Sites bloqués

ced057 -  
ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   -
slaut , moi aussi j'ai des soucis.

mpon pc bloque sur certains sites internet le sablier apparait et je suis obligé de les fermer. quelqu'un peut-il m'aider ?

j'ai fait un hijack le voilà :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:45:18, on 18/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\TOMTOM\TomTomHOME.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\system32\Sysocmgr.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\qrframqu.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TOMTOM\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE" /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0314b70b29085fde4319/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/default.aspx
O17 - HKLM\System\CCS\Services\Tcpip\..\{491A7CF7-F1FC-4B63-B62D-5AC0DB237B23}: NameServer = 81.253.149.9 80.10.246.132
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: winaqr32 - winaqr32.dll (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

End of file - 8037 bytes
Configuration: Windows XP
Internet Explorer 6.0

18 réponses

  1. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonjour ced07

    Télécharge sur le Bureau.
    http://www.atribune.org/ccount/click.php?id=4

    => Double-clic VundoFix.exe.
    => Clic OK
    => Attendre le redemarrage de Vundofix
    => Clic Scan for Vundo
    => Le scan est assez long , à la fin
    => Clic Remove Vundo
    => Puis yes
    => Le Bureau disparaît un moment lors de la suppression des fichiers.
    => Message shutdown
    => clic OK
    => Redémarrage auto
    => copier le rapport qui est dans C:vundofix.txt
    ensuite

    Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur combofix,
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
    0
  2. ced057
     
    Volia le rapport combofix :

    ComboFix 08-01-18.5 - Cedric 2008-01-19 16:47:29.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.624 [GMT 1:00]
    Running from: C:\Documents and Settings\Cedric\Bureau\ComboFix.exe
    * Created a new restore point

    [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-19 to 2008-01-19 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-19 16:07 . 2008-01-19 16:07 <REP> d-------- C:\VundoFix Backups
    2008-01-01 14:08 . 2008-01-01 14:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-01-01 14:08 . 2008-01-01 14:08 1,409 --a------ C:\WINDOWS\QTFont.for
    2007-12-27 23:09 . 2007-12-27 23:09 <REP> d-------- C:\Program Files\Fichiers communs\Skype
    2007-12-22 15:19 . 2008-01-19 16:02 <REP> d-------- C:\Documents and Settings\Cedric\Application Data\skypePM
    2007-12-22 15:19 . 2007-12-22 15:19 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2007-12-22 15:16 . 2008-01-19 16:42 <REP> d-------- C:\Documents and Settings\Cedric\Application Data\Skype
    2007-12-22 15:15 . 2007-12-27 23:09 <REP> d-------- C:\Program Files\Skype
    2007-12-22 15:15 . 2007-12-27 23:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-19 15:41 --------- d-----w C:\Program Files\Wanadoo
    2007-12-29 17:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-10 20:45 --------- d-----w C:\Program Files\Java
    2007-11-19 17:26 --------- d-----w C:\Documents and Settings\Cedric\Application Data\Sierra
    2007-10-20 22:57 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE
    .

    ((((((((((((((((((((((((((((( snapshot@2007-10-06_17.06.10.48 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-07-09 13:19:28 582,656 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\rpcrt4.dll
    + 2007-06-18 22:24:36 369,152 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\spru040c.dll
    + 2005-10-12 23:15:23 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spmsg.dll
    + 2005-10-12 23:15:24 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spuninst.exe
    + 2005-10-12 23:15:23 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\spcustom.dll
    + 2005-10-12 23:15:26 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
    + 2005-10-12 23:15:43 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\updspapi.dll
    + 2007-08-22 12:57:25 1,023,488 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\browseui.dll
    + 2007-08-22 12:57:25 152,064 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\cdfview.dll
    + 2007-08-22 12:57:26 1,056,768 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\danim.dll
    + 2007-08-22 12:57:26 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\dxtmsft.dll
    + 2007-08-22 12:57:26 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\dxtrans.dll
    + 2007-08-22 12:57:26 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\extmgr.dll
    + 2007-08-21 10:19:39 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iedw.exe
    + 2007-08-22 12:57:26 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iepeers.dll
    + 2007-08-22 12:57:26 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\inseng.dll
    + 2007-08-22 12:57:26 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\jsproxy.dll
    + 2007-08-22 12:57:28 3,085,824 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mshtml.dll
    + 2007-08-22 12:57:28 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mshtmled.dll
    + 2007-08-22 12:57:28 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\msrating.dll
    + 2007-08-22 12:57:28 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mstime.dll
    + 2007-08-22 12:57:28 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\pngfilt.dll
    + 2007-08-22 12:57:29 1,498,624 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\shdocvw.dll
    + 2007-08-22 12:57:30 474,624 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\shlwapi.dll
    + 2007-08-21 10:50:51 369,152 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\spru040c.dll
    + 2007-08-22 12:57:30 620,032 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\urlmon.dll
    + 2007-08-22 12:57:30 669,696 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll
    + 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB939653\spmsg.dll
    + 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB939653\spuninst.exe
    + 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\spcustom.dll
    + 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\update.exe
    + 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\updspapi.dll
    + 2007-08-21 06:25:34 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
    + 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
    + 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
    + 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
    + 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
    + 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
    + 2007-10-29 22:36:31 1,293,824 ----a-w C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll
    + 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spmsg.dll
    + 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spuninst.exe
    + 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\spcustom.dll
    + 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
    + 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\updspapi.dll
    + 2007-10-11 05:59:18 1,024,512 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\browseui.dll
    + 2007-10-11 05:59:18 152,064 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\cdfview.dll
    + 2007-10-11 05:59:21 1,056,768 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\danim.dll
    + 2007-10-11 05:59:22 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\dxtmsft.dll
    + 2007-10-11 05:59:22 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\dxtrans.dll
    + 2007-10-11 05:59:22 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\extmgr.dll
    + 2007-10-10 10:48:23 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\iedw.exe
    + 2007-10-11 05:59:22 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\iepeers.dll
    + 2007-10-11 05:59:22 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\inseng.dll
    + 2007-10-11 05:59:22 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\jsproxy.dll
    + 2007-10-30 09:57:54 3,086,848 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mshtml.dll
    + 2007-10-11 05:59:26 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mshtmled.dll
    + 2007-10-11 05:59:26 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\msrating.dll
    + 2007-10-11 05:59:27 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mstime.dll
    + 2007-10-11 05:59:27 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\pngfilt.dll
    + 2007-10-11 05:59:28 1,498,624 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\shdocvw.dll
    + 2007-10-11 05:59:28 474,624 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\shlwapi.dll
    + 2007-10-10 23:36:44 369,152 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\spru040c.dll
    + 2007-10-11 05:59:29 620,032 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\urlmon.dll
    + 2007-10-11 05:59:29 670,208 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll
    + 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB942615\spmsg.dll
    + 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB942615\spuninst.exe
    + 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942615\update\spcustom.dll
    + 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB942615\update\update.exe
    + 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB942615\update\updspapi.dll
    + 2007-11-13 11:02:46 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
    + 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
    + 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
    + 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
    + 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
    + 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
    + 2007-11-14 07:19:25 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB942840\SP2QFE\jscript.dll
    + 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spmsg.dll
    + 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spuninst.exe
    + 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\spcustom.dll
    + 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\update.exe
    + 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\updspapi.dll
    + 2007-10-25 16:43:25 8,516,608 ----a-w C:\WINDOWS\$hf_mig$\KB943460\SP2QFE\shell32.dll
    + 2007-10-29 15:07:16 369,152 ----a-w C:\WINDOWS\$hf_mig$\KB943460\SP2QFE\spru040c.dll
    + 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB943460\spmsg.dll
    + 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB943460\spuninst.exe
    + 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\spcustom.dll
    + 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\update.exe
    + 2007-03-06 01:35:47 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\updspapi.dll
    + 2007-11-13 08:47:45 20,480 ----a-w C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys
    + 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll
    + 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe
    + 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll
    + 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
    + 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll
    + 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB946627\spmsg.dll
    + 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB946627\spuninst.exe
    + 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB946627\update\spcustom.dll
    + 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB946627\update\update.exe
    + 2007-03-06 01:35:47 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB946627\update\updspapi.dll
    + 2004-08-19 14:09:40 581,120 -c----w C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
    + 2005-10-12 23:15:24 216,800 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
    + 2005-10-12 23:15:43 394,976 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll
    + 2007-06-14 18:10:02 1,024,000 -c----w C:\WINDOWS\$NtUninstallKB939653$\browseui.dll
    + 2007-06-14 18:10:02 152,064 -c----w C:\WINDOWS\$NtUninstallKB939653$\cdfview.dll
    + 2007-06-14 18:10:02 1,056,768 -c----w C:\WINDOWS\$NtUninstallKB939653$\danim.dll
    + 2007-06-14 18:10:02 357,888 -c----w C:\WINDOWS\$NtUninstallKB939653$\dxtmsft.dll
    + 2007-06-14 18:10:02 205,312 -c----w C:\WINDOWS\$NtUninstallKB939653$\dxtrans.dll
    + 2007-06-14 18:10:02 55,808 -c----w C:\WINDOWS\$NtUninstallKB939653$\extmgr.dll
    + 2007-06-14 14:07:24 18,432 -c----w C:\WINDOWS\$NtUninstallKB939653$\iedw.exe
    + 2007-06-14 18:10:02 251,392 -c----w C:\WINDOWS\$NtUninstallKB939653$\iepeers.dll
    + 2007-06-14 18:10:02 96,768 -c----w C:\WINDOWS\$NtUninstallKB939653$\inseng.dll
    + 2007-06-14 18:10:02 16,384 -c----w C:\WINDOWS\$NtUninstallKB939653$\jsproxy.dll
    + 2007-06-14 18:10:04 3,079,680 -c----w C:\WINDOWS\$NtUninstallKB939653$\mshtml.dll
    + 2007-06-14 18:10:03 449,024 -c----w C:\WINDOWS\$NtUninstallKB939653$\mshtmled.dll
    + 2007-06-14 18:10:03 146,432 -c----w C:\WINDOWS\$NtUninstallKB939653$\msrating.dll
    + 2007-06-14 18:10:04 532,480 -c----w C:\WINDOWS\$NtUninstallKB939653$\mstime.dll
    + 2007-06-14 18:10:04 39,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\pngfilt.dll
    + 2007-06-14 18:10:04 1,495,040 -c----w C:\WINDOWS\$NtUninstallKB939653$\shdocvw.dll
    + 2007-06-14 18:10:04 474,624 -c----w C:\WINDOWS\$NtUninstallKB939653$\shlwapi.dll
    + 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe
    + 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\$NtUninstallKB939653$\spuninst\updspapi.dll
    + 2007-06-14 18:10:05 617,472 -c----w C:\WINDOWS\$NtUninstallKB939653$\urlmon.dll
    + 2007-06-26 14:12:55 663,040 -c----w C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
    + 2007-06-14 14:24:34 121,856 -c----w C:\WINDOWS\$NtUninstallKB939653$\xpsp3res.dll
    + 2007-05-16 15:13:53 683,520 -c----w C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
    + 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
    + 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll
    + 2005-08-30 03:55:43 1,293,312 -c----w C:\WINDOWS\$NtUninstallKB941568$\quartz.dll
    + 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe
    + 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\$NtUninstallKB941568$\spuninst\updspapi.dll
    + 2005-06-28 09:23:40 216,800 -c----w C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe
    + 2005-06-28 09:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB941569$\spuninst\updspapi.dll
    + 2005-01-28 06:53:16 224,768 -c----w C:\WINDOWS\$NtUninstallKB941569$\wmasf.dll
    + 2007-08-22 13:13:05 1,023,488 -c----w C:\WINDOWS\$NtUninstallKB942615$\browseui.dll
    + 2007-08-22 13:13:05 152,064 -c----w C:\WINDOWS\$NtUninstallKB942615$\cdfview.dll
    + 2007-08-22 13:13:05 1,056,768 -c----w C:\WINDOWS\$NtUninstallKB942615$\danim.dll
    + 2007-08-22 13:13:05 357,888 -c----w C:\WINDOWS\$NtUninstallKB942615$\dxtmsft.dll
    + 2007-08-22 13:13:05 205,312 -c----w C:\WINDOWS\$NtUninstallKB942615$\dxtrans.dll
    + 2007-08-22 13:13:05 55,808 -c----w C:\WINDOWS\$NtUninstallKB942615$\extmgr.dll
    + 2007-08-21 10:30:45 18,432 -c----w C:\WINDOWS\$NtUninstallKB942615$\iedw.exe
    + 2007-08-22 13:13:05 251,392 -c----w C:\WINDOWS\$NtUninstallKB942615$\iepeers.dll
    + 2007-08-22 13:13:06 96,768 -c----w C:\WINDOWS\$NtUninstallKB942615$\inseng.dll
    + 2007-08-22 13:13:06 16,384 -c----w C:\WINDOWS\$NtUninstallKB942615$\jsproxy.dll
    + 2007-08-22 13:13:07 3,079,168 -c----w C:\WINDOWS\$NtUninstallKB942615$\mshtml.dll
    + 2007-08-22 13:13:07 449,024 -c----w C:\WINDOWS\$NtUninstallKB942615$\mshtmled.dll
    + 2007-08-22 13:13:07 146,432 -c----w C:\WINDOWS\$NtUninstallKB942615$\msrating.dll
    + 2007-08-22 13:13:07 532,480 -c----w C:\WINDOWS\$NtUninstallKB942615$\mstime.dll
    + 2007-08-22 13:13:07 39,424 -c----w C:\WINDOWS\$NtUninstallKB942615$\pngfilt.dll
    + 2007-08-22 13:13:08 1,495,040 -c----w C:\WINDOWS\$NtUninstallKB942615$\shdocvw.dll
    + 2007-08-22 13:13:08 474,624 -c----w C:\WINDOWS\$NtUninstallKB942615$\shlwapi.dll
    + 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe
    + 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\$NtUninstallKB942615$\spuninst\updspapi.dll
    + 2007-08-22 13:13:08 617,472 -c----w C:\WINDOWS\$NtUninstallKB942615$\urlmon.dll
    + 2007-08-22 13:13:08 663,040 -c----w C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
    + 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe
    + 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\$NtUninstallKB942763$\spuninst\updspapi.dll
    + 2007-07-18 12:42:22 60,416 -c----w C:\WINDOWS\$NtUninstallKB942763$\tzchange.exe
    + 2006-05-18 05:31:21 450,560 -c----w C:\WINDOWS\$NtUninstallKB942840$\jscript.dll
    + 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe
    + 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\$NtUninstallKB942840$\spuninst\updspapi.dll
    + 2006-12-19 21:49:47 8,509,952 -c----w C:\WINDOWS\$NtUninstallKB943460$\shell32.dll
    + 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe
    + 2007-03-06 01:35:47 394,976 -c----w C:\WINDOWS\$NtUninstallKB943460$\spuninst\updspapi.dll
    + 2007-08-21 10:53:25 121,856 -c----w C:\WINDOWS\$NtUninstallKB943460$\xpsp3res.dll
    + 2007-10-05 16:20:11 11,973 -c----w C:\WINDOWS\$NtUninstallKB944653$\secdrv.sys
    + 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe
    + 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\$NtUninstallKB944653$\spuninst\updspapi.dll
    + 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe
    + 2007-03-06 01:35:47 394,976 -c----w C:\WINDOWS\$NtUninstallKB946627$\spuninst\updspapi.dll
    + 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
    + 2008-01-19 15:47:07 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
    + 2008-01-19 15:47:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
    + 2008-01-19 15:47:07 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
    + 2008-01-19 15:47:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
    + 2008-01-19 15:47:08 3,301,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\ntuser.dat
    + 2008-01-19 15:47:08 163,840 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
    - 2007-03-13 08:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    + 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    + 2007-09-27 20:03:23 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
    + 2007-10-09 16:27:00 3,178,496 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
    + 2007-10-09 16:27:00 241,664 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
    + 2007-09-27 20:03:23 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
    + 2007-10-09 16:26:46 3,178,496 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
    + 2007-10-09 16:26:47 241,664 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
    + 2007-11-13 15:42:34 7,358 ----a-r C:\WINDOWS\Installer\{51D718D1-DA81-4FAD-919F-5C1CE3C33379}\ARPPRODUCTICON.exe
    + 2007-11-17 17:54:31 27,136 ----a-r C:\WINDOWS\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe
    - 2007-06-16 22:11:58 51,200 ----a-w C:\WINDOWS\NirCmd.exe
    + 2000-08-31 07:00:00 51,200 ----a-w C:\WINDOWS\NirCmd.exe
    - 2007-06-14 18:10:02 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
    + 2007-10-11 06:13:38 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
    - 2007-06-14 18:10:02 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
    + 2007-10-11 06:13:38 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
    + 2007-11-20 22:34:42 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
    + 2007-12-22 00:20:08 438,272 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
    - 2006-03-31 10:40:58 2,388,176 ----a-w C:\WINDOWS\system32\d3dx9_30.dll
    + 2006-03-31 11:40:58 2,388,176 ----a-w C:\WINDOWS\system32\d3dx9_30.dll
    - 2007-06-14 18:10:02 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
    + 2007-10-11 06:13:38 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
    - 2007-06-14 18:10:02 1,024,000 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
    + 2007-10-11 06:13:38 1,024,000 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
    - 2007-06-14 18:10:02 152,064 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
    + 2007-10-11 06:13:38 152,064 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
    - 2007-06-14 18:10:02 1,056,768 -c----w C:\WINDOWS\system32\dllcache\danim.dll
    + 2007-10-11 06:13:38 1,056,768 -c----w C:\WINDOWS\system32\dllcache\danim.dll
    - 2007-06-14 18:10:02 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    + 2007-10-11 06:13:39 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    - 2007-06-14 18:10:02 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
    + 2007-10-11 06:13:39 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
    - 2007-06-14 18:10:02 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
    + 2007-10-11 06:13:39 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
    - 2007-06-14 14:07:24 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe
    + 2007-10-10 11:16:27 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe
    - 2007-06-14 18:10:02 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
    + 2007-10-11 06:13:39 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
    - 2007-05-16 15:13:53 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll
    + 2007-08-21 06:17:23 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll
    - 2007-06-14 18:10:02 96,768 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
    + 2007-10-11 06:13:39 96,768 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
    - 2006-05-18 05:31:21 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
    + 2007-11-14 07:28:02 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
    - 2007-06-14 18:10:02 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
    + 2007-10-11 06:13:39 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
    - 2007-06-14 18:10:04 3,079,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
    + 2007-10-30 10:18:16 3,079,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
    - 2007-06-14 18:10:03 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
    + 2007-10-11 06:13:40 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
    - 2007-06-14 18:10:03 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
    + 2007-10-11 06:13:40 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
    - 2007-06-14 18:10:04 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
    + 2007-10-11 06:13:40 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
    - 2007-06-14 18:10:04 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
    + 2007-10-11 06:13:40 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
    + 2007-10-29 22:43:32 1,293,824 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
    + 2007-07-09 13:11:46 584,192 -c----w C:\WINDOWS\system32\dllcache\rpcrt4.dll
    - 2007-06-14 18:10:04 1,495,040 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
    + 2007-10-11 06:13:40 1,495,040 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
    - 2006-12-19 21:49:47 8,509,952 -c----w C:\WINDOWS\system32\dllcache\shell32.dll
    + 2007-10-25 16:56:24 8,510,976 -c----w C:\WINDOWS\system32\dllcache\shell32.dll
    - 2007-06-14 18:10:04 474,624 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
    + 2007-10-11 06:13:41 474,624 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
    - 2007-06-14 18:10:05 617,472 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
    + 2007-10-11 06:13:41 617,472 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
    - 2007-06-26 14:12:55 663,040 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
    + 2007-10-11 06:13:41 663,552 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
    - 2005-01-28 06:53:16 224,768 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
    + 2007-10-20 05:01:32 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
    - 2007-10-05 16:20:11 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    + 2007-11-13 10:25:54 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    - 2007-06-14 18:10:02 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
    + 2007-10-11 06:13:39 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
    - 2007-06-14 18:10:02 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
    + 2007-10-11 06:13:39 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
    - 2007-06-14 18:10:02 55,808 ------w C:\WINDOWS\system32\extmgr.dll
    + 2007-10-11 06:13:39 55,808 ------w C:\WINDOWS\system32\extmgr.dll
    - 2007-06-14 18:10:02 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
    + 2007-10-11 06:13:39 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
    - 2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    + 2007-08-21 06:17:23 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    - 2007-06-14 18:10:02 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
    + 2007-10-11 06:13:39 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
    - 2006-05-18 05:31:21 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
    + 2007-11-14 07:28:02 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
    - 2007-06-14 18:10:02 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
    + 2007-10-11 06:13:39 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
    - 2007-09-05 17:50:44 17,474,680 ----a-w C:\WINDOWS\system32\MRT.exe
    + 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
    - 2007-06-14 18:10:04 3,079,680 ----a-w C:\WINDOWS\system32\mshtml.dll
    + 2007-10-30 10:18:16 3,079,680 ----a-w C:\WINDOWS\system32\mshtml.dll
    - 2007-06-14 18:10:03 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
    + 2007-10-11 06:13:40 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
    - 2007-06-14 18:10:03 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
    + 2007-10-11 06:13:40 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
    - 2007-06-14 18:10:04 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
    + 2007-10-11 06:13:40 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
    - 2007-09-29 19:04:45 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2007-10-28 09:10:27 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2007-09-29 19:04:45 48,616 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2007-10-28 09:10:27 48,616 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2007-09-29 19:04:45 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2007-10-28 09:10:27 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2007-09-29 19:04:45 367,658 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2007-10-28 09:10:27 367,658 ----a-w C:\WINDOWS\system32\perfh00C.dat
    - 2007-10-01 12:00:58 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
    + 2007-11-09 20:35:21 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
    - 2007-10-01 12:01:16 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
    + 2007-11-09 20:35:27 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
    - 2007-10-01 12:01:16 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
    + 2007-11-09 20:35:27 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
    - 2007-06-14 18:10:04 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
    + 2007-10-11 06:13:40 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
    - 2005-08-30 03:55:43 1,293,312 ----a-w C:\WINDOWS\system32\quartz.dll
    + 2007-10-29 22:43:32 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    + 2007-12-27 22:00:05 3,867,468 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
    - 2007-10-01 12:02:03 185,688 ----a-w C:\WINDOWS\system32\rmoc3260.dll
    + 2007-11-09 20:35:43 185,688 ----a-w C:\WINDOWS\system32\rmoc3260.dll
    - 2004-08-19 14:09:40 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
    + 2007-07-09 13:11:46 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
    - 2007-06-14 18:10:04 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
    + 2007-10-11 06:13:40 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
    - 2006-12-19 21:49:47 8,509,952 ----a-w C:\WINDOWS\system32\shell32.dll
    + 2007-10-25 16:56:24 8,510,976 ----a-w C:\WINDOWS\system32\shell32.dll
    - 2007-06-14 18:10:04 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
    + 2007-10-11 06:13:41 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
    - 2007-10-05 08:07:31 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
    + 2000-08-31 07:00:00 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
    - 2007-07-18 12:42:22 60,416 ------w C:\WINDOWS\system32\tzchange.exe
    + 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe
    - 2007-06-14 18:10:05 617,472 ----a-w C:\WINDOWS\system32\urlmon.dll
    + 2007-10-11 06:13:41 617,472 ----a-w C:\WINDOWS\system32\urlmon.dll
    - 2007-06-26 14:12:55 663,040 ----a-w C:\WINDOWS\system32\wininet.dll
    + 2007-10-11 06:13:41 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
    - 2005-01-28 06:53:16 224,768 ----a-w C:\WINDOWS\system32\wmasf.dll
    + 2007-10-20 05:01:32 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
    + 2005-09-28 13:46:30 1,184,984 ----a-w C:\WINDOWS\system32\wvc1dmod.dll
    - 2006-02-03 06:41:26 14,032 ----a-w C:\WINDOWS\system32\x3daudio1_0.dll
    + 2006-02-03 07:41:26 14,032 ----a-w C:\WINDOWS\system32\x3daudio1_0.dll
    - 2006-03-31 10:39:48 229,584 ----a-w C:\WINDOWS\system32\xactengine2_1.dll
    + 2006-03-31 11:39:48 229,584 ----a-w C:\WINDOWS\system32\xactengine2_1.dll
    - 2007-07-20 13:54:30 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll
    + 2007-11-29 15:46:55 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll
    - 2006-03-31 10:39:24 62,672 ----a-w C:\WINDOWS\system32\xinput1_1.dll
    + 2006-03-31 11:39:24 62,672 ----a-w C:\WINDOWS\system32\xinput1_1.dll
    - 2007-06-14 14:24:34 121,856 ------w C:\WINDOWS\system32\xpsp3res.dll
    + 2007-10-29 15:35:14 121,856 ----a-w C:\WINDOWS\system32\xpsp3res.dll
    + 2008-01-19 15:53:33 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_9c0.dat
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11D4-9B18-009027A5CD4F}
    {F2E259E8-0FC8-438C-A6E0-342DD80FA53E}
    {381FFDE8-2394-4F90-B10D-FC6124A40F8C}

    [HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
    [HKEY_CLASSES_ROOT\BitDefender Toolbar]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 15:20 21686568]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-19 15:10 33792 C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2004-09-30 06:35 921600 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="RUNDLL32.exe" [2004-08-19 15:10 33792 C:\WINDOWS\system32\rundll32.exe]
    "WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2004-10-13 16:12 24576]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-10-13 16:12 24576]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [ ]
    "SoundMan"="SOUNDMAN.EXE" [2003-08-15 08:34 57344 C:\WINDOWS\SOUNDMAN.EXE]
    "TomTomHOME.exe"="C:\Program Files\TOMTOM\TomTomHOME.exe" [2007-03-14 15:52 3770024]
    "EPSON Stylus Photo R320 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.exe" [2004-12-16 04:00 98304]
    "BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2007-12-03 16:58 319488]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winaqr32]
    winaqr32.dll

    R1 bdftdif;bdftdif;C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys [2007-07-27 12:16]
    R3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys [2007-08-02 16:03]
    R3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2007-09-26 12:24]
    R3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe [2004-08-19 15:10]
    S3 cusbohcn;cusbohcn;C:\DOCUME~1\Cedric\LOCALS~1\Temp\cusbohcn.sys [2001-02-15 20:54]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-11-17 17:54:30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-19 16:53:40
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
    "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
    .
    Completion time: 2008-01-19 16:55:06 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-19 15:54:55
    ComboFix2.txt 2007-10-06 15:06:39
    .
    2007-12-28 09:39:23 --- E O F ---
    0
  3. ced057
     
    j'ai aussi fait le vundo fix et il m'a supprimé un programme et quand j'ai voulu t'envoyer le rapport il m'a bloque le site et je n'ai pas sauvagarde le rapport.
    0
  4. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    refais hijack stp
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. ced057
     
    Voila le hijack

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:26:04, on 19/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\spupdsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spnpinst.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\Sysocmgr.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\Wanadoo\CnxMon.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\TOMTOM\TomTomHOME.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Wanadoo\EspaceWanadoo.exe
    C:\Program Files\Wanadoo\ComComp.exe
    C:\Program Files\Wanadoo\Watch.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TOMTOM\TomTomHOME.exe" -s
    O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE" /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0314b70b29085fde4319/netzip/RdxIE601_fr.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{491A7CF7-F1FC-4B63-B62D-5AC0DB237B23}: NameServer = 80.10.246.1 80.10.246.132
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: winaqr32 - winaqr32.dll (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
    0
  7. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    relance hijack et coche ceci
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O20 - Winlogon Notify: winaqr32 - winaqr32.dll (file missing)
    ensuite clic sur fix checked

    ensuite Télécharge:
    http://www.grisoft.cz/filedir/inst/avgas-setup-7.5.1.43.exe AVG-AntiSpyware

    => Installer
    => Le lancer
    => Clic : Mise à jour
    ------
    = Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
    Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

    Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
    Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
    -------
    => Dans ANALYSE ( en forme de loupe )
    => Paramètres ==> sous COMMENT REAGIR==>clic sur Actions recommandées ==>Quarantaine
    => Clic : Analyse complète du système
    -------
    => à la fin du scan ( qui est assez long)
    => Clic Appliquer toutes les actions <== ceci Très important
    => Clic Sauvegarder rapport puis Enregistrer sous et choisir bureau
    -------
    En mode normal
    colle le rapport
    @+
    0
  8. ced057
     
    volia le rapport :

    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 00:05:45 20/01/2008

    + Résultat de l'analyse:

    :mozilla.11:C:\Documents and Settings\Cedric\Application Data\Mozilla\Firefox\Profiles\y4adadqk.default\cookies.txt -> TrackingCookie.Real : Nettoyé.
    :mozilla.13:C:\Documents and Settings\Cedric\Application Data\Mozilla\Firefox\Profiles\y4adadqk.default\cookies.txt -> TrackingCookie.Real : Nettoyé.
    C:\Program Files\eMule\Incoming\CLE ACTIVATION crack windows XP FR pro et familiale !!-( francais olib.zip/Crack D'Activation Pour Windows Xp (Winxp) Sp1 - Edition Professionelle Et Familiale (Excellent Patch Executable!!).zip/Crack d'activation pour Windows XP SP1 - Edition Professionelle et Familiale/Reset_v5.02_for_Windows_XP_SP1_.NET_and_2003.zip/XPKey.exe -> Trojan.Small.edz : Nettoyé.

    Fin du rapport
    0
  9. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonjour

    maintenant Fais un scan antivirus en ligne avec Internet Explorer
    https://www.bitdefender.fr/

    => En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
    => Dans la nouvelle fenêtre, clique sur I agree
    => La fenêtre change encore, clique sur Click here to scan
    => Les signatures se chargent, etc.
    => copie colle le résultat ici

    tuto en image

    http://pageperso.aol.fr/rginformatique/mapage/defender.htm

    et
    reposte un nouveau rapport hijackthis
    je pense que l'on devrais être bon ;-)
    @+
    0
  10. ced057
     
    J'ai fait l'analyse bitdefender mais il n'a rien trouvé (donc je t'envoie pas de rapport) et mes problemes continuent.

    Voila le hijack :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:59:38, on 20/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\spupdsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\spnpinst.exe
    C:\WINDOWS\system32\Sysocmgr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\Wanadoo\CnxMon.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\TOMTOM\TomTomHOME.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Wanadoo\EspaceWanadoo.exe
    C:\Program Files\Wanadoo\ComComp.exe
    C:\Program Files\Wanadoo\Watch.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TOMTOM\TomTomHOME.exe" -s
    O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE" /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0314b70b29085fde4319/netzip/RdxIE601_fr.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{491A7CF7-F1FC-4B63-B62D-5AC0DB237B23}: NameServer = 80.10.246.1 80.10.246.132
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
    0
  11. ced057
     
    Si j'ai effectue vundofix et je l'ai refait mais il ne trouve rien . certaines pages internet bloquent encore se n'est pas un ralentissement du pc mais carrement un blocage.

    J'ouvre le site , le sablier aparait 10 secondes apres et me plante la page du site.
    0
  12. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    ton ralentissement ce fait ressentir que sur le net ?

    car nous avons effectué le nettoyage nécéssaire pour le sinfections que tu avais
    si le reste de ton pc fonctionne , peut-être as tu un soucis de débit ?
    teste ta bande passante ici
    http://mire.ipadsl.net
    @+
    0
  13. ced057
     
    Ma bande passante est correcte. Le probleme que j'ai n'est pas un ralentissement mais un blocage (surtout sur un site qui marchait parfaitement bien avant). J'arrive quelquefois a y accede mais le plus souvent la page du site s'affiche et ensuite la fenetre se bloque et je dois la fermer.
    0
  14. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    si tu peux naviguer sur les autres pages sans soucis cela doit venir du site
    sinon as tu encore des soucis ?
    0
  15. ced057
     
    ces soucis sont ceux la, des fois il bloque sur d'autres sites aussi. Je pense pas que cela vienne du site ,j'ai essaye de me conneceter chez des amis et ca a marche parfaitement à chaque fois.
    0
  16. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Donc un soucis avec ton FAI ????

    sinon tu utilise quel navigateur ?
    pour ma part je te conseil firefox
    @+
    0
  17. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    FAI==fournisseurs d'accès à internet

    et ton navigateur ?

    il faut vérifier dans tes options la configuration
    0