Help me!!!! Braviax attaque

KFQE -
jlpjlp Messages postés 52399 Statut Contributeur sécurité - 29 mars 2008 à 10:19

Bonjour,

Ca y est, moi aussi je suis pollué par Braviax,

Norton et secuser ne le détecte pas, zone alarm si, mais je ne sais pas comment réparer
Merci de votre aide

Ci dessous le rapport de Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:27:19, on 20/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\windows\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
d:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
D:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\system32\atwtusb.exe
D:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
D:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
D:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\FICHIE~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
E:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
D:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\system32\wind32.exe
C:\WINDOWS\system32\braviax.exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Mio Technology\MioSync\mioSync.exe
D:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\JP\Bureau\Nouveau dossier\eden.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 64.246.60.78 weather.ocens.net
O1 - Hosts: 64.246.60.78 wxnet.ocens.net
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ioroxxo microsoft sux] C:\Program Files\Mediafour\Setup files\MacDrive 6 Free Trial (6.1.5) (1033)\MacDrive\Windows\System32,1.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CloneCDTray] "d:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [XTNDConnect PC - ErPhn2] C:\PROGRA~1\FICHIE~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "D:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] D:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [AdobeVersionCue] e:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\wind32.exe
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKLM\..\RunServices: [ioroxxo microsoft sux] C:\Program Files\Mediafour\Setup files\MacDrive 6 Free Trial (6.1.5) (1033)\MacDrive\Windows\System32,1.exe
O4 - HKCU\..\Run: [Microsoft USB2] mskav32.exe
O4 - HKCU\..\Run: [Jimruo] C:\WINDOWS\System32\d?dplay.exe
O4 - HKCU\..\Run: [Creative Detector] D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Norton SystemWorks] "D:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update Machine] MSlti32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Microsoft USB2] mskav32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Microsoft USB2] mskav32.exe (User 'Default user')
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = E:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
O4 - Global Startup: Norton GoBack.lnk = D:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - D:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101328997481
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O21 - SSODL: fairydom - {5839511e-ec1b-4f91-ace3-fb88e52f5239} - (no file)
O21 - SSODL: FlashX - {748E4F4D-12F1-492E-93E9-F2EF7FB47E5D} - C:\Program Files\Internet Explorer\shwol.dll
O22 - SharedTaskScheduler: {5839511e-ec1b-4f91-ace3-fb88e52f5239} - fairydom - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - E:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - d:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/JP/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

Afficher la suite

A voir également:

Help me!!!! Braviax attaque
Cyber attaque - Accueil - Piratage
Attaque par dictionnaire - Guide
Attaque gmail - Guide
Attaque facebook aujourd'hui - Guide
Attaque DDoS / Boot - Forum PS3

14 réponses

Réponse 1 / 14

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

slt

si tu n'avais que braviax .....

__________

# télécharger Hoster :
http://www.funkytoad.com/download/HostsXpert.zip

# Dézipper le dossier sur le bureau.
# Lancer Hoster et cliquer sur Restore Microsoft's Hosts File

______________

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
________________

Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
________________

recolle hijakchits et dis tes soucis!

kfqe

Voila la 1° phase avec SDFix est términée,

voici le rapport,

Dis moi la suite de la démarche je ne lance pas pour l'instant Combofix

Merci par avance

kfqe

Quel étourdi j'ai oublié le rapport, le voici cette fois

[b]SDFix: Version 1.159 [/b]

Run by JP on 20/03/2008 at 23:28

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\JP\Bureau\SDFIX\SDFix

[b]Checking Services [/b]:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\DLLGH8~1.EXE - Deleted
C:\WINDOWS\SYSTEM32\FTPUPD.EXE - Deleted
C:\WINDOWS\SYSTEM32\PAYTIME.EXE - Deleted
C:\WINDOWS\SYSTEM32\RUN64DLL.DLL - Deleted
C:\FHNA.EXE - Deleted
C:\IMTQV.EXE - Deleted
C:\LTTD.EXE - Deleted
C:\MMYQVFS.EXE - Deleted
C:\MSCONF~1.EXE - Deleted
C:\QTAUA.EXE - Deleted
C:\SWVLKHPV.EXE - Deleted
C:\WJWNYU.EXE - Deleted
C:\XDARBSNR.EXE - Deleted
C:\Documents and Settings\All Users\Menu D‚marrer\Online Security Guide.url - Deleted
C:\Documents and Settings\All Users\Menu D‚marrer\Security Troubleshooting.url - Deleted
C:\WINDOWS\system32\dllgh8jkd1q8.exe - Deleted
C:\WINDOWS\system32\TFTP1604 - Deleted
C:\WINDOWS\system32\TFTP180 - Deleted
C:\WINDOWS\system32\TFTP244 - Deleted
C:\WINDOWS\system32\TFTP268 - Deleted
C:\WINDOWS\system32\TFTP2840 - Deleted
C:\WINDOWS\system32\TFTP468 - Deleted
C:\WINDOWS\system32\TFTP992 - Deleted
C:\WINDOWS\hosts - Deleted
C:\WINDOWS\system32\braviax.exe - Deleted
C:\WINDOWS\system32\vx.tll - Deleted
C:\WINDOWS\system32\wind32.exe - Deleted

Folder C:\Program Files\Microsoft Security Adviser - Removed

Removing Temp Files

[b]ADS Check [/b]:

[b]Final Check [/b]:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 23:43:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\eMule\\emule.exe"="D:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"D:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"="D:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp:*:Enabled:KazaaLite"
"D:\\Program Files\\I&M\\MaxSea\\MaxSea.exe"="D:\\Program Files\\I&M\\MaxSea\\MaxSea.exe:*:Enabled:MaxSea"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Canon\\CSCLIB\\CDPROCMN.exe"="C:\\Program Files\\Canon\\CSCLIB\\CDPROCMN.exe:*:Enabled:Canon Digital Camera SDK main server EXE"
"C:\\Program Files\\Canon\\CSCLIB\\CDPROC.exe"="C:\\Program Files\\Canon\\CSCLIB\\CDPROC.exe:*:Enabled:Canon Digital Camera SDK CDPROC EXE"
"D:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="D:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[b]Remaining Files [/b]:

File Backups: - C:\DOCUME~1\JP\Bureau\SDFIX\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Wed 1 Mar 2006 7,432 ...HR --- "C:\C_DILLA\BD0BA000.BAK"
Sun 6 Jan 2008 24 ..SH. --- "C:\WINDOWS\SD23536EF.tmp"
Thu 17 Feb 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 21 Dec 2004 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
Tue 21 Dec 2004 48 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
Mon 20 Oct 2003 73,688 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
Thu 5 Feb 2004 18,432 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setup.dll"
Thu 5 Feb 2004 5,120 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Sun 21 Oct 2007 71,168 ..SHR --- "C:\Program Files\Mio Technology\MioSync\Setup.exe"
Sat 9 Jul 2005 16,384 A.SHR --- "C:\Program Files\Mio Technology\MioSync\_Setup.dll"
Sun 30 Dec 2007 71,168 ..SHR --- "C:\Program Files\Mio Technology\SpeedCAM Tool\Setup.exe"
Sat 9 Jul 2005 16,384 A.SHR --- "C:\Program Files\Mio Technology\SpeedCAM Tool\_Setup.dll"
Wed 19 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6067d5deb7173c35afab0355ff048bd7\BIT3.tmp"
Fri 4 Jan 2008 31,232 ...H. --- "C:\Documents and Settings\JP\Application Data\Microsoft\ModŠles\~WRL3248.tmp"

[b]Finished![/b]

Réponse 2 / 14

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
________________

recolle hijakchits et dis tes soucis!

kfqe

Bonjour, désolé pour le retard dans ma réponse
j'ai du m'absenter
de plus j'ai été obligé de désinstaller Norton A V, car il blocquait Combofix, bref voila les 3 rapports

[b]SDFix: Version 1.159 [/b]

Run by JP on 2008-03-22 at 16:45

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\JP\Bureau\SDFIX\SDFix

[b]Checking Services [/b]:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

[b]Checking Files [/b]:

No Trojan Files Found

Removing Temp Files

[b]ADS Check [/b]:

[b]Final Check [/b]:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 16:51:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"SecureDesktop"=dword:00000000

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\eMule\\emule.exe"="D:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Canon\\CSCLIB\\CDPROCMN.exe"="C:\\Program Files\\Canon\\CSCLIB\\CDPROCMN.exe:*:Enabled:Canon Digital Camera SDK main server EXE"
"C:\\Program Files\\Canon\\CSCLIB\\CDPROC.exe"="C:\\Program Files\\Canon\\CSCLIB\\CDPROC.exe:*:Enabled:Canon Digital Camera SDK CDPROC EXE"
"D:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="D:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[b]Remaining Files [/b]:

File Backups: - C:\DOCUME~1\JP\Bureau\SDFIX\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Wed 1 Mar 2006 7,432 ...HR --- "C:\C_DILLA\BD0BA000.BAK"
Sun 6 Jan 2008 24 ..SH. --- "C:\WINDOWS\SD23536EF.tmp"
Thu 17 Feb 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 21 Dec 2004 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
Tue 21 Dec 2004 48 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
Mon 20 Oct 2003 73,688 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
Thu 5 Feb 2004 18,432 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setup.dll"
Thu 5 Feb 2004 5,120 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Sun 21 Oct 2007 71,168 ..SHR --- "C:\Program Files\Mio Technology\MioSync\Setup.exe"
Sat 9 Jul 2005 16,384 A.SHR --- "C:\Program Files\Mio Technology\MioSync\_Setup.dll"
Sun 30 Dec 2007 71,168 ..SHR --- "C:\Program Files\Mio Technology\SpeedCAM Tool\Setup.exe"
Sat 9 Jul 2005 16,384 A.SHR --- "C:\Program Files\Mio Technology\SpeedCAM Tool\_Setup.dll"
Wed 19 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6067d5deb7173c35afab0355ff048bd7\BIT3.tmp"
Fri 21 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cc102203f99c8c6ebf1523556f8411b6\BIT4.tmp"
Fri 21 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT3.tmp"
Fri 4 Jan 2008 31,232 ...H. --- "C:\Documents and Settings\JP\Application Data\Microsoft\ModŠles\~WRL3248.tmp"

[b]Finished![/b]

_________________________________________________________________________________

ComboFix 08-03-20.5 - JP 2008-03-22 16:58:37.7 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.173 [GMT 1:00]
Endroit: C:\Documents and Settings\JP\Bureau\KillBagle.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\dialers
C:\WINDOWS\install.exe
C:\WINDOWS\secure32.html
C:\WINDOWS\tool1.exe
C:\WINDOWS\tool2.exe
C:\WINDOWS\tool3.exe
C:\WINDOWS\tool4.exe
C:\WINDOWS\tool5.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_npf

((((((((((((((((((((((((((((( Fichiers créés 2008-02-22 to 2008-03-22 ))))))))))))))))))))))))))))))))))))
.

2008-03-20 23:27 . 2008-03-20 23:27 <REP> d-------- C:\WINDOWS\ERUNT
2008-03-20 11:03 . 2008-03-20 11:02 36,135,009 --a------ C:\WINDOWS\LPT$VPN.177
2008-03-20 11:02 . 2008-03-20 11:02 36,135,009 --a------ C:\WINDOWS\VPTNFILE.177
2008-03-20 11:01 . 2008-03-20 11:02 <REP> d-------- C:\WINDOWS\AU_Temp
2008-03-19 22:41 . 2008-03-22 14:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-19 10:19 . 2007-12-07 02:07 1,056,768 -----c--- C:\WINDOWS\system32\dllcache\danim.dll
2008-03-18 18:47 . 2008-03-18 18:47 58,368 --a------ C:\sysucmw.exe
2008-03-06 20:05 . 2008-03-06 20:05 16,848 --a------ C:\sysddpx.exe
2008-02-26 20:59 . 2008-03-18 21:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-26 20:59 . 2008-02-26 20:59 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-22 15:48 49,675,709 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-20 10:02 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2008-03-20 10:02 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-03-20 10:02 333,576 ----a-w C:\WINDOWS\tsc.exe
2008-03-20 10:02 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2008-03-19 21:43 --------- d-----w C:\Program Files\Google
2008-03-05 22:08 1,050,624 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-02-21 10:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-12 20:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-02-10 22:10 7,172,608 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2007-08-23 17:23 20,335,175 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_08_23_19_21_36_full.dmp.zip
2007-08-15 06:19 3,579,392 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2007-08-15 06:19 2,689,024 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2007-04-13 04:54 750,080 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2007-02-17 18:09 2,630,656 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2006-10-26 11:13 3,023,872 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2006-08-23 20:36 466,432 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2006-07-17 01:13 3,268,096 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2006-02-07 08:13 2,833,920 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2005-05-29 15:33 33,076 ----a-w C:\WINDOWS\Fonts\swenson.zip
2005-05-29 15:31 24,704 ----a-w C:\WINDOWS\Fonts\gino_school_script.zip
2005-05-29 15:30 25,815 ----a-w C:\WINDOWS\Fonts\dj_fancy.zip
2005-05-29 15:30 173,188 ----a-w C:\WINDOWS\Fonts\ecolier.zip
2005-05-29 15:30 14,276 ----a-w C:\WINDOWS\Fonts\alamain.zip
2005-10-02 20:46 32 --sha-w C:\WINDOWS\{03137D8B-F326-4E74-A83D-140715725461}.dat
2005-10-02 20:46 32 --sha-w C:\WINDOWS\{2D64B5ED-151D-4250-B607-F455BC2D6427}.dat
2005-10-02 20:48 32 --sha-w C:\WINDOWS\{4185A139-059B-4420-9EA9-D7257FD89F54}.dat
2005-10-02 20:46 32 --sha-w C:\WINDOWS\{D2EF6E64-BBD4-4603-8911-175D003B64DE}.dat
2005-10-02 20:46 32 --sha-w C:\WINDOWS\system32\{29B6D253-670C-4D80-95D0-8A478F34661C}.dat
2005-10-02 20:48 32 --sha-w C:\WINDOWS\system32\{63EF0718-3114-48A0-83F2-560D7B246AB6}.dat
2005-10-02 20:46 32 --sha-w C:\WINDOWS\system32\{6BE5588B-B189-4525-9F51-C6AD96486487}.dat
2005-10-02 20:46 32 --sha-w C:\WINDOWS\system32\{9C82FE7C-B24F-4266-8603-5A6EE2806EB8}.dat
.

((((((((((((((((((((((((((((( snapshot@2008-03-22_16.40.04.75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-21 09:44:53 9,318,400 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-03-22 15:44:23 9,318,400 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
- 2008-03-21 09:44:53 155,648 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-03-22 15:44:23 155,648 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft USB2"="mskav32.exe" []
"Jimruo"="C:\WINDOWS\System32\d?dplay.exe" [2001-08-28 13:00 59392]
"Creative Detector"="D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-10-05 08:52 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe" [2006-03-10 08:07 667735]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-21 20:29 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2004-12-06 21:31 36975]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 16:06 406016]
"atwtusb"="atwtusb.exe" [2001-08-20 18:48 167936 C:\WINDOWS\system32\Atwtusb.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 21:10 339968]
"CloneCDTray"="d:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 20:21 57344]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57 282624]
"Zone Labs Client"="d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-07-09 12:42 968696]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2004-09-03 16:16 139264]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2006-12-28 15:09 4579328]
"MoneyStartUp10.0"="D:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 10:00 245810]
"AdobeVersionCue"="e:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-22 15:33 1732608]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 04:42 577536 C:\WINDOWS\soundman.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2007-01-17 17:01 496640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
"ioroxxo microsoft sux"="system32" [2008-03-22 17:00 0 C:\WINDOWS\system32]
"Microsoft USB2"="mskav32.exe" []
"Microsoft Update Machine"="MSlti32.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Microsoft USB2"="mskav32.exe" []

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acc‚l‚rateur de d‚marrage AutoCAD.lnk - C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe [2004-02-25 03:35:22 10872]
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-29 14:41:00 110592]
Assistant d'Acrobat.lnk - E:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 00:19:50 217193]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-19 22:41:38 125624]
MioSync.lnk - C:\Program Files\Mio Technology\MioSync\mioSync.exe [2007-10-21 12:51:51 647168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoUserNameInStartMenu"= 1 (0x1)
"NoInstrumentation"= 1 (0x1)
"NoStartMenuPinnedList"= 0 (0x0)
"ForceStartMenuLogoff"= 0 (0x0)
"NoViewOnDrive"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"FlashX"= {748E4F4D-12F1-492E-93E9-F2EF7FB47E5D} - C:\Program Files\Internet Explorer\shwol.dll [2007-04-22 16:48 21504]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^CoreCenter.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^E-Compagnon.lnk]
backup=C:\WINDOWS\pss\E-Compagnon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Norton GoBack.lnk]
backup=C:\WINDOWS\pss\Norton GoBack.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^VIA RAID TOOL.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton SystemWorks]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Planificateur LiveUpdate automatique"=2 (0x2)
"GBPoll"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=3 (0x3)
"SBService"=2 (0x2)
"NProtectService"=2 (0x2)
"NPFMntor"=2 (0x2)
"navapsvc"=3 (0x3)
"LiveUpdate"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"BlueSoleil Hid Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Canon\\CSCLIB\\CDPROCMN.exe"=
"C:\\Program Files\\Canon\\CSCLIB\\CDPROC.exe"=
"D:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

R0 hotcore2;hotcore2;C:\WINDOWS\system32\drivers\hotcore2.sys [2006-08-23 11:10]
R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 11:22]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 19:22]
R2 Dnscache;Client DNS;C:\WINDOWS\System32\svchost.exe [2004-08-19 16:10]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 10:58]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 C-Dilla;C-Dilla;C:\WINDOWS\System32\drivers\CDANT.SYS [2005-03-05 19:49]
S3 HwIOctl;HwIOctl;d:\Program Files\Setup Files\MS-7021 v2.00\HwIOctl.sys []
S3 Memctl;Memctl;d:\Program Files\Setup Files\MS-7021 v2.00\Memctl.sys []
S3 sentemul;sentemul;C:\WINDOWS\system32\drivers\sentemul.sys [2003-03-24 17:06]
S3 SunkFilt62;Alcor Micro Corp - 6362;C:\WINDOWS\System32\Drivers\sunkfilt62.sys [2004-07-23 13:55]
S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-03 23:04]
S3 Usblink;Usblink Driver;C:\WINDOWS\system32\Drivers\ulink.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 utblfilt;utblfilt;C:\WINDOWS\system32\drivers\utblfilt.sys [2001-05-23 09:42]
S3 VNic;ULan Network Driver Module;C:\WINDOWS\system32\DRIVERS\VNic.sys []

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-28 10:07:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-07 11:39:43 C:\WINDOWS\Tasks\tplwoa.job"

_______________________________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:04, on 2008-03-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\windows\system32\svchost.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\system32\atwtusb.exe
D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\VIA\RAID\raid_tool.exe
E:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
E:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Mio Technology\MioSync\mioSync.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\JP\Bureau\hijackthis\eden.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CloneCDTray] "d:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "D:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [AdobeVersionCue] e:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKCU\..\Run: [Microsoft USB2] mskav32.exe
O4 - HKCU\..\Run: [Jimruo] C:\WINDOWS\System32\d?dplay.exe
O4 - HKCU\..\Run: [Creative Detector] D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update Machine] MSlti32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Microsoft USB2] mskav32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Microsoft USB2] mskav32.exe (User 'Default user')
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = E:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - D:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101328997481
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O21 - SSODL: fairydom - {5839511e-ec1b-4f91-ace3-fb88e52f5239} - (no file)
O21 - SSODL: FlashX - {748E4F4D-12F1-492E-93E9-F2EF7FB47E5D} - C:\Program Files\Internet Explorer\shwol.dll
O22 - SharedTaskScheduler: {5839511e-ec1b-4f91-ace3-fb88e52f5239} - fairydom - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - E:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/JP/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

Réponse 3 / 14

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

smit fraud fix (colle le rapport)

1/ telecharger :

http://siri.urz.free.fr/Fix/SmitfraudFix.php

2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.

3/ redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général) puis refaire comme en 2/ mais sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée
________________

AVG antispyware
https://www.01net.com/
http://free.grisoft.com/doc/download-free-anti-spyware/us/frt/0

Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

->Relance AVG AS -> "Analyse" ->"Paramètres"

Sous la question "Comment réagir ?" :

-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

Si un fichier est infecté en fin d'analyse

->Clique sur "Appliquer toutes les actions "

->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici

________________

colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

________________

mets a jour internet explorer ici:
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

________________

colle un rapport hijackthis

KFQE

Voila, le ménage a l'air d'etre fait, voici les rapports:
1 SMIT
2 AVG
3 Bit defender
4 Hijack

SmitFraudFix v2.307

Rapport fait à 18:50:15.56, 2008-03-22
Executé à partir de C:\Documents and Settings\JP\Bureau\Nouveau dossier\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"fairydom"="{5839511e-ec1b-4f91-ace3-fb88e52f5239}"

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\kl.exe supprimé
C:\WINDOWS\ms1.exe supprimé
C:\WINDOWS\toolbar.exe supprimé
C:\WINDOWS\system32\ot.ico supprimé
C:\WINDOWS\system32\ts.ico supprimé
C:\WINDOWS\system32\1024\ supprimé
C:\DOCUME~1\JP\Favoris\Antivirus Test Online.url supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CS1\Services\Tcpip\..\{2913121C-F62D-4E55-9411-8E66691B8BD5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

_____________________________________________________________________

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 20:12 2008-03-22

+ Résultat de l'analyse:

C:\QooBox\Quarantine\C\WINDOWS\Install.exe.vir -> Adware.Casino : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{9F8D845F-0125-4B9F-8166-974AF86AC578}\RP2\A0000021.exe -> Adware.Casino : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\Fichiers communs\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Nettoyé et sauvegardé (mise en quarantaine).

Fin du rapport

_______________________________________________________________________

BitDefender Online Scanner - Real Time Virus Report

Generated at: Sat, Mar 22, 2008 - 22:40:23

--------------------------------------------------------------------------------

Scan Info

Scanned Files
678088

Infected Files
85

Virus Detected

Packer.FSG.A
2

Adware.Advertismen.B
1

Worm.RJump.K
6

Trojan.Conroot.A
4

Trojan.Downloader.Tibs.GYU
30

Trojan.Downloader.JH
4

Trojan.Startpage.AOG
1

Trojan.Downloader.VB.VFU
6

Trojan.Downloader.Small.EHB
3

Win32.Worm.P2P.Puce.G
2

Dropped:Trojan.BHO.WebPrefix.A
1

Trojan.Autorun.EU
2

Trojan.Generic.86198
4

Trojan.Downloader.Agent.ZAK
5

Trojan.Click.280
2

Trojan.Peed.JAZ
3

Generic.XPL.ADODB.AE0E076A
1

Generic.Malware.P!.6C18C55D
2

Win32.Worm.Bagle.ZJP
1

Win32.Worm.Bagle.ZKA
5

--------------------------------------------------------------------------------

This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

_________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:09, on 2008-03-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\windows\system32\winlogon.exe
D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\system32\atwtusb.exe
D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
E:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Mio Technology\MioSync\mioSync.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\JP\Bureau\hijackthis\eden.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CloneCDTray] "d:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "D:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [AdobeVersionCue] e:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Microsoft USB2] mskav32.exe
O4 - HKCU\..\Run: [Jimruo] C:\WINDOWS\System32\d?dplay.exe
O4 - HKCU\..\Run: [Creative Detector] D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update Machine] MSlti32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Microsoft USB2] mskav32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Microsoft USB2] mskav32.exe (User 'Default user')
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = E:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - D:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101328997481
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O21 - SSODL: FlashX - {748E4F4D-12F1-492E-93E9-F2EF7FB47E5D} - C:\Program Files\Internet Explorer\shwol.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - E:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Réponse 4 / 14

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

effectivement on est loin du compte!

il en reste plein!

______________

1/ # Télécharge RavAntivirus d'Evosla :
http://ww25.evosla.com/compteur.php?soft=rav_antivirus

# Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
# Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau
# Doucle-clique sur >> RAV.exe << afin de lancer l'outil.
# Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
# Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain .
# Retire tes disques amovibles et redémarrez votre ordinateur.
# Poste le rapport, si infection!

2/ Télécharge sur le bureau Flash Disinfector (de SUBS) à cette adresse : http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

Double-clique sur l’icône.
Les icônes vont disparaître. C’est normal.
Si un rapport est généré en cas d'infection, sauvegarde-le sur le bureau, et poste le ensuite
Redémarre ensuite le PC.
__________________________
3/

Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
____________________________
4/

* Téléchargez ELIBAGLA en bas de cette page http://www.zonavirus.com/datos/descargas/95/elibagla.asp
* Clique sur le bouton Descargar Elibagla cela va télécharger le fichier, placez le sur votre bureau.
* Double-cliquez dessus pour l'ouvrir
* Assurez-vous que dans le menu déroulant Unidad, vous avez bien C:\
* Vérifiquez aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente est bien cochée
* Cliquez sur le bouton Explorar pour lancer l'analyse

________________
5/ vire ce qui est dans quarantine en allant dans poste de travail puis C puis qoobox

C:\QooBox\Quarantine
________________

6/

si tout c'est bien passé désactive la restauration système pour purger les virus qui seraient dedans
puis redemarre ton ordi
puis réactive là : https://www.informatruc.com

________________
7/ colle un nouveau rapport bitdefender entier avec le nom des fihciers inféctés

kfqe

Voila c'est fait

Bon rien sur les clés et disques externes
rien avec flash disinfector

voila le rapport combo
______________________________________________________________
ComboFix 08-03-20.5 - JP 2008-03-23 11:15:30.8 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.138 [GMT 1:00]
Endroit: C:\Documents and Settings\JP\Bureau\KillBagle.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\dialers
C:\WINDOWS\install.exe
C:\WINDOWS\secure32.html
C:\WINDOWS\tool1.exe
C:\WINDOWS\tool2.exe
C:\WINDOWS\tool3.exe
C:\WINDOWS\tool4.exe
C:\WINDOWS\tool5.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_npf

((((((((((((((((((((((((((((( Fichiers créés 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))))))))
.

2008-03-22 22:59 . 2008-03-22 23:00 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-03-22 22:52 . 2007-12-07 03:08 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-22 22:52 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-22 22:52 . 2007-07-01 04:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-22 22:52 . 2007-12-07 03:08 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-22 22:52 . 2007-12-07 03:08 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-22 22:52 . 2007-12-07 03:08 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-22 22:52 . 2007-12-07 03:08 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-22 22:52 . 2007-12-07 03:08 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-22 22:52 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-22 20:29 . 2008-03-22 22:40 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-03-22 18:54 . 2008-03-22 18:54 <REP> d-------- C:\Documents and Settings\JP\Application Data\Grisoft
2008-03-22 18:54 . 2008-03-22 18:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-22 18:54 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-22 18:44 . 2008-03-22 18:50 3,398 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-20 23:27 . 2008-03-20 23:27 <REP> d-------- C:\WINDOWS\ERUNT
2008-03-20 11:03 . 2008-03-20 11:02 36,135,009 --a------ C:\WINDOWS\LPT$VPN.177
2008-03-20 11:02 . 2008-03-20 11:02 36,135,009 --a------ C:\WINDOWS\VPTNFILE.177
2008-03-20 11:01 . 2008-03-20 11:02 <REP> d-------- C:\WINDOWS\AU_Temp
2008-03-19 22:41 . 2008-03-22 14:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-19 10:19 . 2007-12-07 02:07 1,056,768 -----c--- C:\WINDOWS\system32\dllcache\danim.dll
2008-03-18 18:47 . 2008-03-18 18:47 58,368 --a------ C:\sysucmw.exe
2008-02-26 20:59 . 2008-03-18 21:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-26 20:59 . 2008-02-26 20:59 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-22 15:48 49,675,709 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-20 10:02 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2008-03-20 10:02 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-03-20 10:02 333,576 ----a-w C:\WINDOWS\tsc.exe
2008-03-20 10:02 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2008-03-19 21:43 --------- d-----w C:\Program Files\Google
2008-03-05 22:08 1,050,624 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-02-21 10:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-12 20:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-02-10 22:10 7,172,608 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-08-23 17:23 20,335,175 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_08_23_19_21_36_full.dmp.zip
2007-08-15 06:19 3,579,392 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2007-08-15 06:19 2,689,024 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2007-04-13 04:54 750,080 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2007-02-17 18:09 2,630,656 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2006-10-26 11:13 3,023,872 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2006-08-23 20:36 466,432 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2006-07-17 01:13 3,268,096 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2006-02-07 08:13 2,833,920 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2005-05-29 15:33 33,076 ----a-w C:\WINDOWS\Fonts\swenson.zip
2005-05-29 15:31 24,704 ----a-w C:\WINDOWS\Fonts\gino_school_script.zip
2005-05-29 15:30 25,815 ----a-w C:\WINDOWS\Fonts\dj_fancy.zip
2005-05-29 15:30 173,188 ----a-w C:\WINDOWS\Fonts\ecolier.zip
2005-05-29 15:30 14,276 ----a-w C:\WINDOWS\Fonts\alamain.zip
2005-10-02 20:46 32 --sha-w C:\WINDOWS\{03137D8B-F326-4E74-A83D-140715725461}.dat
2005-10-02 20:46 32 --sha-w C:\WINDOWS\{2D64B5ED-151D-4250-B607-F455BC2D6427}.dat
2005-10-02 20:48 32 --sha-w C:\WINDOWS\{4185A139-059B-4420-9EA9-D7257FD89F54}.dat
2005-10-02 20:46 32 --sha-w C:\WINDOWS\{D2EF6E64-BBD4-4603-8911-175D003B64DE}.dat
2005-10-02 20:46 32 --sha-w C:\WINDOWS\system32\{29B6D253-670C-4D80-95D0-8A478F34661C}.dat
2005-10-02 20:48 32 --sha-w C:\WINDOWS\system32\{63EF0718-3114-48A0-83F2-560D7B246AB6}.dat
2005-10-02 20:46 32 --sha-w C:\WINDOWS\system32\{6BE5588B-B189-4525-9F51-C6AD96486487}.dat
2005-10-02 20:46 32 --sha-w C:\WINDOWS\system32\{9C82FE7C-B24F-4266-8603-5A6EE2806EB8}.dat
.

((((((((((((((((((((((((((((( snapshot@2008-03-22_16.40.04.75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-07-08 16:30:34 249,344 ----a-w C:\WINDOWS\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
+ 2005-02-24 19:35:26 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB893756\spmsg.dll
+ 2005-02-24 19:35:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB893756\spuninst.exe
+ 2005-07-07 18:27:08 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\arpidfix.exe
+ 2005-02-24 19:35:26 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\spcustom.dll
+ 2005-02-24 19:35:26 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\update.exe
+ 2005-02-24 19:35:26 395,488 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\updspapi.dll
+ 2005-06-11 00:17:13 57,856 ----a-w C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
+ 2005-02-24 19:35:26 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB896423\spmsg.dll
+ 2005-02-24 19:35:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB896423\spuninst.exe
+ 2005-06-29 15:54:32 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\arpidfix.exe
+ 2005-02-24 19:35:26 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\spcustom.dll
+ 2005-02-24 19:35:26 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\update.exe
+ 2005-02-24 19:35:26 395,488 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\updspapi.dll
+ 2005-06-15 17:48:49 297,984 ----a-w C:\WINDOWS\$hf_mig$\KB899587\SP2QFE\kerberos.dll
+ 2005-02-24 19:35:26 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB899587\spmsg.dll
+ 2005-02-24 19:35:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB899587\spuninst.exe
+ 2005-06-29 15:54:32 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\arpidfix.exe
+ 2005-02-24 19:35:26 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\spcustom.dll
+ 2005-02-24 19:35:26 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\update.exe
+ 2005-02-24 19:35:26 395,488 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\updspapi.dll
+ 2005-06-10 04:06:01 139,528 ----a-w C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys
+ 2005-02-24 19:35:26 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB899591\spmsg.dll
+ 2005-02-24 19:35:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB899591\spuninst.exe
+ 2005-06-29 15:54:32 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\arpidfix.exe
+ 2005-02-24 19:35:26 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\spcustom.dll
+ 2005-02-24 19:35:26 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\update.exe
+ 2005-02-24 19:35:26 395,488 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\updspapi.dll
+ 2005-09-10 01:53:06 2,068,480 ----a-w C:\WINDOWS\$hf_mig$\KB901017\SP2QFE\cdosys.dll
+ 2005-02-24 19:35:26 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB901017\spmsg.dll
+ 2005-02-24 19:35:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB901017\spuninst.exe
+ 2005-09-09 15:26:26 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\arpidfix.exe
+ 2005-02-24 19:35:26 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\spcustom.dll
+ 2005-02-24 19:35:26 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\update.exe
+ 2005-02-24 19:35:26 395,488 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\updspapi.dll
+ 2006-01-04 04:19:19 68,096 ----a-w C:\WINDOWS\$hf_mig$\KB911927\SP2QFE\webclnt.dll
+ 2005-10-12 23:15:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB911927\spmsg.dll
+ 2005-10-12 23:15:26 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB911927\spuninst.exe
+ 2005-10-12 23:15:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB911927\update\spcustom.dll
+ 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB911927\update\update.exe
+ 2005-10-12 23:15:45 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB911927\update\updspapi.dll
+ 2006-06-22 05:22:11 69,120 ----a-w C:\WINDOWS\$hf_mig$\KB920685\SP2QFE\ciodm.dll
+ 2006-06-22 05:22:12 1,440,768 ----a-w C:\WINDOWS\$hf_mig$\KB920685\SP2QFE\query.dll
+ 2005-10-12 23:15:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB920685\spmsg.dll
+ 2005-10-12 23:15:26 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB920685\spuninst.exe
+ 2005-10-12 23:15:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB920685\update\spcustom.dll
+ 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB920685\update\update.exe
+ 2005-10-12 23:15:45 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB920685\update\updspapi.dll
+ 2006-08-14 12:00:42 332,928 ----a-w C:\WINDOWS\$hf_mig$\KB923414\SP2QFE\srv.sys
+ 2005-10-12 23:18:45 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB923414\spmsg.dll
+ 2005-10-12 23:18:45 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB923414\spuninst.exe
+ 2005-10-12 23:18:45 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB923414\update\spcustom.dll
+ 2005-10-12 23:18:46 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB923414\update\update.exe
+ 2005-10-12 23:18:49 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB923414\update\updspapi.dll
+ 2006-10-13 12:43:07 64,000 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwapi32.dll
+ 2006-10-13 12:43:07 145,920 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwprovau.dll
+ 2006-10-13 10:39:12 163,456 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwrdr.sys
+ 2006-10-13 12:43:07 65,536 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwwks.dll
+ 2005-10-12 23:18:45 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB923980\spmsg.dll
+ 2005-10-12 23:18:45 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB923980\spuninst.exe
+ 2005-10-12 23:18:45 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\spcustom.dll
+ 2005-10-12 23:18:46 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\update.exe
+ 2005-10-12 23:18:49 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\updspapi.dll
+ 2006-12-26 13:20:21 536,576 ----a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msado15.dll
+ 2006-12-26 13:20:21 180,224 ----a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msadomd.dll
+ 2006-12-26 13:20:21 200,704 ----a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msadox.dll
+ 2006-12-26 13:20:21 102,400 ----a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msjro.dll
+ 2006-01-19 19:29:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB927779\spmsg.dll
+ 2006-01-19 19:29:25 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB927779\spuninst.exe
+ 2006-01-19 19:29:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB927779\update\spcustom.dll
+ 2006-01-19 19:29:26 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB927779\update\update.exe
+ 2006-01-19 19:29:26 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB927779\update\updspapi.dll
+ 2006-12-19 21:48:29 8,515,072 ----a-w C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shell32.dll
+ 2006-12-19 21:48:29 135,680 ----a-w C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
+ 2006-12-19 16:29:57 265,216 ----a-w C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\spru040c.dll
+ 2006-01-19 19:29:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB928255\spmsg.dll
+ 2006-01-19 19:29:25 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB928255\spuninst.exe
+ 2006-01-19 19:29:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB928255\update\spcustom.dll
+ 2006-01-19 19:29:26 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB928255\update\update.exe
+ 2006-01-19 19:29:26 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB928255\update\updspapi.dll
+ 2007-06-26 06:07:05 1,104,896 ----a-w C:\WINDOWS\$hf_mig$\KB936021\SP2QFE\msxml3.dll
+ 2005-10-12 23:15:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB936021\spmsg.dll
+ 2005-10-12 23:15:26 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB936021\spuninst.exe
+ 2005-10-12 23:15:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\spcustom.dll
+ 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\update.exe
+ 2005-10-12 23:15:45 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\updspapi.dll
+ 2007-06-13 13:10:53 1,037,312 ----a-w C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
+ 2005-10-12 23:15:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB938828\spmsg.dll
+ 2005-10-12 23:15:26 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB938828\spuninst.exe
+ 2005-10-12 23:15:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\spcustom.dll
+ 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\update.exe
+ 2005-10-12 23:15:45 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\updspapi.dll
+ 2008-03-22 19:29:05 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-03-22 19:29:06 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-03-22 19:29:06 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-03-22 19:29:09 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2008-01-09 14:01:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2008-01-09 14:01:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-03-22 19:29:09 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-03-22 19:29:06 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2008-01-09 14:01:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2008-01-09 14:01:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
- 2005-03-02 18:07:56 2,137,600 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2007-02-28 16:02:21 2,138,112 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
- 2005-03-02 18:07:56 2,058,880 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2007-02-28 16:02:36 2,059,648 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
- 2005-03-02 18:08:01 2,017,280 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2007-02-28 16:02:21 2,017,792 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
- 2005-03-02 18:08:06 2,181,376 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2007-02-28 16:02:36 2,182,400 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
- 2008-03-21 09:44:53 9,318,400 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-03-22 15:44:23 9,318,400 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
- 2008-03-21 09:44:53 155,648 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-03-22 15:44:23 155,648 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
- 2004-08-19 15:09:54 1,036,288 ----a-w C:\WINDOWS\explorer.exe
+ 2007-06-13 13:22:28 1,037,312 ----a-w C:\WINDOWS\explorer.exe
+ 2004-08-19 15:09:20 61,440 -c----w C:\WINDOWS\ie7\admparse.dll
+ 2004-08-19 15:09:20 101,888 -c----w C:\WINDOWS\ie7\advpack.dll
+ 2004-08-19 15:09:22 35,328 -c----w C:\WINDOWS\ie7\corpol.dll
+ 2006-06-02 19:32:20 33,792 -c----w C:\WINDOWS\ie7\custsat.dll
+ 2007-12-07 01:07:03 357,888 -c----w C:\WINDOWS\ie7\dxtmsft.dll
+ 2007-12-07 01:07:03 205,312 -c----w C:\WINDOWS\ie7\dxtrans.dll
+ 2007-12-07 01:07:04 55,808 -c----w C:\WINDOWS\ie7\extmgr.dll
+ 2004-08-19 15:09:28 38,912 -c----w C:\WINDOWS\ie7\hmmapi.dll
+ 2004-08-19 15:09:56 34,304 -c----w C:\WINDOWS\ie7\ie4uinit.exe
+ 2004-08-19 15:09:28 139,264 -c----w C:\WINDOWS\ie7\ieakeng.dll
+ 2004-08-19 15:09:28 221,696 -c----w C:\WINDOWS\ie7\ieaksie.dll
+ 2001-08-28 12:00:00 245,760 -c----w C:\WINDOWS\ie7\ieakui.dll
+ 2004-08-19 15:09:28 323,584 -c----w C:\WINDOWS\ie7\iedkcs32.dll
+ 2007-12-06 13:07:07 18,432 -c----w C:\WINDOWS\ie7\iedw.exe
+ 2004-08-19 15:09:28 81,920 -c----w C:\WINDOWS\ie7\ieencode.dll
+ 2007-12-07 01:07:04 251,392 -c----w C:\WINDOWS\ie7\iepeers.dll
+ 2004-08-19 15:09:28 49,152 -c----w C:\WINDOWS\ie7\iernonce.dll
+ 2004-08-19 15:09:28 63,488 -c----w C:\WINDOWS\ie7\iesetup.dll
+ 2004-08-19 15:09:56 93,184 -c----w C:\WINDOWS\ie7\iexplore.exe
+ 2004-08-19 15:09:30 35,840 -c----w C:\WINDOWS\ie7\imgutil.dll
+ 2007-12-07 01:07:04 96,768 -c----w C:\WINDOWS\ie7\inseng.dll
+ 2007-11-14 07:28:02 450,560 -c----w C:\WINDOWS\ie7\jscript.dll
+ 2007-12-07 01:07:04 16,384 -c----w C:\WINDOWS\ie7\jsproxy.dll
+ 2004-08-19 15:09:32 22,528 -c----w C:\WINDOWS\ie7\licmgr10.dll
+ 2004-08-19 15:10:00 29,184 -c----w C:\WINDOWS\ie7\mshta.exe
+ 2007-12-07 19:07:06 3,080,192 -c----w C:\WINDOWS\ie7\mshtml.dll
+ 2007-12-07 01:07:04 449,024 -c----w C:\WINDOWS\ie7\mshtmled.dll
+ 2004-08-19 15:08:28 57,344 -c----w C:\WINDOWS\ie7\mshtmler.dll
+ 2001-08-28 12:00:00 146,432 -c----w C:\WINDOWS\ie7\msls31.dll
+ 2007-12-07 01:07:04 146,432 -c----w C:\WINDOWS\ie7\msrating.dll
+ 2007-12-07 01:07:04 532,480 -c----w C:\WINDOWS\ie7\mstime.dll
+ 2004-08-19 15:09:38 97,280 -c----w C:\WINDOWS\ie7\occache.dll
+ 2007-12-07 01:07:04 39,424 -c----w C:\WINDOWS\ie7\pngfilt.dll
+ 2007-09-26 17:34:42 33,472 -c----w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-09-26 17:32:30 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 16:43:28 216,800 -c----w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 16:43:30 394,976 -c----w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2004-08-19 15:09:48 37,888 -c----w C:\WINDOWS\ie7\url.dll
+ 2007-12-07 01:07:05 617,472 -c----w C:\WINDOWS\ie7\urlmon.dll
+ 2004-08-19 15:09:48 417,792 -c----w C:\WINDOWS\ie7\vbscript.dll
+ 2007-06-26 13:56:54 851,968 -c----w C:\WINDOWS\ie7\vgx.dll
+ 2004-08-19 15:09:48 281,600 -c----w C:\WINDOWS\ie7\webcheck.dll
+ 2007-12-07 01:07:05 663,552 -c----w C:\WINDOWS\ie7\wininet.dll
+ 2007-08-13 17:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll
+ 2007-08-13 17:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll.000
+ 2007-08-13 17:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll
+ 2007-08-13 17:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll
+ 2007-08-13 17:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll
+ 2007-08-13 17:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe
+ 2007-08-13 17:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe.000
+ 2007-08-13 17:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll
+ 2007-08-13 17:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll.000
+ 2007-08-13 17:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll
+ 2007-08-13 17:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll.000
+ 2007-08-13 16:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll
+ 2007-02-12 15:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dat
+ 2007-07-11 11:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll
+ 2007-08-13 17:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll
+ 2007-08-13 17:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll.000
+ 2007-08-13 17:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll
+ 2007-08-13 17:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll
+ 2007-08-13 17:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll.000
+ 2007-08-13 17:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll
+ 2007-08-13 17:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe
+ 2007-08-13 17:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
+ 2007-08-13 17:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll
+ 2007-08-13 17:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll
+ 2007-08-13 17:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll
+ 2007-08-13 17:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll
+ 2007-08-13 17:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll
+ 2007-08-13 17:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll
+ 2007-08-13 17:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll
+ 2007-08-13 17:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll
+ 2007-08-13 17:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll.000
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe
+ 2007-06-30 20:24:42 394,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll
+ 2007-08-13 17:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll
+ 2007-08-13 17:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll
+ 2007-08-13 17:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll
+ 2007-08-13 17:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll.000
+ 2007-08-13 17:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
+ 2007-10-10 23:49:42 124,928 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\advpack.dll
+ 2007-10-10 23:49:42 124,928 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\advpack.dll.000
+ 2007-08-13 17:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtmsft.dll
+ 2007-10-10 23:49:42 214,528 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtrans.dll
+ 2007-10-10 23:49:42 214,528 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtrans.dll.000
+ 2007-10-10 23:49:42 132,608 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\extmgr.dll
+ 2007-10-10 23:49:42 63,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\icardie.dll
+ 2007-10-10 23:49:42 63,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\icardie.dll.000
+ 2007-10-10 11:00:41 70,656 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ie4uinit.exe
+ 2007-10-10 23:49:42 153,088 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakeng.dll
+ 2007-10-10 23:49:42 230,400 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieaksie.dll
+ 2007-10-10 05:46:55 161,792 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakui.dll
+ 2007-07-01 03:31:33 2,455,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dat
+ 2007-10-10 23:49:42 383,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dll
+ 2007-10-10 23:49:42 383,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dll.000
+ 2007-10-10 23:49:42 384,512 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iedkcs32.dll
+ 2007-10-10 23:49:43 6,065,664 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieframe.dll
+ 2007-10-10 23:49:43 6,065,664 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieframe.dll.000
+ 2007-10-10 23:49:43 44,544 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iernonce.dll
+ 2007-10-10 23:49:43 267,776 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iertutil.dll
+ 2007-10-10 23:49:43 267,776 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iertutil.dll.000
+ 2007-10-10 10:59:40 13,824 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieudinit.exe
+ 2007-10-10 11:00:59 625,152 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe
+ 2007-10-10 11:00:59 625,152 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe.000
+ 2007-10-10 23:49:44 27,648 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\jsproxy.dll
+ 2007-10-10 23:49:44 459,264 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeeds.dll
+ 2007-10-10 23:49:44 459,264 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeeds.dll.000
+ 2007-10-10 23:49:44 52,224 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeedsbs.dll
+ 2007-10-10 23:49:44 52,224 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeedsbs.dll.000
+ 2007-10-31 03:53:50 3,590,656 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtml.dll
+ 2007-10-31 03:53:50 3,590,656 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtml.dll.000
+ 2007-10-10 23:49:44 478,208 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtmled.dll
+ 2007-10-10 23:49:44 478,208 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtmled.dll.000
+ 2007-10-10 23:49:44 193,024 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msrating.dll
+ 2007-10-10 23:49:45 671,232 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mstime.dll
+ 2007-10-10 23:49:45 102,400 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\occache.dll
+ 2007-08-13 17:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\pngfilt.dll
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\updspapi.dll
+ 2007-10-10 23:49:45 105,984 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\url.dll
+ 2007-10-10 23:49:45 105,984 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\url.dll.000
+ 2007-10-10 23:49:45 1,159,680 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\urlmon.dll
+ 2007-10-10 23:49:45 1,159,680 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\urlmon.dll.000
+ 2007-10-10 23:49:45 232,960 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\webcheck.dll
+ 2007-10-10 23:49:45 232,960 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\webcheck.dll.000
+ 2007-10-10 23:49:45 824,832 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
+ 2007-10-10 23:49:45 824,832 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll.000
+ 2006-06-02 19:32:20 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll
+ 2006-10-10 12:44:50 557,568 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe
- 2004-08-19 15:09:20 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll
+ 2006-08-16 11:59:27 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll
- 2004-08-19 15:09:20 61,440 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2007-08-13 17:39:20 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
- 2004-08-19 15:09:20 101,888 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-12-07 02:08:32 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2004-08-19 15:09:22 2,067,968 ----a-w C:\WINDOWS\system32\cdosys.dll
+ 2005-09-10 01:55:14 2,067,968 ----a-w C:\WINDOWS\system32\cdosys.dll
- 2004-08-19 15:09:22 69,120 ----a-w C:\WINDOWS\system32\ciodm.dll
+ 2006-06-22 05:13:45 69,120 ----a-w C:\WINDOWS\system32\ciodm.dll
+ 2006-08-16 11:59:27 100,352 -c----w C:\WINDOWS\system32\dllcache\6to4svc.dll
+ 2007-08-13 17:39:20 71,680 -c----w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2007-12-07 02:08:32 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2006-06-22 05:13:45 69,120 -c----w C:\WINDOWS\system32\dllcache\ciodm.dll
+ 2007-08-13 17:42:54 17,408 -c----w C:\WINDOWS\system32\dllcache\corpol.dll
- 2004-12-21 11:14:24 28,672 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2007-08-13 17:54:10 33,792 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
- 2007-12-07 01:07:03 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-12-19 22:53:23 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-12-07 01:07:03 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-12-07 02:08:32 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2004-08-19 15:09:54 1,036,288 -c--a-w C:\WINDOWS\system32\dllcache\explorer.exe
+ 2007-06-13 13:22:28 1,037,312 -c--a-w C:\WINDOWS\system32\dllcache\explorer.exe
- 2007-12-07 01:07:04 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-12-07 02:08:32 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2004-08-19 15:09:28 38,912 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2007-08-13 17:18:02 60,416 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2007-12-06 11:02:31 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2007-12-07 02:08:32 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2007-12-07 02:08:32 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2001-08-28 12:00:00 245,760 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-12-07 02:08:32 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-12-06 13:07:07 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-13 17:44:02 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-13 17:45:18 78,336 -c----w C:\WINDOWS\system32\dllcache\ieencode.dll
- 2007-12-07 01:07:04 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-08-13 17:54:10 191,488 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-12-07 02:08:33 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2007-08-13 17:39:12 55,296 -c----w C:\WINDOWS\system32\dllcache\iesetup.dll
- 2004-08-19 15:09:56 93,184 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2007-12-06 11:03:16 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2007-08-13 17:36:06 36,352 -c----w C:\WINDOWS\system32\dllcache\imgutil.dll
- 2007-12-07 01:07:04 96,768 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-08-13 17:39:02 92,672 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2007-11-14 07:28:02 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-08-13 17:38:04 491,520 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-12-07 01:07:04 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-12-07 02:08:33 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-08-13 17:44:18 40,960 -c----w C:\WINDOWS\system32\dllcache\licmgr10.dll
- 2001-08-28 12:00:00 924,432 -c----w C:\WINDOWS\system32\dllcache\mfc40u.dll
+ 2006-11-01 19:18:42 927,504 -c----w C:\WINDOWS\system32\dllcache\mfc40u.dll
+ 2006-12-14 13:45:53 981,760 -c----w C:\WINDOWS\system32\dllcache\mfc42u.dll
+ 2007-07-06 10:05:47 72,960 -c----w C:\WINDOWS\system32\dllcache\mqac.sys
+ 2007-07-06 12:50:47 138,240 -c----w C:\WINDOWS\system32\dllcache\mqad.dll
+ 2007-07-06 12:50:47 47,104 -c----w C:\WINDOWS\system32\dllcache\mqdscli.dll
+ 2007-07-06 12:50:47 16,896 -c----w C:\WINDOWS\system32\dllcache\mqise.dll
+ 2007-07-06 12:50:47 660,992 -c----w C:\WINDOWS\system32\dllcache\mqqm.dll
+ 2007-07-06 12:50:47 177,152 -c----w C:\WINDOWS\system32\dllcache\mqrt.dll
+ 2007-07-06 12:50:47 95,744 -c----w C:\WINDOWS\system32\dllcache\mqsec.dll
+ 2007-07-06 12:50:47 48,640 -c----w C:\WINDOWS\system32\dllcache\mqupgrd.dll
+ 2007-07-06 12:50:47 527,360 -c----w C:\WINDOWS\system32\dllcache\mqutil.dll
+ 2006-12-26 13:09:12 536,576 -c----w C:\WINDOWS\system32\dllcache\msado15.dll
+ 2006-12-26 13:09:12 180,224 -c----w C:\WINDOWS\system32\dllcache\msadomd.dll
+ 2006-12-26 13:09:12 200,704 -c----w C:\WINDOWS\system32\dllcache\msadox.dll
+ 2007-08-13 17:32:30 45,568 -c----w C:\WINDOWS\system32\dllcache\mshta.exe
- 2007-12-07 19:07:06 3,080,192 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-12-08 09:38:36 3,592,192 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-12-07 01:07:04 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-12-07 02:08:34 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-08-13 17:01:12 48,128 -c----w C:\WINDOWS\system32\dllcache\mshtmler.dll
+ 2006-12-26 13:09:12 102,400 -c----w C:\WINDOWS\system32\dllcache\msjro.dll
- 2001-08-28 12:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
+ 2007-08-13 17:54:10 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
- 2007-12-07 01:07:04 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-12-07 02:08:34 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-12-07 01:07:04 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-12-07 02:08:34 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
- 2004-08-19 15:09:36 1,236,480 -c--a-w C:\WINDOWS\system32\dllcache\msxml3.dll
+ 2007-06-26 06:09:14 1,104,896 -c--a-w C:\WINDOWS\system32\dllcache\msxml3.dll
+ 2007-02-28 16:02:21 2,138,112 -c----w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
+ 2007-02-28 16:02:36 2,059,648 -c----w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
+ 2007-02-28 16:02:21 2,017,792 -c----w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
+ 2007-02-28 16:02:36 2,182,400 -c----w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
- 2001-08-28 12:00:00 58,880 -c----w C:\WINDOWS\system32\dllcache\nwapi32.dll
+ 2006-10-13 12:36:55 64,000 -c----w C:\WINDOWS\system32\dllcache\nwapi32.dll
+ 2006-10-13 12:36:55 145,920 -c----w C:\WINDOWS\system32\dllcache\nwprovau.dll
+ 2006-10-13 10:23:15 163,584 -c----w C:\WINDOWS\system32\dllcache\nwrdr.sys
+ 2006-10-13 12:36:55 65,536 -c----w C:\WINDOWS\system32\dllcache\nwwks.dll
+ 2007-12-07 02:08:34 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2007-12-07 01:07:04 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-01-11 05:36:55 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2006-06-22 05:13:46 1,440,768 -c----w C:\WINDOWS\system32\dllcache\query.dll
- 2004-08-19 15:09:40 581,120 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
+ 2007-07-09 13:11:46 584,192 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
- 2006-03-17 04:07:40 8,508,416 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-25 16:56:24 8,510,976 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2006-12-19 21:49:47 135,168 -c----w C:\WINDOWS\system32\dllcache\shsvcs.dll
+ 2006-08-14 10:34:41 332,928 -c----w C:\WINDOWS\system32\dllcache\srv.sys
+ 2006-08-16 09:37:30 225,664 -c----w C:\WINDOWS\system32\dllcache\tcpip6.sys
- 2004-08-19 15:09:48 37,888 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2007-12-07 02:08:34 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2007-12-07 01:07:05 617,472 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-12-07 02:08:34 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-08-13 17:54:10 413,696 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2007-06-26 13:56:54 851,968 -c----w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-08-13 17:54:10 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll
+ 2007-12-07 02:08:34 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-12-07 01:07:05 663,552 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-12-07 02:08:34 824,832 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
- 2004-08-03 21:58:22 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
+ 2007-07-06 10:05:47 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
- 2004-08-03 22:02:24 163,584 ----a-w C:\WINDOWS\system32\drivers\nwrdr.sys
+ 2006-10-13 10:23:15 163,584 ----a-w C:\WINDOWS\system32\drivers\nwrdr.sys
- 2004-08-19 15:10:20 139,400 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
+ 2005-06-10 04:11:22 139,528 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
- 2004-08-03 22:14:46 336,256 ----a-w C:\WINDOWS\system32\drivers\srv.sys
+ 2006-08-14 10:34:41 332,928 ----a-w C:\WINDOWS\system32\drivers\srv.sys
- 2004-08-03 22:07:46 223,616 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
+ 2006-08-16 09:37:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
- 2007-12-07 01:07:03 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-12-19 22:53:23 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-12-07 01:07:03 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-12-07 02:08:32 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-12-07 01:07:04 55,808 ------w C:\WINDOWS\system32\extmgr.dll
+ 2007-12-07 02:08:32 133,120 ------w C:\WINDOWS\system32\extmgr.dll
+ 2007-12-07 02:08:32 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2006-06-29 07:05:44 26,112 ------w C:\WINDOWS\system32\idndl.dll
- 2004-08-19 15:09:56 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2007-12-06 11:02:31 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2004-08-19 15:09:28 139,264 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2007-12-07 02:08:32 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2004-08-19 15:09:28 221,696 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2007-12-07 02:08:32 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2001-08-28 12:00:00 245,760 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2007-12-06 04:59:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2007-12-07 02:08:32 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2004-08-19 15:09:28 323,584 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2007-12-07 02:08:32 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
- 2004-08-19 15:09:28 81,920 ------w C:\WINDOWS\system32\ieencode.dll
+ 2007-08-13 17:45:18 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2007-12-07 02:08:33 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-12-07 01:07:04 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-13 17:54:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2004-08-19 15:09:28 49,152 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2007-12-07 02:08:33 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2007-12-07 02:08:33 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2004-08-19 15:09:28 63,488 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-08-13 17:39:12 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-08-13 17:54:10 180,736 ------w C:\WINDOWS\system32\ieui.dll
- 2004-08-19 15:09:30 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2007-08-13 17:36:06 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2007-12-07 01:07:04 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-13 17:39:02 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-11-14 07:28:02 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-08-13 17:38:04 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-12-07 01:07:04 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-12-07 02:08:33 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
- 2004-08-19 15:09:32 294,400 ----a-w C:\WINDOWS\system32\kerberos.dll
+ 2005-06-15 17:50:31 295,936 ----a-w C:\WINDOWS\system32\kerberos.dll
+ 2008-03-20 17:06:36 1,480,232 ----a-w C:\WINDOWS\system32\LegitCheckControl.DLL
- 2004-08-19 15:09:32 22,528 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2007-08-13 17:44:18 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
- 2001-08-28 12:00:00 924,432 ----a-w C:\WINDOWS\system32\mfc40u.dll
+ 2006-11-01 19:18:42 927,504 ----a-w C:\WINDOWS\system32\mfc40u.dll
- 2004-08-19 15:09:32 1,024,000 ----a-w C:\WINDOWS\system32\mfc42u.dll
+ 2006-12-14 13:45:53 981,760 ----a-w C:\WINDOWS\system32\mfc42u.dll
- 2004-08-19 15:09:32 138,240 ----a-w C:\WINDOWS\system32\mqad.dll
+ 2007-07-06 12:50:47 138,240 ----a-w C:\WINDOWS\system32\mqad.dll
- 2004-08-19 15:09:32 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll
+ 2007-07-06 12:50:47 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll
- 2004-08-19 15:09:32 16,896 ----a-w C:\WINDOWS\system32\mqise.dll
+ 2007-07-06 12:50:47 16,896 ----a-w C:\WINDOWS\system32\mqise.dll
- 2004-08-19 15:09:32 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll
+ 2007-07-06 12:50:47 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll
- 2004-08-19 15:09:32 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll
+ 2007-07-06 12:50:47 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll
- 2004-08-19 15:09:32 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll
+ 2007-07-06 12:50:47 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll
- 2004-08-19 15:09:34 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll
+ 2007-07-06 12:50:47 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll
- 2004-08-19 15:09:34 527,360 ----a-w C:\WINDOWS\system32\mqutil.dll
+ 2007-07-06 12:50:47 527,360 ----a-w C:\WINDOWS\system32\mqutil.dll
+ 2008-03-05 07:30:56 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-12-07 02:08:33 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2007-12-07 02:08:33 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-08-13 17:36:40 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
- 2004-08-19 15:10:00 29,184 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2007-08-13 17:32:30 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
- 2007-12-07 19:07:06 3,080,192 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-12-08 09:38:36 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-12-07 01:07:04 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-12-07 02:08:34 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-19 15:08:28 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2007-08-13 17:01:12 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2001-08-28 12:00:00 146,432 ----a-w C:\WINDOWS\system32\msls31.dll
+ 2007-08-13 17:54:10 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
- 2007-12-07 01:07:04 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-12-07 02:08:34 193,024 ------w C:\WINDOWS\system32\msrating.dll
- 2007-12-07 01:07:04 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-12-07 02:08:34 671,232 ------w C:\WINDOWS\system32\mstime.dll
- 2004-08-19 15:09:36 1,236,480 ----a-w C:\WINDOWS\system32\msxml3.dll
+ 2007-06-26 06:09:14 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll
+ 2006-06-28 16:59:26 24,576 ------w C:\WINDOWS\system32\nlsdl.dll
+ 2006-06-29 07:05:44 23,552 ------w C:\WINDOWS\system32\normaliz.dll
- 2005-03-02 18:07:56 2,058,880 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
+ 2007-02-28 16:02:36 2,059,648 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
- 2005-03-02 18:08:06 2,181,376 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
+ 2007-02-28 16:02:36 2,182,400 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
- 2001-08-28 12:00:00 58,880 ----a-w C:\WINDOWS\system32\nwapi32.dll
+ 2006-10-13 12:36:55 64,000 ----a-w C:\WINDOWS\system32\nwapi32.dll
- 2004-08-19 15:09:38 147,968 ----a-w C:\WINDOWS\system32\nwprovau.dll
+ 2006-10-13 12:36:55 145,920 ----a-w C:\WINDOWS\system32\nwprovau.dll
- 2004-08-19 15:09:38 64,000 ----a-w C:\WINDOWS\system32\nwwks.dll
+ 2006-10-13 12:36:55 65,536 ----a-w C:\WINDOWS\system32\nwwks.dll
- 2004-08-19 15:09:38 97,280 ----a-w C:\WINDOWS\system32\occache.dll
+ 2007-12-07 02:08:34 102,912 ------w C:\WINDOWS\system32\occache.dll
- 2008-03-22 13:37:39 63,304 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-22 19:22:46 63,304 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-22 13:37:39 76,292 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-03-22 19:22:46 76,292 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-03-22 13:37:39 404,276 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-22 19:22:46 404,276 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-03-22 13:37:39 471,206 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-03-22 19:22:46 471,206 ----a-w C:\WINDOWS\system32\perfh00C.dat
- 2007-12-07 01:07:04 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-01-11 05:36:55 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2004-08-19 15:09:40 1,440,768 ----a-w C:\WINDOWS\system32\query.dll
+ 2006-06-22 05:13:46 1,440,768 ----a-w C:\WINDOWS\system32\query.dll
- 2004-08-19 15:09:40 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:11:46 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2006-03-17 04:07:40 8,508,416 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-25 16:56:24 8,510,976 ----a-w C:\WINDOWS\system32\shell32.dll
- 2004-08-19 15:09:42 135,168 ----a-w C:\WINDOWS\system32\shsvcs.dll
+ 2006-12-19 21:49:47 135,168 ----a-w C:\WINDOWS\system32\shsvcs.dll
- 2005-10-12 23:15:25 15,072 ------w C:\WINDOWS\system32\spmsg.dll
+ 2006-01-19 19:29:25 15,072 ------w C:\WINDOWS\system32\spmsg.dll
- 2004-08-19 15:10:04 57,856 ----a-w C:\WINDOWS\system32\spoolsv.exe
+ 2005-06-10 23:53:32 57,856 ----a-w C:\WINDOWS\system32\spoolsv.exe
- 2005-06-28 08:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-09-06 16:43:30 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2004-08-19 15:09:48 246,272 ----a-w C:\WINDOWS\system32\tapisrv.dll
+ 2005-07-08 16:28:58 249,344 ----a-w C:\WINDOWS\system32\tapisrv.dll
- 2004-08-19 15:09:48 37,888 ----a-w C:\WINDOWS\system32\url.dll
+ 2007-12-07 02:08:34 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-12-07 01:07:05 617,472 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-12-07 02:08:34 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-19 15:09:48 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-08-13 17:54:10 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2004-08-19 15:09:48 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
+ 2006-03-24 04:37:52 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
- 2004-08-19 15:09:48 281,600 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-12-07 02:08:34 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2004-08-19 15:09:48 67,584 ----a-w C:\WINDOWS\system32\webclnt.dll
+ 2006-01-04 03:35:11 68,096 ----a-w C:\WINDOWS\system32\webclnt.dll
+ 2007-08-13 17:45:16 206,336 ------w C:\WINDOWS\system32\WinFXDocObj.exe
- 2007-12-07 01:07:05 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-12-07 02:08:34 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2006-07-14 15:51:51 121,856 ------w C:\WINDOWS\system32\xmllite.dll
+ 2007-01-19 12:51:03 74,802 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
+ 2007-01-19 12:51:04 995,383 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll
+ 2007-01-19 12:51:04 1,011,774 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll
+ 2007-01-19 12:51:04 401,462 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft USB2"="mskav32.exe" []
"Jimruo"="C:\WINDOWS\System32\d?dplay.exe" [2001-08-28 13:00 59392]
"Creative Detector"="D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-10-05 08:52 98304]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe" [2006-03-10 08:07 667735]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-21 20:29 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2004-12-06 21:31 36975]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 16:06 406016]
"atwtusb"="atwtusb.exe" [2001-08-20 18:48 167936 C:\WINDOWS\system32\Atwtusb.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 21:10 339968]
"CloneCDTray"="d:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 20:21 57344]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57 282624]
"Zone Labs Client"="d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-07-09 12:42 968696]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2004-09-03 16:16 139264]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2006-12-28 15:09 4579328]
"MoneyStartUp10.0"="D:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 10:00 245810]
"AdobeVersionCue"="e:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-22 15:33 1732608]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 04:42 577536 C:\WINDOWS\soundman.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2007-01-17 17:01 496640]
"!AVG Anti-Spyware"="D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
"ioroxxo microsoft sux"="system32" [2008-03-23 11:18 0 C:\WINDOWS\system32]
"Microsoft USB2"="mskav32.exe" []
"Microsoft Update Machine"="MSlti32.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Microsoft USB2"="mskav32.exe" []

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acc‚l‚rateur de d‚marrage AutoCAD.lnk - C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe [2004-02-25 03:35:22 10872]
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-29 14:41:00 110592]
Assistant d'Acrobat.lnk - E:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 00:19:50 217193]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-19 22:41:38 125624]
MioSync.lnk - C:\Program Files\Mio Technology\MioSync\mioSync.exe [2007-10-21 12:51:51 647168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoUserNameInStartMenu"= 1 (0x1)
"NoInstrumentation"= 1 (0x1)
"NoStartMenuPinnedList"= 0 (0x0)
"ForceStartMenuLogoff"= 0 (0x0)
"NoViewOnDrive"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"FlashX"= {748E4F4D-12F1-492E-93E9-F2EF7FB47E5D} - C:\Program Files\Internet Explorer\shwol.dll [ ]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^CoreCenter.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^E-Compagnon.lnk]
backup=C:\WINDOWS\pss\E-Compagnon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Norton GoBack.lnk]
backup=C:\WINDOWS\pss\Norton GoBack.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^VIA RAID TOOL.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton SystemWorks]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Planificateur LiveUpdate automatique"=2 (0x2)
"GBPoll"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=3 (0x3)
"SBService"=2 (0x2)
"NProtectService"=2 (0x2)
"NPFMntor"=2 (0x2)
"navapsvc"=3 (0x3)
"LiveUpdate"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"BlueSoleil Hid Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Canon\\CSCLIB\\CDPROCMN.exe"=
"C:\\Program Files\\Canon\\CSCLIB\\CDPROC.exe"=
"D:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 hotcore2;hotcore2;C:\WINDOWS\system32\drivers\hotcore2.sys [2006-08-23 11:10]
R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 11:22]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 19:22]
R2 Dnscache;Client DNS;C:\WINDOWS\System32\svchost.exe [2004-08-19 16:10]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 10:58]
R3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-03 23:04]
S3 C-Dilla;C-Dilla;C:\WINDOWS\System32\drivers\CDANT.SYS [2005-03-05 19:49]
S3 HwIOctl;HwIOctl;d:\Program Files\Setup Files\MS-7021 v2.00\HwIOctl.sys []
S3 Memctl;Memctl;d:\Program Files\Setup Files\MS-7021 v2.00\Memctl.sys []
S3 sentemul;sentemul;C:\WINDOWS\system32\drivers\sentemul.sys [2003-03-24 17:06]
S3 SunkFilt62;Alcor Micro Corp - 6362;C:\WINDOWS\System32\Drivers\sunkfilt62.sys [2004-07-23 13:55]
S3 Usblink;Usblink Driver;C:\WINDOWS\system32\Drivers\ulink.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 utblfilt;utblfilt;C:\WINDOWS\system32\drivers\utblfilt.sys [2001-05-23 09:42]
S3 VNic;ULan Network Driver Module;C:\WINDOWS\system32\DRIVERS\VNic.sys []

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-28 10:07:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-07 11:39:43 C:\WINDOWS\Tasks\tplwoa.job"

__________________________________________________________________

le rapport elibagla

Sun Mar 23 11:46:10 2008
EliBagle v11.18 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Sun Mar 23 11:46:30 2008
EliBagle v11.18 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 5990
Nº Total de Ficheros: 68687
Nº de Ficheros Analizados: 16472
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
____________________________________________

le rapport bitdefender:
(par contre je n'ai pas vu la possibilité de faire un rapport avec les noms entiers)

BitDefender Online Scanner - Real Time Virus Report

Generated at: Sun, Mar 23, 2008 - 14:45:55

--------------------------------------------------------------------------------

Scan Info

Scanned Files
680986

Infected Files
3

Virus Detected

Packer.FSG.A
2

Dropped:Trojan.BHO.WebPrefix.A
1

--------------------------------------------------------------------------------

This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

Voila!

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 14

••RiverToo•• Messages postés 1098 Statut Membre 53

Peux tu reposter un rapport hijack mais au préalable l'avoir renomé Exemple HJT

Je vois qu'il n 'y a pas de ligne 02 ni 020 Peut etre une infection vundo

Merci @+

Réponse 6 / 14

kfqe

Voila le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:33, on 2008-03-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\windows\system32\svchost.exe
D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\system32\atwtusb.exe
D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\VIA\RAID\raid_tool.exe
E:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Mio Technology\MioSync\mioSync.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\spider.exe
C:\Documents and Settings\JP\Bureau\hijackthis\eden.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CloneCDTray] "d:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "D:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [AdobeVersionCue] e:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Microsoft USB2] mskav32.exe
O4 - HKCU\..\Run: [Jimruo] C:\WINDOWS\System32\d?dplay.exe
O4 - HKCU\..\Run: [Creative Detector] D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update Machine] MSlti32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Microsoft USB2] mskav32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Microsoft USB2] mskav32.exe (User 'Default user')
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = E:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - D:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101328997481
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O21 - SSODL: FlashX - {748E4F4D-12F1-492E-93E9-F2EF7FB47E5D} - C:\Program Files\Internet Explorer\shwol.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - E:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Réponse 7 / 14

••RiverToo•• Messages postés 1098 Statut Membre 53

Tu n'as pas renomé hijackthis ...

Refait un log et renome le !

Alors tu peux fixer ces lignes

O21 - SSODL: FlashX - {748E4F4D-12F1-492E-93E9-F2EF7FB47E5D} - C:\Program Files\Internet Explorer\shwol.dll (file missing)

voila j'attend ton nouveau rapport

kfqe

voila un rapport Hijack avant le fix de la ligne 21,
et un autre hijack1 après

Merci, A+

kfqe

Désolé avec les rapports c'est mieux !!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:33, on 2008-03-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\windows\system32\svchost.exe
D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\system32\atwtusb.exe
D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\VIA\RAID\raid_tool.exe
E:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Mio Technology\MioSync\mioSync.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\spider.exe
C:\Documents and Settings\JP\Bureau\hijackthis\eden.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CloneCDTray] "d:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "D:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [AdobeVersionCue] e:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Microsoft USB2] mskav32.exe
O4 - HKCU\..\Run: [Jimruo] C:\WINDOWS\System32\d?dplay.exe
O4 - HKCU\..\Run: [Creative Detector] D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update Machine] MSlti32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Microsoft USB2] mskav32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Microsoft USB2] mskav32.exe (User 'Default user')
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = E:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - D:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101328997481
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O21 - SSODL: FlashX - {748E4F4D-12F1-492E-93E9-F2EF7FB47E5D} - C:\Program Files\Internet Explorer\shwol.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - E:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Réponse 8 / 14

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

slt, tu as un rapport bitdefender qui donne le noms des fichiers inféctés???

KFQE

Slt,

Je ne vois pas ce que tu veux dire avec le rapport des fichiers infectés,

je n'ai que le rapport que j'ai posté précédement, y a t'il une configuration à faire avant de lancer Bitdefender?

KFQE

Voila ce que j'ai, je ne suis pas sûr que ce soit ce que tu me demandes, ça me parait bien petit, dis-moi si ça ne va pas.
__________________________________________

BitDefender Online Scanner - Real Time Virus Report

Generated at: Sun, Mar 23, 2008 - 14:45:55

--------------------------------------------------------------------------------

Scan Info

Scanned Files
680986

Infected Files
3

Virus Detected

Packer.FSG.A
2

Dropped:Trojan.BHO.WebPrefix.A
1

--------------------------------------------------------------------------------

This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

Réponse 9 / 14

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

il me faut le rapport qui donne le nom des infections et le nom des fichiers qui sont inféctés

Réponse 10 / 14

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

presque ca il manque le nom des fichiers inféctés

KFQE

OK, Voila j'ai relancé bit defender et j'ai réussi a sauvegarder le rapport

BitDefender Online Scanner -Scan ReportBitDefender Online Scanner
Scan report generated at: Sun, Mar 23, 2008 - 22:19:07

Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;

Statistics
Time02:05:47
Files669798
Folders12031
Boot Sectors8
Archives13311
Packed Files45073

Results
Identified Viruses 2
Infected Files 3
Suspect Files 0
Warnings0
Disinfected0
Deleted Files3

Engines Info
Virus Definitions1021883
Engine buildAVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins16
Archive plugins41
Unpack plugins7
E-mail plugins6
System plugins5

Scan Settings
First ActionPrompt
Second ActionNone
HeuristicsYes
Enable WarningsYes
Scanned Extensions*;
Exclude Extensions
Scan EmailsYes
Scan ArchivesYes
Scan PackedYes
Scan FilesYes
Scan BootYes

Scanned File Status
F:\telechargements\Microsoft Autoroute Express 2006
CD1.iso=>crackfix.exeInfected with: Dropped:Trojan.BHO.WebPrefix.A
F:\telechargements\Microsoft Autoroute Express 2006
CD1.iso=>crackfix.exeDeleted
F:\telechargements\Microsoft Autoroute Express 2006 CD1.isoUpdate
failed
F:\telechargements\Norton\Norton Internet 2005 - Norton System Works
(Ghost 9 Incluido) - Partition Magic v8.0 - KeyGens - By
Raymar.iso=>Norton Systemworks 2005 Premier/KEYGENs Norton
Systemworks 2005 Premium/Norton Ghost v9 KeyGen.exeInfected with:
Packer.FSG.A
F:\telechargements\Norton\Norton Internet 2005 - Norton System Works
(Ghost 9 Incluido) - Partition Magic v8.0 - KeyGens - By
Raymar.iso=>Norton Systemworks 2005 Premier/KEYGENs Norton
Systemworks 2005 Premium/Norton Ghost v9 KeyGen.exeDeleted
F:\telechargements\Norton\Norton Internet 2005 - Norton System Works
(Ghost 9 Incluido) - Partition Magic v8.0 - KeyGens - By
Raymar.isoUpdate failed
F:\telechargements\Norton\Norton Internet 2005 - Norton System Works
(Ghost 9 Incluido) - Partition Magic v8.0 - KeyGens - By
Raymar.iso=>Norton Systemworks 2005 Premier/KEYGENs Norton
Systemworks 2005 Premium/Norton SystemWork 2005 Premium
KeyGen.exeInfected with: Packer.FSG.A
F:\telechargements\Norton\Norton Internet 2005 - Norton System Works
(Ghost 9 Incluido) - Partition Magic v8.0 - KeyGens - By
Raymar.iso=>Norton Systemworks 2005 Premier/KEYGENs Norton
Systemworks 2005 Premium/Norton SystemWork 2005 Premium
KeyGen.exeDeleted
F:\telechargements\Norton\Norton Internet 2005 - Norton System Works
(Ghost 9 Incluido) - Partition Magic v8.0 - KeyGens - By
Raymar.isoUpdate failed

Réponse 11 / 14

••RiverToo•• Messages postés 1098 Statut Membre 53

KeyGens <<<<:::: voila d'ou vienne tes soucis

KFQE

Ok, Je viens d'effacer ces saletées de télechargements, qui d'ailleurs trainaient sur mon PC sans utilité, j'avais fini par les oublier dans ce dossier téléchargement.

Pense tu que le fait de les effacer soit suffisant, et ensuite que doit je metre en place pour eviter que cela se reproduise.

Merci
A+

Réponse 12 / 14

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

oui ca sufit,
mets recolle un hijakchits et dis tes soucis, et tu as quels antivirus?

KFQE

Voila le rapport, concernant l'antivirus, j'ai Norton System Works

_______________________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:05, on 24/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\windows\system32\services.exe
D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
D:\Program Files\realplayer\RealPlay.exe
C:\WINDOWS\system32\atwtusb.exe
D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\VIA\RAID\raid_tool.exe
E:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Mio Technology\MioSync\mioSync.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\JP\Bureau\eden\eden.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CloneCDTray] "d:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "D:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [AdobeVersionCue] e:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Microsoft USB2] mskav32.exe
O4 - HKCU\..\Run: [Jimruo] C:\WINDOWS\System32\d?dplay.exe
O4 - HKCU\..\Run: [Creative Detector] D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update Machine] MSlti32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Microsoft USB2] mskav32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Microsoft USB2] mskav32.exe (User 'Default user')
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = E:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - D:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101328997481
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - E:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Réponse 13 / 14

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

* Télécharge FixWareout d'un de ces deux sites sur le bureau:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

* Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

*Poste (Copie/colle) le contenu du rapport qui va s'afficher à l'écran (report.txt) dans ta prochaine réponse.

___________

mets a jour java comme indiqué ici:
https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/
___________

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
C:\WINDOWS\System32\d?dplay.exe
C:\WINDOWS\system32\atwtusb.exe

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

_________________
reinstalle norton

puis
Remets aussi un rapport Hijackthis

KFQE

Bonsoir,

Voici mes rapports après les différentes manip:

Escusez moi pour le délai de ma réponse, mais j'ai un emploi du temps chargé en ce moment

Merci d'avance pour vos réponses.

Username "JP" - 24/03/2008 20:49:29 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Cache de résolution DNS vidé.

System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Name of App"="C:\\Program Files\\SAMSUNG\\FW LiveUpdate\\Liveupdate.exe"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_01\\bin\\jusched.exe"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe"
"atwtusb"="atwtusb.exe beta"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"CloneCDTray"="\"d:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"QuickTime Task"="\"D:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Zone Labs Client"="\"d:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"Sunkist2k"="C:\\Program Files\\Multimedia Card Reader\\shwicon2k.exe"
"RaidTool"="C:\\Program Files\\VIA\\RAID\\raid_tool.exe"
"MoneyStartUp10.0"="\"D:\\Program Files\\Microsoft Money\\System\\Activation.exe\""
"AdobeVersionCue"="e:\\Program Files\\Adobe\\Adobe Version Cue\\ControlPanel\\VersionCueTray.exe"
"SoundMan"="SOUNDMAN.EXE"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"LiveMonitor"="C:\\Program Files\\MSI\\Live Update 3\\LMonitor.exe"
"!AVG Anti-Spyware"="\"D:\\Program Files\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"Microsoft USB2"="mskav32.exe"
"Jimruo"="C:\\WINDOWS\\System32\\d?dplay.exe"
"Creative Detector"="D:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

----------------------------------------------------------

ComboFix 08-03-24.1 - JP 2008-03-24 22:06:11.10 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.145 [GMT 1:00]
Endroit: C:\Documents and Settings\JP\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\JP\Bureau\CFscript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\dialers
C:\WINDOWS\install.exe
C:\WINDOWS\secure32.html
C:\WINDOWS\tool1.exe
C:\WINDOWS\tool2.exe
C:\WINDOWS\tool3.exe
C:\WINDOWS\tool4.exe
C:\WINDOWS\tool5.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_npf

((((((((((((((((((((((((((((( Fichiers créés 2008-02-24 to 2008-03-24 ))))))))))))))))))))))))))))))))))))
.

2008-03-24 21:57 . 2008-03-24 22:01 <REP> d-------- C:\KillBagle
2008-03-24 20:49 . 2008-03-24 20:54 <REP> d-------- C:\fixwareout
2008-03-22 22:59 . 2008-03-22 23:00 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-03-22 22:52 . 2007-12-07 03:08 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-22 22:52 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-22 22:52 . 2007-07-01 04:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-22 22:52 . 2007-12-07 03:08 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-22 22:52 . 2007-12-07 03:08 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-22 22:52 . 2007-12-07 03:08 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-22 22:52 . 2007-12-07 03:08 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-22 22:52 . 2007-12-07 03:08 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-22 22:52 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-22 20:29 . 2008-03-24 06:21 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-03-22 18:54 . 2008-03-22 18:54 <REP> d-------- C:\Documents and Settings\JP\Application Data\Grisoft
2008-03-22 18:54 . 2008-03-22 18:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-22 18:54 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-22 18:44 . 2008-03-22 18:50 3,398 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-20 23:27 . 2008-03-20 23:27 <REP> d-------- C:\WINDOWS\ERUNT
2008-03-20 11:03 . 2008-03-20 11:02 36,135,009 --a------ C:\WINDOWS\LPT$VPN.177
2008-03-20 11:02 . 2008-03-20 11:02 36,135,009 --a------ C:\WINDOWS\VPTNFILE.177
2008-03-20 11:01 . 2008-03-20 11:02 <REP> d-------- C:\WINDOWS\AU_Temp
2008-03-19 22:41 . 2008-03-24 20:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-19 10:19 . 2007-12-07 02:07 1,056,768 -----c--- C:\WINDOWS\system32\dllcache\danim.dll
2008-03-18 18:47 . 2008-03-18 18:47 58,368 --a------ C:\sysucmw.exe
2008-02-26 20:59 . 2008-03-18 21:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-26 20:59 . 2008-02-26 20:59 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-24 20:16 155,995 ----a-w C:\WINDOWS\java\Packages\3TFLZL7D.ZIP
2008-03-22 15:48 49,675,709 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-20 10:02 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2008-03-20 10:02 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-03-20 10:02 333,576 ----a-w C:\WINDOWS\tsc.exe
2008-03-20 10:02 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2008-03-19 21:43 --------- d-----w C:\Program Files\Google
2008-03-05 22:08 1,050,624 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-02-21 10:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-12 20:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-02-10 22:10 7,172,608 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-08-23 17:23 20,335,175 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_08_23_19_21_36_full.dmp.zip
2007-08-15 06:19 3,579,392 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2007-08-15 06:19 2,689,024 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2007-04-13 04:54 750,080 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2007-02-17 18:09 2,630,656 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2006-10-26 11:13 3,023,872 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2006-08-23 20:36 466,432 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2006-07-17 01:13 3,268,096 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2006-02-07 08:13 2,833,920 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2005-05-29 15:33 33,076 ----a-w C:\WINDOWS\Fonts\swenson.zip
2005-05-29 15:31 24,704 ----a-w C:\WINDOWS\Fonts\gino_school_script.zip
2005-05-29 15:30 25,815 ----a-w C:\WINDOWS\Fonts\dj_fancy.zip
2005-05-29 15:30 173,188 ----a-w C:\WINDOWS\Fonts\ecolier.zip
2005-05-29 15:30 14,276 ----a-w C:\WINDOWS\Fonts\alamain.zip
2005-10-02 20:46 32 --sha-w C:\WINDOWS\{03137D8B-F326-4E74-A83D-140715725461}.dat
2005-10-02 20:46 32 --sha-w C:\WINDOWS\{2D64B5ED-151D-4250-B607-F455BC2D6427}.dat
2005-10-02 20:48 32 --sha-w C:\WINDOWS\{4185A139-059B-4420-9EA9-D7257FD89F54}.dat
2005-10-02 20:46 32 --sha-w C:\WINDOWS\{D2EF6E64-BBD4-4603-8911-175D003B64DE}.dat
2005-10-02 20:46 32 --sha-w C:\WINDOWS\system32\{29B6D253-670C-4D80-95D0-8A478F34661C}.dat
2005-10-02 20:48 32 --sha-w C:\WINDOWS\system32\{63EF0718-3114-48A0-83F2-560D7B246AB6}.dat
2005-10-02 20:46 32 --sha-w C:\WINDOWS\system32\{6BE5588B-B189-4525-9F51-C6AD96486487}.dat
2005-10-02 20:46 32 --sha-w C:\WINDOWS\system32\{9C82FE7C-B24F-4266-8603-5A6EE2806EB8}.dat
.

((((((((((((((((((((((((((((( snapshot_2008-03-23_11.19.21,60 )))))))))))))))))))))))))))))))))))))))))
.
+ 2002-10-17 18:08:12 6,550 ----a-w C:\WINDOWS\jautoexp.dat
+ 2002-10-17 19:44:56 46,352 ----a-w C:\WINDOWS\setdebug.exe
+ 2002-10-17 19:44:48 49,424 ----a-w C:\WINDOWS\system32\clspack.exe
+ 2002-10-17 18:07:28 313,856 ----a-w C:\WINDOWS\system32\dx3j.dll
+ 2002-10-17 19:44:36 187,152 ----a-w C:\WINDOWS\system32\javacypt.dll
+ 2002-10-17 19:44:36 139,536 ----a-w C:\WINDOWS\system32\javaee.dll
+ 2002-10-17 19:44:38 63,248 ----a-w C:\WINDOWS\system32\javaprxy.dll
+ 2002-10-17 19:44:38 404,752 ----a-w C:\WINDOWS\system32\javart.dll
+ 2002-10-17 19:44:54 15,120 ----a-w C:\WINDOWS\system32\jdbgmgr.exe
+ 2002-10-17 19:44:38 171,280 ----a-w C:\WINDOWS\system32\jit.dll
+ 2002-10-17 19:44:54 172,304 ----a-w C:\WINDOWS\system32\jview.exe
+ 2002-10-17 19:44:40 154,384 ----a-w C:\WINDOWS\system32\msawt.dll
+ 2002-10-17 19:44:48 947,984 ----a-w C:\WINDOWS\system32\msjava.dll
+ 2002-10-17 19:44:48 21,264 ----a-w C:\WINDOWS\system32\msjdbc10.dll
+ 2002-10-17 19:44:48 286,992 ----a-w C:\WINDOWS\system32\vmhelper.dll
+ 2002-10-17 19:44:56 171,792 ----a-w C:\WINDOWS\system32\wjview.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft USB2"="mskav32.exe" []
"Jimruo"="C:\WINDOWS\System32\d?dplay.exe" [2001-08-28 13:00 59392]
"Creative Detector"="D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-10-05 08:52 98304]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe" [2006-03-10 08:07 667735]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-21 20:29 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2004-12-06 21:31 36975]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 16:06 406016]
"atwtusb"="atwtusb.exe" [2001-08-20 18:48 167936 C:\WINDOWS\system32\Atwtusb.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 21:10 339968]
"CloneCDTray"="d:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 20:21 57344]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57 282624]
"Zone Labs Client"="d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-07-09 12:42 968696]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2004-09-03 16:16 139264]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2006-12-28 15:09 4579328]
"MoneyStartUp10.0"="D:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 10:00 245810]
"AdobeVersionCue"="e:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-22 15:33 1732608]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 04:42 577536 C:\WINDOWS\soundman.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2007-01-17 17:01 496640]
"!AVG Anti-Spyware"="D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
"ioroxxo microsoft sux"="system32" [2008-03-24 22:15 0 C:\WINDOWS\system32]
"Microsoft USB2"="mskav32.exe" []
"Microsoft Update Machine"="MSlti32.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Microsoft USB2"="mskav32.exe" []

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acc‚l‚rateur de d‚marrage AutoCAD.lnk - C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe [2004-02-25 03:35:22 10872]
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-29 14:41:00 110592]
Assistant d'Acrobat.lnk - E:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 00:19:50 217193]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-19 22:41:38 125624]
MioSync.lnk - C:\Program Files\Mio Technology\MioSync\mioSync.exe [2007-10-21 12:51:51 647168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoUserNameInStartMenu"= 1 (0x1)
"NoInstrumentation"= 1 (0x1)
"NoStartMenuPinnedList"= 0 (0x0)
"ForceStartMenuLogoff"= 0 (0x0)
"NoViewOnDrive"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^CoreCenter.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^E-Compagnon.lnk]
backup=C:\WINDOWS\pss\E-Compagnon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Norton GoBack.lnk]
backup=C:\WINDOWS\pss\Norton GoBack.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^VIA RAID TOOL.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton SystemWorks]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Planificateur LiveUpdate automatique"=2 (0x2)
"GBPoll"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=3 (0x3)
"SBService"=2 (0x2)
"NProtectService"=2 (0x2)
"NPFMntor"=2 (0x2)
"navapsvc"=3 (0x3)
"LiveUpdate"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"BlueSoleil Hid Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Canon\\CSCLIB\\CDPROCMN.exe"=
"C:\\Program Files\\Canon\\CSCLIB\\CDPROC.exe"=
"D:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 hotcore2;hotcore2;C:\WINDOWS\system32\drivers\hotcore2.sys [2006-08-23 11:10]
R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 11:22]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 19:22]
R2 Dnscache;Client DNS;C:\WINDOWS\System32\svchost.exe [2004-08-19 16:10]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 10:58]
R3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-03 23:04]
S3 C-Dilla;C-Dilla;C:\WINDOWS\System32\drivers\CDANT.SYS [2005-03-05 19:49]
S3 HwIOctl;HwIOctl;d:\Program Files\Setup Files\MS-7021 v2.00\HwIOctl.sys []
S3 Memctl;Memctl;d:\Program Files\Setup Files\MS-7021 v2.00\Memctl.sys []
S3 sentemul;sentemul;C:\WINDOWS\system32\drivers\sentemul.sys [2003-03-24 17:06]
S3 SunkFilt62;Alcor Micro Corp - 6362;C:\WINDOWS\System32\Drivers\sunkfilt62.sys [2004-07-23 13:55]
S3 Usblink;Usblink Driver;C:\WINDOWS\system32\Drivers\ulink.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 utblfilt;utblfilt;C:\WINDOWS\system32\drivers\utblfilt.sys [2001-05-23 09:42]
S3 VNic;ULan Network Driver Module;C:\WINDOWS\system32\DRIVERS\VNic.sys []

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-28 10:07:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-07 11:39:43 C:\WINDOWS\Tasks\tplwoa.job"
_________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:35, on 2008-03-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\windows\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\system32\atwtusb.exe
D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
D:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\VIA\RAID\raid_tool.exe
d:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
E:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
E:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Mio Technology\MioSync\mioSync.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
D:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\realplayer\RealPlay.exe
C:\WINDOWS\system32\NOTEPAD.EXE
d:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CloneCDTray] "d:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "D:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [AdobeVersionCue] e:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKCU\..\Run: [Microsoft USB2] mskav32.exe
O4 - HKCU\..\Run: [Jimruo] C:\WINDOWS\System32\d?dplay.exe
O4 - HKCU\..\Run: [Creative Detector] D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update Machine] MSlti32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Microsoft USB2] mskav32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Microsoft USB2] mskav32.exe (User 'Default user')
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = E:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
O4 - Global Startup: Norton GoBack.lnk = D:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - D:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101328997481
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - E:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - d:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Réponse 14 / 14

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

recolle un nouveau rapport sdfix et explique aussi tes soucis actuels

Discussions similaires

Clip avec des cannards qui attaques des raccailles style techno

Aide svp modification mot de passe impossible attaque par dictionnaire

comment regarder l'attaque des titans saison 1 en streaming ?

Tentative d'attaque

[Serveur] Attaque Ddos.

Help me!!!! Braviax attaque

14 réponses

Votre réponse

Discussions similaires

Newsletters