Sujet Précédent Sujet Suivant

Trojan C:\WINDOWS\system32\rqrrqro.dll

Résolu/Fermé
flexton Messages postés 13 Date d'inscription mercredi 16 janvier 2008 Statut Membre Dernière intervention 15 avril 2013 - 16 janv. 2008 à 17:23
winin Messages postés 372 Date d'inscription mercredi 16 janvier 2008 Statut Membre Dernière intervention 31 décembre 2008 - 19 janv. 2008 à 13:24
Bonjour,

après avoir fait de nombreuses recherches sur la toile, je n'arrive pas a me dépatouiller de ce trojan C:\WINDOWS\system32\rqrrqro.dll

J'ai tout tenté sans grand succès. hijackthis, ad-aware, spybot, killbox, Vundofix, Combofix, avg, antivir... même en mode sans échec, le pc se coupe avant la fin de l'analyse.

Je colle le rapport hijackthis.

Pourriez vous m'aider s'il vous plait.

Un grand merci d'avance.

Flexton.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:23:05, on 17/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Documents and Settings\??\Bureau\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://gamespace.daemon-tools.cc/fra/home

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.(...)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {A1C77420-D2AF-4A94-88DA-77CE0C551BED} - C:\WINDOWS\system32\rqrrqro.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O20 - Winlogon Notify: rqrrqro - C:\WINDOWS\SYSTEM32\rqrrqro.dll
O21 - SSODL: Linksnd - {58A3DB84-A25A-4A98-AC4F-FEE2EB7D56C4} - C:\WINDOWS\system32\libdel.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professionnel 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professionnel 2005.SR3\RpcSandraSrv.exe

--
End of file - 3855 bytes
A voir également:

27 réponses

  • 1
  • 2
Réponse 1 / 27
winin Messages postés 372 Date d'inscription mercredi 16 janvier 2008 Statut Membre Dernière intervention 31 décembre 2008 12
16 janv. 2008 à 18:40
Bonjour,
Fais un scan en ligne One Care :
http://onecare.live.com/site/fr-be/default.htm?mkt=fr-be

- Tu clique analyse complète
- Tu execute les controles ActiVx
- Tu met pas analyse rapide.
0
Réponse 2 / 27
flexton Messages postés 13 Date d'inscription mercredi 16 janvier 2008 Statut Membre Dernière intervention 15 avril 2013
16 janv. 2008 à 19:49
jte remercie pour ton aide winin, j'ai tenté un scan bitdefender cette après midi mais rien a faire, je tente Onecar, le scan est en cours, je croise les doigts.
0
Réponse 3 / 27
winin Messages postés 372 Date d'inscription mercredi 16 janvier 2008 Statut Membre Dernière intervention 31 décembre 2008 12
16 janv. 2008 à 19:51
Ok, tu pourra écrire sur un papier le rapport STP ?
Et ensuite me le taper : le problème de ce scan il ne sort pas sous fichier txt ni rien.
0
Réponse 4 / 27
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
16 janv. 2008 à 19:51
Salut

ensuite :

Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp

++
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 27
winin Messages postés 372 Date d'inscription mercredi 16 janvier 2008 Statut Membre Dernière intervention 31 décembre 2008 12
16 janv. 2008 à 20:17
Pour demarrer le scan c'est 1.
0
Réponse 6 / 27
flexton Messages postés 13 Date d'inscription mercredi 16 janvier 2008 Statut Membre Dernière intervention 15 avril 2013
16 janv. 2008 à 22:01
Voici le rapport combfix... une fois de plus et comme a chaque scan, le pc c'est coupé juste avant la fin... je ne comprends pas...

ComboFix 08-01-16.1 - Administrateur 2008-01-17 21:44:45.5 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.806 [GMT 1:00]
Running from: C:\Documents and Settings\??\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ttvut.ini
C:\WINDOWS\system32\ttvut.ini2
C:\WINDOWS\system32\tuvtt.dll
C:\WINDOWS\system32\tuvtt.exe

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-17 to 2008-01-17 ))))))))))))))))))))))))))))))))))))
.

2008-01-17 19:27 . 2008-01-17 19:30 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-01-17 17:31 . 2008-01-17 19:04 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-01-17 17:12 . 2008-01-17 17:12 <REP> d-------- C:\WINDOWS\report
2008-01-17 17:12 . 2008-01-17 17:05 35,066,701 --a------ C:\WINDOWS\LPT$VPN.947
2008-01-17 17:05 . 2008-01-17 17:05 <REP> d-------- C:\WINDOWS\AU_Backup
2008-01-17 17:05 . 2008-01-17 17:05 35,066,701 --a------ C:\WINDOWS\VPTNFILE.947
2008-01-17 17:05 . 2008-01-17 17:05 1,910,895 --a------ C:\WINDOWS\tsc.ptn
2008-01-17 17:05 . 2008-01-17 17:05 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2008-01-17 17:05 . 2008-01-17 17:05 267,845 --a------ C:\WINDOWS\tsc.exe
2008-01-17 17:05 . 2008-01-17 17:05 86,094 --a------ C:\WINDOWS\BPMNT.dll
2008-01-17 17:05 . 2008-01-17 17:05 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-01-17 17:05 . 2008-01-17 17:32 823 --a------ C:\WINDOWS\tsc.ini
2008-01-17 17:04 . 2008-01-17 17:05 <REP> d-------- C:\WINDOWS\AU_Temp
2008-01-17 17:04 . 2008-01-17 17:04 <REP> d-------- C:\WINDOWS\AU_Log
2008-01-17 17:04 . 2008-01-17 17:04 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-01-17 17:04 . 2008-01-17 17:04 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-01-17 17:04 . 2008-01-17 17:04 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-01-17 17:04 . 2008-01-17 17:04 170 --a------ C:\WINDOWS\GetServer.ini
2008-01-17 16:53 . 2008-01-17 16:54 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-01-17 16:48 . 2007-07-01 04:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-17 16:48 . 2007-10-11 00:49 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-17 16:48 . 2007-10-11 00:49 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-17 16:48 . 2008-01-17 16:53 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-01-17 16:47 . 2007-10-11 00:49 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-17 16:47 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-17 16:47 . 2007-10-11 00:49 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-17 16:47 . 2007-10-11 00:49 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-17 16:47 . 2007-10-11 00:49 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-17 16:47 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-01-17 16:47 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-17 15:00 . 2008-01-17 15:00 <REP> d-------- C:\Program Files\Lavasoft
2008-01-17 15:00 . 2008-01-17 15:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-17 14:59 . 2008-01-17 14:59 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-17 11:01 . 2008-01-17 11:01 <REP> d---s---- C:\Documents and Settings\Administrateur\UserData
2008-01-17 01:28 . 2008-01-17 01:28 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft
2008-01-17 01:18 . 2008-01-17 01:18 <REP> d-------- C:\Documents and Settings\??\Application Data\Grisoft
2008-01-17 01:18 . 2008-01-17 01:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-17 01:18 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-15 09:06 . 2008-01-15 09:06 <REP> d-------- C:\Program Files\Avira
2008-01-15 08:28 . 2008-01-15 08:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-14 09:18 . 2008-01-15 09:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-14 08:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 20:39 . 2008-01-13 20:39 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-13 20:34 . 2008-01-14 09:11 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-01-13 20:27 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-13 20:23 . 2008-01-14 09:17 <REP> d-------- C:\Program Files\Navilog1
2008-01-13 14:44 . 2008-01-17 18:26 <REP> d-------- C:\VundoFix Backups
2008-01-10 22:28 . 2008-01-11 18:12 <REP> d-------- C:\Documents and Settings\??\Application Data\DAEMON Tools
2008-01-10 21:57 . 2008-01-10 21:57 39,424 --a------ C:\WINDOWS\system32\efcccyv.dll
2008-01-10 21:56 . 2008-01-10 21:56 39,424 --a------ C:\WINDOWS\system32\yayvsss.dll
2008-01-10 21:55 . 2008-01-10 21:55 39,424 --------- C:\WINDOWS\system32\rqrrqro.dll
2008-01-10 21:35 . 2008-01-10 22:13 <REP> d-------- C:\Program Files\DAEMON Tools Pro
2008-01-10 21:35 . 2008-01-10 21:35 <REP> d-------- C:\Documents and Settings\??\Application Data\DAEMON Tools Pro
2008-01-10 21:19 . 2008-01-10 21:50 <REP> d-------- C:\Program Files\free-downloads.net
2008-01-10 21:18 . 2008-01-10 21:50 <REP> d-------- C:\Program Files\Alcohol Soft
2008-01-10 21:16 . 2008-01-10 21:16 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-08 20:50 . 2008-01-09 07:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-08 20:50 . 2008-01-08 20:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-07 22:40 . 2008-01-07 22:40 <REP> d-------- C:\Program Files\Boole & Partners
2008-01-07 22:40 . 2008-01-07 22:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Boole & Partners
2008-01-06 16:41 . 2006-08-21 10:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-01-06 16:41 . 2006-08-21 13:26 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-01-06 14:09 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-05 13:38 . 2004-08-19 16:09 755,200 --------- C:\WINDOWS\system32\ir50_32.dll
2008-01-05 13:38 . 2004-08-19 16:10 380,928 --a------ C:\WINDOWS\system32\irprops.cpl
2008-01-05 13:38 . 2004-08-19 16:10 199,680 --------- C:\WINDOWS\system32\iac25_32.ax
2008-01-05 13:38 . 2004-08-19 16:10 154,624 --------- C:\WINDOWS\system32\ivfsrc.ax
2008-01-05 13:38 . 2004-08-19 16:09 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2007-12-24 18:02 . 2007-12-24 18:37 <REP> d-------- C:\Program Files\XisoManager
2007-12-23 19:55 . 2007-12-23 19:55 <REP> d-------- C:\Documents and Settings\??\Application Data\PrevxCSI


.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 13:48 --------- d-----w C:\Documents and Settings\??\Application Data\Lavasoft
2008-01-17 12:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-14 22:54 --------- d-----w C:\Program Files\??
2008-01-14 19:59 --------- d-----w C:\Program Files\USB Disk Win98 Driver
2008-01-14 08:30 --------- d-----w C:\Program Files\Power Manager
2008-01-05 11:49 --------- d-----w C:\Documents and Settings\??\Application Data\Azureus
2007-12-16 23:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-16 23:07 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-12-16 22:08 --------- d-----w C:\Program Files\Astonsoft
2007-12-16 21:55 --------- d-----w C:\Program Files\Intel
2007-12-04 20:34 --------- d-----w C:\Program Files\SlySoft
2007-12-04 19:38 --------- d-----w C:\Program Files\ffdshow
2007-12-02 11:43 --------- d-----w C:\Program Files\KSS
2007-11-30 18:50 --------- d-----w C:\Program Files\Image-Line
2007-11-29 23:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-19 17:34 --------- d-----w C:\Documents and Settings\??\Application Data\gtk-2.0
2007-04-16 15:53 384 --sh--r C:\WINDOWS\inf\sdatabl.sav.bin
.
[code]<pre>
----a-w 6,731,312 2008-01-17 10:17:21 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w 919,016 2008-01-15 22:11:33 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
</pre>[/code]


((((((((((((((((((((((((((((( snapshot_2008-01-16_23.33.33.66 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-16 00:49:48 71,749 ----a-w C:\WINDOWS\AU_Temp\1\27\hcextoutput.dll
+ 2008-01-16 00:49:48 267,845 ----a-w C:\WINDOWS\AU_Temp\1\27\tsc.exe
+ 2005-11-09 19:05:12 86,094 ----a-w C:\WINDOWS\AU_Temp\2\4\BPMNT.dll
+ 2007-06-12 17:49:28 1,163,344 ----a-w C:\WINDOWS\AU_Temp\2\4\vsapi32.dll
+ 1999-07-23 09:53:20 129,536 ----a-w C:\WINDOWS\AuHCcup1.dll
+ 2008-01-17 16:31:37 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-01-17 16:31:37 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-01-17 16:31:37 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-01-17 16:31:40 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2006-05-25 00:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2006-05-25 00:21:14 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-01-17 16:31:41 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-01-17 16:31:38 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2006-05-25 00:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
+ 2006-05-25 00:21:00 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2006-07-11 08:41:36 345,656 ----a-w C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll
+ 2006-05-25 00:21:14 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
+ 2007-10-15 09:02:14 465,472 ----a-w C:\WINDOWS\Downloaded Program Files\wlscBase.dll
+ 2004-08-19 15:09:20 61,440 -c----w C:\WINDOWS\ie7\admparse.dll
+ 2004-08-19 15:09:20 101,888 -c----w C:\WINDOWS\ie7\advpack.dll
+ 2004-08-19 15:09:22 35,328 -c----w C:\WINDOWS\ie7\corpol.dll
+ 2006-06-02 19:32:20 33,792 -c----w C:\WINDOWS\ie7\custsat.dll
+ 2007-10-11 06:13:39 357,888 -c----w C:\WINDOWS\ie7\dxtmsft.dll
+ 2007-10-11 06:13:39 205,312 -c----w C:\WINDOWS\ie7\dxtrans.dll
+ 2007-10-11 06:13:39 55,808 -c----w C:\WINDOWS\ie7\extmgr.dll
+ 2004-08-19 15:09:28 38,912 -c----w C:\WINDOWS\ie7\hmmapi.dll
+ 2004-08-19 15:09:56 34,304 -c----w C:\WINDOWS\ie7\ie4uinit.exe
+ 2004-08-19 15:09:28 139,264 -c----w C:\WINDOWS\ie7\ieakeng.dll
+ 2004-08-19 15:09:28 221,696 -c----w C:\WINDOWS\ie7\ieaksie.dll
+ 2004-08-05 12:00:00 245,760 -c----w C:\WINDOWS\ie7\ieakui.dll
+ 2004-08-19 15:09:28 323,584 -c----w C:\WINDOWS\ie7\iedkcs32.dll
+ 2007-10-10 11:16:27 18,432 -c----w C:\WINDOWS\ie7\iedw.exe
+ 2004-08-19 15:09:28 81,920 -c----w C:\WINDOWS\ie7\ieencode.dll
+ 2007-10-11 06:13:39 251,392 -c----w C:\WINDOWS\ie7\iepeers.dll
+ 2004-08-19 15:09:28 49,152 -c----w C:\WINDOWS\ie7\iernonce.dll
+ 2004-08-19 15:09:28 63,488 -c----w C:\WINDOWS\ie7\iesetup.dll
+ 2004-08-19 15:09:56 93,184 -c----w C:\WINDOWS\ie7\iexplore.exe
+ 2004-08-19 15:09:30 35,840 -c----w C:\WINDOWS\ie7\imgutil.dll
+ 2007-10-11 06:13:39 96,768 -c----w C:\WINDOWS\ie7\inseng.dll
+ 2007-11-14 07:28:02 450,560 -c----w C:\WINDOWS\ie7\jscript.dll
+ 2007-10-11 06:13:39 16,384 -c----w C:\WINDOWS\ie7\jsproxy.dll
+ 2004-08-19 15:09:32 22,528 -c----w C:\WINDOWS\ie7\licmgr10.dll
+ 2004-08-19 15:10:00 29,184 -c----w C:\WINDOWS\ie7\mshta.exe
+ 2007-10-30 10:18:16 3,079,680 -c----w C:\WINDOWS\ie7\mshtml.dll
+ 2007-10-11 06:13:40 449,024 -c----w C:\WINDOWS\ie7\mshtmled.dll
+ 2004-08-19 15:08:28 57,344 -c----w C:\WINDOWS\ie7\mshtmler.dll
+ 2004-08-05 12:00:00 146,432 -c----w C:\WINDOWS\ie7\msls31.dll
+ 2007-10-11 06:13:40 146,432 -c----w C:\WINDOWS\ie7\msrating.dll
+ 2007-10-11 06:13:40 532,480 -c----w C:\WINDOWS\ie7\mstime.dll
+ 2004-08-19 15:09:38 97,280 -c----w C:\WINDOWS\ie7\occache.dll
+ 2007-10-11 06:13:40 39,424 -c----w C:\WINDOWS\ie7\pngfilt.dll
+ 2007-09-26 17:34:42 33,472 -c----w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-09-26 17:32:30 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 16:43:28 216,800 -c----w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 16:43:30 394,976 -c----w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2004-08-19 15:09:48 37,888 -c----w C:\WINDOWS\ie7\url.dll
+ 2007-10-11 06:13:41 617,472 -c----w C:\WINDOWS\ie7\urlmon.dll
+ 2004-08-19 15:09:48 417,792 -c----w C:\WINDOWS\ie7\vbscript.dll
+ 2007-06-26 13:56:54 851,968 -c----w C:\WINDOWS\ie7\vgx.dll
+ 2004-08-19 15:09:48 281,600 -c----w C:\WINDOWS\ie7\webcheck.dll
+ 2007-10-11 06:13:41 663,552 -c----w C:\WINDOWS\ie7\wininet.dll
+ 2007-08-13 17:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll
+ 2007-08-13 17:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll.000
+ 2007-08-13 17:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll
+ 2007-08-13 17:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll
+ 2007-08-13 17:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll
+ 2007-08-13 17:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe
+ 2007-08-13 17:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe.000
+ 2007-08-13 17:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll
+ 2007-08-13 17:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll.000
+ 2007-08-13 17:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll
+ 2007-08-13 17:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll.000
+ 2007-08-13 16:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll
+ 2007-02-12 15:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dat
+ 2007-07-11 11:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll
+ 2007-08-13 17:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll
+ 2007-08-13 17:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll.000
+ 2007-08-13 17:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll
+ 2007-08-13 17:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll
+ 2007-08-13 17:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll.000
+ 2007-08-13 17:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll
+ 2007-08-13 17:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe
+ 2007-08-13 17:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
+ 2007-08-13 17:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe.000
+ 2007-08-13 17:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll
+ 2007-08-13 17:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll
+ 2007-08-13 17:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll
+ 2007-08-13 17:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll
+ 2007-08-13 17:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll
+ 2007-08-13 17:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll
+ 2007-08-13 17:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll
+ 2007-08-13 17:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll
+ 2007-08-13 17:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll.000
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe
+ 2007-06-30 20:24:42 394,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll
+ 2007-08-13 17:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll
+ 2007-08-13 17:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll.000
+ 2007-08-13 17:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll
+ 2007-08-13 17:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll
+ 2007-08-13 17:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll.000
+ 2007-08-13 17:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
+ 2008-01-17 14:01:02 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
+ 2008-01-17 14:01:02 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
+ 2008-01-17 14:01:02 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
+ 2008-01-17 14:01:02 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
+ 2002-10-15 13:29:40 77,824 ----a-w C:\WINDOWS\loadhttp.dll
+ 2006-06-02 19:32:20 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll
+ 2006-10-10 12:44:50 557,568 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe
+ 2001-12-14 12:34:46 164,864 ----a-w C:\WINDOWS\patchw32.dll
+ 2005-11-02 17:07:12 99,328 ----a-w C:\WINDOWS\runtsckl.exe
- 2004-08-19 15:09:20 61,440 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2007-08-13 17:39:20 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
- 2004-08-19 15:09:20 101,888 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-10-10 23:49:42 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-08-13 17:39:20 71,680 -c----w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2007-10-10 23:49:42 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2007-08-13 17:42:54 17,408 -c----w C:\WINDOWS\system32\dllcache\corpol.dll
- 2007-10-11 06:13:39 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-08-13 17:35:46 346,624 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-10-11 06:13:39 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-10-10 23:49:42 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-10-11 06:13:39 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-10-10 23:49:42 132,608 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-08-13 17:18:02 60,416 -c----w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2007-10-10 11:00:41 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2007-10-10 23:49:42 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2007-10-10 23:49:42 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2004-08-05 12:00:00 245,760 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-10-10 05:46:55 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-10-10 23:49:42 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-10-10 11:16:27 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-13 17:44:02 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-13 17:45:18 78,336 -c----w C:\WINDOWS\system32\dllcache\ieencode.dll
- 2007-10-11 06:13:39 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-08-13 17:54:10 191,488 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-10-10 23:49:43 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2007-08-13 17:39:12 55,296 -c----w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2007-10-10 11:00:59 625,152 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2007-08-13 17:36:06 36,352 -c----w C:\WINDOWS\system32\dllcache\imgutil.dll
- 2007-10-11 06:13:39 96,768 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-08-13 17:39:02 92,672 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2007-11-14 07:28:02 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-08-13 17:38:04 491,520 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-10-11 06:13:39 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-10-10 23:49:44 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-08-13 17:44:18 40,960 -c----w C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2007-08-13 17:32:30 45,568 -c----w C:\WINDOWS\system32\dllcache\mshta.exe
- 2007-10-30 10:18:16 3,079,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-10-31 03:53:50 3,590,656 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-10-11 06:13:40 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-10-10 23:49:44 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-08-13 17:01:12 48,128 -c----w C:\WINDOWS\system32\dllcache\mshtmler.dll
- 2004-08-05 12:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
+ 2007-08-13 17:54:10 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
- 2007-10-11 06:13:40 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-10-10 23:49:44 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-10-11 06:13:40 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-10-10 23:49:45 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-10-10 23:49:45 102,400 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2007-10-11 06:13:40 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-08-13 17:36:12 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-25 16:56:24 8,510,976 -c----w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-25 16:43:25 8,516,608 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-10 23:49:45 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2007-10-11 06:13:41 617,472 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-10-10 23:49:45 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-08-13 17:54:10 413,696 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2007-06-26 13:56:54 851,968 -c----w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-08-13 17:54:10 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll
+ 2007-10-10 23:49:45 232,960 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-10-11 06:13:41 663,552 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-10-10 23:49:45 824,832 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-07-11 12:37:26 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
+ 2007-08-07 11:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
+ 2007-08-07 11:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
- 2007-10-11 06:13:39 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-08-13 17:35:46 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-10-11 06:13:39 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-10-10 23:49:42 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-10-11 06:13:39 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-10-10 23:49:42 132,608 ------w C:\WINDOWS\system32\extmgr.dll
+ 2007-10-10 23:49:42 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2006-06-29 07:05:44 26,112 ------w C:\WINDOWS\system32\idndl.dll
- 2004-08-19 15:09:56 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2007-10-10 11:00:41 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2004-08-19 15:09:28 139,264 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2007-10-10 23:49:42 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2004-08-19 15:09:28 221,696 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2007-10-10 23:49:42 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2004-08-05 12:00:00 245,760 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2007-10-10 05:46:55 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2007-07-01 03:31:33 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2007-10-10 23:49:42 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2004-08-19 15:09:28 323,584 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2007-10-10 23:49:42 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
- 2004-08-19 15:09:28 81,920 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2007-08-13 17:45:18 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2007-10-10 23:49:43 6,065,664 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-10-11 06:13:39 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-13 17:54:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2004-08-19 15:09:28 49,152 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2007-10-10 23:49:43 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2007-10-10 23:49:43 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2004-08-19 15:09:28 63,488 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-08-13 17:39:12 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-10-10 10:59:40 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-08-13 17:54:10 180,736 ------w C:\WINDOWS\system32\ieui.dll
- 2004-08-19 15:09:30 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2007-08-13 17:36:06 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2007-10-11 06:13:39 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-13 17:39:02 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-11-14 07:28:02 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-08-13 17:38:04 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-10-11 06:13:39 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-10-10 23:49:44 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
- 2004-08-19 15:09:32 22,528 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2007-08-13 17:44:18 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2007-12-14 10:32:52 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
+ 2007-10-10 23:49:44 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2007-10-10 23:49:44 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-08-13 17:36:40 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
- 2004-08-19 15:10:00 29,184 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2007-08-13 17:32:30 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
- 2007-10-30 10:18:16 3,079,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-10-31 03:53:50 3,590,656 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-10-11 06:13:40 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-10-10 23:49:44 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-19 15:08:28 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2007-08-13 17:01:12 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2004-08-05 12:00:00 146,432 ----a-w C:\WINDOWS\system32\msls31.dll
+ 2007-08-13 17:54:10 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
- 2007-10-11 06:13:40 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-10-10 23:49:44 193,024 ------w C:\WINDOWS\system32\msrating.dll
- 2007-10-11 06:13:40 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-10-10 23:49:45 671,232 ------w C:\WINDOWS\system32\mstime.dll
+ 2006-06-28 16:59:26 24,576 ------w C:\WINDOWS\system32\nlsdl.dll
+ 2006-06-29 07:05:44 23,552 ------w C:\WINDOWS\system32\normaliz.dll
- 2004-08-19 15:09:38 97,280 ----a-w C:\WINDOWS\system32\occache.dll
+ 2007-10-10 23:49:45 102,400 ------w C:\WINDOWS\system32\occache.dll
- 2007-10-11 06:13:40 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-08-13 17:36:12 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-10-25 16:56:24 8,510,976 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-25 16:43:25 8,516,608 ----a-w C:\WINDOWS\system32\shell32.dll
- 2004-08-19 15:09:48 37,888 ----a-w C:\WINDOWS\system32\url.dll
+ 2007-10-10 23:49:45 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-10-11 06:13:41 617,472 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-10-10 23:49:45 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-19 15:09:48 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-08-13 17:54:10 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2004-08-19 15:09:48 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
+ 2006-03-24 04:37:52 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
- 2004-08-19 15:09:48 281,600 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-10-10 23:49:45 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-08-13 17:45:16 206,336 ------w C:\WINDOWS\system32\WinFXDocObj.exe
- 2007-10-11 06:13:41 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-10-10 23:49:45 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2006-07-14 15:51:51 121,856 ------w C:\WINDOWS\system32\xmllite.dll
- 2007-10-29 15:35:14 121,856 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-10-29 15:07:16 369,152 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1C77420-D2AF-4A94-88DA-77CE0C551BED}]
2008-01-10 21:55 39424 --------- C:\WINDOWS\system32\rqrrqro.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 12:38 88361 C:\WINDOWS\AGRSMMSG.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 16:10 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [ ]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A1C77420-D2AF-4A94-88DA-77CE0C551BED}"= C:\WINDOWS\system32\rqrrqro.dll [2008-01-10 21:55 39424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Linksnd"= {58A3DB84-A25A-4A98-AC4F-FEE2EB7D56C4} - C:\WINDOWS\system32\libdel.dll [2006-07-05 11:56 1032192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrrqro]
rqrrqro.dll 2008-01-10 21:55 39424 C:\WINDOWS\system32\rqrrqro.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActualSpy]
C:\Program Files\Actual Spy\ActualSpy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-01-20 19:04 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2005-05-31 01:04 1415824 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

R0 SiSRaid2;SiSRaid2;C:\WINDOWS\system32\drivers\SiSRaid2.sys [2005-01-11 16:58]
R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys [2004-12-24 17:04]
R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-01-14 16:22]
S3 CrystalCpuInfo;CrystalCpuInfo;C:\Program Files\OCCT\CpuInfo.sys []
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 13:00]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 21:49:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\rqrrqro.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\libdel.dll
.
Completion time: 2008-01-17 21:52:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-17 20:51:56
ComboFix2.txt 2008-01-17 11:44:18
ComboFix3.txt 2008-01-16 22:33:54
ComboFix4.txt 2008-01-14 20:03:03
ComboFix5.txt 2008-01-14 08:05:47
.
2008-01-09 09:01:46 --- E O F ---
0
Réponse 7 / 27
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
16 janv. 2008 à 22:34
ok,

Crée un nouveau document texte et nomme le CFScript.txt ( attention très important ! ) : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes en gras :

File::

C:\WINDOWS\system32\rqrrqro.dll
C:\WINDOWS\system32\libdel.dll
C:\WINDOWS\system32\efcccyv.dll
C:\WINDOWS\system32\yayvsss.dll
C:\WINDOWS\system32\rqrrqro.dll

Registry::

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A1C77420-D2AF-4A94-88DA-77CE0C551BED}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Linksnd"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrrqro]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1C77420-D2AF-4A94-88DA-77CE0C551BED}]



ensuite fais glisser le fichier texte sur combo.exe comme sur l'animation : http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Dans la fenêtre qui suit, choisie l'option 1 puis valide
Patiente un peu, si le bureau disparait parfois durant le scan : c'est normal !
A la fin du scan, un rapport va s'afficher : poste le stp ( sinon il se situe dans ici : C:\ComboFix.txt )

@+
0
Réponse 8 / 27
flexton Messages postés 13 Date d'inscription mercredi 16 janvier 2008 Statut Membre Dernière intervention 15 avril 2013
16 janv. 2008 à 22:56
Merci Green day, j'ai effectué la manip. voici le rapport combofix:




ComboFix 08-01-16.1 - ?? 2008-01-17 22:40:07.6 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.642 [GMT 1:00]
Running from: C:\Documents and Settings\??\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\??\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\efcccyv.dll
C:\WINDOWS\system32\libdel.dll
C:\WINDOWS\system32\rqrrqro.dll
C:\WINDOWS\system32\yayvsss.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\efcccyv.dll
C:\WINDOWS\system32\libdel.dll
C:\WINDOWS\system32\rqrrqro.dll
C:\WINDOWS\system32\yayvsss.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-17 to 2008-01-17 ))))))))))))))))))))))))))))))))))))
.

2008-01-17 19:27 . 2008-01-17 19:30 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-01-17 17:31 . 2008-01-17 19:04 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-01-17 17:12 . 2008-01-17 17:12 <REP> d-------- C:\WINDOWS\report
2008-01-17 17:12 . 2008-01-17 17:05 35,066,701 --a------ C:\WINDOWS\LPT$VPN.947
2008-01-17 17:05 . 2008-01-17 17:05 <REP> d-------- C:\WINDOWS\AU_Backup
2008-01-17 17:05 . 2008-01-17 17:05 35,066,701 --a------ C:\WINDOWS\VPTNFILE.947
2008-01-17 17:05 . 2008-01-17 17:05 1,910,895 --a------ C:\WINDOWS\tsc.ptn
2008-01-17 17:05 . 2008-01-17 17:05 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2008-01-17 17:05 . 2008-01-17 17:05 267,845 --a------ C:\WINDOWS\tsc.exe
2008-01-17 17:05 . 2008-01-17 17:05 86,094 --a------ C:\WINDOWS\BPMNT.dll
2008-01-17 17:05 . 2008-01-17 17:05 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-01-17 17:05 . 2008-01-17 17:32 823 --a------ C:\WINDOWS\tsc.ini
2008-01-17 17:04 . 2008-01-17 17:05 <REP> d-------- C:\WINDOWS\AU_Temp
2008-01-17 17:04 . 2008-01-17 17:04 <REP> d-------- C:\WINDOWS\AU_Log
2008-01-17 17:04 . 2008-01-17 17:04 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-01-17 17:04 . 2008-01-17 17:04 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-01-17 17:04 . 2008-01-17 17:04 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-01-17 17:04 . 2008-01-17 17:04 170 --a------ C:\WINDOWS\GetServer.ini
2008-01-17 16:53 . 2008-01-17 16:54 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-01-17 16:48 . 2007-07-01 04:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-17 16:48 . 2007-10-11 00:49 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-17 16:48 . 2007-10-11 00:49 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-17 16:48 . 2008-01-17 16:55 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-01-17 16:47 . 2007-10-11 00:49 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-17 16:47 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-17 16:47 . 2007-10-11 00:49 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-17 16:47 . 2007-10-11 00:49 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-17 16:47 . 2007-10-11 00:49 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-17 16:47 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-01-17 16:47 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-17 15:00 . 2008-01-17 15:00 <REP> d-------- C:\Program Files\Lavasoft
2008-01-17 15:00 . 2008-01-17 15:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-17 14:59 . 2008-01-17 14:59 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-17 11:01 . 2008-01-17 11:01 <REP> d---s---- C:\Documents and Settings\Administrateur\UserData
2008-01-17 01:28 . 2008-01-17 01:28 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft
2008-01-17 01:18 . 2008-01-17 01:18 <REP> d-------- C:\Documents and Settings\??\Application Data\Grisoft
2008-01-17 01:18 . 2008-01-17 01:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-17 01:18 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-15 09:06 . 2008-01-15 09:06 <REP> d-------- C:\Program Files\Avira
2008-01-15 08:28 . 2008-01-15 08:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-14 09:18 . 2008-01-15 09:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-14 08:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 20:39 . 2008-01-13 20:39 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-13 20:34 . 2008-01-14 09:11 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-01-13 20:27 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-13 20:23 . 2008-01-14 09:17 <REP> d-------- C:\Program Files\Navilog1
2008-01-13 14:44 . 2008-01-17 18:26 <REP> d-------- C:\VundoFix Backups
2008-01-10 22:28 . 2008-01-11 18:12 <REP> d-------- C:\Documents and Settings\??\Application Data\DAEMON Tools
2008-01-10 21:35 . 2008-01-10 22:13 <REP> d-------- C:\Program Files\DAEMON Tools Pro
2008-01-10 21:35 . 2008-01-10 21:35 <REP> d-------- C:\Documents and Settings\??\Application Data\DAEMON Tools Pro
2008-01-10 21:19 . 2008-01-10 21:50 <REP> d-------- C:\Program Files\free-downloads.net
2008-01-10 21:18 . 2008-01-10 21:50 <REP> d-------- C:\Program Files\Alcohol Soft
2008-01-10 21:16 . 2008-01-10 21:16 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-08 20:50 . 2008-01-09 07:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-08 20:50 . 2008-01-08 20:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-07 22:40 . 2008-01-07 22:40 <REP> d-------- C:\Program Files\Boole & Partners
2008-01-07 22:40 . 2008-01-07 22:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Boole & Partners
2008-01-06 16:41 . 2006-08-21 10:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-01-06 16:41 . 2006-08-21 13:26 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-01-06 14:09 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-05 13:38 . 2004-08-19 16:09 755,200 --------- C:\WINDOWS\system32\ir50_32.dll
2008-01-05 13:38 . 2004-08-19 16:10 380,928 --a------ C:\WINDOWS\system32\irprops.cpl
2008-01-05 13:38 . 2004-08-19 16:10 199,680 --------- C:\WINDOWS\system32\iac25_32.ax
2008-01-05 13:38 . 2004-08-19 16:10 154,624 --------- C:\WINDOWS\system32\ivfsrc.ax
2008-01-05 13:38 . 2004-08-19 16:09 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2007-12-24 18:02 . 2007-12-24 18:37 <REP> d-------- C:\Program Files\XisoManager
2007-12-23 19:55 . 2007-12-23 19:55 <REP> d-------- C:\Documents and Settings\??\Application Data\PrevxCSI


.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 13:48 --------- d-----w C:\Documents and Settings\??\Application Data\Lavasoft
2008-01-17 12:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-14 22:54 --------- d-----w C:\Program Files\??
2008-01-14 19:59 --------- d-----w C:\Program Files\USB Disk Win98 Driver
2008-01-14 08:30 --------- d-----w C:\Program Files\Power Manager
2007-12-16 23:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-16 23:07 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-12-16 22:08 --------- d-----w C:\Program Files\Astonsoft
2007-12-16 21:55 --------- d-----w C:\Program Files\Intel
2007-12-04 20:34 --------- d-----w C:\Program Files\SlySoft
2007-12-04 19:38 --------- d-----w C:\Program Files\ffdshow
2007-12-02 11:43 --------- d-----w C:\Program Files\KSS
2007-11-30 18:50 --------- d-----w C:\Program Files\Image-Line
2007-11-29 23:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-19 17:34 --------- d-----w C:\Documents and Settings\??\Application Data\gtk-2.0
2007-04-16 15:53 384 --sh--r C:\WINDOWS\inf\sdatabl.sav.bin
.
[code]<pre>
----a-w 6,731,312 2008-01-17 10:17:21 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w 919,016 2008-01-15 22:11:33 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
</pre>[/code]


((((((((((((((((((((((((((((( snapshot_2008-01-17_21.51.33,37 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-15 22:23:07 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-17 21:39:58 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
- 2008-01-15 22:23:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-01-17 21:39:58 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-01-15 22:23:07 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
+ 2008-01-17 21:39:58 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
- 2008-01-15 22:23:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
+ 2008-01-17 21:39:58 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
- 2008-01-15 22:23:08 4,407,296 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\ntuser.dat
+ 2008-01-17 21:39:58 4,677,632 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\ntuser.dat
- 2008-01-15 22:23:08 270,336 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-17 21:39:58 270,336 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-13 17:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
- 2007-08-13 17:54:10 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll
+ 2007-07-12 23:30:52 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 12:38 88361 C:\WINDOWS\AGRSMMSG.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 16:10 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActualSpy]
C:\Program Files\Actual Spy\ActualSpy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-01-20 19:04 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2005-05-31 01:04 1415824 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

R0 SiSRaid2;SiSRaid2;C:\WINDOWS\system32\drivers\SiSRaid2.sys [2005-01-11 16:58]
R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys [2004-12-24 17:04]
R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-01-14 16:22]
S3 CrystalCpuInfo;CrystalCpuInfo;C:\Program Files\OCCT\CpuInfo.sys []
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 13:00]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 22:46:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-17 22:49:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-17 21:49:17
ComboFix2.txt 2008-01-17 20:52:20
ComboFix3.txt 2008-01-17 11:44:18
ComboFix4.txt 2008-01-16 22:33:54
ComboFix5.txt 2008-01-14 20:03:03
.
2008-01-17 21:04:19 --- E O F ---
0
Réponse 9 / 27
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
16 janv. 2008 à 23:02
très bien !

Télécharge SDFix sur ton bureau

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.cmd pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !


++
0
Réponse 10 / 27
flexton Messages postés 13 Date d'inscription mercredi 16 janvier 2008 Statut Membre Dernière intervention 15 avril 2013
16 janv. 2008 à 23:25
j'ai effectué la manip. à 3 reprises mais le scan s'arrête au bout de deux minutes ainsi que le pc, il se coupe ?? m'enfin, voici les rapports SDfix et Hijackthis

SDFix: Version 1.127

Run by ?? on 2008-01-17 at 23:17

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\??~1\Bureau\sdf\SDFix

Safe Mode:
Checking Services:


________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:21, on 2008-01-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\??\Bureau\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professionnel 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professionnel 2005.SR3\RpcSandraSrv.exe
0
Réponse 11 / 27
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
16 janv. 2008 à 23:26
tu le fais bien en mode sans echec ??

++
0
Réponse 12 / 27
flexton Messages postés 13 Date d'inscription mercredi 16 janvier 2008 Statut Membre Dernière intervention 15 avril 2013
16 janv. 2008 à 23:33
SDfix, oui en mode sans echec.
0
Réponse 13 / 27
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
16 janv. 2008 à 23:49
ok, fais ce qui est indiqué ici stp :

http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr

pas obliger de tout faire ce soir car c'est assez long !

@+
0
Réponse 14 / 27
flexton Messages postés 13 Date d'inscription mercredi 16 janvier 2008 Statut Membre Dernière intervention 15 avril 2013
16 janv. 2008 à 23:56
je viens de réessayer, ça a fonctionné, voici le rapport SDfix

SDFix: Version 1.127

Run by ?? on 2008-01-17 at 23:42

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\?~1\Bureau\sdf\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 23:47:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000b0d601988]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:83,55,6d,42,4d,05,9f,d0,b3,43,70,3b,05,3f,8e,ed,8d,a1,17,41,30,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000001
"hdf12"=hex:90,d4,eb,86,97,72,b8,35,bc,ea,5a,50,45,a4,28,70,2c,c2,c0,93,cc,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000002
"khjeh"=hex:cc,3d,b9,81,2c,22,75,00,07,94,70,31,67,99,c0,67,6a,81,58,27,df,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\000b0d601988]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:83,55,6d,42,4d,05,9f,d0,b3,43,70,3b,05,3f,8e,ed,8d,a1,17,41,30,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000001
"hdf12"=hex:90,d4,eb,86,97,72,b8,35,bc,ea,5a,50,45,a4,28,70,2c,c2,c0,93,cc,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000002
"khjeh"=hex:cc,3d,b9,81,2c,22,75,00,07,94,70,31,67,99,c0,67,6a,81,58,27,df,..

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 7


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Tue 4 Dec 2007 24 A.SH. --- "C:\WINDOWS\S9ED7FA4F.tmp"
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Mon 7 Nov 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 23 Jan 2003 65,952 A.SHR --- "C:\Program Files\Autodesk\Autodesk Express Viewer\Setup.exe"
Thu 28 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp"
Mon 7 Nov 2005 4,348 ...H. --- "C:\Documents and Settings\??\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Sun 2 Dec 2007 20 A..H. --- "C:\Documents and Settings\??\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Thu 28 Dec 2006 11,631 A.SH. --- "C:\Documents and Settings\??\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"

Finished!
0
Réponse 15 / 27
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
17 janv. 2008 à 19:03
Salut

ok, fais ceci stp

http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr

+=
0
Réponse 16 / 27
flexton Messages postés 13 Date d'inscription mercredi 16 janvier 2008 Statut Membre Dernière intervention 15 avril 2013
17 janv. 2008 à 20:11
Bonjour green day, j'ai tout effectué, la procédure entière, voici le rapport antivir et un nouveau hijackthis


AntiVir PersonalEdition Classic
Report file date: vendredi 18 janvier 2008 13:29

Scanning for 1048573 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: ??

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 08:07:23
ANTIVIR2.VDF : 7.0.2.0 948736 Bytes 15/01/2008 22:35:04
ANTIVIR3.VDF : 7.0.2.8 108032 Bytes 16/01/2008 22:02:00
AVEWIN32.DLL : 7.6.0.48 3080704 Bytes 16/01/2008 22:35:04
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 16/01/2008 22:35:04
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: vendredi 18 janvier 2008 13:29

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avgas .exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
26 processes with 26 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '21' files ).


Starting the file scan:

Begin scan in 'C:\' <N00705>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
[WARNING] Error creating the file
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP8\A0000310.dll
[DETECTION] Is the Trojan horse TR/Dldr.Small.hoo.2
[INFO] The file was moved to '47c0b23b.qua'!
C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP8\A0000315.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.221
[WARNING] The file was ignored!
C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP8\A0000325.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.221
[INFO] The file was moved to '47c0b242.qua'!
C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP8\A0000336.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.221
[INFO] The file was moved to '47c0b245.qua'!
C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP8\A0000344.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.221
[INFO] The file was deleted!
C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP8\A0000353.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47c0b24d.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: vendredi 18 janvier 2008 15:27
Used time: 1:58:10 min

The scan has been done completely.

5096 Scanning directories
346595 Files were scanned
7 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
4 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
346588 Files not concerned
7119 Archives were scanned
8 Warnings
39 Notes

___________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:07, on 2008-01-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\??\Bureau\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professionnel 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professionnel 2005.SR3\RpcSandraSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 17 / 27
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
17 janv. 2008 à 20:57
Salut

il aurait fallut poster les rapports !!

comment se comporte le pc ??

++
0
Réponse 18 / 27
flexton Messages postés 13 Date d'inscription mercredi 16 janvier 2008 Statut Membre Dernière intervention 15 avril 2013
17 janv. 2008 à 21:04
ouppsss, désolé, le pc se comporte beaucoup mieux mais un antivir me trouve encore un trojan est pas moyen d'en venir a bout :

Virus or unwanted program 'TR/Drop.Agent.dgo.221 [TR/Drop.Agent.dgo.221]'
detected in file 'C:\System Volume Information\_restore{EEAF810F-4393-4255-B0FD-D959E8C90050}\RP8\A0000315.exe.
Action performed: Deny access
0
Réponse 19 / 27
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
17 janv. 2008 à 21:07
ok, fais le scan en ligne, et poste le rapport stp

++
0
Réponse 20 / 27
flexton Messages postés 13 Date d'inscription mercredi 16 janvier 2008 Statut Membre Dernière intervention 15 avril 2013
17 janv. 2008 à 21:15
ok, je refais le scan de bitdefender en ligne et je poste le rapport, je tiens a te remercié pour le temps que tu m'accordes.
0

Discussions similaires

Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses
[Virus] Trojan ou virus dans csrss.exe et spo
Igor -
Igor -

5 réponses
cheval de troie trojan
idnoder -
idnoder -

42 réponses