Sujet Précédent Sujet Suivant

Your privacy is in danger !

little_star-37 Messages postés 10 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonsoir à tous,

voilà j'ai un fond d'écran qui s'est mis automatiquement avec comme inscription "your privacy is in danger ! ", depuis j'ai des fenétre qui s'ouvre toute les 5 minutes. J ai vu précédement un post a ce sujet mais j ai pas tout compris. Est ce que quelqu un pourrait m aider, s il vous plait ?
Merci d avance.
Bonne soirée à tous.

10 réponses

Réponse 1 / 10
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt,

colle un rapport hijackthis

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
0
Réponse 2 / 10
little_star-37 Messages postés 10 Statut Membre
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:02:12, on 19/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Saitek\Software\ProfilerU.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\WINDOWS\StartupMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\ReparateurDeSysteme\strpmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Brooke\Mes documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (file missing)
O1 - Hosts: 91.121.20.160 www.paypal.com
O1 - Hosts: 91.121.20.160 paypal.com
O1 - Hosts: 91.121.20.160 paypal.fr
O1 - Hosts: 91.121.20.160 www.paypal.fr
O1 - Hosts: 91.121.20.160 paypal.co.uk
O1 - Hosts: 91.121.20.160 www.paypal.co.uk
O1 - Hosts: 91.121.20.160 paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.it
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: XTN Monitor - {E587DEAB-947E-4BF0-8439-BDC82913A9AE} - C:\WINDOWS\ddwlxtqdpn.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O3 - Toolbar: The enqvwkp - {FFB13247-794A-4E4F-8B97-937F906013D1} - C:\WINDOWS\enqvwkp.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NI.UGESV_0001_N122M2811] "C:\Documents and Settings\Brooke\Bureau\setup_fr.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\ReparateurDeSysteme\strpmon.exe" dm=http://reparateurdesysteme.com ad=http://reparateurdesysteme.com sd=http://repay.reparateurdesysteme.com
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [L07FXLRD_12834750] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZK
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O21 - SSODL: agrlmvp - {AE897861-4653-4B51-ADA0-A0400DCCBAAE} - C:\WINDOWS\agrlmvp.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - rundll32.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
0
Réponse 3 / 10
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt,*

tu es gaté!!!!! coté virus!

_____________

# Télécharger Hoster :
http://www.funkytoad.com/download/HostsXpert.zip
# Dézipper le dossier sur le bureau.
# Lancer Hoster et cliquer sur Restore Microsoft's Hosts File

____________________

Ouvrez le poste de travail puis ouvrez le disque C et le dossier Program Files, supprimez les dossiers suivants si presents :

FunWebProducts
MyWebSearch

______________________
lance cwshredder (faire fix) sur un des trois liens

https://www.trendmicro.com/en_us/forHome.html
https://www.01net.com/actualites/
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/27497.html
________________

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (file missing)
O1 - Hosts: 91.121.20.160 www.paypal.com
O1 - Hosts: 91.121.20.160 paypal.com
O1 - Hosts: 91.121.20.160 paypal.fr
O1 - Hosts: 91.121.20.160 www.paypal.fr
O1 - Hosts: 91.121.20.160 paypal.co.uk
O1 - Hosts: 91.121.20.160 www.paypal.co.uk
O1 - Hosts: 91.121.20.160 paypal.it
O1 - Hosts: 91.121.20.160 www.paypal.it
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: XTN Monitor - {E587DEAB-947E-4BF0-8439-BDC82913A9AE} - C:\WINDOWS\ddwlxtqdpn.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O3 - Toolbar: The enqvwkp - {FFB13247-794A-4E4F-8B97-937F906013D1} - C:\WINDOWS\enqvwkp.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEe

O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\MWSBAR.DLL,S

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NI.UGESV_0001_N122M2811] "C:\Documents and Settings\Brooke\Bureau\setup_fr.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\ReparateurDeSysteme\strpmon.exe" dm=http://reparateurdesysteme.com ad=http://reparateurdesysteme.com sd=http://repay.reparateurdesysteme.com

O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZK
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O21 - SSODL: agrlmvp - {AE897861-4653-4B51-ADA0-A0400DCCBAAE} - C:\WINDOWS\agrlmvp.dll

________________________

combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
_______________________

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
C:\WINDOWS\ddwlxtqdpn.dll
C:\WINDOWS\enqvwkp.dll
C:\PROGRA~1\MYWEBS~1\bar\3.bin\MWSBAR.DLL,S
C:\Program Files\Fichiers communs\ReparateurDeSysteme\strpmon.exe
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
C:\WINDOWS\agrlmvp.dll
C:\Program Files\MyWebSearch

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

____________________
recolle un rapport hiajkchtis et dis tes soucis
0
Réponse 4 / 10
little_star-37 Messages postés 10 Statut Membre
 
ComboFix 08-01-20.1 - Brooke 2008-01-20 21:49:33.6 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.502 [GMT 1:00]
Running from: C:\Documents and Settings\Brooke\Bureau\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat . . . . Echec de suppression
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat . . . . Echec de suppression
.
---- Previous Run -------
.
C:\Documents and Settings\Brooke\Application Data\FunWebProducts
C:\Documents and Settings\Brooke\Application Data\MessengerSkinner
C:\Documents and Settings\Brooke\Application Data\MessengerSkinner\Userdata\defaultPack.cab
C:\Documents and Settings\Brooke\Application Data\MessengerSkinner\Userdata\languages.xml
C:\Documents and Settings\Brooke\Application Data\MessengerSkinner\Userdata\pack1.cab
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\messengerskinner
C:\WINDOWS\dat.txt
C:\WINDOWS\pack.epk
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\nvs2.inf
c:\WINDOWS\system32\yxallqsofc.dat
C:\WINDOWS\system32\yxallqsofc.exe
c:\WINDOWS\system32\yxallqsofc_nav.dat
C:\WINDOWS\system32\yxallqsofc_navfx.dat
c:\WINDOWS\system32\yxallqsofc_navps.dat

----- Unknown downloads made by BITS: ----
http://softworldnetwork.com
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-20 to 2008-01-20 ))))))))))))))))))))))))))))))))))))
.

2008-01-19 21:33 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-16 21:47 . 2008-01-19 21:25 <REP> d-------- C:\Program Files\Fichiers communs\ReparateurDeSysteme
2008-01-16 21:47 . 2008-01-16 21:47 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-16 21:47 . 2008-01-16 21:47 <REP> dr------- C:\Documents and Settings\All Users\Application Data\reparateurdesysteme
2008-01-16 15:37 . 2008-01-16 11:27 81,920 --a------ C:\WINDOWS\fxtqdrl.exe
2008-01-11 22:00 . 2007-11-30 08:45 644,400 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-11 21:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-11 21:00 --------- d-----w C:\Program Files\Google
2008-01-02 18:58 26,520 ----a-w C:\Documents and Settings\Brooke\Application Data\GDIPFONTCACHEV1.DAT
2007-12-31 00:45 --------- d-----w C:\Program Files\DivX
2007-12-19 20:40 --------- d-----w C:\Program Files\Veoh Networks
2007-12-19 12:24 --------- d-----w C:\Program Files\MSN Messenger
2007-12-19 12:24 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-11 17:24 --------- d-----w C:\Documents and Settings\peter\Application Data\Apple Computer
2007-12-08 18:26 --------- d-----w C:\Program Files\QuickTime
2007-12-08 18:26 --------- d-----w C:\Program Files\iTunes
2007-12-08 18:26 --------- d-----w C:\Program Files\iPod
2007-12-07 20:32 --------- d-----w C:\Program Files\Samsung
2007-12-07 20:28 --------- d-----w C:\Program Files\eMule
2007-12-07 20:26 --------- d-----w C:\Program Files\Apple Software Update
2007-12-07 20:25 --------- d-----w C:\Program Files\Fichiers communs\Apple
2007-12-07 20:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-15 12:35 32,768 ----a-w C:\Documents and Settings\Brooke\wafngx.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14 147456]
"L07FXLRD_12834750"="C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-03 13:21 3461120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 11:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-01-19 10:05 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-19 10:45 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-19 10:39 217088]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"Profiler"="C:\Program Files\Saitek\Software\ProfilerU.exe" [2005-10-18 14:34 163840]
"SaiMfd"="C:\Program Files\Saitek\Software\SaiMfd.exe" [2005-11-03 11:09 126976]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 16:23 86016 C:\WINDOWS\StartupMonitor.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"NI.UGESV_0001_N122M2811"="C:\Documents and Settings\Brooke\Bureau\setup_fr.exe" [ ]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"agrlmvp"= {AE897861-4653-4B51-ADA0-A0400DCCBAAE} - C:\WINDOWS\agrlmvp.dll [ ]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\DRIVERS\tffsport.sys [2004-08-03 22:00]
R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-09-02 22:18]
S2 LicCtrlService;LicCtrl Service;rundll32.exe C:\WINDOWS\mmfs.dll,Service []
S3 SaiHA501;SaiHA501;C:\WINDOWS\system32\DRIVERS\SaiHA501.sys [2006-01-27 12:28]
S3 SaiLA501;SaiLA501;C:\WINDOWS\system32\DRIVERS\SaiLA501.sys [2006-01-27 12:28]
S3 SaiUA501;SaiUA501;C:\WINDOWS\system32\DRIVERS\SaiUA501.sys [2006-01-27 12:28]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-07 20:26:33 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 21:55:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-20 21:57:50 - machine was rebooted [Brooke]
ComboFix-quarantined-files.txt 2008-01-20 20:57:48
.
2007-06-14 10:29:45 --- E O F ---

Exscuse moi de répondre aprés un si long moment mais vu que je ne suis pas trés douer en informatique la moindre chose prend du temps. Je ne suis pas sur si c'est le bon rapport que j'envoie.
Encore merci pour le temps que tu me consacre.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 10
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
parfait fais la suite, a la fin avec le rapport hiajkchtis,
tu analysera ce fichier sur virus total et tu me collera le rapport: https://www.virustotal.com/gui/

C:\WINDOWS\fxtqdrl.exe
0
Réponse 6 / 10
little_star-37 Messages postés 10 Statut Membre
 
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - AdWare.Vapsup.xs (Not a Virus)
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - not-a-virus:AdWare.Win32.Vapsup.tz
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - Generic.Dropper.xCodec
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Information additionnelle
MD5: 5a928470fd6abf39ce9ddff69aa163fc
SHA1: 6688f6798da6df445f41eea0d90247ac9a419457
SHA256: 52f602a9c3d2093061c1c11257d6328139163932b2ae3be8454a6eed75da65cc
SHA512: fa422ac89fea139484af92e14524cf7f3cf3db82ca0b30421f94a6fd46338154 960bdd7284c965084a5877c655107d8db60ba51781dd30c39947c4c6caadd98c

C'est ce rapport dont tu a besoin ? Je ne suis pas sure de ce que je fait.
0
Réponse 7 / 10
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
oui c'est bon

recolle un rapport combofix et hiajckhtis
0
Réponse 8 / 10
little_star-37 Messages postés 10 Statut Membre
 
ComboFix 08-01-20.1 - abby 2008-01-21 19:52:40.9 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.649 [GMT 1:00]
Running from: C:\Documents and Settings\abby\Bureau\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-21 to 2008-01-21 ))))))))))))))))))))))))))))))))))))
.

2008-01-21 19:36 . 2008-01-21 19:36 <REP> d---s---- C:\Documents and Settings\abby\UserData
2008-01-21 16:26 . 2008-01-21 16:26 <REP> d-------- C:\Documents and Settings\abby\Contacts
2008-01-21 15:51 . 2008-01-21 15:51 <REP> d-------- C:\Documents and Settings\abby\Application Data\Apple Computer
2008-01-21 15:39 . 2006-09-11 15:52 <REP> d--h----- C:\Documents and Settings\abby\Voisinage r‚seau
2008-01-21 15:39 . 2006-09-11 15:52 <REP> d--h----- C:\Documents and Settings\abby\Voisinage d'impression
2008-01-21 15:39 . 2006-09-11 13:55 <REP> d--h----- C:\Documents and Settings\abby\ModŠles
2008-01-21 15:39 . 2008-01-21 16:26 <REP> dr------- C:\Documents and Settings\abby\Mes documents
2008-01-21 15:39 . 2006-09-11 15:52 <REP> dr------- C:\Documents and Settings\abby\Menu D‚marrer
2008-01-21 15:39 . 2008-01-21 15:39 <REP> dr------- C:\Documents and Settings\abby\Favoris
2008-01-21 15:39 . 2008-01-21 16:26 <REP> d-------- C:\Documents and Settings\abby\Bureau
2008-01-21 15:39 . 2008-01-21 15:39 <REP> d-------- C:\Documents and Settings\abby\Application Data\HP
2008-01-21 13:36 . 2008-01-21 13:44 76,813,071 --a------ C:\llooll.MP4
2008-01-21 13:17 . 2008-01-21 13:17 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-01-21 13:16 . 2008-01-21 13:16 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-01-21 13:16 . 2008-01-21 13:16 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-21 13:00 . 2008-01-21 13:10 84,955,079 --a------ C:\Gunslinger_Girl_-_01_[Zeu$-TeaM].avi.MP4
2008-01-21 12:55 . 2008-01-21 12:55 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-01-21 12:36 . 2008-01-21 12:36 <REP> d-------- C:\Temp
2008-01-21 11:32 . 2008-01-21 11:32 <REP> d-------- C:\Program Files\iPod
2008-01-21 10:53 . 2008-01-21 10:53 <REP> d-------- C:\Program Files\Trend Micro
2008-01-20 22:34 . 2008-01-20 22:34 <REP> d-------- C:\Program Files\Avira
2008-01-20 22:34 . 2008-01-20 22:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-20 22:26 . 2008-01-20 22:26 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-19 21:33 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-16 21:47 . 2008-01-19 21:25 <REP> d-------- C:\Program Files\Fichiers communs\ReparateurDeSysteme
2008-01-16 21:47 . 2008-01-16 21:47 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-16 21:47 . 2008-01-16 21:47 <REP> dr------- C:\Documents and Settings\All Users\Application Data\reparateurdesysteme
2008-01-16 15:37 . 2008-01-16 11:27 81,920 --a------ C:\WINDOWS\fxtqdrl.exe
2008-01-11 22:00 . 2007-11-30 08:45 644,400 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-21 11:34 --------- d-----w C:\Program Files\Drawing for Children
2008-01-21 10:45 --------- d-----w C:\Program Files\XviD
2008-01-21 10:32 --------- d-----w C:\Program Files\iTunes
2008-01-21 10:31 --------- d-----w C:\Program Files\QuickTime
2008-01-11 21:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-11 21:00 --------- d-----w C:\Program Files\Google
2008-01-02 18:58 26,520 ----a-w C:\Documents and Settings\Brooke\Application Data\GDIPFONTCACHEV1.DAT
2007-12-31 00:45 --------- d-----w C:\Program Files\DivX
2007-12-19 12:24 --------- d-----w C:\Program Files\MSN Messenger
2007-12-19 12:24 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-11 17:24 --------- d-----w C:\Documents and Settings\peter\Application Data\Apple Computer
2007-12-07 20:32 --------- d-----w C:\Program Files\Samsung
2007-12-07 20:28 --------- d-----w C:\Program Files\eMule
2007-12-07 20:26 --------- d-----w C:\Program Files\Apple Software Update
2007-12-07 20:25 --------- d-----w C:\Program Files\Fichiers communs\Apple
2007-12-07 20:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-06-22 14:42 10,976 ----a-w C:\WINDOWS\Cursors\Sw1.zip
2007-06-22 14:41 102,904 ----a-w C:\WINDOWS\Cursors\Sw9.zip
2007-04-15 12:35 32,768 ----a-w C:\Documents and Settings\Brooke\wafngx.exe
.

((((((((((((((((((((((((((((( snapshot@2008-01-20_21.57.38.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-04 14:05:26 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
- 2004-08-11 18:49:10 192,512 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2006-11-03 08:58:34 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe
- 2007-04-22 12:34:43 167,936 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2008-01-21 15:06:57 167,936 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2007-04-22 12:34:43 81,920 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2008-01-21 15:06:57 81,920 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2007-04-22 12:34:43 34,304 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2008-01-21 15:06:57 34,304 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2007-04-22 12:34:43 8,192 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2008-01-21 15:06:57 8,192 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2007-04-22 12:34:43 3,584 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2008-01-21 15:06:57 3,584 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2007-04-22 12:34:43 114,688 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2008-01-21 15:06:57 114,688 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2007-04-22 12:34:43 16,384 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2008-01-21 15:06:57 16,384 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2007-04-22 12:34:43 30,720 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2008-01-21 15:06:57 30,720 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2007-04-22 12:34:43 22,528 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2008-01-21 15:06:57 22,528 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2007-04-22 12:34:43 45,056 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2008-01-21 15:06:57 45,056 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2007-04-22 12:34:43 90,112 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2008-01-21 15:06:57 90,112 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2008-01-21 10:32:56 102,400 ----a-r C:\WINDOWS\Installer\{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}\iTunesIco.exe
+ 2006-04-12 08:47:22 217,073 ----a-w C:\WINDOWS\meta4.exe
+ 2006-04-05 07:09:16 66,560 ----a-w C:\WINDOWS\MOTA113.exe
- 2004-08-11 18:49:20 8,704 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2006-11-03 08:56:54 7,680 ----a-w C:\WINDOWS\system32\asferror.dll
- 2004-08-11 18:49:08 483,328 ----a-w C:\WINDOWS\system32\Audiodev.dll
+ 2006-10-18 20:47:08 276,992 ----a-w C:\WINDOWS\system32\audiodev.dll
+ 2007-05-17 16:30:48 318,976 ----a-w C:\WINDOWS\system32\avisynth.dll
+ 2005-07-14 11:31:20 27,648 ----a-w C:\WINDOWS\system32\AVSredirect.dll
- 2004-10-11 10:20:30 230,912 ----a-w C:\WINDOWS\system32\blackbox.dll
+ 2006-10-18 20:47:10 542,720 ----a-w C:\WINDOWS\system32\blackbox.dll
- 2004-10-11 10:20:30 161,792 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2006-10-18 20:47:10 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2004-02-22 09:11:08 719,872 ----a-w C:\WINDOWS\system32\devil.dll
- 2004-08-11 18:49:20 8,704 -c--a-w C:\WINDOWS\system32\dllcache\asferror.dll
+ 2006-11-03 08:56:54 7,680 -c--a-w C:\WINDOWS\system32\dllcache\asferror.dll
- 2004-10-11 10:20:30 230,912 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
+ 2006-10-18 20:47:10 542,720 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
- 2004-10-11 10:20:30 161,792 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
+ 2006-10-18 20:47:10 229,376 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
- 2004-10-11 10:20:30 533,504 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2006-10-18 20:47:10 991,744 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
- 2004-10-11 10:20:30 6,656 -c--a-w C:\WINDOWS\system32\dllcache\laprxy.dll
+ 2006-10-18 20:47:14 11,264 -c--a-w C:\WINDOWS\system32\dllcache\LAPRXY.dll
- 2004-10-11 10:20:30 96,768 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
+ 2006-10-18 19:03:58 100,864 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
- 2004-08-03 22:54:32 310,272 -c--a-w C:\WINDOWS\system32\dllcache\mp43dmod.dll
+ 2006-10-18 20:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MP43DMOD.dll
- 2004-08-03 22:54:32 384,512 -c--a-w C:\WINDOWS\system32\dllcache\mp4sdmod.dll
+ 2006-10-18 20:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MP4SDMOD.dll
- 2004-08-03 22:54:32 240,640 -c--a-w C:\WINDOWS\system32\dllcache\mpg4dmod.dll
+ 2006-10-18 20:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MPG4DMOD.dll
- 2004-08-11 18:49:10 344,064 -c--a-w C:\WINDOWS\system32\dllcache\mpvis.dll
+ 2006-11-03 08:57:06 244,224 -c--a-w C:\WINDOWS\system32\dllcache\mpvis.dll
- 2004-10-11 10:20:30 141,312 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
+ 2006-10-18 20:47:16 179,712 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
- 2004-10-11 10:20:30 25,088 -c--a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
+ 2006-10-18 20:47:16 27,136 -c--a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
- 2004-10-11 10:20:30 169,472 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
+ 2006-10-18 20:47:16 175,616 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
- 2004-10-11 10:20:30 360,176 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2006-10-18 20:47:16 414,208 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
- 2004-10-11 10:20:30 311,296 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2006-10-18 20:47:16 321,536 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
- 2004-10-11 10:20:30 221,184 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
+ 2006-10-18 20:47:18 211,456 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
- 2004-09-13 11:15:48 827,392 -c--a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
+ 2006-11-03 09:02:28 1,680,384 -c--a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
- 2004-08-11 18:49:10 192,512 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2006-11-03 08:58:34 317,440 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
- 2004-10-11 10:20:30 379,120 -c--a-w C:\WINDOWS\system32\dllcache\wmadmod.dll
+ 2006-10-18 20:47:18 757,248 -c--a-w C:\WINDOWS\system32\dllcache\WMADMOD.dll
- 2004-10-11 10:20:30 712,704 -c--a-w C:\WINDOWS\system32\dllcache\wmadmoe.dll
+ 2006-10-18 20:47:18 1,117,696 -c--a-w C:\WINDOWS\system32\dllcache\WMADMOE.dll
- 2004-10-11 10:20:30 224,256 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2006-10-18 20:47:18 222,208 -c--a-w C:\WINDOWS\system32\dllcache\WMASF.dll
- 2004-10-11 10:20:32 28,160 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
+ 2006-10-18 20:47:18 33,792 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
- 2004-10-11 10:20:32 33,792 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
+ 2006-10-18 20:47:18 37,376 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
- 2004-08-11 18:49:20 226,304 -c--a-w C:\WINDOWS\system32\dllcache\wmerror.dll
+ 2006-11-03 08:58:42 272,384 -c--a-w C:\WINDOWS\system32\dllcache\wmerror.dll
- 2004-10-11 10:20:32 150,016 -c--a-w C:\WINDOWS\system32\dllcache\wmidx.dll
+ 2006-10-18 20:47:20 157,184 -c--a-w C:\WINDOWS\system32\dllcache\wmidx.dll
- 2004-10-11 10:20:32 1,026,048 -c--a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll
+ 2006-10-18 20:47:20 937,984 -c--a-w C:\WINDOWS\system32\dllcache\WMNetMgr.dll
- 2006-04-29 04:07:48 5,533,696 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2006-10-18 20:47:20 10,834,432 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
- 2004-08-10 22:45:16 135,168 -c--a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
+ 2006-10-18 20:47:20 242,688 -c--a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
- 2004-08-11 18:49:10 77,824 -c--a-w C:\WINDOWS\system32\dllcache\wmpband.dll
+ 2006-11-03 08:58:48 96,256 -c--a-w C:\WINDOWS\system32\dllcache\wmpband.dll
- 2004-08-10 22:45:16 282,624 -c--a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
+ 2006-10-18 20:47:20 314,880 -c--a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
- 2004-08-03 22:55:02 73,728 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
+ 2006-11-03 08:59:00 64,000 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
- 2004-08-03 22:54:14 2,985,984 -c--a-w C:\WINDOWS\system32\dllcache\wmploc.dll
+ 2006-11-03 09:03:34 8,292,352 -c--a-w C:\WINDOWS\system32\dllcache\wmploc.dll
- 2004-08-11 18:49:12 86,016 -c--a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
+ 2006-11-03 08:59:06 99,840 -c--a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
- 2004-10-11 10:20:34 773,368 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
+ 2006-10-18 20:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
- 2004-10-11 10:20:34 1,116,160 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
+ 2006-10-18 20:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
- 2004-10-11 10:20:34 531,192 -c--a-w C:\WINDOWS\system32\dllcache\wmspdmod.dll
+ 2006-10-18 20:47:22 603,648 -c--a-w C:\WINDOWS\system32\dllcache\WMSPDMOD.dll
- 2004-10-11 10:20:36 936,960 -c--a-w C:\WINDOWS\system32\dllcache\wmspdmoe.dll
+ 2006-10-18 20:47:22 1,329,152 -c--a-w C:\WINDOWS\system32\dllcache\WMSPDMOE.dll
- 2006-12-07 06:40:49 2,362,184 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-10-18 20:47:22 2,450,944 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2004-10-11 10:20:36 868,600 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
+ 2006-10-18 20:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
- 2004-10-11 10:20:38 999,424 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2006-10-18 20:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-01-20 21:36:58 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
+ 2006-10-18 20:47:22 671,232 ------w C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll
- 2004-10-11 10:20:38 18,944 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-10-18 19:00:00 38,528 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-09-28 17:55:50 77,568 ------w C:\WINDOWS\system32\drivers\WudfPf.sys
+ 2006-09-28 18:00:34 82,944 ------w C:\WINDOWS\system32\drivers\WudfRd.sys
+ 2006-10-18 19:00:46 249,856 ------w C:\WINDOWS\system32\drmupgds.exe
- 2004-10-11 10:20:30 533,504 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2006-10-18 20:47:10 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2008-01-15 01:39:58 30,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys
+ 2004-01-24 23:00:00 70,656 ----a-w C:\WINDOWS\system32\i420vfw.dll
- 2004-10-11 10:20:30 6,656 ----a-w C:\WINDOWS\system32\laprxy.dll
+ 2006-10-18 20:47:14 11,264 ----a-w C:\WINDOWS\system32\LAPRXY.dll
- 2004-10-11 10:20:30 96,768 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2006-10-18 19:03:58 100,864 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2006-10-18 20:47:14 212,992 ------w C:\WINDOWS\system32\MFPLAT.dll
+ 2006-10-18 20:47:14 259,072 ------w C:\WINDOWS\system32\MP43DECD.dll
- 2004-08-03 22:54:32 310,272 ----a-w C:\WINDOWS\system32\mp43dmod.dll
+ 2006-10-18 20:47:14 4,096 ----a-w C:\WINDOWS\system32\MP43DMOD.dll
+ 2006-10-18 20:47:14 317,440 ------w C:\WINDOWS\system32\MP4SDECD.dll
- 2004-08-03 22:54:32 384,512 ----a-w C:\WINDOWS\system32\mp4sdmod.dll
+ 2006-10-18 20:47:14 4,096 ----a-w C:\WINDOWS\system32\MP4SDMOD.dll
+ 2006-10-18 20:47:14 259,072 ------w C:\WINDOWS\system32\MPG4DECD.dll
- 2004-08-03 22:54:32 240,640 ----a-w C:\WINDOWS\system32\mpg4dmod.dll
+ 2006-10-18 20:47:14 4,096 ----a-w C:\WINDOWS\system32\MPG4DMOD.dll
+ 2006-10-02 14:28:42 312,128 ------w C:\WINDOWS\system32\msdelta.dll
- 2004-10-11 10:20:30 141,312 ----a-w C:\WINDOWS\system32\msnetobj.dll
+ 2006-10-18 20:47:16 179,712 ----a-w C:\WINDOWS\system32\msnetobj.dll
- 2004-10-11 10:20:30 25,088 ----a-w C:\WINDOWS\system32\MsPMSNSv.dll
+ 2006-10-18 20:47:16 27,136 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
- 2004-10-11 10:20:30 169,472 ----a-w C:\WINDOWS\system32\MsPMSP.dll
+ 2006-10-18 20:47:16 175,616 ----a-w C:\WINDOWS\system32\mspmsp.dll
- 2004-10-11 10:20:30 360,176 ----a-w C:\WINDOWS\system32\MSSCP.dll
+ 2006-10-18 20:47:16 414,208 ----a-w C:\WINDOWS\system32\msscp.dll
- 2004-10-11 10:20:30 311,296 ----a-w C:\WINDOWS\system32\MSWMDM.dll
+ 2006-10-18 20:47:16 321,536 ----a-w C:\WINDOWS\system32\mswmdm.dll
+ 2006-10-18 20:47:18 284,160 ------w C:\WINDOWS\system32\PortableDeviceApi.dll
+ 2006-10-18 20:47:18 101,888 ------w C:\WINDOWS\system32\PortableDeviceClassExtension.dll
+ 2006-10-18 20:47:18 166,912 ------w C:\WINDOWS\system32\PortableDeviceTypes.dll
+ 2006-10-18 20:47:18 132,096 ------w C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
+ 2006-10-18 20:47:18 199,168 ------w C:\WINDOWS\system32\PortableDeviceWMDRM.dll
- 2004-10-11 10:20:30 221,184 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2006-10-18 20:47:18 211,456 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2007-05-14 14:24:30 394,240 ----a-w C:\WINDOWS\system32\Smab.dll
- 2006-12-10 12:10:04 15,664 ------w C:\WINDOWS\system32\spmsg.dll
+ 2006-09-25 16:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll
- 2005-06-28 08:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-09-25 16:58:48 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2004-10-11 10:20:30 47,104 ----a-w C:\WINDOWS\system32\uwdf.exe
+ 2006-10-18 20:58:00 8,704 ----a-w C:\WINDOWS\system32\uwdf.exe
- 2004-10-11 10:20:30 15,872 ----a-w C:\WINDOWS\system32\wdfapi.dll
+ 2006-10-18 20:47:18 4,096 ----a-w C:\WINDOWS\system32\wdfapi.dll
- 2004-10-11 10:20:30 38,912 ----a-w C:\WINDOWS\system32\wdfmgr.exe
+ 2006-10-18 20:58:00 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe
- 2004-10-11 10:20:30 379,120 ----a-w C:\WINDOWS\system32\wmadmod.dll
+ 2006-10-18 20:47:18 757,248 ----a-w C:\WINDOWS\system32\WMADMOD.dll
- 2004-10-11 10:20:30 712,704 ----a-w C:\WINDOWS\system32\wmadmoe.dll
+ 2006-10-18 20:47:18 1,117,696 ----a-w C:\WINDOWS\system32\WMADMOE.dll
- 2004-10-11 10:20:30 224,256 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2006-10-18 20:47:18 222,208 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2004-10-11 10:20:32 28,160 ----a-w C:\WINDOWS\system32\WMDMLOG.dll
+ 2006-10-18 20:47:18 33,792 ----a-w C:\WINDOWS\system32\wmdmlog.dll
- 2004-10-11 10:20:32 33,792 ----a-w C:\WINDOWS\system32\WMDMPS.dll
+ 2006-10-18 20:47:18 37,376 ----a-w C:\WINDOWS\system32\wmdmps.dll
- 2004-10-11 10:20:32 344,064 ----a-w C:\WINDOWS\system32\WMDRMdev.dll
+ 2006-10-18 20:47:18 429,056 ----a-w C:\WINDOWS\system32\wmdrmdev.dll
- 2004-10-11 10:20:32 290,816 ----a-w C:\WINDOWS\system32\WMDRMNet.dll
+ 2006-10-18 20:47:20 348,672 ----a-w C:\WINDOWS\system32\wmdrmnet.dll
+ 2006-10-18 20:47:20 535,040 ------w C:\WINDOWS\system32\wmdrmsdk.dll
- 2004-08-11 18:49:20 226,304 ----a-w C:\WINDOWS\system32\wmerror.dll
+ 2006-11-03 08:58:42 272,384 ----a-w C:\WINDOWS\system32\wmerror.dll
- 2004-10-11 10:20:32 150,016 ----a-w C:\WINDOWS\system32\wmidx.dll
+ 2006-10-18 20:47:20 157,184 ----a-w C:\WINDOWS\system32\wmidx.dll
- 2004-10-11 10:20:32 1,026,048 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
+ 2006-10-18 20:47:20 937,984 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
- 2006-04-29 04:07:48 5,533,696 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2006-10-18 20:47:20 10,834,432 ----a-w C:\WINDOWS\system32\wmp.dll
- 2004-08-10 22:45:16 135,168 ----a-w C:\WINDOWS\system32\wmpasf.dll
+ 2006-10-18 20:47:20 242,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
- 2004-08-10 22:45:16 282,624 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-18 20:47:20 314,880 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-18 20:47:20 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
- 2004-08-10 22:45:14 1,589,760 ----a-w C:\WINDOWS\system32\wmpencen.dll
+ 2006-10-18 20:47:20 1,661,440 ----a-w C:\WINDOWS\system32\wmpencen.dll
- 2004-08-11 18:49:12 3,424,256 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-11-03 09:03:34 8,292,352 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-18 20:47:20 613,376 ------w C:\WINDOWS\system32\wmpmde.dll
+ 2006-10-18 20:47:20 130,048 ------w C:\WINDOWS\system32\wmpps.dll
- 2004-08-11 18:49:12 86,016 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-11-03 08:59:06 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll
- 2004-08-10 22:45:14 175,104 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
+ 2006-10-18 20:47:20 204,288 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
- 2004-10-11 10:20:34 773,368 ----a-w C:\WINDOWS\system32\wmsdmod.dll
+ 2006-10-18 20:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmod.dll
- 2004-10-11 10:20:34 1,116,160 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
+ 2006-10-18 20:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
- 2004-10-11 10:20:34 531,192 ----a-w C:\WINDOWS\system32\wmspdmod.dll
+ 2006-10-18 20:47:22 603,648 ----a-w C:\WINDOWS\system32\WMSPDMOD.dll
- 2004-10-11 10:20:36 936,960 ----a-w C:\WINDOWS\system32\wmspdmoe.dll
+ 2006-10-18 20:47:22 1,329,152 ----a-w C:\WINDOWS\system32\WMSPDMOE.dll
- 2004-10-11 10:20:36 1,181,944 ----a-w C:\WINDOWS\system32\wmvadvd.dll
+ 2006-10-18 20:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVD.dll
- 2004-10-11 10:20:36 1,509,376 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
+ 2006-10-18 20:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
- 2006-12-07 06:40:49 2,362,184 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-18 20:47:22 2,450,944 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-18 20:47:22 1,543,680 ------w C:\WINDOWS\system32\WMVDECOD.dll
- 2004-10-11 10:20:36 868,600 ----a-w C:\WINDOWS\system32\wmvdmod.dll
+ 2006-10-18 20:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll
- 2004-10-11 10:20:38 999,424 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-18 20:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-18 20:47:22 1,574,912 ------w C:\WINDOWS\system32\WMVENCOD.dll
+ 2006-10-18 20:47:22 1,382,912 ------w C:\WINDOWS\system32\WMVSDECD.dll
+ 2006-10-18 20:47:22 767,488 ------w C:\WINDOWS\system32\WMVSENCD.dll
+ 2006-10-18 20:47:22 656,896 ------w C:\WINDOWS\system32\WMVXENCD.dll
- 2004-10-11 10:20:38 38,912 ----a-w C:\WINDOWS\system32\wpd_ci.dll
+ 2006-10-18 20:47:22 629,760 ----a-w C:\WINDOWS\system32\wpd_ci.dll
- 2004-10-11 10:20:38 61,952 ----a-w C:\WINDOWS\system32\wpdconns.dll
+ 2006-10-18 20:47:22 35,840 ----a-w C:\WINDOWS\system32\wpdconns.dll
- 2004-10-11 10:20:38 114,176 ----a-w C:\WINDOWS\system32\wpdmtp.dll
+ 2006-10-18 20:47:22 154,624 ----a-w C:\WINDOWS\system32\wpdmtp.dll
- 2004-10-11 10:20:38 66,560 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-18 20:47:22 63,488 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-18 20:47:22 2,603,008 ------w C:\WINDOWS\system32\WpdShext.dll
+ 2006-10-18 19:00:14 17,408 ------w C:\WINDOWS\system32\wpdshextautoplay.exe
+ 2006-11-02 10:52:12 44,032 ------w C:\WINDOWS\system32\wpdshextres.dll
+ 2006-10-18 20:47:22 133,632 ------w C:\WINDOWS\system32\WPDShServiceObj.dll
- 2004-10-11 10:20:38 327,680 ----a-w C:\WINDOWS\system32\wpdsp.dll
+ 2006-10-18 20:47:22 356,352 ----a-w C:\WINDOWS\system32\wpdsp.dll
+ 2006-09-28 19:13:26 95,344 ------w C:\WINDOWS\system32\WUDFCoinstaller.dll
+ 2006-09-28 17:56:38 146,432 ------w C:\WINDOWS\system32\WudfHost.exe
+ 2006-09-28 17:56:16 165,376 ------w C:\WINDOWS\system32\WudfPlatform.dll
+ 2006-09-28 17:56:14 55,808 ------w C:\WINDOWS\system32\WudfSvc.dll
+ 2006-09-28 17:56:38 316,416 ------w C:\WINDOWS\system32\WUDFx.dll
+ 2005-02-28 12:16:22 240,128 ----a-w C:\WINDOWS\system32\x.264.exe
+ 2004-01-24 23:00:00 70,656 ----a-w C:\WINDOWS\system32\yv12vfw.dll
+ 2006-10-07 16:43:42 502,784 ----a-w C:\WINDOWS\x2.64.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14 147456]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 11:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-01-19 10:05 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-19 10:45 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-19 10:39 217088]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"Profiler"="C:\Program Files\Saitek\Software\ProfilerU.exe" [2005-10-18 14:34 163840]
"SaiMfd"="C:\Program Files\Saitek\Software\SaiMfd.exe" [2005-11-03 11:09 126976]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 16:23 86016 C:\WINDOWS\StartupMonitor.exe]
"NI.UGESV_0001_N122M2811"="C:\Documents and Settings\Brooke\Bureau\setup_fr.exe" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-20 22:36 249896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"agrlmvp"= {AE897861-4653-4B51-ADA0-A0400DCCBAAE} - C:\WINDOWS\agrlmvp.dll [ ]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\DRIVERS\tffsport.sys [2004-08-03 22:00]
R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-09-02 22:18]
S2 LicCtrlService;LicCtrl Service;rundll32.exe C:\WINDOWS\mmfs.dll,Service []
S3 SaiHA501;SaiHA501;C:\WINDOWS\system32\DRIVERS\SaiHA501.sys [2006-01-27 12:28]
S3 SaiLA501;SaiLA501;C:\WINDOWS\system32\DRIVERS\SaiLA501.sys [2006-01-27 12:28]
S3 SaiUA501;SaiUA501;C:\WINDOWS\system32\DRIVERS\SaiUA501.sys [2006-01-27 12:28]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

*Newly Created Service* - PCANDIS5
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-07 20:26:33 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 19:55:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-21 19:58:17 - machine was rebooted [abby]
ComboFix-quarantined-files.txt 2008-01-21 18:58:15
ComboFix2.txt 2008-01-20 20:57:50
.
2007-06-14 10:29:45 --- E O F ---
0
Réponse 9 / 10
little_star-37 Messages postés 10 Statut Membre
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:02, on 21/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Saitek\Software\ProfilerU.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [NI.UGESV_0001_N122M2811] "C:\Documents and Settings\Brooke\Bureau\setup_fr.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O21 - SSODL: agrlmvp - {AE897861-4653-4B51-ADA0-A0400DCCBAAE} - C:\WINDOWS\agrlmvp.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - rundll32.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
0
Réponse 10 / 10
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
fix cette ligne:

O21 - SSODL: agrlmvp - {AE897861-4653-4B51-ADA0-A0400DCCBAAE} - C:\WINDOWS\agrlmvp.dll (file missing)

________________

scan avec
spybot : (si vous avez une version instalée avant sept 2007 changer là par la version 1.5)

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html

_________________
colle un rapport avec antivir que tu as
et dis tes problemes

pour protéger gratos ton ordi

http://www.commentcamarche.net/telecharger/logiciel 4 securite

mettre un antivirus

AVAST en français ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
AD AWARE + SPYBOT + si tea timer non active de spybot: WINDOWS DEFENDER ou SPYWARE TERMINATOR

+/-
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

Rq : spybot et ad-aware on sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

-----------

CCLEANER pour effacer les traces de surf
0

Discussions similaires

[URGENT] Que veut dire prise (AUX IN)?
quentinel -
ankae -

18 réponses
autoradio Android que peut-on brancher sur vidéo input
chrisia -
baladur13 -

3 réponses
qu'est ce qu'une prise DC IN ?
daphdu974 -
Andy31200 -

3 réponses
Avis site DECO IN PARIS decoinparis.com [SUJET GROUPÉ].
robby54 -
PangolinRapide83 -

316 réponses
Spam SMS : your messenger vérification code is ***
Metheor -
Radinoz -

1 réponse