudisque
C:\Documents and Settings\marconnet\Application Data\defensedudisque
C:\Documents and Settings\marconnet\Application Data\MonContenuassistant
C:\WINDOWS\System32\mljgh.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Program Files\DefenseDuDisque
C:\Program Files\DefenseDuDisque\atl71.dll
C:\Program Files\DefenseDuDisque\License.rtf
C:\Program Files\DefenseDuDisque\mfc71.dll
C:\Program Files\DefenseDuDisque\msvcp71.dll
C:\Program Files\DefenseDuDisque\msvcr71.dll
C:\Program Files\DefenseDuDisque\Readme.rtf
C:\Program Files\DefenseDuDisque\Res\Main.ico
C:\Program Files\DefenseDuDisque\Res\RecycleBin.ico
C:\Program Files\DefenseDuDisque\rm.url
C:\Program Files\DefenseDuDisque\sr.log
C:\Program Files\DefenseDuDisque\swupd.log
C:\Program Files\DefenseDuDisque\SysRep.exe
C:\Program Files\DefenseDuDisque\SysRep.exe.cer
C:\Program Files\DefenseDuDisque\SysRep.exe.Log
C:\Program Files\DefenseDuDisque\SysRep.exe.xml
C:\Program Files\DefenseDuDisque\SysRep.url
C:\Program Files\DefenseDuDisque\transpaid.exe
C:\Program Files\DefenseDuDisque\ugescw.exe
C:\Program Files\DefenseDuDisque\unins000.dat
C:\Program Files\DefenseDuDisque\unins000.exe
C:\Program Files\DefenseDuDisque\urls.ini
C:\Program Files\Fichiers communs\DefenseDuDisque
C:\Program Files\Fichiers communs\DefenseDuDisque\strpmon.exe
C:\Program Files\Fichiers communs\MonContenuassistant
C:\Program Files\Fichiers communs\MonContenuassistant\mc.exe

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-10 to 2007-11-10 ))))))))))))))))))))))))))))))))))))
.

2007-11-10 11:08 <REP> d-------- C:\WINDOWS\LastGood
2007-11-10 11:07 <REP> d-------- C:\Documents and Settings\LocalService\Menu D‚marrer
2007-11-10 10:33 <REP> d-------- C:\WINDOWS\provisioning
2007-11-10 10:33 <REP> d-------- C:\WINDOWS\peernet
2007-11-10 10:32 <REP> d-------- C:\WINDOWS\ServicePackFiles
2007-11-10 10:26 <REP> d-------- C:\WINDOWS\EHome
2007-11-09 22:43 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2007-11-09 22:43 4,569 --------- C:\WINDOWS\system32\secupd.dat
2007-11-09 21:39 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-09 19:23 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-11-09 19:23 332,800 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-11-09 19:23 40,960 --------- C:\WINDOWS\system32\dllcache\evtgprov.dll
2007-11-09 17:33 <REP> d-------- C:\Documents and Settings\marconnet\Application Data\Grisoft
2007-11-09 17:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-09 17:33 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-09 16:45 <REP> d-------- C:\Program Files\Trend Micro
2007-11-09 16:38 <REP> d-------- C:\VundoFix Backups
2007-11-08 19:58 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-07 21:10 <REP> d-------- C:\WINDOWS\avxoscan
2007-11-07 19:49 <REP> d-------- C:\Documents and Settings\marconnet\Application Data\MonContenuassistant
2007-11-07 19:27 <REP> d-------- C:\Documents and Settings\marconnet\Application Data\defensedudisque
2007-11-07 19:22 <REP> dr------- C:\Documents and Settings\All Users\Application Data\defensedudisque
2007-11-02 23:12 <REP> d-------- C:\Program Files\Lavasoft
2007-11-02 23:12 <REP> d-------- C:\Documents and Settings\marconnet\Application Data\Lavasoft
2007-11-02 23:02 1,097,728 --a------ C:\WINDOWS\system32\esent.dll
2007-11-02 22:08 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-02 22:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-02 22:02 68,096 --a------ C:\WINDOWS\system32\webclnt.dll
2007-11-02 21:51 <REP> d-------- C:\Documents and Settings\marconnet\Application Data\Talkback
2007-11-02 21:50 <REP> d-------- C:\Program Files\Mozilla Thunderbird
2007-11-02 21:50 <REP> d-------- C:\Documents and Settings\marconnet\Application Data\Thunderbird
2007-11-02 21:50 4,184 --a------ C:\WINDOWS\mozver.dat
2007-11-02 21:33 <REP> d-------- C:\Program Files\Yahoo!
2007-11-02 21:33 <REP> d-------- C:\Program Files\CCleaner
2007-11-02 21:17 1,084,416 --a------ C:\WINDOWS\system32\msxml3.dll
2007-11-02 21:17 1,084,416 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-11-02 21:11 332,928 --------- C:\WINDOWS\system32\dllcache\srv.sys
2007-11-02 20:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-02 20:45 57,344 --a------ C:\WINDOWS\system32\dllcache\agentdpv.dll
2007-11-02 20:44 359,808 --------- C:\WINDOWS\system32\dllcache\tcpip.sys
2007-11-02 20:44 148,480 --------- C:\WINDOWS\system32\dllcache\dnsapi.dll
2007-11-02 20:44 112,128 --------- C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
2007-11-02 20:44 95,744 --------- C:\WINDOWS\system32\dllcache\iphlpapi.dll
2007-11-02 20:43 617,472 --------- C:\WINDOWS\system32\dllcache\comctl32.dll
2007-11-02 20:36 124,928 --a------ C:\WINDOWS\system32\umpnpmgr.dll
2007-11-02 20:35 57,856 --a------ C:\WINDOWS\system32\spoolsv.exe
2007-11-02 19:01 <REP> d-------- C:\WINDOWS\system32\bits
2007-11-02 19:00 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-11-02 19:00 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-11-01 10:44 39,936 --a------ C:\WINDOWS\system32\mf3216.dll
2007-11-01 10:43 19,968 --a------ C:\WINDOWS\system32\linkinfo.dll
2007-11-01 09:03 <REP> d-------- C:\WINDOWS\pss
2007-10-31 20:00 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2007-10-31 20:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2007-10-31 20:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-10-31 20:00 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2007-10-31 20:00 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2007-10-31 20:00 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2007-10-31 20:00 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2007-10-31 20:00 <REP> dr------- C:\Documents and Settings\Administrateur\Bureau
2007-10-31 20:00 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InterTrust
2007-10-29 19:51 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2007-10-29 19:51 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-10-29 19:51 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-10-29 19:51 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-10-29 19:45 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-10-29 19:45 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-10-29 19:45 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-10-29 19:45 187,160 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-10-29 19:45 170,776 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-10-29 19:45 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-10-29 19:30 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-10-29 19:30 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-29 19:30 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-29 19:30 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-29 19:30 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-29 19:30 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-29 19:29 <REP> d-------- C:\Program Files\Alwil Software
2007-10-29 19:29 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-10-29 19:18 <REP> d---s---- C:\Documents and Settings\marconnet\UserData
2007-10-29 19:14 <REP> d-------- C:\WUTemp
2007-10-29 19:14 185,624 --a------ C:\WINDOWS\system32\iuengine.dll
2007-10-29 19:14 185,624 --a------ C:\WINDOWS\system32\dllcache\iuengine.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-10 15:52 --------- d-----w C:\Program Files\DVD Decrypter
2007-10-09 15:53 --------- d-----w C:\Documents and Settings\marconnet\Application Data\AdobeUM
2007-10-08 15:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-08 15:11 --------- d-----w C:\Program Files\Free
2007-10-07 10:35 --------- d-----w C:\Program Files\AWS
2007-10-06 07:31 --------- d-----w C:\Program Files\EPSON Print CD(2)
2007-10-06 07:31 --------- d-----w C:\Program Files\EPSON Print CD
2007-10-06 07:31 --------- d-----w C:\Program Files\epson
2007-10-02 16:30 --------- d-----w C:\Program Files\Canon
2007-10-02 16:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\SSScanWizard
2007-10-02 16:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\UDL
2006-03-23 13:35 75,304 -c--a-w C:\Documents and Settings\Nadine\Application Data\GDIPFONTCACHEV1.DAT
2005-12-13 12:24 47,680 -c--a-w C:\Documents and Settings\marconnet\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2007-11-09_21.49.33.64 )))))))))))))))))))))))))))))))))))))))))
.
- 2002-08-30 11:00:00 497,152 -c----w C:\WINDOWS\$NtUninstallKB873339$\hypertrm.dll
- 2004-03-30 01:49:44 674,304 -c----w C:\WINDOWS\$NtUninstallKB885835$\lsasrv.dll
- 2002-08-30 11:00:00 87,040 -c----w C:\WINDOWS\$NtUninstallKB888302$\srvsvc.dll
- 2002-08-30 11:00:00 50,688 -c----w C:\WINDOWS\$NtUninstallKB890046$\agentdpv.dll
- 2002-08-30 11:00:00 51,200 -c----w C:\WINDOWS\$NtUninstallKB890859$\authz.dll
- 2003-02-18 15:19:00 1,951,872 -c----w C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
- 2003-02-18 15:18:56 1,928,064 -c----w C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
- 2002-11-22 10:29:40 529,920 -c----w C:\WINDOWS\$NtUninstallKB890859$\user32.dll
- 2002-11-22 10:29:38 1,694,592 -c----w C:\WINDOWS\$NtUninstallKB890859$\win32k.sys
- 2002-11-22 10:29:36 273,408 -c----w C:\WINDOWS\$NtUninstallKB890859$\winsrv.dll
- 2002-08-30 11:00:00 233,984 -c----w C:\WINDOWS\$NtUninstallKB893756$\tapisrv.dll
- 2002-09-21 18:13:26 10,752 -c----w C:\WINDOWS\$NtUninstallKB896358$\hh.exe
- 2003-01-10 12:44:32 37,888 -c----w C:\WINDOWS\$NtUninstallKB896358$\hhsetup.dll
- 2003-01-10 12:44:34 143,872 -c----w C:\WINDOWS\$NtUninstallKB896358$\itircl.dll
- 2003-01-10 12:44:34 122,368 -c----w C:\WINDOWS\$NtUninstallKB896358$\itss.dll
- 2002-08-30 11:00:00 51,200 -c----w C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
- 2005-03-02 18:17:11 1,797,376 -c----w C:\WINDOWS\$NtUninstallKB896424$\win32k.sys
- 2002-08-30 11:00:00 73,728 -c----w C:\WINDOWS\$NtUninstallKB896428$\telnet.exe
- 2002-08-30 11:00:00 272,896 -c----w C:\WINDOWS\$NtUninstallKB899587$\kerberos.dll
- 2002-08-30 11:00:00 115,976 -c----w C:\WINDOWS\$NtUninstallKB899591$\rdpwd.sys
- 2002-08-30 11:00:00 15,360 -c----w C:\WINDOWS\$NtUninstallKB900725$\linkinfo.dll
- 2005-08-31 17:50:42 409,600 -c----w C:\WINDOWS\$NtUninstallKB900725$\shlwapi.dll
- 2005-03-02 18:21:36 278,016 -c----w C:\WINDOWS\$NtUninstallKB900725$\winsrv.dll
- 2002-08-30 11:00:00 2,028,032 -c----w C:\WINDOWS\$NtUninstallKB901017$\cdosys.dll
- 2002-08-30 11:00:00 236,032 -c----w C:\WINDOWS\$NtUninstallKB901214$\icm32.dll
- 2002-08-30 11:00:00 68,096 -c----w C:\WINDOWS\$NtUninstallKB901214$\mscms.dll
- 2002-08-30 11:00:00 215,040 -c----w C:\WINDOWS\$NtUninstallKB902400$\catsrv.dll
- 2002-08-30 11:00:00 582,656 -c----w C:\WINDOWS\$NtUninstallKB902400$\catsrvut.dll
- 2002-08-30 11:00:00 100,864 -c----w C:\WINDOWS\$NtUninstallKB902400$\clbcatex.dll
- 2002-08-30 11:00:00 468,480 -c----w C:\WINDOWS\$NtUninstallKB902400$\clbcatq.dll
- 2002-08-30 11:00:00 56,832 -c----w C:\WINDOWS\$NtUninstallKB902400$\colbact.dll
- 2002-08-30 11:00:00 186,880 -c----w C:\WINDOWS\$NtUninstallKB902400$\comadmin.dll
- 2002-08-30 11:00:00 82,432 -c----w C:\WINDOWS\$NtUninstallKB902400$\comrepl.dll
- 2002-08-30 11:00:00 1,172,992 -c----w C:\WINDOWS\$NtUninstallKB902400$\comsvcs.dll
- 2002-08-30 11:00:00 495,616 -c----w C:\WINDOWS\$NtUninstallKB902400$\comuid.dll
- 2002-08-30 11:00:00 225,280 -c----w C:\WINDOWS\$NtUninstallKB902400$\es.dll
- 2003-08-25 20:18:10 1,172,992 -c----w C:\WINDOWS\$NtUninstallKB902400$\ole32.dll
- 2002-08-30 11:00:00 69,120 -c----w C:\WINDOWS\$NtUninstallKB902400$\olecli32.dll
- 2002-08-30 11:00:00 34,304 -c----w C:\WINDOWS\$NtUninstallKB902400$\olecnv32.dll
- 2003-08-25 20:17:52 260,608 -c----w C:\WINDOWS\$NtUninstallKB902400$\rpcss.dll
- 2002-08-30 11:00:00 90,624 -c----w C:\WINDOWS\$NtUninstallKB902400$\txflog.dll
- 2002-11-18 12:03:08 154,112 -c----w C:\WINDOWS\$NtUninstallKB905414$\netman.dll
- 2002-08-30 11:00:00 108,544 -c----w C:\WINDOWS\$NtUninstallKB905749$\umpnpmgr.dll
- 2002-08-30 11:00:00 79,360 -c----w C:\WINDOWS\$NtUninstallKB908519$\fontsub.dll
- 2002-08-30 11:00:00 198,656 -c----w C:\WINDOWS\$NtUninstallKB908519$\t2embed.dll
- 2003-06-11 11:47:30 8,297,472 -c----w C:\WINDOWS\$NtUninstallKB908531$\shell32.dll
- 2002-08-30 11:00:00 1,034,240 -c----w C:\WINDOWS\$NtUninstallKB910437$\esent.dll
- 2002-08-30 11:00:00 158,720 -c----w C:\WINDOWS\$NtUninstallKB911280$\rasmans.dll
- 2002-08-30 11:00:00 131,072 -c----w C:\WINDOWS\$NtUninstallKB911562$\msadco.dll
- 2002-08-30 11:00:00 61,952 -c----w C:\WINDOWS\$NtUninstallKB911927$\webclnt.dll
- 2002-08-30 11:00:00 250,368 -c----w C:\WINDOWS\$NtUninstallKB912919$\gdi32.dll
- 2002-08-30 11:00:00 359,936 -c----w C:\WINDOWS\$NtUninstallKB913580$\msdtcprx.dll
- 2002-08-30 11:00:00 869,376 -c----w C:\WINDOWS\$NtUninstallKB913580$\msdtctm.dll
- 2002-08-30 11:00:00 151,040 -c----w C:\WINDOWS\$NtUninstallKB913580$\msdtcuiu.dll
- 2002-08-30 11:00:00 61,440 -c----w C:\WINDOWS\$NtUninstallKB913580$\mtxclu.dll
- 2002-08-30 11:00:00 83,968 -c----w C:\WINDOWS\$NtUninstallKB913580$\mtxoci.dll
- 2002-08-30 11:00:00 9,728 -c----w C:\WINDOWS\$NtUninstallKB913580$\xolehlp.dll
- 2002-08-30 11:00:00 100,352 -c----w C:\WINDOWS\$NtUninstallKB914388$\dhcpcsvc.dll
- 2002-08-30 11:00:00 83,968 -c----w C:\WINDOWS\$NtUninstallKB914388$\iphlpapi.dll
- 2002-11-18 09:27:40 392,576 -c----w C:\WINDOWS\$NtUninstallKB914389$\mrxsmb.sys
- 2002-08-30 11:00:00 163,328 -c----w C:\WINDOWS\$NtUninstallKB914389$\rdbss.sys
- 2003-01-13 12:57:58 589,881 -c----w C:\WINDOWS\$NtUninstallKB917344$\jscript.dll
- 2002-08-30 11:00:00 995,328 -c----w C:\WINDOWS\$NtUninstallKB917422$\kernel32.dll
- 2002-08-30 11:00:00 332,928 -c----w C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
- 2002-08-30 11:00:00 200,064 -c----w C:\WINDOWS\$NtUninstallKB919007$\rmcast.sys
- 2002-08-30 11:00:00 77,850 -c----w C:\WINDOWS\$NtUninstallKB920670$\hlink.dll
- 2002-08-30 11:00:00 139,264 -c----w C:\WINDOWS\$NtUninstallKB920683$\dnsapi.dll
- 2002-08-30 11:00:00 6,144 -c----w C:\WINDOWS\$NtUninstallKB920683$\rasadhlp.dll
- 2002-08-30 11:00:00 64,512 -c----w C:\WINDOWS\$NtUninstallKB920685$\ciodm.dll
- 2002-08-30 11:00:00 1,354,240 -c----w C:\WINDOWS\$NtUninstallKB920685$\query.dll
- 2006-07-13 13:52:24 8,410,112 -c----w C:\WINDOWS\$NtUninstallKB921398$\shell32.dll
- 2004-03-30 01:49:42 306,176 -c----w C:\WINDOWS\$NtUninstallKB921883$\netapi32.dll
- 2006-05-19 12:14:13 95,232 -c----w C:\WINDOWS\$NtUninstallKB922819$\6to4svc.dll
- 2006-05-19 08:46:02 203,008 -c----w C:\WINDOWS\$NtUninstallKB922819$\tcpip6.sys
- 2002-08-30 11:00:00 557,056 -c----w C:\WINDOWS\$NtUninstallKB923191$\comctl32.dll
- 2003-03-28 09:54:56 322,048 -c----w C:\WINDOWS\$NtUninstallKB923414$\srv.sys
- 2002-08-30 11:00:00 1,122,304 -c----w C:\WINDOWS\$NtUninstallKB924191$\msxml3.dll
- 2006-05-26 14:50:26 1,339,904 -c----w C:\WINDOWS\$NtUninstallKB924496$\shdocvw.dll
- 2002-08-30 11:00:00 1,818,624 ----a-w C:\WINDOWS\AppPatch\AcGenral.dll
+ 2004-08-19 23:09:19 1,852,416 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
- 2002-08-30 11:00:00 406,528 -c--a-w C:\WINDOWS\AppPatch\AcLayers.dll
+ 2004-08-19 23:09:19 450,048 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
- 2002-08-30 11:00:00 125,440 -c--a-w C:\WINDOWS\AppPatch\AcLua.dll
+ 2004-08-19 23:09:19 137,728 ----a-w C:\WINDOWS\AppPatch\aclua.dll
- 2002-08-30 11:00:00 219,136 ----a-w C:\WINDOWS\AppPatch\AcSpecfc.dll
+ 2004-08-19 23:09:19 244,736 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
- 2002-08-30 11:00:00 107,520 -c--a-w C:\WINDOWS\AppPatch\AcXtrnal.dll
+ 2004-08-19 23:09:19 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
- 2006-05-05 09:31:04 433,152 ----a-w C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
+ 2006-05-05 09:41:45 453,120 ------w C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
- 2005-03-02 18:17:12 1,903,616 ----a-w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2005-03-02 18:07:56 2,137,600 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
- 2005-03-02 18:17:17 1,959,424 ----a-w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2005-03-02 18:07:56 2,058,880 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
- 2005-03-02 18:17:25 1,932,288 ----a-w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2005-03-02 18:08:01 2,017,280 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
- 2005-03-02 18:17:33 2,044,416 ----a-w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2005-03-02 18:08:06 2,181,376 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
- 2002-08-30 11:00:00 1,008,128 ----a-w C:\WINDOWS\explorer.exe
+ 2004-08-19 23:09:53 1,036,288 ----a-w C:\WINDOWS\explorer.exe
- 2002-08-30 11:00:00 32,256 -c--a-w C:\WINDOWS\Help\sniffpol.dll
+ 2004-08-19 23:09:43 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
- 2002-08-30 11:00:00 30,720 -c--a-w C:\WINDOWS\Help\sstub.dll
+ 2004-08-19 23:09:45 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
- 2002-08-30 11:00:00 262,656 -c--a-w C:\WINDOWS\Help\tshoot.dll
+ 2004-08-19 23:09:46 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
- 2005-05-25 22:44:31 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2005-05-26 23:22:01 10,752 ----a-w C:\WINDOWS\hh.exe
- 2002-08-30 11:00:00 203,776 -c--a-w C:\WINDOWS\ime\mscandui.dll
+ 2004-08-19 23:09:33 220,160 ----a-w C:\WINDOWS\ime\mscandui.dll
- 2002-08-30 11:00:00 121,344 -c--a-w C:\WINDOWS\ime\SOFTKBD.DLL
+ 2004-08-19 23:09:43 130,048 ----a-w C:\WINDOWS\ime\softkbd.dll
- 2002-08-30 11:00:00 62,464 -c--a-w C:\WINDOWS\ime\SPGRMR.dll
+ 2004-08-19 23:08:54 62,976 ----a-w C:\WINDOWS\ime\spgrmr.dll
- 2002-08-30 11:00:00 257,536 ----a-w C:\WINDOWS\ime\SPTIP.dll
+ 2004-08-19 23:09:43 272,384 ----a-w C:\WINDOWS\ime\sptip.dll
- 2002-08-30 11:00:00 22,016 -c--a-w C:\WINDOWS\msagent\agentanm.dll
+ 2004-08-19 23:09:19 24,064 ----a-w C:\WINDOWS\msagent\agentanm.dll
- 2002-08-30 11:00:00 204,288 -c--a-w C:\WINDOWS\msagent\agentctl.dll
+ 2004-08-19 23:09:19 214,016 ----a-w C:\WINDOWS\msagent\agentctl.dll
- 2002-08-30 11:00:00 35,840 ----a-w C:\WINDOWS\msagent\agentdp2.dll
+ 2004-08-19 23:09:19 41,984 ----a-w C:\WINDOWS\msagent\agentdp2.dll
- 2005-04-22 05:21:45 51,712 ----a-w C:\WINDOWS\msagent\agentdpv.dll
+ 2005-04-22 05:08:20 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll
- 2002-08-30 11:00:00 44,032 ----a-w C:\WINDOWS\msagent\agentmpx.dll
+ 2004-08-19 23:09:19 49,152 ----a-w C:\WINDOWS\msagent\agentmpx.dll
- 2002-08-30 11:00:00 21,504 -c--a-w C:\WINDOWS\msagent\agentpsh.dll
+ 2004-08-19 23:09:19 24,064 ----a-w C:\WINDOWS\msagent\agentpsh.dll
- 2002-08-30 11:00:00 39,936 -c--a-w C:\WINDOWS\msagent\agentsr.dll
+ 2004-08-19 23:09:19 44,032 ----a-w C:\WINDOWS\msagent\agentsr.dll
- 2002-08-30 11:00:00 235,008 ----a-w C:\WINDOWS\msagent\agentsvr.exe
+ 2004-08-19 23:09:50 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
- 2002-08-30 11:00:00 21,504 -c--a-w C:\WINDOWS\msagent\agtintl.dll
+ 2004-08-19 23:09:19 24,064 ----a-w C:\WINDOWS\msagent\agtintl.dll
- 2002-08-30 11:00:00 36,352 -c--a-w C:\WINDOWS\msagent\mslwvtts.dll
+ 2004-08-19 23:09:33 39,936 ----a-w C:\WINDOWS\msagent\mslwvtts.dll
- 2002-08-30 11:00:00 67,584 -c--a-w C:\WINDOWS\NOTEPAD.EXE
+ 2004-08-19 23:09:59 70,656 ----a-w C:\WINDOWS\notepad.exe
- 2004-03-30 01:34:16 741,376 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe
+ 2004-08-19 23:09:54 768,512 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe
- 2002-08-30 11:00:00 703,488 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
+ 2004-08-19 23:09:54 743,936 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe
- 2002-08-30 11:00:00 8,704 -c--a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\HscUpd.exe
+ 2004-08-19 23:09:54 18,944 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\hscupd.exe
- 2002-08-30 11:00:00 147,968 -c--a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe
+ 2004-08-19 23:09:58 160,768 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe
- 2002-08-30 11:00:00 353,792 -c--a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\msinfo.dll
+ 2004-08-19 23:09:33 381,952 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\msinfo.dll
- 2002-11-27 09:55:50 94,208 -c--a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchshell.dll
+ 2004-08-19 23:09:37 102,400 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchshell.dll
- 2002-08-30 11:00:00 29,696 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
+ 2004-08-19 23:09:37 38,912 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
- 2002-09-30 11:03:44 8,738 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Config\Cntstore.bin
+ 2007-11-10 09:35:03 8,972 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Config\Cntstore.bin
- 2002-09-30 12:00:02 70,691 -c--a-w C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\index.dat
+ 2007-11-10 09:36:07 76,487 ----a-w C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\index.dat
- 2003-10-21 03:50:11 3,254 ----a-w C:\WINDOWS\PCHealth\HelpCtr\PackageStore\SkuStore.bin
+ 2007-11-10 09:36:07 3,560 ----a-w C:\WINDOWS\PCHealth\HelpCtr\PackageStore\SkuStore.bin
- 2002-08-30 11:00:00 139,264 -c--a-w C:\WINDOWS\PCHealth\UploadLB\Binaries\UploadM.exe
+ 2004-08-19 23:10:03 151,040 ----a-w C:\WINDOWS\PCHealth\UploadLB\Binaries\uploadm.exe
+ 2004-08-19 23:09:44 151,552 ------w C:\WINDOWS\peernet\sqldb20.dll
+ 2004-08-19 23:09:44 462,848 ------w C:\WINDOWS\peernet\sqlqp20.dll
+ 2004-08-19 23:09:44 110,592 ------w C:\WINDOWS\peernet\sqlse20.dll
- 2002-08-30 11:00:00 140,800 -c--a-w C:\WINDOWS\regedit.exe
+ 2004-08-19 23:10:02 153,088 ----a-w C:\WINDOWS\regedit.exe
+ 2004-08-04 06:10:06 53,248 ------w C:\WINDOWS\ServicePackFiles\i386\1394bus.sys
+ 2004-08-04 06:00:03 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\4mmdat.sys
+ 2004-08-04 06:10:10 48,128 ------w C:\WINDOWS\ServicePackFiles\i386\61883.sys
+ 2004-08-19 23:09:19 100,352 ------w C:\WINDOWS\ServicePackFiles\i386\6to4svc.dll
+ 2002-08-28 22:00:48 231,552 ------w C:\WINDOWS\ServicePackFiles\i386\ac97ali.sys
+ 2002-08-28 22:00:56 84,480 ------w C:\WINDOWS\ServicePackFiles\i386\ac97via.sys
+ 2004-08-19 23:09:50 189,952 ------w C:\WINDOWS\ServicePackFiles\i386\accwiz.exe
+ 2004-08-19 23:09:19 1,852,416 ------w C:\WINDOWS\ServicePackFiles\i386\acgenral.dll
+ 2004-08-19 23:09:19 450,048 ------w C:\WINDOWS\ServicePackFiles\i386\aclayers.dll
+ 2004-08-19 23:09:19 137,728 ------w C:\WINDOWS\ServicePackFiles\i386\aclua.dll
+ 2004-08-19 23:09:19 119,296 ------w C:\WINDOWS\ServicePackFiles\i386\aclui.dll
+ 2004-08-19 22:51:54 188,672 ------w C:\WINDOWS\ServicePackFiles\i386\acpi.sys
+ 2004-08-19 23:09:19 244,736 ------w C:\WINDOWS\ServicePackFiles\i386\acspecfc.dll
+ 2004-08-19 23:09:19 194,048 ------w C:\WINDOWS\ServicePackFiles\i386\activeds.dll
+ 2004-08-19 23:09:50 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\actmovie.exe
+ 2004-08-19 23:09:19 101,888 ------w C:\WINDOWS\ServicePackFiles\i386\actxprxy.dll
+ 2004-08-19 23:09:19 116,224 ------w C:\WINDOWS\ServicePackFiles\i386\acxtrnal.dll
+ 2004-08-19 23:09:19 20,540 ------w C:\WINDOWS\ServicePackFiles\i386\admin.dll
+ 2004-08-19 23:09:50 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\admin.exe
+ 2002-08-28 22:00:48 10,880 ------w C:\WINDOWS\ServicePackFiles\i386\admjoy.sys
+ 2004-08-19 23:09:19 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\admparse.dll
+ 2004-08-19 23:09:19 175,616 ------w C:\WINDOWS\ServicePackFiles\i386\adsldp.dll
+ 2004-08-19 23:09:19 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\adsldpc.dll
+ 2004-08-19 23:09:19 68,096 ------w C:\WINDOWS\ServicePackFiles\i386\adsmsext.dll
+ 2004-08-19 23:09:19 263,680 ------w C:\WINDOWS\ServicePackFiles\i386\adsnt.dll
+ 2004-08-19 23:09:19 4,255 ------w C:\WINDOWS\ServicePackFiles\i386\adv01nt5.dll
+ 2004-08-19 23:09:19 3,967 ------w C:\WINDOWS\ServicePackFiles\i386\adv02nt5.dll
+ 2004-08-19 23:09:19 3,615 ------w C:\WINDOWS\ServicePackFiles\i386\adv05nt5.dll
+ 2004-08-19 23:09:19 3,647 ------w C:\WINDOWS\ServicePackFiles\i386\adv07nt5.dll
+ 2004-08-19 23:09:19 3,135 ------w C:\WINDOWS\ServicePackFiles\i386\adv08nt5.dll
+ 2004-08-19 23:09:19 3,711 ------w C:\WINDOWS\ServicePackFiles\i386\adv09nt5.dll
+ 2004-08-19 23:09:19 3,775 ------w C:\WINDOWS\ServicePackFiles\i386\adv11nt5.dll
+ 2004-08-19 23:09:19 685,056 ------w C:\WINDOWS\ServicePackFiles\i386\advapi32.dll
+ 2004-08-19 23:09:19 101,888 ------w C:\WINDOWS\ServicePackFiles\i386\advpack.dll
+ 2004-08-04 05:39:36 142,464 ------w C:\WINDOWS\ServicePackFiles\i386\aec.sys
+ 2004-08-04 06:14:14 138,496 ------w C:\WINDOWS\ServicePackFiles\i386\afd.sys
+ 2004-08-19 23:09:19 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agentanm.dll
+ 2004-08-19 23:09:19 214,016 ------w C:\WINDOWS\ServicePackFiles\i386\agentctl.dll
+ 2004-08-19 23:09:19 41,984 ------w C:\WINDOWS\ServicePackFiles\i386\agentdp2.dll
+ 2004-08-19 23:09:19 58,880 ------w C:\WINDOWS\ServicePackFiles\i386\agentdpv.dll
+ 2004-08-19 23:09:19 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\agentmpx.dll
+ 2004-08-19 23:09:19 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agentpsh.dll
+ 2004-08-19 23:09:19 44,032 ------w C:\WINDOWS\ServicePackFiles\i386\agentsr.dll
+ 2004-08-19 23:09:50 256,512 ------w C:\WINDOWS\ServicePackFiles\i386\agentsvr.exe
+ 2004-08-04 06:07:41 42,368 ------w C:\WINDOWS\ServicePackFiles\i386\agp440.sys
+ 2004-08-04 06:07:42 44,928 ------w C:\WINDOWS\ServicePackFiles\i386\agpcpq.sys
+ 2004-08-19 23:09:19 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agtintl.dll
+ 2004-08-19 23:09:50 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\ahui.exe
+ 2004-08-19 23:09:51 44,544 ------w C:\WINDOWS\ServicePackFiles\i386\alg.exe
+ 2004-08-04 06:07:41 42,752 ------w C:\WINDOWS\ServicePackFiles\i386\alim1541.sys
+ 2004-08-19 23:09:19 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\alrsvc.dll
+ 2004-08-04 06:07:42 43,008 ------w C:\WINDOWS\ServicePackFiles\i386\amdagp.sys
+ 2004-08-19 22:52:41 41,216 ------w C:\WINDOWS\ServicePackFiles\i386\amdk6.sys
+ 2004-08-19 22:52:42 41,600 ------w C:\WINDOWS\ServicePackFiles\i386\amdk7.sys
+ 2004-08-19 23:09:19 70,656 ------w C:\WINDOWS\ServicePackFiles\i386\amstream.dll
+ 2002-08-28 21:59:12 36,224 ------w C:\WINDOWS\ServicePackFiles\i386\an983.sys
+ 2004-08-19 23:09:19 126,976 ------w C:\WINDOWS\ServicePackFiles\i386\apphelp.dll
+ 2004-08-19 23:09:19 334,336 ------w C:\WINDOWS\ServicePackFiles\i386\aqueue.dll
+ 2004-08-04 05:58:29 60,800 ------w C:\WINDOWS\ServicePackFiles\i386\arp1394.sys
+ 2004-08-19 23:08:00 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\asferror.dll
+ 2004-08-19 23:09:19 65,024 ------w C:\WINDOWS\ServicePackFiles\i386\asycfilt.dll
+ 2004-08-04 06:05:03 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\asyncmac.sys
+ 2004-08-19 23:09:51 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\at.exe
+ 2004-08-04 05:59:42 95,360 ------w C:\WINDOWS\ServicePackFiles\i386\atapi.sys
+ 2004-08-04 05:29:29 56,623 ------w C:\WINDOWS\ServicePackFiles\i386\ati1btxx.sys
+ 2004-08-04 05:29:29 11,615 ------w C:\WINDOWS\ServicePackFiles\i386\ati1mdxx.sys
+ 2004-08-04 05:29:29 12,047 ------w C:\WINDOWS\ServicePackFiles\i386\ati1pdxx.sys
+ 2004-08-04 05:29:30 30,671 ------w C:\WINDOWS\ServicePackFiles\i386\ati1raxx.sys
+ 2004-08-04 05:29:30 63,663 ------w C:\WINDOWS\ServicePackFiles\i386\ati1rvxx.sys
+ 2004-08-04 05:29:31 26,367 ------w C:\WINDOWS\ServicePackFiles\i386\ati1snxx.sys
+ 2004-08-04 05:29:31 21,343 ------w C:\WINDOWS\ServicePackFiles\i386\ati1ttxx.sys
+ 2004-08-04 05:29:31 36,463 ------w C:\WINDOWS\ServicePackFiles\i386\ati1tuxx.sys
+ 2004-08-04 05:29:31 29,455 ------w C:\WINDOWS\ServicePackFiles\i386\ati1xbxx.sys
+ 2004-08-04 05:29:31 34,735 ------w C:\WINDOWS\ServicePackFiles\i386\ati1xsxx.sys
+ 2004-08-19 23:09:19 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\ati2cqag.dll
+ 2004-08-19 23:09:19 377,984 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvaa.dll
+ 2004-08-19 23:09:19 201,728 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvag.dll
+ 2004-08-19 22:53:38 327,168 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtaa.sys
+ 2004-08-19 22:53:40 701,440 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtag.sys
+ 2004-08-19 23:09:19 870,784 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d1ag.dll
+ 2004-08-19 23:09:19 1,057,760 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d2ag.dll
+ 2004-08-19 23:09:19 1,888,992 ------w C:\WINDOWS\ServicePackFiles\i386\ati3duag.dll
+ 2004-08-04 05:29:27 57,856 ------w C:\WINDOWS\ServicePackFiles\i386\atinbtxx.sys
+ 2004-08-04 05:29:28 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\atinmdxx.sys
+ 2004-08-04 05:29:29 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\atinpdxx.sys
+ 2004-08-04 05:29:29 52,224 ------w C:\WINDOWS\ServicePackFiles\i386\atinraxx.sys
+ 2004-08-04 05:29:30 104,960 ------w C:\WINDOWS\ServicePackFiles\i386\atinrvxx.sys
+ 2004-08-04 05:29:30 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\atinsnxx.sys
+ 2004-08-04 05:29:30 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\atinttxx.sys
+ 2004-08-04 05:29:31 73,216 ------w C:\WINDOWS\ServicePackFiles\i386\atintuxx.sys
+ 2004-08-04 05:29:31 31,744 ------w C:\WINDOWS\ServicePackFiles\i386\atinxbxx.sys
+ 2004-08-04 05:29:31 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\atinxsxx.sys
+ 2004-08-19 23:09:19 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\ativtmxx.dll
+ 2004-08-19 23:09:19 516,768 ------w C:\WINDOWS\ServicePackFiles\i386\ativvaxx.dll
+ 2004-08-19 23:09:19 58,880 ------w C:\WINDOWS\ServicePackFiles\i386\atl.dll
+ 2004-08-19 23:09:51 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\atmadm.exe
+ 2004-08-04 05:58:30 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\atmarpc.sys
+ 2004-08-19 23:08:01 285,696 ------w C:\WINDOWS\ServicePackFiles\i386\atmfd.dll
+ 2004-08-04 05:58:34 55,936 ------w C:\WINDOWS\ServicePackFiles\i386\atmlane.sys
+ 2004-08-19 23:09:20 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\atmlib.dll
+ 2004-08-19 23:09:20 21,183 ------w C:\WINDOWS\ServicePackFiles\i386\atv01nt5.dll
+ 2004-08-19 23:09:20 11,359 ------w C:\WINDOWS\ServicePackFiles\i386\atv02nt5.dll
+ 2004-08-19 23:09:20 25,471 ------w C:\WINDOWS\ServicePackFiles\i386\atv04nt5.dll
+ 2004-08-19 23:09:20 14,143 ------w C:\WINDOWS\ServicePackFiles\i386\atv06nt5.dll
+ 2004-08-19 23:09:20 17,279 ------w C:\WINDOWS\ServicePackFiles\i386\atv10nt5.dll
+ 2004-08-19 23:09:20 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\audiosrv.dll
+ 2004-08-19 23:09:51 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\auditusr.exe
+ 2004-08-19 23:09:20 20,540 ------w C:\WINDOWS\ServicePackFiles\i386\author.dll
+ 2004-08-19 23:09:51 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\author.exe
+ 2004-08-19 23:09:20 56,832 ------w C:\WINDOWS\ServicePackFiles\i386\authz.dll
+ 2004-08-19 23:09:51 625,152 ------w C:\WINDOWS\ServicePackFiles\i386\autochk.exe
+ 2004-08-19 23:09:51 638,976 ------w C:\WINDOWS\ServicePackFiles\i386\autoconv.exe
+ 2004-08-19 23:09:51 616,960 ------w C:\WINDOWS\ServicePackFiles\i386\autofmt.exe
+ 2004-08-19 23:09:51 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\autolfn.exe
+ 2004-08-04 06:10:10 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\avc.sys
+ 2004-08-04 06:09:58 13,696 ------w C:\WINDOWS\ServicePackFiles\i386\avcstrm.sys
+ 2004-08-19 23:09:20 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\avifil32.dll
+ 2004-08-19 23:09:20 52,736 ------w C:\WINDOWS\ServicePackFiles\i386\basesrv.dll
+ 2004-08-19 23:09:20 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\batmeter.dll
+ 2004-08-19 23:09:20 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\batt.dll
+ 2004-08-04 06:10:12 11,776 ------w C:\WINDOWS\ServicePackFiles\i386\bdasup.sys
+ 2004-08-19 23:09:20 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\bidispl.dll
+ 2004-08-19 23:09:20 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx2.dll
+ 2004-08-19 23:09:20 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx3.dll
+ 2004-08-19 23:09:20 286,208 ------w C:\WINDOWS\ServicePackFiles\i386\blackbox.dll
+ 2004-08-19 23:09:51 71,680 ------w C:\WINDOWS\ServicePackFiles\i386\blastcln.exe
+ 2004-08-04 05:59:57 71,552 ------w C:\WINDOWS\ServicePackFiles\i386\bridge.sys
+ 2004-08-19 23:08:02 70,144 ------w C:\WINDOWS\ServicePackFiles\i386\browselc.dll
+ 2004-08-19 23:09:20 77,312 ------w C:\WINDOWS\ServicePackFiles\i386\browser.dll
+ 2004-08-19 23:09:20 1,017,344 ------w C:\WINDOWS\ServicePackFiles\i386\browseui.dll
+ 2004-08-19 23:09:20 78,336 ------w C:\WINDOWS\ServicePackFiles\i386\browsewm.dll
+ 2004-08-19 23:09:20 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\bthci.dll
+ 2004-08-04 06:10:38 17,024 ------w C:\WINDOWS\ServicePackFiles\i386\bthenum.sys
+ 2004-08-04 06:10:38 38,016 ------w C:\WINDOWS\ServicePackFiles\i386\bthmodem.sys
+ 2004-08-04 05:58:38 100,992 ------w C:\WINDOWS\ServicePackFiles\i386\bthpan.sys
+ 2004-08-19 22:55:31 274,944 ------w C:\WINDOWS\ServicePackFiles\i386\bthport.sys
+ 2004-08-04 06:10:37 35,456 ------w C:\WINDOWS\ServicePackFiles\i386\bthprint.sys
+ 2004-08-19 23:09:20 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\bthserv.dll
+ 2004-08-04 06:10:34 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\bthusb.sys
+ 2004-08-19 23:09:20 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\btpanui.dll
+ 2004-08-19 23:09:20 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\cabinet.dll
+ 2004-08-19 23:09:20 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\cabview.dll
+ 2004-08-19 23:09:20 385,024 ------w C:\WINDOWS\ServicePackFiles\i386\callcont.dll
+ 2004-08-19 23:09:20 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\camocx.dll
+ 2004-08-19 23:09:20 229,888 ------w C:\WINDOWS\ServicePackFiles\i386\catsrv.dll
+ 2004-08-19 23:09:20 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\catsrvps.dll
+ 2004-08-19 23:09:20 628,224 ------w C:\WINDOWS\ServicePackFiles\i386\catsrvut.dll
+ 2004-08-04 06:10:16 17,024 ------w C:\WINDOWS\ServicePackFiles\i386\ccdecode.sys
+ 2004-08-04 06:14:10 63,744 ------w C:\WINDOWS\ServicePackFiles\i386\cdfs.sys
+ 2004-08-19 23:09:20 151,552 ------w C:\WINDOWS\ServicePackFiles\i386\cdfview.dll
+ 2004-08-19 23:09:20 66,560 ------w C:\WINDOWS\ServicePackFiles\i386\cdm.dll
+ 2004-08-19 23:09:20 2,067,968 ------w C:\WINDOWS\ServicePackFiles\i386\cdosys.dll
+ 2004-08-04 05:59:52 49,536 ------w C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
+ 2004-08-19 23:09:20 200,192 ------w C:\WINDOWS\ServicePackFiles\i386\certcli.dll
+ 2004-08-19 23:09:20 467,968 ------w C:\WINDOWS\ServicePackFiles\i386\certmgr.dll
+ 2004-08-19 23:09:20 159,232 ------w C:\WINDOWS\ServicePackFiles\i386\cewmdm.dll
+ 2004-08-19 23:09:20 39,424 ------w C:\WINDOWS\ServicePackFiles\i386\cfgbkend.dll
+ 2004-08-19 23:08:02 16,896 ------w C:\WINDOWS\ServicePackFiles\i386\cfgmgr32.dll
+ 2004-08-19 23:09:51 188,480 ------w C:\WINDOWS\ServicePackFiles\i386\cfgwiz.exe
+ 2004-08-19 23:09:20 15,423 ------w C:\WINDOWS\ServicePackFiles\i386\ch7xxnt5.dll
+ 2004-08-04 06:00:12 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\changer.sys
+ 2004-08-19 23:09:20 1,352,704 ------w C:\WINDOWS\ServicePackFiles\i386\cimwin32.dll
+ 2004-08-19 23:09:20 69,120 ------w C:\WINDOWS\ServicePackFiles\i386\ciodm.dll
+ 2004-08-19 23:09:51 5,632 ------w C:\WINDOWS\ServicePackFiles\i386\cisvc.exe
+ 2004-08-04 06:14:26 49,664 ------w C:\WINDOWS\ServicePackFiles\i386\classpnp.sys
+ 2004-08-19 23:09:20 110,080 ------w C:\WINDOWS\ServicePackFiles\i386\clbcatex.dll
+ 2004-08-19 23:09:20 501,248 ------w C:\WINDOWS\ServicePackFiles\i386\clbcatq.dll
+ 2004-08-19 23:09:51 65,536 ------w C:\WINDOWS\ServicePackFiles\i386\cleanmgr.exe
+ 2004-08-19 23:09:20 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\cliconfg.dll
+ 2004-08-19 23:09:51 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\cliconfg.exe
+ 2004-08-19 23:09:51 104,448 ------w C:\WINDOWS\ServicePackFiles\i386\clipbrd.exe
+ 2004-08-19 23:09:51 33,280 ------w C:\WINDOWS\ServicePackFiles\i386\clipsrv.exe
+ 2004-08-19 23:09:20 57,856 ------w C:\WINDOWS\ServicePackFiles\i386\clusapi.dll
+ 2004-08-04 06:07:39 14,080 ------w C:\WINDOWS\ServicePackFiles\i386\cmbatt.sys
+ 2004-08-19 23:09:20 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\cmcfg32.dll
+ 2004-08-19 23:09:51 400,896 ------w C:\WINDOWS\ServicePackFiles\i386\cmd.exe
+ 2004-08-19 23:09:20 352,256 ------w C:\WINDOWS\ServicePackFiles\i386\cmdial32.dll
+ 2004-08-19 23:09:51 47,104 ------w C:\WINDOWS\ServicePackFiles\i386\cmdl32.exe
+ 2004-08-19 23:09:51 40,448 ------w C:\WINDOWS\ServicePackFiles\i386\cmmon32.exe
+ 2004-08-19 23:09:20 191,488 ------w C:\WINDOWS\ServicePackFiles\i386\cmprops.dll
+ 2004-08-19 23:09:20 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\cmsetacl.dll
+ 2004-08-19 23:09:51 65,536 ------w C:\WINDOWS\ServicePackFiles\i386\cmstp.exe
+ 2004-08-19 23:09:20 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\cmutil.dll
+ 2004-08-19 23:09:20 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\cnbjmon.dll
+ 2004-08-19 23:09:20 83,968 ------w C:\WINDOWS\ServicePackFiles\i386\cnbjmon2.dll
+ 2004-08-19 23:09:20 62,464 ------w C:\WINDOWS\ServicePackFiles\i386\colbact.dll
+ 2004-08-19 23:09:20 195,584 ------w C:\WINDOWS\ServicePackFiles\i386\comadmin.dll
+ 2004-08-19 23:09:20 611,328 ------w C:\WINDOWS\ServicePackFiles\i386\comctl32.dll
+ 2004-08-19 23:09:21 281,088 ------w C:\WINDOWS\ServicePackFiles\i386\comdlg32.dll
+ 2004-08-19 23:09:21 253,440 ------w C:\WINDOWS\ServicePackFiles\i386\compatui.dll
+ 2004-08-19 23:09:21 230,912 ------w C:\WINDOWS\ServicePackFiles\i386\compstui.dll
+ 2004-08-19 23:09:51 9,728 ------w C:\WINDOWS\ServicePackFiles\i386\comrepl.exe
+ 2004-08-19 23:09:21 851,968 ------w C:\WINDOWS\ServicePackFiles\i386\comres.dll
+ 2004-08-19 23:09:21 1,251,840 ------w C:\WINDOWS\ServicePackFiles\i386\comsvcs.dll
+ 2004-08-19 23:09:21 540,160 ------w C:\WINDOWS\ServicePackFiles\i386\comuid.dll
+ 2004-08-19 23:09:51 1,044,480 ------w C:\WINDOWS\ServicePackFiles\i386\conf.exe
+ 2004-08-19 23:09:21 45,056 ------w C:\WINDOWS\ServicePackFiles\i386\confmrsl.dll
+ 2004-08-19 23:09:51 27,648 ------w C:\WINDOWS\ServicePackFiles\i386\conime.exe
+ 2004-08-19 23:09:21 35,328 ------w C:\WINDOWS\ServicePackFiles\i386\corpol.dll
+ 2004-08-19 23:09:21 165,888 ------w C:\WINDOWS\ServicePackFiles\i386\credui.dll
+ 2004-08-19 22:59:24 40,704 ------w C:\WINDOWS\ServicePackFiles\i386\crusoe.sys
+ 2004-08-19 23:09:21 604,672 ------w C:\WINDOWS\ServicePackFiles\i386\crypt32.dll
+ 2004-08-19 23:09:21 75,776 ------w C:\WINDOWS\ServicePackFiles\i386\cryptdlg.dll
+ 2004-08-19 23:09:21 33,280 ------w C:\WINDOWS\ServicePackFiles\i386\cryptdll.dll
+ 2004-08-19 23:09:21 54,784 ------w C:\WINDOWS\ServicePackFiles\i386\cryptext.dll
+ 2004-08-19 23:09:21 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\cryptnet.dll
+ 2004-08-19 23:09:21 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
+ 2004-08-19 23:09:21 530,432 ------w C:\WINDOWS\ServicePackFiles\i386\cryptui.dll
+ 2004-08-19 23:09:21 102,912 ------w C:\WINDOWS\ServicePackFiles\i386\cscdll.dll
+ 2004-08-19 23:09:51 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\cscript.exe
+ 2004-08-19 23:09:21 337,920 ------w C:\WINDOWS\ServicePackFiles\i386\cscui.dll
+ 2004-08-19 23:09:21 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\csrsrv.dll
+ 2004-08-19 23:09:51 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\csrss.exe
+ 2004-08-19 23:09:51 15,360 ------w C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
+ 2004-08-19 23:09:21 252,416 ------w C:\WINDOWS\ServicePackFiles\i386\ctmasetp.dll
+ 2004-08-19 23:09:21 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\custsat.dll
+ 2004-08-04 05:32:25 48,640 ------w C:\WINDOWS\ServicePackFiles\i386\cwrwdm.sys
+ 2004-08-19 23:09:21 1,179,648 ------w C:\WINDOWS\ServicePackFiles\i386\d3d8.dll
+ 2004-08-19 23:09:21 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\d3d8thk.dll
+ 2004-08-19 23:09:21 1,689,088 ------w C:\WINDOWS\ServicePackFiles\i386\d3d9.dll
+ 2004-08-19 23:09:22 825,344 ------w C:\WINDOWS\ServicePackFiles\i386\d3dim700.dll
+ 2004-08-19 23:09:22 1,056,256 ------w C:\WINDOWS\ServicePackFiles\i386\danim.dll
+ 2004-08-19 23:09:22 561,179 ------w C:\WINDOWS\ServicePackFiles\i386\dao360.dll
+ 2004-08-19 23:09:22 55,296 ------w C:\WINDOWS\ServicePackFiles\i386\dataclen.dll
+ 2004-08-19 23:09:22 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\davclnt.dll
+ 2004-08-19 23:09:22 640,000 ------w C:\WINDOWS\ServicePackFiles\i386\dbghelp.dll
+ 2004-08-19 23:09:22 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\dbmsrpcn.dll
+ 2004-08-19 23:09:22 110,592 ------w C:\WINDOWS\ServicePackFiles\i386\dbnetlib.dll
+ 2004-08-19 23:09:22 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\dbnmpntw.dll
+ 2004-08-19 23:09:22 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\dcap32.dll
+ 2004-08-19 23:09:22 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\dciman32.dll
+ 2004-08-19 23:09:51 31,744 ------w C:\WINDOWS\ServicePackFiles\i386\ddeshare.exe
+ 2004-08-19 23:09:22 266,240 ------w C:\WINDOWS\ServicePackFiles\i386\ddraw.dll
+ 2004-08-19 23:09:22 27,136 ------w C:\WINDOWS\ServicePackFiles\i386\ddrawex.dll
+ 2004-08-19 23:09:51 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\defrag.exe
+ 2004-08-19 23:09:22 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\devenum.dll
+ 2004-08-19 23:09:22 290,816 ------w C:\WINDOWS\ServicePackFiles\i386\devmgr.dll
+ 2004-08-19 23:09:51 82,432 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgfat.exe
+ 2004-08-19 23:09:51 104,960 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgntfs.exe
+ 2004-08-19 23:09:22 39,424 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgsnap.dll
+ 2004-08-19 23:09:22 123,904 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgui.dll
+ 2004-08-19 23:09:22 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\dfsshlex.dll
+ 2004-08-19 23:09:22 115,200 ------w C:\WINDOWS\ServicePackFiles\i386\dgnet.dll
+ 2004-08-19 23:09:22 111,616 ------w C:\WINDOWS\ServicePackFiles\i386\dhcpcsvc.dll
+ 2004-08-19 23:09:51 548,352 ------w C:\WINDOWS\ServicePackFiles\i386\dialer.exe
+ 2004-08-19 23:09:51 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\diantz.exe
+ 2004-08-19 23:09:22 68,608 ------w C:\WINDOWS\ServicePackFiles\i386\digest.dll
+ 2004-08-19 23:09:22 165,376 ------w C:\WINDOWS\ServicePackFiles\i386\dinput.dll
+ 2004-08-19 23:09:22 187,904 ------w C:\WINDOWS\ServicePackFiles\i386\dinput8.dll
+ 2004-08-19 23:09:22 81,408 ------w C:\WINDOWS\ServicePackFiles\i386\directdb.dll
+ 2004-08-04 05:59:54 36,352 ------w C:\WINDOWS\ServicePackFiles\i386\disk.sys
+ 2004-08-04 05:59:52 14,208 ------w C:\WINDOWS\ServicePackFiles\i386\diskdump.sys
+ 2004-08-19 23:09:51 167,936 ------w C:\WINDOWS\ServicePackFiles\i386\diskpart.exe
+ 2004-08-19 23:09:51 294,912 ------w C:\WINDOWS\ServicePackFiles\i386\dlimport.exe
+ 2004-08-19 23:09:51 5,120 ------w C:\WINDOWS\ServicePackFiles\i386\dllhost.exe
+ 2004-08-04 06:00:04 8,320 ------w C:\WINDOWS\ServicePackFiles\i386\dlttape.sys
+ 2004-08-19 23:09:51 225,280 ------w C:\WINDOWS\ServicePackFiles\i386\dmadmin.exe
+ 2004-08-19 23:09:22 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\dmband.dll
+ 2004-08-19 23:01:15 800,256 ------w C:\WINDOWS\ServicePackFiles\i386\dmboot.sys
+ 2004-08-19 23:09:22 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\dmcompos.dll
+ 2004-08-19 23:09:22 200,704 ------w C:\WINDOWS\ServicePackFiles\i386\dmdskmgr.dll
+ 2004-08-19 23:09:22 181,248 ------w C:\WINDOWS\ServicePackFiles\i386\dmime.dll
+ 2004-08-19 23:01:21 154,496 ------w C:\WINDOWS\ServicePackFiles\i386\dmio.sys
+ 2004-08-19 23:09:22 35,840 ------w C:\WINDOWS\ServicePackFiles\i386\dmloader.dll
+ 2004-08-19 23:09:51 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\dmremote.exe
+ 2004-08-19 23:09:22 82,432 ------w C:\WINDOWS\ServicePackFiles\i386\dmscript.dll
+ 2004-08-19 23:09:22 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\dmserver.dll
+ 2004-08-19 23:09:22 105,984 ------w C:\WINDOWS\ServicePackFiles\i386\dmstyle.dll
+ 2004-08-19 23:09:22 103,424 ------w C:\WINDOWS\ServicePackFiles\i386\dmsynth.dll
+ 2004-08-19 23:09:22 104,448 ------w C:\WINDOWS\ServicePackFiles\i386\dmusic.dll
+ 2004-08-04 06:07:38 52,864 ------w C:\WINDOWS\ServicePackFiles\i386\dmusic.sys
+ 2004-08-19 23:09:22 58,880 ------w C:\WINDOWS\ServicePackFiles\i386\dmutil.dll
+ 2004-08-19 23:09:22 148,480 ------w C:\WINDOWS\ServicePackFiles\i386\dnsapi.dll
+ 2004-08-19 23:09:22 45,568 ------w C:\WINDOWS\ServicePackFiles\i386\dnsrslvr.dll
+ 2004-08-19 23:09:22 48,640 ------w C:\WINDOWS\ServicePackFiles\i386\docprop2.dll
+ 2004-08-04 05:51:26 54,080 ------w C:\WINDOWS\ServicePackFiles\i386\dosx.exe
+ 2004-08-04 05:58:29 207,360 ------w C:\WINDOWS\ServicePackFiles\i386\dot4.sys
+ 2004-08-19 22:50:52 97,792 ------w C:\WINDOWS\ServicePackFiles\i386\dpcdll.dll
+ 2004-08-19 23:09:51 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\dplaysvr.exe
+ 2004-08-19 23:09:22 229,888 ------w C:\WINDOWS\ServicePackFiles\i386\dplayx.dll
+ 2004-08-19 23:09:22 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\dpmodemx.dll
+ 2004-08-19 23:08:07 3,584 ------w C:\WINDOWS\ServicePackFiles\i386\dpnaddr.dll
+ 2004-08-19 23:09:22 375,296 ------w C:\WINDOWS\ServicePackFiles\i386\dpnet.dll
+ 2004-08-19 23:09:22 35,328 ------w C:\WINDOWS\ServicePackFiles\i386\dpnhpast.dll
+ 2004-08-19 23:09:22 60,928 ------w C:\WINDOWS\ServicePackFiles\i386\dpnhupnp.dll
+ 2004-08-19 23:08:07 3,584 ------w C:\WINDOWS\ServicePackFiles\i386\dpnlobby.dll
+ 2004-08-19 23:09:51 18,432 ------w C:\WINDOWS\ServicePackFiles\i386\dpnsvr.exe
+ 2004-08-19 23:09:22 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\dpvacm.dll
+ 2004-08-19 23:09:22 213,504 ------w C:\WINDOWS\ServicePackFiles\i386\dpvoice.dll
+ 2004-08-19 23:09:51 83,456 ------w C:\WINDOWS\ServicePackFiles\i386\dpvsetup.exe
+ 2004-08-19 23:09:22 116,736 ------w C:\WINDOWS\ServicePackFiles\i386\dpvvox.dll
+ 2004-08-19 23:09:22 57,856 ------w C:\WINDOWS\ServicePackFiles\i386\dpwsockx.dll
+ 2004-08-19 23:10:14 299,520 ------w C:\WINDOWS\ServicePackFiles\i386\drmclien.dll
+ 2004-08-04 06:07:58 60,288 ------w C:\WINDOWS\ServicePackFiles\i386\drmk.sys
+ 2004-08-19 23:09:22 87,040 ------w C:\WINDOWS\ServicePackFiles\i386\drmstor.dll
+ 2004-08-19 23:10:12 695,296 ------w C:\WINDOWS\ServicePackFiles\i386\drmv2clt.dll
+ 2004-08-19 23:09:22 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\drprov.dll
+ 2002-08-30 11:00:00 4,656 ------w C:\WINDOWS\ServicePackFiles\i386\ds16gt.dll
+ 2004-08-19 23:09:22 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\ds32gt.dll
+ 2004-08-19 23:09:22 181,760 ------w C:\WINDOWS\ServicePackFiles\i386\dsdmo.dll
+ 2004-08-19 23:09:22 72,192 ------w C:\WINDOWS\ServicePackFiles\i386\dsdmoprp.dll
+ 2004-08-19 23:09:22 93,696 ------w C:\WINDOWS\ServicePackFiles\i386\dskquota.dll
+ 2004-08-19 23:09:22 367,616 ------w C:\WINDOWS\ServicePackFiles\i386\dsound.dll
+ 2004-08-19 23:09:22 1,294,336 ------w C:\WINDOWS\ServicePackFiles\i386\dsound3d.dll
+ 2004-08-19 23:09:22 145,408 ------w C:\WINDOWS\ServicePackFiles\i386\dsprop.dll
+ 2004-08-19 23:08:08 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\dsprpres.dll
+ 2004-08-19 23:09:22 240,640 ------w C:\WINDOWS\ServicePackFiles\i386\dsquery.dll
+ 2004-08-19 23:09:22 52,736 ------w C:\WINDOWS\ServicePackFiles\i386\dssec.dll
+ 2004-08-04 05:31:43 137,216 ------w C:\WINDOWS\ServicePackFiles\i386\dssenh.dll
+ 2004-08-19 23:09:22 113,664 ------w C:\WINDOWS\ServicePackFiles\i386\dsuiext.dll
+ 2004-08-19 23:09:22 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\dswave.dll
+ 2004-08-19 23:09:51 10,752 ------w C:\WINDOWS\ServicePackFiles\i386\dumprep.exe
+ 2004-08-19 23:09:22 304,128 ------w C:\WINDOWS\ServicePackFiles\i386\duser.dll
+ 2004-08-19 23:09:51 17,920 ------w C:\WINDOWS\ServicePackFiles\i386\dvdupgrd.exe
+ 2004-08-19 23:09:51 180,224 ------w C:\WINDOWS\ServicePackFiles\i386\dwwin.exe
+ 2004-08-19 23:09:22 619,008 ------w C:\WINDOWS\ServicePackFiles\i386\dx7vb.dll
+ 2004-08-19 23:09:22 1,227,264 ------w C:\WINDOWS\ServicePackFiles\i386\dx8vb.dll
+ 2004-08-19 23:09:51 1,298,432 ------w C:\WINDOWS\ServicePackFiles\i386\dxdiag.exe
+ 2004-08-19 23:09:22 2,113,536 ------w C:\WINDOWS\ServicePackFiles\i386\dxdiagn.dll
+ 2004-08-04 06:00:54 71,040 ------w C:\WINDOWS\ServicePackFiles\i386\dxg.sys
+ 2004-08-19 23:09:23 499,741 ------w C:\WINDOWS\ServicePackFiles\i386\dxmasf.dll
+ 2004-08-19 23:09:23 357,888 ------w C:\WINDOWS\ServicePackFiles\i386\dxtmsft.dll
+ 2004-08-19 23:09:23 201,728 ------w C:\WINDOWS\ServicePackFiles\i386\dxtrans.dll
+ 2004-08-19 23:09:25 187,392 ------w C:\WINDOWS\ServicePackFiles\i386\els.dll
+ 2004-08-19 23:09:25 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\encapi.dll
+ 2004-08-19 23:09:25 186,368 ------w C:\WINDOWS\ServicePackFiles\i386\encdec.dll
+ 2004-08-19 23:08:10 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\ep9res.dll
+ 2004-08-19 22:52:50 121,344 ------w C:\WINDOWS\ServicePackFiles\i386\epcl5res.dll
+ 2004-08-19 23:09:25 23,040 ------w C:\WINDOWS\ServicePackFiles\i386\ersvc.dll
+ 2004-08-19 23:09:25 243,200 ------w C:\WINDOWS\ServicePackFiles\i386\es.dll
+ 2004-08-19 23:09:25 1,097,728 ------w C:\WINDOWS\ServicePackFiles\i386\esent.dll
+ 2004-08-19 23:09:25 247,808 ------w C:\WINDOWS\ServicePackFiles\i386\esscli.dll
+ 2002-08-28 22:00:54 137,088 ------w C:\WINDOWS\ServicePackFiles\i386\essm2e.sys
+ 2004-08-19 23:09:51 195,072 ------w C:\WINDOWS\ServicePackFiles\i386\eudcedit.exe
+ 2004-08-19 23:09:25 55,808 ------w C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
+ 2004-08-19 23:09:25 109,568 ------w C:\WINDOWS\ServicePackFiles\i386\evntagnt.dll
+ 2004-08-19 23:09:52 26,112 ------w C:\WINDOWS\ServicePackFiles\i386\evntcmd.exe
+ 2004-08-19 23:09:25 22,016 ------w C:\WINDOWS\ServicePackFiles\i386\evntrprv.dll
+ 2004-08-19 23:09:52 94,720 ------w C:\WINDOWS\ServicePackFiles\i386\evntwin.exe
+ 2004-08-19 23:09:53 1,036,288 ------w C:\WINDOWS\ServicePackFiles\i386\explorer.exe
+ 2004-08-19 23:09:25 380,957 ------w C:\WINDOWS\ServicePackFiles\i386\expsrv.dll
+ 2004-08-19 23:09:25 55,808 ------w C:\WINDOWS\ServicePackFiles\i386\extmgr.dll
+ 2004-08-19 23:09:53 45,568 ------w C:\WINDOWS\ServicePackFiles\i386\extrac32.exe
+ 2004-08-04 06:14:16 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\fastfat.sys
+ 2004-08-19 23:09:25 472,064 ------w C:\WINDOWS\ServicePackFiles\i386\fastprox.dll
+ 2004-08-19 23:09:25 80,896 ------w C:\WINDOWS\ServicePackFiles\i386\faultrep.dll
+ 2004-08-19 23:09:53 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\faxpatch.exe
+ 2004-08-04 05:59:27 27,392 ------w C:\WINDOWS\ServicePackFiles\i386\fdc.sys
+ 2004-08-19 23:09:25 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\feclient.dll
+ 2004-08-19 23:09:25 348,160 ------w C:\WINDOWS\ServicePackFiles\i386\filemgmt.dll
+ 2004-08-19 23:09:54 29,184 ------w C:\WINDOWS\ServicePackFiles\i386\findstr.exe
+ 2004-08-19 23:09:25 88,064 ------w C:\WINDOWS\ServicePackFiles\i386\fldrclnr.dll
+ 2004-08-04 05:59:27 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\flpydisk.sys
+ 2004-08-19 23:09:25 16,896 ------w C:\WINDOWS\ServicePackFiles\i386\fltlib.dll
+ 2004-08-19 23:09:54 22,528 ------w C:\WINDOWS\ServicePackFiles\i386\fltmc.exe
+ 2004-08-04 06:01:19 124,800 ------w C:\WINDOWS\ServicePackFiles\i386\fltmgr.sys
+ 2004-08-19 23:09:25 386,560 ------w C:\WINDOWS\ServicePackFiles\i386\fontext.dll
+ 2004-08-19 23:09:54 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\fontview.exe
+ 2004-08-04 05:31:22 34,173 ------w C:\WINDOWS\ServicePackFiles\i386\forehe.sys
+ 2004-08-19 23:09:25 32,828 ------w C:\WINDOWS\ServicePackFiles\i386\fp40ext.dll
+ 2004-08-19 23:09:25 184,435 ------w C:\WINDOWS\ServicePackFiles\i386\fp4amsft.dll
+ 2004-08-19 23:09:25 82,035 ------w C:\WINDOWS\ServicePackFiles\i386\fp4anscp.dll
+ 2004-08-19 23:09:25 147,513 ------w C:\WINDOWS\ServicePackFiles\i386\fp4apws.dll
+ 2004-08-19 23:09:25 49,210 ------w C:\WINDOWS\ServicePackFiles\i386\fp4areg.dll
+ 2004-08-19 23:09:25 102,509 ------w C:\WINDOWS\ServicePackFiles\i386\fp4atxt.dll
+ 2004-08-19 23:09:25 618,605 ------w C:\WINDOWS\ServicePackFiles\i386\fp4autl.dll
+ 2004-08-19 23:09:25 41,020 ------w C:\WINDOWS\ServicePackFiles\i386\fp4avnb.dll
+ 2004-08-19 23:09:25 32,826 ------w C:\WINDOWS\ServicePackFiles\i386\fp4avss.dll
+ 2004-08-19 23:09:25 49,212 ------w C:\WINDOWS\ServicePackFiles\i386\fp4awebs.dll
+ 2004-08-19 23:09:25 876,653 ------w C:\WINDOWS\ServicePackFiles\i386\fp4awel.dll
+ 2004-08-19 23:09:54 15,120 ------w C:\WINDOWS\ServicePackFiles\i386\fp98sadm.exe
+ 2004-08-19 23:09:54 109,840 ------w C:\WINDOWS\ServicePackFiles\i386\fp98swin.exe
+ 2004-08-19 23:09:54 24,632 ------w C:\WINDOWS\ServicePackFiles\i386\fpadmcgi.exe
+ 2004-08-19 23:09:25 20,541 ------w C:\WINDOWS\ServicePackFiles\i386\fpadmdll.dll
+ 2004-08-19 23:09:54 188,494 ------w C:\WINDOWS\ServicePackFiles\i386\fpcount.exe
+ 2004-08-19 23:09:25 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\fpencode.dll
+ 2004-08-19 23:09:25 20,541 ------w C:\WINDOWS\ServicePackFiles\i386\fpexedll.dll
+ 2004-08-19 23:09:26 598,071 ------w C:\WINDOWS\ServicePackFiles\i386\fpmmc.dll
+ 2004-08-19 23:08:12 217,088 ------w C:\WINDOWS\ServicePackFiles\i386\fpmmcsat.dll
+ 2004-08-19 23:09:54 20,538 ------w C:\WINDOWS\ServicePackFiles\i386\fpremadm.exe
+ 2004-08-19 23:09:54 28,728 ------w C:\WINDOWS\ServicePackFiles\i386\fpsrvadm.exe
+ 2004-08-19 23:08:12 9,344 ------w C:\WINDOWS\ServicePackFiles\i386\framebuf.dll
+ 2004-08-19 23:09:26 185,856 ------w C:\WINDOWS\ServicePackFiles\i386\framedyn.dll
+ 2004-08-19 23:09:54 193,024 ------w C:\WINDOWS\ServicePackFiles\i386\fsquirt.exe
+ 2004-08-19 23:09:54 46,080 ------w C:\WINDOWS\ServicePackFiles\i386\ftp.exe
+ 2004-08-19 23:09:26 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\fwcfg.dll
+ 2004-08-19 23:09:26 452,096 ------w C:\WINDOWS\ServicePackFiles\i386\fxsapi.dll
+ 2004-08-19 23:09:54 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\fxsclnt.exe
+ 2004-08-19 23:09:26 72,192 ------w C:\WINDOWS\ServicePackFiles\i386\fxscom.dll
+ 2004-08-19 23:09:26 285,184 ------w C:\WINDOWS\ServicePackFiles\i386\fxscomex.dll
+ 2004-08-19 23:09:54 238,592 ------w C:\WINDOWS\ServicePackFiles\i386\fxscover.exe
+ 2004-08-19 23:09:26 27,136 ------w C:\WINDOWS\ServicePackFiles\i386\fxsdrv.dll
+ 2004-08-19 23:09:26 66,048 ------w C:\WINDOWS\ServicePackFiles\i386\fxsevent.dll
+ 2004-08-19 23:09:26 23,552 ------w C:\WINDOWS\ServicePackFiles\i386\fxsext32.dll
+ 2004-08-19 23:09:26 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\fxsmon.dll
+ 2004-08-19 23:09:27 132,608 ------w C:\WINDOWS\ServicePackFiles\i386\fxsocm.dll
+ 2004-08-19 23:09:27 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\fxsperf.dll
+ 2004-08-19 23:08:12 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\fxsres.dll
+ 2004-08-19 23:09:27 563,712 ------w C:\WINDOWS\ServicePackFiles\i386\fxsst.dll
+ 2004-08-19 23:09:54 268,800 ------w C:\WINDOWS\ServicePackFiles\i386\fxssvc.exe
+ 2004-08-19 23:09:27 246,272 ------w C:\WINDOWS\ServicePackFiles\i386\fxst30.dll
+ 2004-08-19 23:09:27 397,312 ------w C:\WINDOWS\ServicePackFiles\i386\fxstiff.dll
+ 2004-08-19 23:09:27 156,672 ------w C:\WINDOWS\ServicePackFiles\i386\fxsui.dll
+ 2004-08-19 23:09:27 197,120 ------w C:\WINDOWS\ServicePackFiles\i386\fxswzrd.dll
+ 2004-08-19 23:09:27 400,896 ------w C:\WINDOWS\ServicePackFiles\i386\fxsxp32.dll
+ 2004-08-04 06:07:43 46,464 ------w C:\WINDOWS\ServicePackFiles\i386\gagp30kx.sys
+ 2004-08-04 06:08:21 10,624 ------w C:\WINDOWS\ServicePackFiles\i386\gameenum.sys
+ 2004-08-04 06:08:29 59,136 ------w C:\WINDOWS\ServicePackFiles\i386\gckernel.sys
+ 2004-08-19 23:09:27 278,016 ------w C:\WINDOWS\ServicePackFiles\i386\gdi32.dll
+ 2004-08-19 23:09:27 123,904 ------w C:\WINDOWS\ServicePackFiles\i386\glu32.dll
+ 2002-08-30 11:00:00 101,888 ------w C:\WINDOWS\ServicePackFiles\i386\gpkcsp.dll
+ 2004-08-19 23:08:12 10,240 ------w C:\WINDOWS\ServicePackFiles\i386\gpkrsrc.dll
+ 2004-08-19 23:09:54 39,424 ------w C:\WINDOWS\ServicePackFiles\i386\grpconv.exe
+ 2004-08-19 22:55:20 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\grserial.sys
+ 2004-08-19 23:09:27 125,440 ------w C:\WINDOWS\ServicePackFiles\i386\guitrn.dll
+ 2004-08-19 23:09:27 109,056 ------w C:\WINDOWS\ServicePackFiles\i386\guitrn_a.dll
+ 2004-08-19 23:09:27 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\h323cc.dll
+ 2004-08-19 23:09:27 614,912 ------w C:\WINDOWS\ServicePackFiles\i386\h323msp.dll
+ 2004-08-04 05:59:19 105,472 ------w C:\WINDOWS\ServicePackFiles\i386\hal.dll
+ 2004-08-04 05:59:09 131,968 ------w C:\WINDOWS\ServicePackFiles\i386\halaacpi.dll
+ 2004-08-04 05:59:06 81,280 ------w C:\WINDOWS\ServicePackFiles\i386\halacpi.dll
+ 2004-08-04 05:59:13 150,656 ------w C:\WINDOWS\ServicePackFiles\i386\halapic.dll
+ 2004-08-04 05:59:12 134,400 ------w C:\WINDOWS\ServicePackFiles\i386\halmacpi.dll
+ 2004-08-04 05:59:18 152,704 ------w C:\WINDOWS\ServicePackFiles\i386\halmps.dll
+ 2004-08-04 05:59:19 77,696 ------w C:\WINDOWS\ServicePackFiles\i386\halsp.dll
+ 2004-08-19 23:09:27 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\hccoin.dll
+ 2004-08-19 23:09:54 768,512 ------w C:\WINDOWS\ServicePackFiles\i386\helpctr.exe
+ 2004-08-19 23:09:54 743,936 ------w C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe
+ 2004-08-19 23:09:54 10,752 ------w C:\WINDOWS\ServicePackFiles\i386\hh.exe
+ 2004-08-19 23:09:27 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\hhsetup.dll
+ 2004-08-19 23:09:27 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\hid.dll
+ 2004-08-19 22:55:51 25,856 ------w C:\WINDOWS\ServicePackFiles\i386\hidbth.sys
+ 2004-08-04 06:08:19 36,224 ------w C:\WINDOWS\ServicePackFiles\i386\hidclass.sys
+ 2004-08-04 06:08:18 15,104 ------w C:\WINDOWS\ServicePackFiles\i386\hidir.sys
+ 2004-08-04 06:08:16 24,960 ------w C:\WINDOWS\ServicePackFiles\i386\hidparse.sys
+ 2004-08-19 23:09:27 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\hidserv.dll
+ 2004-08-19 23:09:27 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\hmmapi.dll
+ 2004-08-19 23:09:27 347,648 ------w C:\WINDOWS\ServicePackFiles\i386\hnetcfg.dll
+ 2004-08-19 23:09:27 336,384 ------w C:\WINDOWS\ServicePackFiles\i386\hnetwiz.dll
+ 2004-08-19 23:09:27 39,936 ------w C:\WINDOWS\ServicePackFiles\i386\hostmib.dll
+ 2004-08-19 23:09:27 146,944 ------w C:\WINDOWS\ServicePackFiles\i386\hotplug.dll
+ 2004-08-19 23:09:27 10,752 ------w C:\WINDOWS\ServicePackFiles\i386\hpcjrr.dll
+ 2004-08-19 23:09:27 10,240 ------w C:\WINDOWS\ServicePackFiles\i386\hpcjrrps.dll
+ 2004-08-19 23:09:27 87,552 ------w C:\WINDOWS\ServicePackFiles\i386\hpfud50.dll
+ 2004-08-19 23:09:54 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\hscupd.exe
+ 2004-08-04 05:41:46 220,032 ------w C:\WINDOWS\ServicePackFiles\i386\hsfbs2s2.sys
+ 2004-08-19 23:09:27 32,285 ------w C:\WINDOWS\ServicePackFiles\i386\hsfcisp2.dll
+ 2004-08-04 05:41:48 685,056 ------w C:\WINDOWS\ServicePackFiles\i386\hsfcxts2.sys
+ 2004-08-04 05:41:54 1,041,536 ------w C:\WINDOWS\ServicePackFiles\i386\hsfdpsp2.sys
+ 2004-08-04 06:00:13 263,040 ------w C:\WINDOWS\ServicePackFiles\i386\http.sys
+ 2004-08-19 23:09:27 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\httpapi.dll
+ 2004-08-19 23:09:27 43,008 ------w C:\WINDOWS\ServicePackFiles\i386\htui.dll
+ 2004-08-19 23:09:27 352,256 ------w C:\WINDOWS\ServicePackFiles\i386\hypertrm.dll
+ 2004-08-04 06:00:50 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\i2omgmt.sys
+ 2004-08-04 06:00:50 18,560 ------w C:\WINDOWS\ServicePackFiles\i386\i2omp.sys
+ 2004-08-19 22:56:39 54,400 ------w C:\WINDOWS\ServicePackFiles\i386\i8042prt.sys
+ 2004-08-19 23:09:27 702,845 ------w C:\WINDOWS\ServicePackFiles\i386\i81xdnt5.dll
+ 2004-08-04 05:29:36 161,020 ------w C:\WINDOWS\ServicePackFiles\i386\i81xnt5.sys
+ 2004-08-19 23:09:27 119,808 ------w C:\WINDOWS\ServicePackFiles\i386\iasrad.dll
+ 2004-08-19 23:09:27 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\icaapi.dll
+ 2004-08-19 23:09:27 80,384 ------w C:\WINDOWS\ServicePackFiles\i386\iccvid.dll
+ 2004-08-19 23:09:27 253,952 ------w C:\WINDOWS\ServicePackFiles\i386\icm32.dll
+ 2004-08-19 23:08:14 3,584 ------w C:\WINDOWS\ServicePackFiles\i386\icmp.dll
+ 2004-08-19 23:09:27 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\iconlib.dll
+ 2004-08-19 23:09:27 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\icwconn.dll
+ 2004-08-19 23:09:54 218,624 ------w C:\WINDOWS\ServicePackFiles\i386\icwconn1.exe
+ 2004-08-19 23:09:54 86,016 ------w C:\WINDOWS\ServicePackFiles\i386\icwconn2.exe
+ 2004-08-19 23:09:27 73,728 ------w C:\WINDOWS\ServicePackFiles\i386\icwdial.dll
+ 2004-08-19 23:09:27 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\icwdl.dll
+ 2004-08-19 23:09:27 176,128 ------w C:\WINDOWS\ServicePackFiles\i386\icwhelp.dll
+ 2004-08-19 23:09:27 65,536 ------w C:\WINDOWS\ServicePackFiles\i386\icwphbk.dll
+ 2004-08-19 23:09:54 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\icwrmind.exe
+ 2004-08-19 23:09:27 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\icwutil.dll
+ 2004-08-19 23:09:27 121,856 ------w C:\WINDOWS\ServicePackFiles\i386\idq.dll
+ 2004-08-19 23:09:54 34,304 ------w C:\WINDOWS\Servi
0
Réponse 16 / 26
ymich71 Messages postés 7 Date d'inscription vendredi 9 novembre 2007 Statut Membre Dernière intervention 11 novembre 2007
10 nov. 2007 à 12:01
Voici mon hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:31, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo RX640 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE /P31 "EPSON Stylus Photo RX640 Series" /O6 "USB001" /M "Stylus Photo RX640"
O4 - HKLM\..\Run: [DefenseDuDisque] C:\Program Files\DefenseDuDisque\SysRep.exe
O4 - HKLM\..\Run: [ugescw] "C:\PROGRA~1\DEFENS~1\ugescw.exe" -start
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Fichiers communs\MonContenuassistant\mc.exe" dm=http://moncontenuassistant.com; ad=http://moncontenuassistant.com
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\BrDefPrt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
0
Réponse 17 / 26
edom Messages postés 225 Date d'inscription lundi 10 juillet 2006 Statut Membre Dernière intervention 17 septembre 2012 6
10 nov. 2007 à 15:13
Bon apparemment l'icone de "moncontenuassistant" a changé de tronche sur le bureau avant impossible à suprime dans program files maintenant je sais pas et je n'ai pas essayé j'attends tes directives, bon en tout cas il n'y a plus de fenetres intempestives qui s'ouvre en allumant le pc ou en cours @+
0
Réponse 18 / 26
chrifleur Messages postés 1091 Date d'inscription samedi 29 septembre 2007 Statut Contributeur Dernière intervention 19 novembre 2008 18
11 nov. 2007 à 07:53
désolée pas pu me connecter hier...
lance hijack this pour un scan et coche les lignes suivantes
O4 - HKLM\..\Run: [DefenseDuDisque] C:\Program Files\DefenseDuDisque\SysRep.exe
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Fichiers communs\MonContenuassistant\mc.exe" dm=http://moncontenuassistant.com; ad=http://moncontenuassistant.com
ferme toutes tes aplications y compris internet e clique sur fix checked

Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

clic double sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :
Paste List of Files/Folders to be moved. 
C:\Program Files\DefenseDuDisque
C:\Program Files\Fichiers communs\MonContenuassistant

clique sur MoveIt! pour lancer la suppression.
le résultat apparaîtra dans le cadre Results.
clique sur Exit pour fermer.
poste le rapport situé dans C:\\\_OTMoveIt\MovedFiles.

il te sera peut-être demandé de redémarrer le pc pour achever la suppression.
si c'est le cas accepte par Yes.

Clic sur le bouton CleanUp! destiné a supprimer toutes traces des programmes qui ont servi à la désinfection
le programme va télécharger un fichier texte qui servira à nettoyer les programmes que l'on a téléchargés).
NOTE : Normalement, ton pare-feu devrait te demander si OTmoveIT peut accéder à Internet
Autorise le.
Une liste apparaît dans la partie gauche d'OTMoveIT.
Un message apparaît pour confirmer le nettoyage. Confirme
Les fichiers infectés qui se trouvent dans les quarantaines seront supprimés aussi.
OTMoveIt s'auto supprime aussi.
la manoeuvre nécessitera un redémarrage initié par le programme.

faire un scan antivirus en ligne avec Internet explorer et accepter l'ActiveX
poster le rapport ici ensuite
https://www.bitdefender.fr/

En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
Dans la nouvelle fenêtre, clique sur j’accepte
La fenêtre change encore, clique sur scanner
Les signatures se chargent, etc.

tuto en image
http://pageperso.aol.fr/rginformatique/mapage/defender.htm

0
Réponse 19 / 26
edom Messages postés 225 Date d'inscription lundi 10 juillet 2006 Statut Membre Dernière intervention 17 septembre 2012 6
11 nov. 2007 à 13:16
Salut chrifleur,tu as pas a etre désolée c'est pas grave,tu nous laisse pas tombé et c'est bien là le principal ,bon je me léves là ouf j'ai fais un peu la java hier,bref bon je suis pas chez mon ami mais je voit qu'il m'a envoyé un mail en me disant qu'il a reussi de supprimé les lignes 04 de son hijack et ensuite telechargé ot moveit mais apparemment il n'a pas reussi de mettre les 2 lignes dans la colonne de gauche alors.......
Bon et il n'arrive pas à se deconnecte comment faire il a la freebox et j'avais regardé un peu hier je vois pas comment se deconnecte bon moi pour me deconnecte c'est tres simple j'ai le bas debit avec wanadoo donc un pave sur le bureau avec on/off pour faire cela alors voila ou nous en sommes et je sais pas si je pourrais allez le voir cet ap @+ de te relire.
0
Réponse 20 / 26
chrifleur Messages postés 1091 Date d'inscription samedi 29 septembre 2007 Statut Contributeur Dernière intervention 19 novembre 2008 18
11 nov. 2007 à 14:36
pour déconnecter internet
démarrer/connections réseau/
connexion au réseau local
clic droit dessus/désactiver
pour réactiver, manip inverse
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Virus détecté
Koony -
MisteryBean -

6 réponses
y a t'il des virus qu'avast ne detecte pas
davivid -
Utilisateur anonyme -

24 réponses
Mon ordinateur a été infecté par un virus ou
henry4002 -
jorginho67 -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses