Sujet Précédent Sujet Suivant

Sites bloqués

ced057 -  
ep44 Messages postés 7432 Statut Contributeur -
slaut , moi aussi j'ai des soucis.

mpon pc bloque sur certains sites internet le sablier apparait et je suis obligé de les fermer. quelqu'un peut-il m'aider ?

j'ai fait un hijack le voilà :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:45:18, on 18/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\TOMTOM\TomTomHOME.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\system32\Sysocmgr.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\qrframqu.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TOMTOM\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE" /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0314b70b29085fde4319/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/default.aspx
O17 - HKLM\System\CCS\Services\Tcpip\..\{491A7CF7-F1FC-4B63-B62D-5AC0DB237B23}: NameServer = 81.253.149.9 80.10.246.132
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: winaqr32 - winaqr32.dll (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

End of file - 8037 bytes
A voir également:

18 réponses

Réponse 1 / 18
ep44 Messages postés 7432 Statut Contributeur 3
 
Bonjour ced07

Télécharge sur le Bureau.
http://www.atribune.org/ccount/click.php?id=4

=> Double-clic VundoFix.exe.
=> Clic OK
=> Attendre le redemarrage de Vundofix
=> Clic Scan for Vundo
=> Le scan est assez long , à la fin
=> Clic Remove Vundo
=> Puis yes
=> Le Bureau disparaît un moment lors de la suppression des fichiers.
=> Message shutdown
=> clic OK
=> Redémarrage auto
=> copier le rapport qui est dans C:vundofix.txt
ensuite

Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix,
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
0
Réponse 2 / 18
ced057
 
Volia le rapport combofix :

ComboFix 08-01-18.5 - Cedric 2008-01-19 16:47:29.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.624 [GMT 1:00]
Running from: C:\Documents and Settings\Cedric\Bureau\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-19 to 2008-01-19 ))))))))))))))))))))))))))))))))))))
.

2008-01-19 16:07 . 2008-01-19 16:07 <REP> d-------- C:\VundoFix Backups
2008-01-01 14:08 . 2008-01-01 14:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-01 14:08 . 2008-01-01 14:08 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-27 23:09 . 2007-12-27 23:09 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-12-22 15:19 . 2008-01-19 16:02 <REP> d-------- C:\Documents and Settings\Cedric\Application Data\skypePM
2007-12-22 15:19 . 2007-12-22 15:19 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-22 15:16 . 2008-01-19 16:42 <REP> d-------- C:\Documents and Settings\Cedric\Application Data\Skype
2007-12-22 15:15 . 2007-12-27 23:09 <REP> d-------- C:\Program Files\Skype
2007-12-22 15:15 . 2007-12-27 23:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 15:41 --------- d-----w C:\Program Files\Wanadoo
2007-12-29 17:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-10 20:45 --------- d-----w C:\Program Files\Java
2007-11-19 17:26 --------- d-----w C:\Documents and Settings\Cedric\Application Data\Sierra
2007-10-20 22:57 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE
.

((((((((((((((((((((((((((((( snapshot@2007-10-06_17.06.10.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-09 13:19:28 582,656 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\rpcrt4.dll
+ 2007-06-18 22:24:36 369,152 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\spru040c.dll
+ 2005-10-12 23:15:23 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spmsg.dll
+ 2005-10-12 23:15:24 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spuninst.exe
+ 2005-10-12 23:15:23 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\spcustom.dll
+ 2005-10-12 23:15:26 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
+ 2005-10-12 23:15:43 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\updspapi.dll
+ 2007-08-22 12:57:25 1,023,488 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\browseui.dll
+ 2007-08-22 12:57:25 152,064 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\cdfview.dll
+ 2007-08-22 12:57:26 1,056,768 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\danim.dll
+ 2007-08-22 12:57:26 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\dxtmsft.dll
+ 2007-08-22 12:57:26 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\dxtrans.dll
+ 2007-08-22 12:57:26 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\extmgr.dll
+ 2007-08-21 10:19:39 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iedw.exe
+ 2007-08-22 12:57:26 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iepeers.dll
+ 2007-08-22 12:57:26 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\inseng.dll
+ 2007-08-22 12:57:26 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\jsproxy.dll
+ 2007-08-22 12:57:28 3,085,824 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mshtml.dll
+ 2007-08-22 12:57:28 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mshtmled.dll
+ 2007-08-22 12:57:28 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\msrating.dll
+ 2007-08-22 12:57:28 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mstime.dll
+ 2007-08-22 12:57:28 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\pngfilt.dll
+ 2007-08-22 12:57:29 1,498,624 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\shdocvw.dll
+ 2007-08-22 12:57:30 474,624 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\shlwapi.dll
+ 2007-08-21 10:50:51 369,152 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\spru040c.dll
+ 2007-08-22 12:57:30 620,032 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\urlmon.dll
+ 2007-08-22 12:57:30 669,696 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB939653\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB939653\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\updspapi.dll
+ 2007-08-21 06:25:34 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
+ 2007-10-29 22:36:31 1,293,824 ----a-w C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\updspapi.dll
+ 2007-10-11 05:59:18 1,024,512 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\browseui.dll
+ 2007-10-11 05:59:18 152,064 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\cdfview.dll
+ 2007-10-11 05:59:21 1,056,768 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\danim.dll
+ 2007-10-11 05:59:22 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\dxtmsft.dll
+ 2007-10-11 05:59:22 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\dxtrans.dll
+ 2007-10-11 05:59:22 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\extmgr.dll
+ 2007-10-10 10:48:23 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\iedw.exe
+ 2007-10-11 05:59:22 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\iepeers.dll
+ 2007-10-11 05:59:22 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\inseng.dll
+ 2007-10-11 05:59:22 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\jsproxy.dll
+ 2007-10-30 09:57:54 3,086,848 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mshtml.dll
+ 2007-10-11 05:59:26 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mshtmled.dll
+ 2007-10-11 05:59:26 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\msrating.dll
+ 2007-10-11 05:59:27 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mstime.dll
+ 2007-10-11 05:59:27 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\pngfilt.dll
+ 2007-10-11 05:59:28 1,498,624 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\shdocvw.dll
+ 2007-10-11 05:59:28 474,624 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\shlwapi.dll
+ 2007-10-10 23:36:44 369,152 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\spru040c.dll
+ 2007-10-11 05:59:29 620,032 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\urlmon.dll
+ 2007-10-11 05:59:29 670,208 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB942615\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB942615\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942615\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB942615\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB942615\update\updspapi.dll
+ 2007-11-13 11:02:46 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
+ 2007-11-14 07:19:25 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB942840\SP2QFE\jscript.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\updspapi.dll
+ 2007-10-25 16:43:25 8,516,608 ----a-w C:\WINDOWS\$hf_mig$\KB943460\SP2QFE\shell32.dll
+ 2007-10-29 15:07:16 369,152 ----a-w C:\WINDOWS\$hf_mig$\KB943460\SP2QFE\spru040c.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB943460\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB943460\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\update.exe
+ 2007-03-06 01:35:47 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\updspapi.dll
+ 2007-11-13 08:47:45 20,480 ----a-w C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB946627\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB946627\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB946627\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB946627\update\update.exe
+ 2007-03-06 01:35:47 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB946627\update\updspapi.dll
+ 2004-08-19 14:09:40 581,120 -c----w C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
+ 2005-10-12 23:15:24 216,800 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
+ 2005-10-12 23:15:43 394,976 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll
+ 2007-06-14 18:10:02 1,024,000 -c----w C:\WINDOWS\$NtUninstallKB939653$\browseui.dll
+ 2007-06-14 18:10:02 152,064 -c----w C:\WINDOWS\$NtUninstallKB939653$\cdfview.dll
+ 2007-06-14 18:10:02 1,056,768 -c----w C:\WINDOWS\$NtUninstallKB939653$\danim.dll
+ 2007-06-14 18:10:02 357,888 -c----w C:\WINDOWS\$NtUninstallKB939653$\dxtmsft.dll
+ 2007-06-14 18:10:02 205,312 -c----w C:\WINDOWS\$NtUninstallKB939653$\dxtrans.dll
+ 2007-06-14 18:10:02 55,808 -c----w C:\WINDOWS\$NtUninstallKB939653$\extmgr.dll
+ 2007-06-14 14:07:24 18,432 -c----w C:\WINDOWS\$NtUninstallKB939653$\iedw.exe
+ 2007-06-14 18:10:02 251,392 -c----w C:\WINDOWS\$NtUninstallKB939653$\iepeers.dll
+ 2007-06-14 18:10:02 96,768 -c----w C:\WINDOWS\$NtUninstallKB939653$\inseng.dll
+ 2007-06-14 18:10:02 16,384 -c----w C:\WINDOWS\$NtUninstallKB939653$\jsproxy.dll
+ 2007-06-14 18:10:04 3,079,680 -c----w C:\WINDOWS\$NtUninstallKB939653$\mshtml.dll
+ 2007-06-14 18:10:03 449,024 -c----w C:\WINDOWS\$NtUninstallKB939653$\mshtmled.dll
+ 2007-06-14 18:10:03 146,432 -c----w C:\WINDOWS\$NtUninstallKB939653$\msrating.dll
+ 2007-06-14 18:10:04 532,480 -c----w C:\WINDOWS\$NtUninstallKB939653$\mstime.dll
+ 2007-06-14 18:10:04 39,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\pngfilt.dll
+ 2007-06-14 18:10:04 1,495,040 -c----w C:\WINDOWS\$NtUninstallKB939653$\shdocvw.dll
+ 2007-06-14 18:10:04 474,624 -c----w C:\WINDOWS\$NtUninstallKB939653$\shlwapi.dll
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\$NtUninstallKB939653$\spuninst\updspapi.dll
+ 2007-06-14 18:10:05 617,472 -c----w C:\WINDOWS\$NtUninstallKB939653$\urlmon.dll
+ 2007-06-26 14:12:55 663,040 -c----w C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
+ 2007-06-14 14:24:34 121,856 -c----w C:\WINDOWS\$NtUninstallKB939653$\xpsp3res.dll
+ 2007-05-16 15:13:53 683,520 -c----w C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll
+ 2005-08-30 03:55:43 1,293,312 -c----w C:\WINDOWS\$NtUninstallKB941568$\quartz.dll
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\$NtUninstallKB941568$\spuninst\updspapi.dll
+ 2005-06-28 09:23:40 216,800 -c----w C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe
+ 2005-06-28 09:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB941569$\spuninst\updspapi.dll
+ 2005-01-28 06:53:16 224,768 -c----w C:\WINDOWS\$NtUninstallKB941569$\wmasf.dll
+ 2007-08-22 13:13:05 1,023,488 -c----w C:\WINDOWS\$NtUninstallKB942615$\browseui.dll
+ 2007-08-22 13:13:05 152,064 -c----w C:\WINDOWS\$NtUninstallKB942615$\cdfview.dll
+ 2007-08-22 13:13:05 1,056,768 -c----w C:\WINDOWS\$NtUninstallKB942615$\danim.dll
+ 2007-08-22 13:13:05 357,888 -c----w C:\WINDOWS\$NtUninstallKB942615$\dxtmsft.dll
+ 2007-08-22 13:13:05 205,312 -c----w C:\WINDOWS\$NtUninstallKB942615$\dxtrans.dll
+ 2007-08-22 13:13:05 55,808 -c----w C:\WINDOWS\$NtUninstallKB942615$\extmgr.dll
+ 2007-08-21 10:30:45 18,432 -c----w C:\WINDOWS\$NtUninstallKB942615$\iedw.exe
+ 2007-08-22 13:13:05 251,392 -c----w C:\WINDOWS\$NtUninstallKB942615$\iepeers.dll
+ 2007-08-22 13:13:06 96,768 -c----w C:\WINDOWS\$NtUninstallKB942615$\inseng.dll
+ 2007-08-22 13:13:06 16,384 -c----w C:\WINDOWS\$NtUninstallKB942615$\jsproxy.dll
+ 2007-08-22 13:13:07 3,079,168 -c----w C:\WINDOWS\$NtUninstallKB942615$\mshtml.dll
+ 2007-08-22 13:13:07 449,024 -c----w C:\WINDOWS\$NtUninstallKB942615$\mshtmled.dll
+ 2007-08-22 13:13:07 146,432 -c----w C:\WINDOWS\$NtUninstallKB942615$\msrating.dll
+ 2007-08-22 13:13:07 532,480 -c----w C:\WINDOWS\$NtUninstallKB942615$\mstime.dll
+ 2007-08-22 13:13:07 39,424 -c----w C:\WINDOWS\$NtUninstallKB942615$\pngfilt.dll
+ 2007-08-22 13:13:08 1,495,040 -c----w C:\WINDOWS\$NtUninstallKB942615$\shdocvw.dll
+ 2007-08-22 13:13:08 474,624 -c----w C:\WINDOWS\$NtUninstallKB942615$\shlwapi.dll
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\$NtUninstallKB942615$\spuninst\updspapi.dll
+ 2007-08-22 13:13:08 617,472 -c----w C:\WINDOWS\$NtUninstallKB942615$\urlmon.dll
+ 2007-08-22 13:13:08 663,040 -c----w C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\$NtUninstallKB942763$\spuninst\updspapi.dll
+ 2007-07-18 12:42:22 60,416 -c----w C:\WINDOWS\$NtUninstallKB942763$\tzchange.exe
+ 2006-05-18 05:31:21 450,560 -c----w C:\WINDOWS\$NtUninstallKB942840$\jscript.dll
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\$NtUninstallKB942840$\spuninst\updspapi.dll
+ 2006-12-19 21:49:47 8,509,952 -c----w C:\WINDOWS\$NtUninstallKB943460$\shell32.dll
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe
+ 2007-03-06 01:35:47 394,976 -c----w C:\WINDOWS\$NtUninstallKB943460$\spuninst\updspapi.dll
+ 2007-08-21 10:53:25 121,856 -c----w C:\WINDOWS\$NtUninstallKB943460$\xpsp3res.dll
+ 2007-10-05 16:20:11 11,973 -c----w C:\WINDOWS\$NtUninstallKB944653$\secdrv.sys
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\$NtUninstallKB944653$\spuninst\updspapi.dll
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe
+ 2007-03-06 01:35:47 394,976 -c----w C:\WINDOWS\$NtUninstallKB946627$\spuninst\updspapi.dll
+ 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2008-01-19 15:47:07 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-19 15:47:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-01-19 15:47:07 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
+ 2008-01-19 15:47:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
+ 2008-01-19 15:47:08 3,301,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\ntuser.dat
+ 2008-01-19 15:47:08 163,840 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
- 2007-03-13 08:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2007-09-27 20:03:23 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2007-10-09 16:27:00 3,178,496 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2007-10-09 16:27:00 241,664 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2007-09-27 20:03:23 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2007-10-09 16:26:46 3,178,496 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2007-10-09 16:26:47 241,664 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 2007-11-13 15:42:34 7,358 ----a-r C:\WINDOWS\Installer\{51D718D1-DA81-4FAD-919F-5C1CE3C33379}\ARPPRODUCTICON.exe
+ 2007-11-17 17:54:31 27,136 ----a-r C:\WINDOWS\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe
- 2007-06-16 22:11:58 51,200 ----a-w C:\WINDOWS\NirCmd.exe
+ 2000-08-31 07:00:00 51,200 ----a-w C:\WINDOWS\NirCmd.exe
- 2007-06-14 18:10:02 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2007-10-11 06:13:38 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-06-14 18:10:02 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2007-10-11 06:13:38 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2007-11-20 22:34:42 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
+ 2007-12-22 00:20:08 438,272 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
- 2006-03-31 10:40:58 2,388,176 ----a-w C:\WINDOWS\system32\d3dx9_30.dll
+ 2006-03-31 11:40:58 2,388,176 ----a-w C:\WINDOWS\system32\d3dx9_30.dll
- 2007-06-14 18:10:02 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
+ 2007-10-11 06:13:38 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
- 2007-06-14 18:10:02 1,024,000 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2007-10-11 06:13:38 1,024,000 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
- 2007-06-14 18:10:02 152,064 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2007-10-11 06:13:38 152,064 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2007-06-14 18:10:02 1,056,768 -c----w C:\WINDOWS\system32\dllcache\danim.dll
+ 2007-10-11 06:13:38 1,056,768 -c----w C:\WINDOWS\system32\dllcache\danim.dll
- 2007-06-14 18:10:02 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-10-11 06:13:39 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-06-14 18:10:02 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-10-11 06:13:39 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-06-14 18:10:02 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-10-11 06:13:39 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-06-14 14:07:24 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-10-10 11:16:27 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe
- 2007-06-14 18:10:02 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-10-11 06:13:39 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2007-05-16 15:13:53 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2007-08-21 06:17:23 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2007-06-14 18:10:02 96,768 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-10-11 06:13:39 96,768 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
- 2006-05-18 05:31:21 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-11-14 07:28:02 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-06-14 18:10:02 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-10-11 06:13:39 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-06-14 18:10:04 3,079,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-10-30 10:18:16 3,079,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-06-14 18:10:03 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-10-11 06:13:40 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-06-14 18:10:03 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-10-11 06:13:40 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-06-14 18:10:04 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-10-11 06:13:40 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-06-14 18:10:04 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-10-11 06:13:40 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-10-29 22:43:32 1,293,824 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2007-07-09 13:11:46 584,192 -c----w C:\WINDOWS\system32\dllcache\rpcrt4.dll
- 2007-06-14 18:10:04 1,495,040 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2007-10-11 06:13:40 1,495,040 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2006-12-19 21:49:47 8,509,952 -c----w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-25 16:56:24 8,510,976 -c----w C:\WINDOWS\system32\dllcache\shell32.dll
- 2007-06-14 18:10:04 474,624 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2007-10-11 06:13:41 474,624 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2007-06-14 18:10:05 617,472 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-10-11 06:13:41 617,472 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-06-26 14:12:55 663,040 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-10-11 06:13:41 663,552 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
- 2005-01-28 06:53:16 224,768 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-10-20 05:01:32 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
- 2007-10-05 16:20:11 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
+ 2007-11-13 10:25:54 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
- 2007-06-14 18:10:02 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-10-11 06:13:39 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-06-14 18:10:02 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-10-11 06:13:39 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-06-14 18:10:02 55,808 ------w C:\WINDOWS\system32\extmgr.dll
+ 2007-10-11 06:13:39 55,808 ------w C:\WINDOWS\system32\extmgr.dll
- 2007-06-14 18:10:02 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-10-11 06:13:39 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2007-08-21 06:17:23 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2007-06-14 18:10:02 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-10-11 06:13:39 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
- 2006-05-18 05:31:21 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-11-14 07:28:02 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-06-14 18:10:02 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-10-11 06:13:39 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2007-09-05 17:50:44 17,474,680 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-06-14 18:10:04 3,079,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-10-30 10:18:16 3,079,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-06-14 18:10:03 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-10-11 06:13:40 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-06-14 18:10:03 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-10-11 06:13:40 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-06-14 18:10:04 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-10-11 06:13:40 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-09-29 19:04:45 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-10-28 09:10:27 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-09-29 19:04:45 48,616 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2007-10-28 09:10:27 48,616 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2007-09-29 19:04:45 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-10-28 09:10:27 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-09-29 19:04:45 367,658 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2007-10-28 09:10:27 367,658 ----a-w C:\WINDOWS\system32\perfh00C.dat
- 2007-10-01 12:00:58 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
+ 2007-11-09 20:35:21 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
- 2007-10-01 12:01:16 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
+ 2007-11-09 20:35:27 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
- 2007-10-01 12:01:16 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
+ 2007-11-09 20:35:27 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
- 2007-06-14 18:10:04 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-10-11 06:13:40 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2005-08-30 03:55:43 1,293,312 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2007-10-29 22:43:32 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2007-12-27 22:00:05 3,867,468 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
- 2007-10-01 12:02:03 185,688 ----a-w C:\WINDOWS\system32\rmoc3260.dll
+ 2007-11-09 20:35:43 185,688 ----a-w C:\WINDOWS\system32\rmoc3260.dll
- 2004-08-19 14:09:40 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:11:46 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2007-06-14 18:10:04 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2007-10-11 06:13:40 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2006-12-19 21:49:47 8,509,952 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-25 16:56:24 8,510,976 ----a-w C:\WINDOWS\system32\shell32.dll
- 2007-06-14 18:10:04 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2007-10-11 06:13:41 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2007-10-05 08:07:31 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 07:00:00 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
- 2007-07-18 12:42:22 60,416 ------w C:\WINDOWS\system32\tzchange.exe
+ 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe
- 2007-06-14 18:10:05 617,472 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-10-11 06:13:41 617,472 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-06-26 14:12:55 663,040 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-10-11 06:13:41 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
- 2005-01-28 06:53:16 224,768 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-20 05:01:32 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2005-09-28 13:46:30 1,184,984 ----a-w C:\WINDOWS\system32\wvc1dmod.dll
- 2006-02-03 06:41:26 14,032 ----a-w C:\WINDOWS\system32\x3daudio1_0.dll
+ 2006-02-03 07:41:26 14,032 ----a-w C:\WINDOWS\system32\x3daudio1_0.dll
- 2006-03-31 10:39:48 229,584 ----a-w C:\WINDOWS\system32\xactengine2_1.dll
+ 2006-03-31 11:39:48 229,584 ----a-w C:\WINDOWS\system32\xactengine2_1.dll
- 2007-07-20 13:54:30 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll
+ 2007-11-29 15:46:55 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll
- 2006-03-31 10:39:24 62,672 ----a-w C:\WINDOWS\system32\xinput1_1.dll
+ 2006-03-31 11:39:24 62,672 ----a-w C:\WINDOWS\system32\xinput1_1.dll
- 2007-06-14 14:24:34 121,856 ------w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-10-29 15:35:14 121,856 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-01-19 15:53:33 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_9c0.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{F2E259E8-0FC8-438C-A6E0-342DD80FA53E}
{381FFDE8-2394-4F90-B10D-FC6124A40F8C}

[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 15:20 21686568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-19 15:10 33792 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2004-09-30 06:35 921600 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-19 15:10 33792 C:\WINDOWS\system32\rundll32.exe]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2004-10-13 16:12 24576]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-10-13 16:12 24576]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 08:34 57344 C:\WINDOWS\SOUNDMAN.EXE]
"TomTomHOME.exe"="C:\Program Files\TOMTOM\TomTomHOME.exe" [2007-03-14 15:52 3770024]
"EPSON Stylus Photo R320 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.exe" [2004-12-16 04:00 98304]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2007-12-03 16:58 319488]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winaqr32]
winaqr32.dll

R1 bdftdif;bdftdif;C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys [2007-07-27 12:16]
R3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys [2007-08-02 16:03]
R3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2007-09-26 12:24]
R3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe [2004-08-19 15:10]
S3 cusbohcn;cusbohcn;C:\DOCUME~1\Cedric\LOCALS~1\Temp\cusbohcn.sys [2001-02-15 20:54]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-17 17:54:30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 16:53:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Completion time: 2008-01-19 16:55:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-19 15:54:55
ComboFix2.txt 2007-10-06 15:06:39
.
2007-12-28 09:39:23 --- E O F ---
0
Réponse 3 / 18
ced057
 
j'ai aussi fait le vundo fix et il m'a supprimé un programme et quand j'ai voulu t'envoyer le rapport il m'a bloque le site et je n'ai pas sauvagarde le rapport.
0
Réponse 4 / 18
ep44 Messages postés 7432 Statut Contributeur 3
 
refais hijack stp
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 18
ced057
 
Voila le hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:26:04, on 19/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Sysocmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\TOMTOM\TomTomHOME.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TOMTOM\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE" /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0314b70b29085fde4319/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{491A7CF7-F1FC-4B63-B62D-5AC0DB237B23}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: winaqr32 - winaqr32.dll (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
0
Réponse 6 / 18
ep44 Messages postés 7432 Statut Contributeur 3
 
relance hijack et coche ceci
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O20 - Winlogon Notify: winaqr32 - winaqr32.dll (file missing)
ensuite clic sur fix checked

ensuite Télécharge:
http://www.grisoft.cz/filedir/inst/avgas-setup-7.5.1.43.exe AVG-AntiSpyware

=> Installer
=> Le lancer
=> Clic : Mise à jour
------
= Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
-------
=> Dans ANALYSE ( en forme de loupe )
=> Paramètres ==> sous COMMENT REAGIR==>clic sur Actions recommandées ==>Quarantaine
=> Clic : Analyse complète du système
-------
=> à la fin du scan ( qui est assez long)
=> Clic Appliquer toutes les actions <== ceci Très important
=> Clic Sauvegarder rapport puis Enregistrer sous et choisir bureau
-------
En mode normal
colle le rapport
@+
0
Réponse 7 / 18
ced057
 
volia le rapport :

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 00:05:45 20/01/2008

+ Résultat de l'analyse:

:mozilla.11:C:\Documents and Settings\Cedric\Application Data\Mozilla\Firefox\Profiles\y4adadqk.default\cookies.txt -> TrackingCookie.Real : Nettoyé.
:mozilla.13:C:\Documents and Settings\Cedric\Application Data\Mozilla\Firefox\Profiles\y4adadqk.default\cookies.txt -> TrackingCookie.Real : Nettoyé.
C:\Program Files\eMule\Incoming\CLE ACTIVATION crack windows XP FR pro et familiale !!-( francais olib.zip/Crack D'Activation Pour Windows Xp (Winxp) Sp1 - Edition Professionelle Et Familiale (Excellent Patch Executable!!).zip/Crack d'activation pour Windows XP SP1 - Edition Professionelle et Familiale/Reset_v5.02_for_Windows_XP_SP1_.NET_and_2003.zip/XPKey.exe -> Trojan.Small.edz : Nettoyé.

Fin du rapport
0
Réponse 8 / 18
ep44 Messages postés 7432 Statut Contributeur 3
 
Bonjour

maintenant Fais un scan antivirus en ligne avec Internet Explorer
https://www.bitdefender.fr/

=> En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
=> Dans la nouvelle fenêtre, clique sur I agree
=> La fenêtre change encore, clique sur Click here to scan
=> Les signatures se chargent, etc.
=> copie colle le résultat ici

tuto en image

http://pageperso.aol.fr/rginformatique/mapage/defender.htm

et
reposte un nouveau rapport hijackthis
je pense que l'on devrais être bon ;-)
@+
0
Réponse 9 / 18
ced057
 
J'ai fait l'analyse bitdefender mais il n'a rien trouvé (donc je t'envoie pas de rapport) et mes problemes continuent.

Voila le hijack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59:38, on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\system32\Sysocmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\TOMTOM\TomTomHOME.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TOMTOM\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE" /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0314b70b29085fde4319/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{491A7CF7-F1FC-4B63-B62D-5AC0DB237B23}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
0
Réponse 10 / 18
ep44 Messages postés 7432 Statut Contributeur 3
 
désolé mais je n'avais pas fait attention
tu n'as effectué vundofix comme demandé au poste 1

regarde aussi ce lien et suit ces étapes
il pourras t'aider
http://www.commentcamarche.net/faq/sujet 3446 windows xp mon pc rame que faire
@+
0
Réponse 11 / 18
ced057
 
Si j'ai effectue vundofix et je l'ai refait mais il ne trouve rien . certaines pages internet bloquent encore se n'est pas un ralentissement du pc mais carrement un blocage.

J'ouvre le site , le sablier aparait 10 secondes apres et me plante la page du site.
0
Réponse 12 / 18
ep44 Messages postés 7432 Statut Contributeur 3
 
Bonsoir

ton ralentissement ce fait ressentir que sur le net ?

car nous avons effectué le nettoyage nécéssaire pour le sinfections que tu avais
si le reste de ton pc fonctionne , peut-être as tu un soucis de débit ?
teste ta bande passante ici
http://mire.ipadsl.net
@+
0
Réponse 13 / 18
ced057
 
Ma bande passante est correcte. Le probleme que j'ai n'est pas un ralentissement mais un blocage (surtout sur un site qui marchait parfaitement bien avant). J'arrive quelquefois a y accede mais le plus souvent la page du site s'affiche et ensuite la fenetre se bloque et je dois la fermer.
0
Réponse 14 / 18
ep44 Messages postés 7432 Statut Contributeur 3
 
si tu peux naviguer sur les autres pages sans soucis cela doit venir du site
sinon as tu encore des soucis ?
0
Réponse 15 / 18
ced057
 
ces soucis sont ceux la, des fois il bloque sur d'autres sites aussi. Je pense pas que cela vienne du site ,j'ai essaye de me conneceter chez des amis et ca a marche parfaitement à chaque fois.
0
Réponse 16 / 18
ep44 Messages postés 7432 Statut Contributeur 3
 
Donc un soucis avec ton FAI ????

sinon tu utilise quel navigateur ?
pour ma part je te conseil firefox
@+
0
Réponse 17 / 18
ced057
 
FAI ?
0
Réponse 18 / 18
ep44 Messages postés 7432 Statut Contributeur 3
 
FAI==fournisseurs d'accès à internet

et ton navigateur ?

il faut vérifier dans tes options la configuration
0

Discussions similaires

Debloquage appels sortants
Matthieu -
DauphinEspiegle42 -

2 réponses
Debloquer acces sites adultes sur iphone
Annieg4 -
Annieg4 -

4 réponses
Meilleur hébergeur ?
miik -
dsy73 -

1 réponse