Infection probable ?

DACINJO -  
sKe69 Messages postés 21955 Statut Contributeur sécurité -
Bonjour,
Salut,
Je supose être infecté car
Ordinateur rame beaucoup
Plein de pub pour Anti virus, Casino, ect ect
Mon Anti virus Avast m'a prévenu qu'un virus était dans mon PC
Qu'en pensez vous ?
Que dois je faire ?
Merci à ceux qui me répondront
Configuration: Windows XP
Internet Explorer 6.0

12 réponses

  1. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
     
    on commence :
    Télécharges VirtumundoBegone sur ton bureau:
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    !!Ce déconnecter et fermer toute ces applications le temps de la manipe !!

    Double cliquer sur VirtumundoBeGone.exe et suivre les instructions.
    Une fois terminé, redémarrer le PC, le rapport VBG.TXT sera crée sur le bureau .
    (Si un message Ecran bleu "Erreur fatale" apparaît, pas d’inquiétude car c'est normal et attendu).

    Postes le rapport VBG accompagné d'un nouveau rapport Hijackthis pour analyse ...
    1
    1. DACINJO
       
      Ci dessous rapport VBG

      [05/15/2008, 18:29:18] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\HENRY\Bureau\VirtumundoBeGone.exe" )
      [05/15/2008, 18:29:30] - Detected System Information:
      [05/15/2008, 18:29:30] - Windows Version: 5.1.2600, Service Pack 2
      [05/15/2008, 18:29:30] - Current Username: HENRY (Admin)
      [05/15/2008, 18:29:30] - Windows is in NORMAL mode.
      [05/15/2008, 18:29:30] - Searching for Browser Helper Objects:
      [05/15/2008, 18:29:30] - BHO 1: {2FD12ED9-D07B-46AE-81FC-91E4B302E821} ()
      [05/15/2008, 18:29:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/15/2008, 18:29:30] - Checking for HKLM\...\Winlogon\Notify\vtUnmJCv
      [05/15/2008, 18:29:30] - Key not found: HKLM\...\Winlogon\Notify\vtUnmJCv, continuing.
      [05/15/2008, 18:29:30] - BHO 2: {7544888b-2977-492d-9291-077c4f9fc5d2} ()
      [05/15/2008, 18:29:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/15/2008, 18:29:30] - Checking for HKLM\...\Winlogon\Notify\sttneojm
      [05/15/2008, 18:29:30] - Key not found: HKLM\...\Winlogon\Notify\sttneojm, continuing.
      [05/15/2008, 18:29:30] - BHO 3: {F9DF827A-8FA7-48A3-B268-CA4DB563EA40} ()
      [05/15/2008, 18:29:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/15/2008, 18:29:30] - Checking for HKLM\...\Winlogon\Notify\urqNDUkl
      [05/15/2008, 18:29:30] - Found: HKLM\...\Winlogon\Notify\urqNDUkl - This is probably Virtumundo.
      [05/15/2008, 18:29:30] - Assigning {F9DF827A-8FA7-48A3-B268-CA4DB563EA40} MSEvents Object
      [05/15/2008, 18:29:30] - BHO list has been changed! Starting over...
      [05/15/2008, 18:29:30] - BHO 1: {2FD12ED9-D07B-46AE-81FC-91E4B302E821} ()
      [05/15/2008, 18:29:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/15/2008, 18:29:31] - Checking for HKLM\...\Winlogon\Notify\vtUnmJCv
      [05/15/2008, 18:29:31] - Key not found: HKLM\...\Winlogon\Notify\vtUnmJCv, continuing.
      [05/15/2008, 18:29:31] - BHO 2: {7544888b-2977-492d-9291-077c4f9fc5d2} ()
      [05/15/2008, 18:29:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/15/2008, 18:29:31] - Checking for HKLM\...\Winlogon\Notify\sttneojm
      [05/15/2008, 18:29:31] - Key not found: HKLM\...\Winlogon\Notify\sttneojm, continuing.
      [05/15/2008, 18:29:31] - BHO 3: {F9DF827A-8FA7-48A3-B268-CA4DB563EA40} (MSEvents Object)
      [05/15/2008, 18:29:31] - ALERT: Found MSEvents Object!
      [05/15/2008, 18:29:31] - Finished Searching Browser Helper Objects
      [05/15/2008, 18:29:31] - *** Detected MSEvents Object
      [05/15/2008, 18:29:31] - Trying to remove MSEvents Object...
      [05/15/2008, 18:29:32] - Terminating Process: IEXPLORE.EXE
      [05/15/2008, 18:29:33] - Terminating Process: RUNDLL32.EXE
      [05/15/2008, 18:29:33] - Disabling Automatic Shell Restart
      [05/15/2008, 18:29:33] - Terminating Process: EXPLORER.EXE
      [05/15/2008, 18:29:33] - Suspending the NT Session Manager System Service
      [05/15/2008, 18:29:34] - Terminating Windows NT Logon/Logoff Manager
      [05/15/2008, 18:29:34] - Re-enabling Automatic Shell Restart
      [05/15/2008, 18:29:34] - File to disable: C:\WINDOWS\system32\urqNDUkl.dll
      [05/15/2008, 18:29:34] - Renaming C:\WINDOWS\system32\urqNDUkl.dll -> C:\WINDOWS\system32\urqNDUkl.dll.vir
      [05/15/2008, 18:29:35] - File successfully renamed!
      [05/15/2008, 18:29:35] - Removing HKLM\...\Browser Helper Objects\{F9DF827A-8FA7-48A3-B268-CA4DB563EA40}
      [05/15/2008, 18:29:35] - Removing HKCR\CLSID\{F9DF827A-8FA7-48A3-B268-CA4DB563EA40}
      [05/15/2008, 18:29:35] - Adding Kill Bit for ActiveX for GUID: {F9DF827A-8FA7-48A3-B268-CA4DB563EA40}
      [05/15/2008, 18:29:35] - Deleting ATLEvents/MSEvents Registry entries
      [05/15/2008, 18:29:35] - Removing HKLM\...\Winlogon\Notify\urqNDUkl
      [05/15/2008, 18:29:35] - Searching for Browser Helper Objects:
      [05/15/2008, 18:29:35] - BHO 1: {2FD12ED9-D07B-46AE-81FC-91E4B302E821} ()
      [05/15/2008, 18:29:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/15/2008, 18:29:35] - Checking for HKLM\...\Winlogon\Notify\vtUnmJCv
      [05/15/2008, 18:29:35] - Key not found: HKLM\...\Winlogon\Notify\vtUnmJCv, continuing.
      [05/15/2008, 18:29:35] - BHO 2: {7544888b-2977-492d-9291-077c4f9fc5d2} ()
      [05/15/2008, 18:29:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/15/2008, 18:29:35] - Checking for HKLM\...\Winlogon\Notify\sttneojm
      [05/15/2008, 18:29:36] - Key not found: HKLM\...\Winlogon\Notify\sttneojm, continuing.
      [05/15/2008, 18:29:36] - Finished Searching Browser Helper Objects
      [05/15/2008, 18:29:36] - Finishing up...
      [05/15/2008, 18:29:36] - A restart is needed.
      [05/15/2008, 18:29:36] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
      [05/15/2008, 18:29:48] - Attempting to Restart via STOP error (Blue Screen!)

      et
      Rapport monjack
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 18:37:49, on 15/05/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\system32\Rundll32.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\Program Files\Trend Micro\HijackThis\monjack.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: {2d5cf9f4-c770-1929-d294-7792b8884457} - {7544888b-2977-492d-9291-077c4f9fc5d2} - C:\WINDOWS\system32\sttneojm.dll
      O2 - BHO: (no name) - {E970FA61-5CEF-41D5-BFDB-413520BC87CE} - C:\WINDOWS\system32\vtUnmJCv.dll
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [00fd4e5e] rundll32.exe "C:\WINDOWS\system32\llkbwbcd.dll",b
      O4 - HKLM\..\Run: [BM03ce7dc2] Rundll32.exe "C:\WINDOWS\system32\plyjxfds.dll",s
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
      O15 - Trusted Zone: *.amaena.com
      O15 - Trusted Zone: *.avsystemcare.com
      O15 - Trusted Zone: *.gomyhit.com
      O15 - Trusted Zone: *.imageservr.com
      O15 - Trusted Zone: *.imagesrvr.com
      O15 - Trusted Zone: *.onerateld.com
      O15 - Trusted Zone: *.safetydownload.com
      O15 - Trusted Zone: *.storageguardsoft.com
      O15 - Trusted Zone: *.trustedantivirus.com
      O15 - Trusted Zone: *.virusschlacht.com
      O15 - Trusted Zone: *.amaena.com (HKLM)
      O15 - Trusted Zone: *.avsystemcare.com (HKLM)
      O15 - Trusted Zone: *.gomyhit.com (HKLM)
      O15 - Trusted Zone: *.imageservr.com (HKLM)
      O15 - Trusted Zone: *.imagesrvr.com (HKLM)
      O15 - Trusted Zone: *.onerateld.com (HKLM)
      O15 - Trusted Zone: *.safetydownload.com (HKLM)
      O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
      O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
      O15 - Trusted Zone: *.virusschlacht.com (HKLM)
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      0
  2. sasukedu91 Messages postés 437 Statut Membre 2
     
    si tu a avast fait un scan
    0
  3. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
     
    salut,
    Télécharges et instales le logiciel HijackThis :

    ftp://ftp.commentcamarche.com/download/HJTInstall.exe

    Important :
    1-Faire un click droit sur le lien ci-dessus et choisir "enregistrer la cible sous ... " et renommer Hijackthis en "thejack" .

    Cliker sur thejack.exe pour lancer l'instale . laisses toi guider et instale le à l'endroit par défaut ( C\: programme file \ ) .
    A la fin tu doit avoir un raccouci sur ton bureau et aussi un cheminement comme : "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe " .

    2-Renommer le prg HijackThis :
    dans "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe", clik droit sur ce dernier et choisis "renommer" : tapes monjack et valide .

    tuto pour l’utiliser
    regarde ici c'est parfaitement expliqué en images
    http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

    !!Déconnectes toi et fermes toute tes applications en cours !!

    Double clik sur le raccourci du bureau,
    Fais un scan monjack (ou HijackThis renommé) et postes le rapport générer pour analyse ...
    0
    1. DACINJO
       
      Voila je crois que j'ai réussi à faire ce que tu m'a dit ???
      Merci de tes conseils


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 18:03:11, on 15/05/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [BM03ce7dc2] Rundll32.exe "C:\WINDOWS\system32\plyjxfds.dll",s
      O4 - HKLM\..\Run: [00fd4e5e] rundll32.exe "C:\WINDOWS\system32\llkbwbcd.dll",b
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
      O15 - Trusted Zone: *.amaena.com
      O15 - Trusted Zone: *.avsystemcare.com
      O15 - Trusted Zone: *.gomyhit.com
      O15 - Trusted Zone: *.imageservr.com
      O15 - Trusted Zone: *.imagesrvr.com
      O15 - Trusted Zone: *.onerateld.com
      O15 - Trusted Zone: *.safetydownload.com
      O15 - Trusted Zone: *.storageguardsoft.com
      O15 - Trusted Zone: *.trustedantivirus.com
      O15 - Trusted Zone: *.virusschlacht.com
      O15 - Trusted Zone: *.amaena.com (HKLM)
      O15 - Trusted Zone: *.avsystemcare.com (HKLM)
      O15 - Trusted Zone: *.gomyhit.com (HKLM)
      O15 - Trusted Zone: *.imageservr.com (HKLM)
      O15 - Trusted Zone: *.imagesrvr.com (HKLM)
      O15 - Trusted Zone: *.onerateld.com (HKLM)
      O15 - Trusted Zone: *.safetydownload.com (HKLM)
      O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
      O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
      O15 - Trusted Zone: *.virusschlacht.com (HKLM)
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      0
  4. polo255 Messages postés 712 Statut Membre 50
     
    fait un scan disc avec avast et des que sa te dit que ta un virus tu le supprime. si tout c'est bien passer ton ordi devrait aller plus vite
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
     
    pas tout à fait ;)
    rends toi sur ton PC ici : "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe" <---clik droit sur ce dernier et choisis "renommer" : tapes monjack et valide .

    refait un scan hijack ( ou monjack ... ) et postes le nouveau rapport obtenu ...
    0
    1. DACINJO
       
      Désolé, je suis pas un As en informatique
      Merci

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 18:13:54, on 15/05/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Trend Micro\HijackThis\monjack.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: (no name) - {2FD12ED9-D07B-46AE-81FC-91E4B302E821} - C:\WINDOWS\system32\vtUnmJCv.dll
      O2 - BHO: {2d5cf9f4-c770-1929-d294-7792b8884457} - {7544888b-2977-492d-9291-077c4f9fc5d2} - C:\WINDOWS\system32\sttneojm.dll
      O2 - BHO: (no name) - {F9DF827A-8FA7-48A3-B268-CA4DB563EA40} - C:\WINDOWS\system32\urqNDUkl.dll
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [BM03ce7dc2] Rundll32.exe "C:\WINDOWS\system32\plyjxfds.dll",s
      O4 - HKLM\..\Run: [00fd4e5e] rundll32.exe "C:\WINDOWS\system32\llkbwbcd.dll",b
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
      O15 - Trusted Zone: *.amaena.com
      O15 - Trusted Zone: *.avsystemcare.com
      O15 - Trusted Zone: *.gomyhit.com
      O15 - Trusted Zone: *.imageservr.com
      O15 - Trusted Zone: *.imagesrvr.com
      O15 - Trusted Zone: *.onerateld.com
      O15 - Trusted Zone: *.safetydownload.com
      O15 - Trusted Zone: *.storageguardsoft.com
      O15 - Trusted Zone: *.trustedantivirus.com
      O15 - Trusted Zone: *.virusschlacht.com
      O15 - Trusted Zone: *.amaena.com (HKLM)
      O15 - Trusted Zone: *.avsystemcare.com (HKLM)
      O15 - Trusted Zone: *.gomyhit.com (HKLM)
      O15 - Trusted Zone: *.imageservr.com (HKLM)
      O15 - Trusted Zone: *.imagesrvr.com (HKLM)
      O15 - Trusted Zone: *.onerateld.com (HKLM)
      O15 - Trusted Zone: *.safetydownload.com (HKLM)
      O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
      O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
      O15 - Trusted Zone: *.virusschlacht.com (HKLM)
      O20 - Winlogon Notify: urqNDUkl - C:\WINDOWS\SYSTEM32\urqNDUkl.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      0
  7. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
     
    Télécharges ComboFix (par sUBs) sur ton Bureau :
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe <--- clik droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix et valide .

    Démarrer en mode sans echec :
    Comment aller en Mode sans échec
    1) Redémarres ton ordi
    2) Tapotes la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
    3) Tu verras un écran avec options de démarrage apparaître
    4) Choisis la première option : Sans Échec, et valide avec "Entrée"
    5) Choisis ton compte habituel, et non Administrateur (si besoin ... )
    (attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreur ...)
    Double cliquer combofix.exe.

    Appuyer sur la touche Y (Yes) pour démarrer le scan .

    Attention : n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
    ---> si un message d'erreur windows apparait à un momment , clik sur la croix en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! )

    Le rapport sera crée dans: C:\Combofix.txt

    Redémarres ton PC ( mode normal )
    Postes le rapport combo fix et un nouveau rapport hijackthis pour analyse ...
    0
    1. DACINJO
       
      Merci sKe69

      Ai recu message Avast intrusion Win32 privacy Set Troj

      Sinon voici les rapport
      ComboFix 08-05-12.1 - HENRY 2008-05-15 18:52:02.1 - NTFSx86 MINIMAL
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.626 [GMT 2:00]
      Endroit: C:\Documents and Settings\HENRY\Bureau\C-Fix.exe

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
      C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
      C:\WINDOWS\cookies.ini
      C:\WINDOWS\pskt.ini
      C:\WINDOWS\system32\ctsdpxqp.ini
      C:\WINDOWS\system32\dcbwbkll.ini
      C:\WINDOWS\system32\gnqepiwg.ini
      C:\WINDOWS\system32\gwmhpqmo.ini
      C:\WINDOWS\system32\hirmrlpn.ini
      C:\WINDOWS\system32\kpeidwbu.ini
      C:\WINDOWS\system32\mcrh.tmp
      C:\WINDOWS\system32\pac.txt
      C:\WINDOWS\system32\suoymttm.ini
      C:\WINDOWS\system32\vCJmnUtv.ini
      C:\WINDOWS\system32\vCJmnUtv.ini2
      C:\WINDOWS\system32\winntify.exe

      ----- BITS: Possible sites infect‚s -----

      hxxp://www.lookme.biz
      .
      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))))))))
      .

      2008-05-15 19:04 . 2008-05-15 19:04 294 ---hs---- C:\WINDOWS\system32\dcbwbkll.ini
      2008-05-15 17:59 . 2008-05-15 17:59 <REP> d-------- C:\Program Files\Trend Micro
      2008-05-15 17:57 . 2008-05-15 17:57 812,344 --a------ C:\Program Files\monjack.exe
      2008-05-15 17:44 . 2008-05-15 17:44 116,736 --a------ C:\WINDOWS\system32\llkbwbcd.dll
      2008-05-15 17:38 . 2008-05-15 17:38 133,632 --a------ C:\WINDOWS\system32\sttneojm.dll
      2008-05-15 17:35 . 2008-05-15 17:35 126,464 --a------ C:\WINDOWS\system32\plyjxfds.dll
      2008-05-14 14:19 . 2008-05-14 14:19 2,048 --a------ C:\WINDOWS\system32\hviiyqtd.exe
      2008-05-14 14:16 . 2008-05-14 14:16 133,632 --a------ C:\WINDOWS\system32\ribpbpdw.dll
      2008-05-14 14:13 . 2008-05-14 14:13 115,200 --a------ C:\WINDOWS\system32\omqphmwg.dll
      2008-05-14 14:07 . 2008-05-14 14:07 125,952 --a------ C:\WINDOWS\system32\ircrviyp.dll
      2008-05-13 14:11 . 2008-05-13 14:11 132,096 --a------ C:\WINDOWS\system32\eoqeshrd.dll
      2008-05-13 14:11 . 2008-05-13 14:11 2,048 --a------ C:\WINDOWS\system32\nbvclnky.exe
      2008-05-13 14:08 . 2008-05-13 14:08 124,416 --a------ C:\WINDOWS\system32\adrkponl.dll
      2008-05-12 14:10 . 2008-05-12 14:10 132,608 --a------ C:\WINDOWS\system32\jwlmtnhi.dll
      2008-05-12 14:07 . 2008-05-12 14:07 124,416 --a------ C:\WINDOWS\system32\impwwnmv.dll
      2008-05-12 14:07 . 2008-05-12 14:07 2,048 --a------ C:\WINDOWS\system32\ttbqpdjm.exe
      2008-05-11 14:10 . 2008-05-11 14:10 2,048 --a------ C:\WINDOWS\system32\ltyberje.exe
      2008-05-11 14:07 . 2008-05-11 14:07 134,656 --a------ C:\WINDOWS\system32\qffmllvk.dll
      2008-05-11 14:06 . 2008-05-11 14:06 125,440 --a------ C:\WINDOWS\system32\agwoslss.dll
      2008-05-10 01:03 . 2008-05-10 01:03 133,632 --a------ C:\WINDOWS\system32\ydyrsybl.dll
      2008-05-10 01:00 . 2008-05-10 01:00 2,048 --a------ C:\WINDOWS\system32\ffuhgbyx.exe
      2008-05-10 00:54 . 2008-05-10 00:54 125,440 --a------ C:\WINDOWS\system32\twjeyuuy.dll
      2008-05-09 23:50 . 2008-05-09 23:50 134,144 --a------ C:\WINDOWS\system32\xahyghnd.dll
      2008-05-08 22:01 . 2008-05-08 22:01 <REP> d-------- C:\WINDOWS\system32\sX1
      2008-05-08 22:01 . 2008-05-08 22:01 371,712 --a------ C:\WINDOWS\system32\vtUnmJCv.dll
      2008-05-08 22:00 . 2008-05-08 22:00 52,736 --a------ C:\WINDOWS\system32\pmnkJaWm.dll
      2008-05-08 21:58 . 2008-05-08 22:00 37,376 --a------ C:\WINDOWS\17PHolmes572.exe
      2008-05-08 21:56 . 2008-05-08 21:56 <REP> d-------- C:\WINDOWS\system32\bkEur01
      2008-05-08 21:56 . 2008-05-08 21:56 52,736 --a------ C:\WINDOWS\system32\urqNDUkl.dll.vir
      2008-05-08 21:29 . 2008-05-08 21:29 134,144 --a------ C:\WINDOWS\system32\kipcgtfv.dll
      2008-05-08 21:26 . 2008-05-08 21:26 2,048 --a------ C:\WINDOWS\system32\mkwnajec.exe
      2008-05-08 21:25 . 2008-05-08 21:25 126,464 --a------ C:\WINDOWS\system32\bvpsugsy.dll
      2008-05-08 21:25 . 2008-05-15 19:04 109,807 --a------ C:\WINDOWS\BM03ce7dc2.xml
      2008-05-08 11:13 . 2008-05-08 11:13 3,317,625 --a------ C:\WINDOWS\system32\shell32.zip
      2008-04-25 01:58 . 2008-04-25 01:58 0 --a------ C:\WINDOWS\file532.exe
      2008-04-24 01:11 . 2008-04-24 01:11 <REP> d-------- C:\Documents and Settings\HENRY\Application Data\DivX

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-05-14 10:50 --------- d-----w C:\Documents and Settings\HENRY\Application Data\AdobeUM
      2008-05-10 00:42 --------- d-----w C:\Program Files\LimeWire
      2008-04-23 23:29 --------- d-----w C:\Program Files\Incomplete
      2008-04-23 22:44 --------- d-----w C:\Documents and Settings\HENRY\Application Data\LimeWire
      2008-04-22 15:57 --------- d-----w C:\Program Files\Dofus
      2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
      2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
      2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
      2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
      2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
      2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
      2008-03-27 01:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
      2008-03-21 20:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
      2008-03-21 20:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
      2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
      2008-03-21 20:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
      2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
      2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
      2008-03-21 20:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
      2008-03-21 20:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
      2008-03-21 20:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
      2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
      2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
      2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
      2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
      2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
      2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
      2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
      2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
      2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
      2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
      .

      ------- Sigcheck -------

      2004-08-18 11:22 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\drivers\tcpip.sys


      2004-08-23 00:35 1036288 998f3f568f6074a35ab08cd3395a9dc2 C:\WINDOWS\explorer.exe
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48A4ED64-7A15-4EA5-B83C-F95771639854}]
      2008-05-08 22:01 371712 --a------ C:\WINDOWS\system32\vtUnmJCv.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7544888b-2977-492d-9291-077c4f9fc5d2}]
      2008-05-15 17:38 133632 --a------ C:\WINDOWS\system32\sttneojm.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:54 15360]
      "msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:55 5674352]
      "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-12 18:39 79224]
      "00fd4e5e"="C:\WINDOWS\system32\llkbwbcd.dll" [2008-05-15 17:44 116736]
      "BM03ce7dc2"="C:\WINDOWS\system32\plyjxfds.dll" [2008-05-15 17:35 126464]

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\MSN Messenger\\livecall.exe"=

      R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-12 18:36]
      R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
      R3 N100;Pilote de carte réseau Ethernet ou Fast Ethernet Compaq;C:\WINDOWS\system32\DRIVERS\n100325.sys [2001-08-23 18:09]
      S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2006-01-18 15:08]
      S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
      S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
      S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
      S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
      S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

      .
      Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
      "2007-08-03 15:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
      - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
      "2007-08-14 20:12:06 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job"
      - C:\Program Files\Microsoft IntelliPoint\ipoint.exe
      .
      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-05-15 19:03:52
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cach‚s ...

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...


      C:\WINDOWS\system32\wuapi.dll.mui_fr
      C:\WINDOWS\system32\wuapi.dll.wusetup.195531.bak 432640 bytes executable
      C:\WINDOWS\system32\wuauclt.exe.wusetup.196873.bak 112640 bytes executable
      C:\WINDOWS\system32\wuaucpl.cpl.mui_fr
      C:\WINDOWS\system32\wuaucpl.cpl.wusetup.198144.bak 163840 bytes executable
      C:\WINDOWS\system32\wuaueng.dll.mui_fr
      C:\WINDOWS\system32\wuaueng.dll.wusetup.199106.bak 1134592 bytes executable
      C:\WINDOWS\system32\wucltui.dll.mui_fr 38232 bytes executable
      C:\WINDOWS\system32\wups2.dll 43352 bytes executable

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 9

      **************************************************************************
      .
      --------------------- DLLs a charg‚ sous des processus courants ---------------------

      PROCESS: C:\WINDOWS\explorer.exe
      -> C:\WINDOWS\system32\llkbwbcd.dll
      -> C:\WINDOWS\system32\plyjxfds.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\system32\wdfmgr.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-05-15 19:07:47 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-05-15 17:07:34

      Pre-Run: 752,914,432 octets libres
      Post-Run: 1,047,748,608 octets libres

      183
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:12, on 15/05/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\Rundll32.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\notepad.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Trend Micro\HijackThis\monjack.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: {2d5cf9f4-c770-1929-d294-7792b8884457} - {7544888b-2977-492d-9291-077c4f9fc5d2} - C:\WINDOWS\system32\sttneojm.dll
      O2 - BHO: (no name) - {8456C3D8-A0B8-44CE-AF37-67F93098A72C} - C:\WINDOWS\system32\vtUnmJCv.dll
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [00fd4e5e] rundll32.exe "C:\WINDOWS\system32\llkbwbcd.dll",b
      O4 - HKLM\..\Run: [BM03ce7dc2] Rundll32.exe "C:\WINDOWS\system32\plyjxfds.dll",s
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
      O15 - Trusted Zone: *.amaena.com
      O15 - Trusted Zone: *.avsystemcare.com
      O15 - Trusted Zone: *.gomyhit.com
      O15 - Trusted Zone: *.imageservr.com
      O15 - Trusted Zone: *.imagesrvr.com
      O15 - Trusted Zone: *.onerateld.com
      O15 - Trusted Zone: *.safetydownload.com
      O15 - Trusted Zone: *.storageguardsoft.com
      O15 - Trusted Zone: *.trustedantivirus.com
      O15 - Trusted Zone: *.virusschlacht.com
      O15 - Trusted Zone: *.amaena.com (HKLM)
      O15 - Trusted Zone: *.avsystemcare.com (HKLM)
      O15 - Trusted Zone: *.gomyhit.com (HKLM)
      O15 - Trusted Zone: *.imageservr.com (HKLM)
      O15 - Trusted Zone: *.imagesrvr.com (HKLM)
      O15 - Trusted Zone: *.onerateld.com (HKLM)
      O15 - Trusted Zone: *.safetydownload.com (HKLM)
      O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
      O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
      O15 - Trusted Zone: *.virusschlacht.com (HKLM)
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      0
  8. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
     
    j'ai oublier de faire ce-ci :
    1-Télécharges Vundofix.exe (par Atribune) sur ton Bureau.
    http://www.atribune.org/ccount/click.php?id=4

    !!Ce déconnecter et fermer toute ces applications le temps de la manipe !!

    Double-cliquer sur VundoFix.exe afin de le lancer.
    Cliquer sur le bouton Scan for Vundo.

    Lorsque le scan est complété, cliquer sur le bouton fix Vundo.

    Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES

    Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.

    Le contenu du rapport est situé dans C:\vundofix.txt : postes ce rapport

    2-Refaire combo-fix :

    Démarrer en mode sans echec :
    Comment aller en Mode sans échec
    1) Redémarres ton ordi
    2) Tapotes la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
    3) Tu verras un écran avec options de démarrage apparaître
    4) Choisis la première option : Sans Échec, et valide avec "Entrée"
    5) Choisis ton compte habituel, et non Administrateur (si besoin ... )
    (attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreur ...)
    Double cliquer combofix.exe.

    Appuyer sur la touche Y (Yes) pour démarrer le scan .

    Attention : n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
    ---> si un message d'erreur windows apparait à un momment , clik sur la croix en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! )

    Le rapport sera crée dans: C:\Combofix.txt

    Redémarres ton PC ( mode normal )
    Postes le rapport combo fix et un nouveau rapport hijackthis pour analyse ...
    0
    1. DACINJO
       
      Voila les rapports
      A chaque fois que je vais sur le forum, Avast me préviens de l'intrusion de Win 32 privacy St troj, je le met en quarantaine, est ce la bonne solution ?



      VundoFix V7.0.3

      Scan started at 19:53:18 15/05/2008

      Listing files found while scanning....

      No infected files were found.


      Beginning removal...

      Beginning removal...

      Beginning removal...



      ComboFix 08-05-12.1 - HENRY 2008-05-15 20:06:00.2 - NTFSx86 MINIMAL
      Endroit: C:\Documents and Settings\HENRY\Bureau\C-Fix.exe

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\pskt.ini
      C:\WINDOWS\system32\dtlyulgd.ini
      C:\WINDOWS\system32\vCJmnUtv.ini
      C:\WINDOWS\system32\vCJmnUtv.ini2

      .
      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))))))))
      .

      2008-05-15 20:16 . 2008-05-15 20:16 294 ---hs---- C:\WINDOWS\system32\dtlyulgd.ini
      2008-05-15 20:16 . 2008-05-15 20:16 22 --a------ C:\WINDOWS\pskt.ini
      2008-05-15 19:53 . 2008-05-15 19:53 <REP> d----c--- C:\VundoFix Backups
      2008-05-15 19:13 . 2008-05-15 19:13 133,632 --a------ C:\WINDOWS\system32\drjwyyap.dll
      2008-05-15 19:13 . 2008-05-15 19:13 116,736 --a------ C:\WINDOWS\system32\dgluyltd.dll
      2008-05-15 19:12 . 2008-05-15 19:12 126,464 --a------ C:\WINDOWS\system32\fkbjpvwk.dll
      2008-05-15 19:04 . 2008-05-15 19:07 354 ---hs---- C:\WINDOWS\system32\dcbwbkll.ini
      2008-05-15 17:59 . 2008-05-15 17:59 <REP> d-------- C:\Program Files\Trend Micro
      2008-05-15 17:57 . 2008-05-15 17:57 812,344 --a------ C:\Program Files\monjack.exe
      2008-05-15 17:38 . 2008-05-15 17:38 133,632 --a------ C:\WINDOWS\system32\sttneojm.dll
      2008-05-15 17:35 . 2008-05-15 17:35 126,464 --a------ C:\WINDOWS\system32\plyjxfds.dll
      2008-05-14 14:19 . 2008-05-14 14:19 2,048 --a------ C:\WINDOWS\system32\hviiyqtd.exe
      2008-05-14 14:16 . 2008-05-14 14:16 133,632 --a------ C:\WINDOWS\system32\ribpbpdw.dll
      2008-05-14 14:13 . 2008-05-14 14:13 115,200 --a------ C:\WINDOWS\system32\omqphmwg.dll
      2008-05-14 14:07 . 2008-05-14 14:07 125,952 --a------ C:\WINDOWS\system32\ircrviyp.dll
      2008-05-13 14:11 . 2008-05-13 14:11 132,096 --a------ C:\WINDOWS\system32\eoqeshrd.dll
      2008-05-13 14:11 . 2008-05-13 14:11 2,048 --a------ C:\WINDOWS\system32\nbvclnky.exe
      2008-05-13 14:08 . 2008-05-13 14:08 124,416 --a------ C:\WINDOWS\system32\adrkponl.dll
      2008-05-12 14:10 . 2008-05-12 14:10 132,608 --a------ C:\WINDOWS\system32\jwlmtnhi.dll
      2008-05-12 14:07 . 2008-05-12 14:07 124,416 --a------ C:\WINDOWS\system32\impwwnmv.dll
      2008-05-12 14:07 . 2008-05-12 14:07 2,048 --a------ C:\WINDOWS\system32\ttbqpdjm.exe
      2008-05-11 14:10 . 2008-05-11 14:10 2,048 --a------ C:\WINDOWS\system32\ltyberje.exe
      2008-05-11 14:07 . 2008-05-11 14:07 134,656 --a------ C:\WINDOWS\system32\qffmllvk.dll
      2008-05-11 14:06 . 2008-05-11 14:06 125,440 --a------ C:\WINDOWS\system32\agwoslss.dll
      2008-05-10 01:03 . 2008-05-10 01:03 133,632 --a------ C:\WINDOWS\system32\ydyrsybl.dll
      2008-05-10 01:00 . 2008-05-10 01:00 2,048 --a------ C:\WINDOWS\system32\ffuhgbyx.exe
      2008-05-10 00:54 . 2008-05-10 00:54 125,440 --a------ C:\WINDOWS\system32\twjeyuuy.dll
      2008-05-09 23:50 . 2008-05-09 23:50 134,144 --a------ C:\WINDOWS\system32\xahyghnd.dll
      2008-05-08 22:01 . 2008-05-08 22:01 <REP> d-------- C:\WINDOWS\system32\sX1
      2008-05-08 22:01 . 2008-05-08 22:01 371,712 --a------ C:\WINDOWS\system32\vtUnmJCv.dll
      2008-05-08 22:00 . 2008-05-08 22:00 52,736 --a------ C:\WINDOWS\system32\pmnkJaWm.dll
      2008-05-08 21:58 . 2008-05-08 22:00 37,376 --a------ C:\WINDOWS\17PHolmes572.exe
      2008-05-08 21:56 . 2008-05-08 21:56 <REP> d-------- C:\WINDOWS\system32\bkEur01
      2008-05-08 21:56 . 2008-05-08 21:56 52,736 --a------ C:\WINDOWS\system32\urqNDUkl.dll.vir
      2008-05-08 21:29 . 2008-05-08 21:29 134,144 --a------ C:\WINDOWS\system32\kipcgtfv.dll
      2008-05-08 21:26 . 2008-05-08 21:26 2,048 --a------ C:\WINDOWS\system32\mkwnajec.exe
      2008-05-08 21:25 . 2008-05-08 21:25 126,464 --a------ C:\WINDOWS\system32\bvpsugsy.dll
      2008-05-08 21:25 . 2008-05-15 20:16 109,807 --a------ C:\WINDOWS\BM03ce7dc2.xml
      2008-05-08 11:13 . 2008-05-08 11:13 3,317,625 --a------ C:\WINDOWS\system32\shell32.zip
      2008-04-25 01:58 . 2008-04-25 01:58 0 --a------ C:\WINDOWS\file532.exe
      2008-04-24 01:11 . 2008-04-24 01:11 <REP> d-------- C:\Documents and Settings\HENRY\Application Data\DivX

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-05-14 10:50 --------- d-----w C:\Documents and Settings\HENRY\Application Data\AdobeUM
      2008-05-10 00:42 --------- d-----w C:\Program Files\LimeWire
      2008-04-23 23:29 --------- d-----w C:\Program Files\Incomplete
      2008-04-23 22:44 --------- d-----w C:\Documents and Settings\HENRY\Application Data\LimeWire
      2008-04-22 15:57 --------- d-----w C:\Program Files\Dofus
      2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
      2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
      2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
      2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
      2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
      2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
      2008-03-27 01:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
      2008-03-21 20:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
      2008-03-21 20:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
      2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
      2008-03-21 20:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
      2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
      2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
      2008-03-21 20:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
      2008-03-21 20:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
      2008-03-21 20:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
      2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
      2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
      2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
      2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
      2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
      2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
      2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
      2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
      2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
      2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
      .

      ------- Sigcheck -------

      2004-08-18 11:22 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\drivers\tcpip.sys


      2004-08-23 00:35 1036288 998f3f568f6074a35ab08cd3395a9dc2 C:\WINDOWS\explorer.exe
      .
      ((((((((((((((((((((((((((((( snapshot@2008-05-15_19.06.58.51 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-05-15 17:02:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat
      + 2008-05-15 18:15:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat
      - 2004-08-04 00:54:22 66,560 ----a-w C:\WINDOWS\system32\cdm.dll
      + 2007-07-30 17:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
      - 2004-08-04 00:54:22 66,560 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
      + 2007-07-30 17:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
      - 2004-08-04 00:54:48 432,640 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
      + 2007-07-30 17:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
      - 2004-08-04 00:55:04 112,640 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
      + 2007-07-30 17:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
      - 2004-08-04 00:54:48 1,134,592 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
      + 2007-07-30 17:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
      - 2004-08-04 00:54:48 114,176 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
      + 2007-07-30 17:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
      - 2004-08-04 00:54:48 36,864 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
      + 2007-07-30 17:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
      - 2004-08-04 00:54:48 120,320 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
      + 2007-07-30 17:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
      + 2007-07-30 17:18:40 33,624 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
      - 2004-08-04 00:54:48 432,640 ----a-w C:\WINDOWS\system32\wuapi.dll
      + 2007-07-30 17:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
      - 2004-08-04 00:55:04 112,640 ----a-w C:\WINDOWS\system32\wuauclt.exe
      + 2007-07-30 17:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
      - 2004-08-04 00:54:48 1,134,592 ----a-w C:\WINDOWS\system32\wuaueng.dll
      + 2007-07-30 17:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
      - 2004-08-04 00:54:48 114,176 ----a-w C:\WINDOWS\system32\wucltui.dll
      + 2007-07-30 17:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
      - 2004-08-04 00:54:48 36,864 ----a-w C:\WINDOWS\system32\wups.dll
      + 2007-07-30 17:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
      + 2007-07-30 17:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
      - 2004-08-04 00:54:48 120,320 ----a-w C:\WINDOWS\system32\wuweb.dll
      + 2007-07-30 17:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
      + 2008-05-15 18:15:31 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_658.dat
      .
      -- Snapshot reset to current date --
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06C7B98F-A762-4080-AB1F-0ED0528C7E4E}]
      2008-05-08 22:01 371712 --a------ C:\WINDOWS\system32\vtUnmJCv.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{940c8e5e-bc20-4aba-a0a7-f7248f00916d}]
      2008-05-15 19:13 133632 --a------ C:\WINDOWS\system32\drjwyyap.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:54 15360]
      "msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:55 5674352]
      "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-12 18:39 79224]
      "00fd4e5e"="C:\WINDOWS\system32\dgluyltd.dll" [2008-05-15 19:13 116736]
      "BM03ce7dc2"="C:\WINDOWS\system32\fkbjpvwk.dll" [2008-05-15 19:12 126464]

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\MSN Messenger\\livecall.exe"=

      R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-12 18:36]
      R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
      R3 N100;Pilote de carte réseau Ethernet ou Fast Ethernet Compaq;C:\WINDOWS\system32\DRIVERS\n100325.sys [2001-08-23 18:09]
      S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2006-01-18 15:08]
      S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
      S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
      S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
      S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
      S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

      .
      Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
      "2007-08-03 15:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
      - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
      "2007-08-14 20:12:06 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job"
      - C:\Program Files\Microsoft IntelliPoint\ipoint.exe
      .
      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-05-15 20:16:24
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cach‚s ...

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...


      C:\WINDOWS\system32\dtlyulgd.ini 294 bytes

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 1

      **************************************************************************
      .
      --------------------- DLLs a charg‚ sous des processus courants ---------------------

      PROCESS: C:\WINDOWS\explorer.exe
      -> C:\WINDOWS\system32\dgluyltd.dll
      -> C:\WINDOWS\system32\fkbjpvwk.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\system32\wdfmgr.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-05-15 20:20:15 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-05-15 18:20:04
      ComboFix2.txt 2008-05-15 17:07:49

      Pre-Run: 1,121,128,448 octets libres
      Post-Run: 1,115,357,184 octets libres

      204



      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:28, on 15/05/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Trend Micro\HijackThis\monjack.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: (no name) - {B5E92863-33BD-42F7-8F2B-73F12D085A24} - C:\WINDOWS\system32\vtUnmJCv.dll
      O2 - BHO: {8063f7d6-c785-49e8-de24-29058153c09c} - {c90c3518-5092-42ed-8e94-587c6d7f3608} - C:\WINDOWS\system32\asmgpdui.dll
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [00fd4e5e] rundll32.exe "C:\WINDOWS\system32\llklodqt.dll",b
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
      O15 - Trusted Zone: *.amaena.com
      O15 - Trusted Zone: *.avsystemcare.com
      O15 - Trusted Zone: *.gomyhit.com
      O15 - Trusted Zone: *.imageservr.com
      O15 - Trusted Zone: *.imagesrvr.com
      O15 - Trusted Zone: *.onerateld.com
      O15 - Trusted Zone: *.safetydownload.com
      O15 - Trusted Zone: *.storageguardsoft.com
      O15 - Trusted Zone: *.trustedantivirus.com
      O15 - Trusted Zone: *.virusschlacht.com
      O15 - Trusted Zone: *.amaena.com (HKLM)
      O15 - Trusted Zone: *.avsystemcare.com (HKLM)
      O15 - Trusted Zone: *.gomyhit.com (HKLM)
      O15 - Trusted Zone: *.imageservr.com (HKLM)
      O15 - Trusted Zone: *.imagesrvr.com (HKLM)
      O15 - Trusted Zone: *.onerateld.com (HKLM)
      O15 - Trusted Zone: *.safetydownload.com (HKLM)
      O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
      O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
      O15 - Trusted Zone: *.virusschlacht.com (HKLM)
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      0
  9. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
     
    Télécharges MalwareByte's : ftp://ftp.commentcamarche.com/download/mbam-setup.exe
    un tuto sympa : https://forum.pcastuces.com/sujet.asp?f=31&s=3

    Instales le et mets le à jour .

    Puis redémarres en mode sans échec :
    Comment aller en Mode sans échec
    1) Redémarre ton ordi
    2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
    3) Tu verras un écran avec options de démarrage apparaître
    4) Choisis la première option : Sans Échec, et valide avec "Entrée"
    5) Choisis ton compte habituel, et non Administrateur (si besoin ... )

    Lances Malwarebyte's .

    Fais un scan dit "complet" et supprimes tout ce qu'il peut trouver ...

    Redémarres ton PC (mode normal ).
    Postes le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log") accompagné d'un nouvel hijackthis ...
    0
    1. DACINJO
       
      Re bonjour
      Ci joint rapport
      Malwarebytes' Anti-Malware 1.08
      Version de la base de données: 471

      Type de recherche: Examen complet (C:\|)
      Eléments examinés: 70037
      Temps écoulé: 30 minute(s), 34 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 1
      Clé(s) du Registre infectée(s): 10
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 1
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 7

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      C:\WINDOWS\system32\vtUnmJCv.dll (Trojan.Vundo) -> Unloaded module successfully.

      Clé(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4213b6b2-0279-4429-bccb-42fd009853f5} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{4213b6b2-0279-4429-bccb-42fd009853f5} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtunmjcv -> Quarantined and deleted successfully.

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      C:\WINDOWS\system32\llklodqt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\tqdolkll.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\vtUnmJCv.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\vCJmnUtv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\vCJmnUtv.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\sX1\gvserchka.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\WINDOWS\17PHolmes572.exe (Trojan.Downloader) -> Quarantined and deleted successfully.


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 22:08, on 15/05/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\Explorer.EXE
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\Program Files\Trend Micro\HijackThis\monjack.exe
      C:\WINDOWS\SoftwareDistribution\Download\02970179a133da43483e5e8495d03f51\update\update.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: {8063f7d6-c785-49e8-de24-29058153c09c} - {c90c3518-5092-42ed-8e94-587c6d7f3608} - C:\WINDOWS\system32\asmgpdui.dll
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [00fd4e5e] rundll32.exe "C:\WINDOWS\system32\llklodqt.dll",b
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
      O15 - Trusted Zone: *.amaena.com
      O15 - Trusted Zone: *.avsystemcare.com
      O15 - Trusted Zone: *.gomyhit.com
      O15 - Trusted Zone: *.imageservr.com
      O15 - Trusted Zone: *.imagesrvr.com
      O15 - Trusted Zone: *.onerateld.com
      O15 - Trusted Zone: *.safetydownload.com
      O15 - Trusted Zone: *.storageguardsoft.com
      O15 - Trusted Zone: *.trustedantivirus.com
      O15 - Trusted Zone: *.virusschlacht.com
      O15 - Trusted Zone: *.amaena.com (HKLM)
      O15 - Trusted Zone: *.avsystemcare.com (HKLM)
      O15 - Trusted Zone: *.gomyhit.com (HKLM)
      O15 - Trusted Zone: *.imageservr.com (HKLM)
      O15 - Trusted Zone: *.imagesrvr.com (HKLM)
      O15 - Trusted Zone: *.onerateld.com (HKLM)
      O15 - Trusted Zone: *.safetydownload.com (HKLM)
      O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
      O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
      O15 - Trusted Zone: *.virusschlacht.com (HKLM)
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      0
  10. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
     
    Télécharges SDFix sur ton bureau :
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe.

    --->Double clique sur SDFix.exe et choisis "Install" .

    Puis une fois l'instale faite ,redémarre en mode sans échec .
    Comment aller en Mode sans échec :
    1) Redémarre ton ordi
    2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
    3) Tu verras un écran avec options de démarrage apparaître
    4) Choisis la première option : Sans Échec, et valide avec "Entrée"
    5) Choisis ton compte habituel, et non Administrateur (si besoin ... )

    Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le script.
    --->Tape Y pour lancer le script.
    Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc :
    presses une touche pour redémarrer quand il te le sera demandé .

    Le PC va mettre du temps avant de démarrer ( c'est normale ), après le chargement du Bureau presses une touche lorsque "Finished" s'affiche .

    Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier C:\SDFix sous le nom "Report.txt".
    Postes ce dernier dans ta prochaine réponse accompagné d'un nouveau rapport Hijakcthis pour analyse ...
    0
    1. DACINJO
       
      [b]SDFix: Version 1.182 [/b]
      Run by HENRY on 15/05/2008 at 23:01

      Microsoft Windows XP [version 5.1.2600]
      Running From: C:\SDFix

      [b]Checking Services [/b]:


      Restoring Windows Registry Values
      Restoring Windows Default Hosts File

      Rebooting


      [b]Checking Files [/b]:

      Trojan Files Found:

      C:\WINDOWS\system32\bkEur01\bkEur011065.exe - Deleted



      Folder C:\WINDOWS\system32\bkEur01 - Removed


      Removing Temp Files

      [b]ADS Check [/b]:



      [b]Final Check [/b]:

      catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-05-15 23:14:10
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden services & system hive ...

      scanning hidden registry entries ...

      scanning hidden files ...

      scan completed successfully
      hidden processes: 0
      hidden services: 0
      hidden files: 0


      [b]Remaining Services [/b]:




      Authorized Application Key Export:

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
      "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
      "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

      [b]Remaining Files [/b]:


      File Backups: - C:\SDFix\backups\backups.zip

      [b]Files with Hidden Attributes [/b]:

      Sat 14 Apr 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
      Thu 15 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5f7e6ca31b0549017e70d2963c0f01bb\BIT8.tmp"
      Thu 15 May 2008 3,118,632 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\90e550d1a108d8bbd6da9841aafd83a8\BIT6.tmp"
      Thu 15 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e8ac11bc9e4687d6c2a32699ff0541d6\BITA.tmp"
      Thu 15 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa7431e5b6c6ef5b2a4a86419ca21980\BIT1.tmp"

      [b]Finished![/b]
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:21, on 15/05/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\notepad.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Trend Micro\HijackThis\monjack.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: {8063f7d6-c785-49e8-de24-29058153c09c} - {c90c3518-5092-42ed-8e94-587c6d7f3608} - C:\WINDOWS\system32\asmgpdui.dll
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [00fd4e5e] rundll32.exe "C:\WINDOWS\system32\llklodqt.dll",b
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
      O15 - Trusted Zone: *.amaena.com
      O15 - Trusted Zone: *.avsystemcare.com
      O15 - Trusted Zone: *.gomyhit.com
      O15 - Trusted Zone: *.imageservr.com
      O15 - Trusted Zone: *.imagesrvr.com
      O15 - Trusted Zone: *.onerateld.com
      O15 - Trusted Zone: *.safetydownload.com
      O15 - Trusted Zone: *.storageguardsoft.com
      O15 - Trusted Zone: *.trustedantivirus.com
      O15 - Trusted Zone: *.virusschlacht.com
      O15 - Trusted Zone: *.amaena.com (HKLM)
      O15 - Trusted Zone: *.avsystemcare.com (HKLM)
      O15 - Trusted Zone: *.gomyhit.com (HKLM)
      O15 - Trusted Zone: *.imageservr.com (HKLM)
      O15 - Trusted Zone: *.imagesrvr.com (HKLM)
      O15 - Trusted Zone: *.onerateld.com (HKLM)
      O15 - Trusted Zone: *.safetydownload.com (HKLM)
      O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
      O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
      O15 - Trusted Zone: *.virusschlacht.com (HKLM)
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      0
  11. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
     
    re-refait un coup de combofix ( je sais j'insiste mais tu es très infecter ;) )
    Démarrer en mode sans echec :
    Comment aller en Mode sans échec
    1) Redémarres ton ordi
    2) Tapotes la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
    3) Tu verras un écran avec options de démarrage apparaître
    4) Choisis la première option : Sans Échec, et valide avec "Entrée"
    5) Choisis ton compte habituel, et non Administrateur (si besoin ... )
    (attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreur ...)
    Double cliquer combofix.exe.

    Appuyer sur la touche Y (Yes) pour démarrer le scan .

    Attention : n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
    ---> si un message d'erreur windows apparait à un momment , clik sur la croix en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! )

    Le rapport sera crée dans: C:\Combofix.txt

    Redémarres ton PC ( mode normal )
    Postes le rapport combo fix et un nouveau rapport hijackthis pour analyse .
    0
    1. DACINJO
       
      ComboFix 08-05-12.1 - HENRY 2008-05-15 23:34:30.3 - NTFSx86 MINIMAL
      Endroit: C:\Documents and Settings\HENRY\Bureau\C-Fix.exe

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\pskt.ini

      .
      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))))))))
      .

      2008-05-15 22:35 . 2008-05-15 22:35 <REP> d-------- C:\Program Files\MSXML 4.0
      2008-05-15 21:19 . 2008-05-15 21:19 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-05-15 21:19 . 2008-05-15 21:19 <REP> d-------- C:\Documents and Settings\HENRY\Application Data\Malwarebytes
      2008-05-15 21:19 . 2008-05-15 21:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-05-15 17:59 . 2008-05-15 17:59 <REP> d-------- C:\Program Files\Trend Micro
      2008-05-15 17:57 . 2008-05-15 17:57 812,344 --a------ C:\Program Files\monjack.exe
      2008-04-24 01:11 . 2008-04-24 01:11 <REP> d-------- C:\Documents and Settings\HENRY\Application Data\DivX

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-05-14 10:50 --------- d-----w C:\Documents and Settings\HENRY\Application Data\AdobeUM
      2008-05-10 00:42 --------- d-----w C:\Program Files\LimeWire
      2008-04-23 23:29 --------- d-----w C:\Program Files\Incomplete
      2008-04-23 22:44 --------- d-----w C:\Documents and Settings\HENRY\Application Data\LimeWire
      2008-04-22 15:57 --------- d-----w C:\Program Files\Dofus
      2008-03-27 01:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
      2008-03-21 20:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
      2008-03-21 20:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
      2008-03-21 20:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
      .

      ((((((((((((((((((((((((((((( snapshot_2008-05-15_20.19.34.61 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-05-15 18:15:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat
      + 2008-05-15 21:39:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
      + 2006-03-17 00:33:10 262,784 ------w C:\WINDOWS\Driver Cache\i386\http.sys
      + 2006-05-05 09:41:45 453,120 ------w C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
      + 2007-02-28 16:02:21 2,138,112 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
      + 2007-02-28 16:02:36 2,059,648 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
      + 2007-02-28 16:02:21 2,017,792 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
      + 2007-02-28 16:02:36 2,182,400 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
      + 2008-05-13 00:55:56 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
      + 2008-05-15 20:58:33 6,758,400 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat
      + 2008-05-15 20:58:33 12,288 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
      + 2008-05-13 00:55:56 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
      + 2008-05-15 20:58:22 6,758,400 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat
      + 2008-05-15 20:58:22 12,288 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
      - 2004-08-22 22:35:29 1,036,288 ----a-w C:\WINDOWS\explorer.exe
      + 2007-06-13 13:22:28 1,037,312 ----a-w C:\WINDOWS\explorer.exe
      + 2008-05-15 20:35:27 32,768 ----a-r C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
      - 2004-08-04 00:54:22 41,984 ----a-w C:\WINDOWS\msagent\agentdp2.dll
      + 2006-10-12 14:04:13 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll
      - 2004-08-04 00:54:22 58,880 -c--a-w C:\WINDOWS\msagent\agentdpv.dll
      + 2006-10-12 14:04:13 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll
      - 2004-08-04 00:54:50 256,512 -c--a-w C:\WINDOWS\msagent\agentsvr.exe
      + 2006-10-12 11:09:53 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
      + 2008-05-15 18:18:57 3,424 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{62915198-5E04-481C-B9AC-57169845575E}.bin
      + 2008-05-15 18:27:50 133,632 ----a-w C:\WINDOWS\system32\asmgpdui.dll
      - 2004-08-04 00:54:22 56,832 ----a-w C:\WINDOWS\system32\authz.dll
      + 2005-03-02 18:10:36 56,832 ----a-w C:\WINDOWS\system32\authz.dll
      - 2004-08-04 00:54:22 41,984 -c--a-w C:\WINDOWS\system32\dllcache\agentdp2.dll
      + 2006-10-12 14:04:13 42,496 -c--a-w C:\WINDOWS\system32\dllcache\agentdp2.dll
      - 2004-08-04 00:54:22 58,880 -c--a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
      + 2006-10-12 14:04:13 57,344 -c--a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
      - 2004-08-04 00:54:50 256,512 -c--a-w C:\WINDOWS\system32\dllcache\agentsvr.exe
      + 2006-10-12 11:09:53 256,512 -c--a-w C:\WINDOWS\system32\dllcache\agentsvr.exe
      - 2004-08-04 00:54:22 56,832 -c--a-w C:\WINDOWS\system32\dllcache\authz.dll
      + 2005-03-02 18:10:36 56,832 -c--a-w C:\WINDOWS\system32\dllcache\authz.dll
      - 2004-08-04 00:54:24 561,179 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
      + 2008-03-25 04:50:25 554,008 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
      - 2004-08-04 00:54:24 148,480 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
      + 2008-02-20 05:35:05 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
      - 2004-08-04 00:54:24 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
      + 2008-02-20 05:35:05 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
      - 2004-08-04 00:54:26 1,097,728 -c--a-w C:\WINDOWS\system32\dllcache\esent.dll
      + 2005-10-20 22:25:53 1,097,728 -c--a-w C:\WINDOWS\system32\dllcache\esent.dll
      + 2007-06-13 13:22:28 1,037,312 -c----w C:\WINDOWS\system32\dllcache\explorer.exe
      - 2001-08-24 14:00:00 79,360 -c--a-w C:\WINDOWS\system32\dllcache\fontsub.dll
      + 2005-10-17 21:21:08 80,896 -c--a-w C:\WINDOWS\system32\dllcache\fontsub.dll
      - 2004-08-03 23:04:52 134,912 -c--a-w C:\WINDOWS\system32\dllcache\ipnat.sys
      + 2004-09-29 22:28:37 134,912 -c--a-w C:\WINDOWS\system32\dllcache\ipnat.sys
      - 2004-08-04 00:54:30 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
      + 2007-12-18 14:41:58 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
      - 2004-08-04 00:54:30 1,048,576 -c--a-w C:\WINDOWS\system32\dllcache\kernel32.dll
      + 2007-04-16 15:53:11 1,049,600 -c--a-w C:\WINDOWS\system32\dllcache\kernel32.dll
      - 2004-08-04 00:54:30 18,944 -c--a-w C:\WINDOWS\system32\dllcache\linkinfo.dll
      + 2005-09-01 01:43:37 19,968 -c--a-w C:\WINDOWS\system32\dllcache\linkinfo.dll
      - 2004-08-04 00:54:30 728,576 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
      + 2007-11-07 09:28:31 728,576 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
      + 2006-05-05 09:41:45 453,120 -c----w C:\WINDOWS\system32\dllcache\mrxsmb.sys
      - 2004-08-04 00:54:34 425,472 -c--a-w C:\WINDOWS\system32\dllcache\msdtcprx.dll
      + 2006-03-01 19:43:50 426,496 -c--a-w C:\WINDOWS\system32\dllcache\msdtcprx.dll
      - 2004-08-04 00:54:34 949,248 -c--a-w C:\WINDOWS\system32\dllcache\msdtctm.dll
      + 2006-03-01 19:43:50 956,416 -c--a-w C:\WINDOWS\system32\dllcache\msdtctm.dll
      - 2004-08-04 00:54:34 161,280 -c--a-w C:\WINDOWS\system32\dllcache\msdtcuiu.dll
      + 2006-03-01 19:43:51 161,280 -c--a-w C:\WINDOWS\system32\dllcache\msdtcuiu.dll
      - 2004-08-04 00:54:34 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
      + 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
      - 2004-08-04 00:54:34 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
      + 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
      - 2004-08-04 00:54:34 537,088 -c--a-w C:\WINDOWS\system32\dllcache\msftedit.dll
      + 2006-11-27 14:55:30 539,136 -c--a-w C:\WINDOWS\system32\dllcache\msftedit.dll
      - 2004-08-04 00:54:34 2,804,224 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
      + 2005-05-04 12:45:32 2,890,240 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
      - 2004-08-04 00:54:58 77,312 -c--a-w C:\WINDOWS\system32\dllcache\msiexec.exe
      + 2005-05-04 12:45:36 78,848 -c--a-w C:\WINDOWS\system32\dllcache\msiexec.exe
      - 2004-08-04 00:54:34 331,264 -c--a-w C:\WINDOWS\system32\dllcache\msihnd.dll
      + 2005-05-04 12:45:36 271,360 -c--a-w C:\WINDOWS\system32\dllcache\msihnd.dll
      - 2004-08-04 00:53:32 884,736 -c--a-w C:\WINDOWS\system32\dllcache\msimsg.dll
      + 2005-05-04 12:45:36 884,736 -c--a-w C:\WINDOWS\system32\dllcache\msimsg.dll
      - 2004-08-04 00:54:34 44,032 -c--a-w C:\WINDOWS\system32\dllcache\msisip.dll
      + 2005-05-04 12:45:36 15,360 -c--a-w C:\WINDOWS\system32\dllcache\msisip.dll
      - 2004-08-04 00:54:34 1,507,356 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
      + 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
      - 2004-07-17 11:34:48 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
      + 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
      - 2004-08-04 00:54:34 184,351 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
      + 2008-03-25 04:51:08 194,144 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
      - 2004-08-04 00:54:34 53,279 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
      + 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
      - 2004-08-04 00:54:34 241,693 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
      + 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
      - 2004-08-04 00:54:34 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
      + 2008-03-25 08:20:46 219,936 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
      + 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
      + 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
      + 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
      + 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
      + 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
      + 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
      + 2008-03-25 04:51:09 621,344 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
      + 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
      + 2006-03-01 19:43:51 66,560 -c--a-w C:\WINDOWS\system32\dllcache\mtxclu.dll
      + 2006-03-01 19:43:51 91,136 -c--a-w C:\WINDOWS\system32\dllcache\mtxoci.dll
      + 2006-08-17 12:29:49 332,288 -c--a-w C:\WINDOWS\system32\dllcache\netapi32.dll
      + 2005-08-22 18:35:10 197,632 -c--a-w C:\WINDOWS\system32\dllcache\netman.dll
      + 2007-02-09 11:10:35 574,464 -c--a-w C:\WINDOWS\system32\dllcache\ntfs.sys
      + 2007-02-28 16:02:21 2,138,112 -c--a-w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
      + 2007-02-28 16:02:36 2,059,648 -c----w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
      + 2007-02-28 16:02:21 2,017,792 -c----w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
      + 2007-02-28 16:02:36 2,182,400 -c----w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
      + 2005-04-28 19:32:30 1,284,608 -c--a-w C:\WINDOWS\system32\dllcache\ole32.dll
      + 2007-12-04 18:41:36 550,912 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
      + 2005-04-28 19:32:30 75,264 -c--a-w C:\WINDOWS\system32\dllcache\olecli32.dll
      + 2005-04-28 19:32:30 37,888 -c--a-w C:\WINDOWS\system32\dllcache\olecnv32.dll
      + 2007-10-29 22:43:32 1,293,824 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
      + 2006-06-26 17:41:32 8,192 -c--a-w C:\WINDOWS\system32\dllcache\rasadhlp.dll
      + 2006-05-05 09:47:57 174,592 -c--a-w C:\WINDOWS\system32\dllcache\rdbss.sys
      + 2006-11-27 14:55:31 433,152 -c--a-w C:\WINDOWS\system32\dllcache\riched20.dll
      + 2005-04-28 19:32:30 395,776 -c--a-w C:\WINDOWS\system32\dllcache\rpcss.dll
      + 2007-04-25 14:22:35 144,896 -c--a-w C:\WINDOWS\system32\dllcache\schannel.dll
      + 2005-09-03 00:06:11 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
      + 2006-08-14 10:34:41 332,928 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys
      + 2004-12-07 19:34:00 96,768 -c--a-w C:\WINDOWS\system32\dllcache\srvsvc.dll
      + 2005-10-17 21:21:08 118,272 -c--a-w C:\WINDOWS\system32\dllcache\t2embed.dll
      + 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
      + 2005-05-11 02:30:03 78,336 -c--a-w C:\WINDOWS\system32\dllcache\telnet.exe
      + 2005-08-23 03:39:36 124,928 -c--a-w C:\WINDOWS\system32\dllcache\umpnpmgr.dll
      + 2005-03-02 18:10:36 578,048 -c--a-w C:\WINDOWS\system32\dllcache\user32.dll
      + 2007-12-18 14:41:59 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
      + 2007-06-26 13:56:54 851,968 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
      + 2005-03-02 18:07:53 1,836,416 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
      + 2007-03-17 13:44:47 293,376 -c--a-w C:\WINDOWS\system32\dllcache\winsrv.dll
      + 2006-08-17 12:29:49 132,096 -c--a-w C:\WINDOWS\system32\dllcache\wkssvc.dll
      + 2007-04-30 06:20:24 5,537,792 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
      + 2006-12-07 06:40:49 2,362,184 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
      + 2006-03-01 19:43:51 11,776 -c--a-w C:\WINDOWS\system32\dllcache\xolehlp.dll
      - 2004-08-04 00:54:24 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
      + 2008-02-20 05:35:05 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
      - 2004-08-04 00:54:24 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
      + 2008-02-20 05:35:05 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
      + 2004-08-04 00:46:20 154,496 -c--a-w C:\WINDOWS\system32\drivers\dmio.sys
      + 2001-08-24 14:00:00 5,888 -c--a-w C:\WINDOWS\system32\drivers\dmload.sys
      + 2004-08-03 23:07:40 52,864 ----a-w C:\WINDOWS\system32\drivers\DMusic.sys
      + 2004-08-03 21:08:00 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
      + 2004-08-03 23:07:58 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
      + 2001-08-24 14:00:00 10,496 ----a-w C:\WINDOWS\system32\drivers\dxapi.sys
      + 2004-08-03 23:00:56 71,040 ----a-w C:\WINDOWS\system32\drivers\dxg.sys
      + 2001-08-24 14:00:00 3,328 ----a-w C:\WINDOWS\system32\drivers\dxgthk.sys
      + 2001-08-17 19:19:34 40,704 -c--a-w C:\WINDOWS\system32\drivers\es1371mp.sys
      + 2004-08-03 23:14:18 143,360 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
      + 2004-08-03 22:59:28 27,392 ----a-w C:\WINDOWS\system32\drivers\fdc.sys
      + 2001-08-24 14:00:00 35,072 ----a-w C:\WINDOWS\system32\drivers\fips.sys
      + 2004-08-03 22:59:28 20,480 ----a-w C:\WINDOWS\system32\drivers\flpydisk.sys
      + 2004-08-03 23:01:20 124,800 -c--a-w C:\WINDOWS\system32\drivers\fltMgr.sys
      + 2001-08-24 14:00:00 7,936 ----a-w C:\WINDOWS\system32\drivers\fs_rec.sys
      + 2001-08-24 14:00:00 12,416 -c--a-w C:\WINDOWS\system32\drivers\fsvga.sys
      + 2001-08-24 14:00:00 126,080 -c--a-w C:\WINDOWS\system32\drivers\ftdisk.sys
      + 2004-08-03 23:08:22 10,624 ----a-w C:\WINDOWS\system32\drivers\gameenum.sys
      + 2004-08-03 23:08:20 36,224 -c--a-w C:\WINDOWS\system32\drivers\hidclass.sys
      + 2001-08-17 21:02:32 8,576 -c--a-w C:\WINDOWS\system32\drivers\hidgame.sys
      + 2004-08-03 23:08:18 24,960 -c--a-w C:\WINDOWS\system32\drivers\hidparse.sys
      + 2001-08-24 14:00:00 9,600 -c--a-w C:\WINDOWS\system32\drivers\hidusb.sys
      + 2006-03-17 00:33:10 262,784 ----a-w C:\WINDOWS\system32\drivers\http.sys
      + 2004-08-04 00:41:24 54,400 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
      + 2004-08-03 23:00:16 41,856 ----a-w C:\WINDOWS\system32\drivers\imapi.sys
      + 2004-08-04 00:43:40 40,320 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
      + 2004-08-03 23:00:08 29,056 -c--a-w C:\WINDOWS\system32\drivers\ip6fw.sys
      + 2001-08-24 14:00:00 32,896 -c--a-w C:\WINDOWS\system32\drivers\ipfltdrv.sys
      + 2004-08-03 23:04:46 20,992 -c--a-w C:\WINDOWS\system32\drivers\ipinip.sys
      + 2004-09-29 22:28:37 134,912 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
      + 2004-08-03 23:14:30 74,752 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
      + 2004-08-03 23:00:48 11,264 -c--a-w C:\WINDOWS\system32\drivers\irenum.sys
      + 2001-08-24 14:00:00 36,224 -c--a-w C:\WINDOWS\system32\drivers\isapnp.sys
      + 2004-08-04 00:45:12 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
      + 2004-08-03 23:07:50 171,776 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
      + 2004-08-03 21:15:22 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys
      + 2004-08-03 22:59:48 92,032 -c--a-w C:\WINDOWS\system32\drivers\ksecdd.sys
      + 2001-08-24 14:00:00 7,680 -c--a-w C:\WINDOWS\system32\drivers\mcd.sys
      + 2004-08-04 01:05:42 63,744 -c--a-w C:\WINDOWS\system32\drivers\mf.sys
      + 2001-08-24 14:00:00 4,224 ----a-w C:\WINDOWS\system32\drivers\mnmdd.sys
      + 2004-08-04 01:05:42 30,336 -c--a-w C:\WINDOWS\system32\drivers\modem.sys
      + 2004-08-03 22:37:26 23,680 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
      + 2001-08-23 15:04:42 12,288 ----a-w C:\WINDOWS\system32\drivers\mouhid.sys
      + 2004-08-03 22:58:32 42,240 -c--a-w C:\WINDOWS\system32\drivers\mountmgr.sys
      + 2004-08-03 22:58:22 72,960 -c--a-w C:\WINDOWS\system32\drivers\mqac.sys
      + 2004-08-03 23:00:58 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
      + 2006-05-05 09:41:45 453,120 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
      + 2004-08-03 23:00:42 19,072 ----a-w C:\WINDOWS\system32\drivers\msfs.sys
      + 2004-08-03 23:04:14 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
      + 2004-08-03 22:58:42 7,552 -c--a-w C:\WINDOWS\system32\drivers\MSKSSRV.sys
      + 2001-08-17 22:00:04 2,944 ----a-w C:\WINDOWS\system32\drivers\msmpu401.sys
      + 2004-08-03 22:58:40 5,376 -c--a-w C:\WINDOWS\system32\drivers\MSPCLOCK.sys
      + 2004-08-03 22:58:42 4,992 -c--a-w C:\WINDOWS\system32\drivers\MSPQM.sys
      + 2004-08-04 01:05:42 15,488 ----a-w C:\WINDOWS\system32\drivers\mssmbios.sys
      + 2004-08-03 20:58:40 5,504 -c--a-w C:\WINDOWS\system32\drivers\MSTEE.sys
      + 2004-08-03 23:15:22 107,904 -c--a-w C:\WINDOWS\system32\drivers\mup.sys
      + 2001-08-23 16:09:02 131,072 ----a-w C:\WINDOWS\system32\drivers\n100325.sys
      + 2004-08-03 21:10:30 85,376 -c--a-w C:\WINDOWS\system32\drivers\NABTSFEC.sys
      + 2004-08-03 23:14:30 182,912 -c--a-w C:\WINDOWS\system32\drivers\ndis.sys
      + 2004-08-03 21:10:14 10,880 -c--a-w C:\WINDOWS\system32\drivers\NdisIP.sys
      + 2001-08-24 14:00:00 9,600 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
      + 2004-08-04 01:05:42 12,928 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
      + 2004-08-03 23:14:32 91,776 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
      + 2001-08-24 14:00:00 38,016 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
      + 2004-08-03 23:03:22 34,560 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
      + 2004-08-03 23:14:38 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
      + 2004-08-04 01:05:42 61,824 -c--a-w C:\WINDOWS\system32\drivers\nic1394.sys
      + 2001-08-24 14:00:00 12,032 -c--a-w C:\WINDOWS\system32\drivers\nikedrv.sys
      + 2004-08-03 22:59:52 40,320 -c--a-w C:\WINDOWS\system32\drivers\nmnt.sys
      + 2004-08-03 23:00:44 30,848 ----a-w C:\WINDOWS\system32\drivers\npfs.sys
      + 2007-02-09 11:10:35 574,464 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
      + 2001-08-24 14:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
      + 2001-08-24 14:00:00 12,416 -c--a-w C:\WINDOWS\system32\drivers\nwlnkflt.sys
      + 2001-08-24 14:00:00 32,512 -c--a-w C:\WINDOWS\system32\drivers\nwlnkfwd.sys
      + 2004-08-03 23:03:36 88,448 -c--a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
      + 2001-08-24 14:00:00 63,232 -c--a-w C:\WINDOWS\system32\drivers\nwlnknb.sys
      + 2001-08-24 14:00:00 55,936 -c--a-w C:\WINDOWS\system32\drivers\nwlnkspx.sys
      + 2004-08-03 23:02:24 163,584 -c--a-w C:\WINDOWS\system32\drivers\nwrdr.sys
      + 2001-08-24 14:00:00 3,456 -c--a-w C:\WINDOWS\system32\drivers\oprghdlr.sys
      + 2003-09-24 17:00:00 25,211 -c--a-r C:\WINDOWS\system32\drivers\ov519cmd.sys
      + 2003-09-24 17:00:00 174,530 -c--a-r C:\WINDOWS\system32\drivers\ov519vid.sys
      + 2004-08-04 01:05:42 46,720 -c--a-w C:\WINDOWS\system32\drivers\p3.sys
      + 2004-08-04 01:05:42 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys
      + 2001-08-24 14:00:00 18,688 -c--a-w C:\WINDOWS\system32\drivers\partmgr.sys
      + 2001-08-24 14:00:00 6,912 ----a-w C:\WINDOWS\system32\drivers\parvdm.sys
      + 2004-08-04 00:37:06 68,608 -c--a-w C:\WINDOWS\system32\drivers\pci.sys
      + 2001-08-24 14:00:00 3,328 -c--a-w C:\WINDOWS\system32\drivers\pciide.sys
      + 2004-08-03 22:59:42 25,088 -c--a-w C:\WINDOWS\system32\drivers\pciidex.sys
      + 2004-08-04 00:37:12 120,320 -c--a-w C:\WINDOWS\system32\drivers\pcmcia.sys
      + 2001-08-17 19:11:22 35,328 -c--a-w C:\WINDOWS\system32\drivers\pcntpci5.sys
      + 2006-11-08 07:02:34 21,760 ----a-w C:\WINDOWS\system32\drivers\point32.sys
      + 2004-08-03 21:15:50 145,792 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
      + 2002-09-16 17:07:24 4,228 ----a-w C:\WINDOWS\system32\drivers\PQNTDRV.sys
      + 2004-08-04 01:05:42 39,552 -c--a-w C:\WINDOWS\system32\drivers\processr.sys
      + 2004-08-03 23:04:20 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
      + 2001-08-24 14:00:00 17,792 ----a-w C:\WINDOWS\system32\drivers\ptilink.sys
      + 2001-08-24 14:00:00 8,832 ----a-w C:\WINDOWS\system32\drivers\rasacd.sys
      + 2004-08-03 23:14:24 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
      + 2004-08-03 23:05:08 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
      + 2004-08-03 23:14:28 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
      + 2001-08-24 14:00:00 16,512 ----a-w C:\WINDOWS\system32\drivers\raspti.sys
      + 2001-08-24 14:00:00 34,432 -c--a-w C:\WINDOWS\system32\drivers\rawwan.sys
      + 2006-05-05 09:47:57 174,592 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
      + 2001-08-24 14:00:00 4,224 ----a-w C:\WINDOWS\system32\drivers\rdpcdd.sys
      + 2004-08-03 22:01:16 196,864 ----a-w C:\WINDOWS\system32\drivers\rdpdr.sys
      + 2004-08-04 00:55:14 139,400 -c--a-w C:\WINDOWS\system32\drivers\rdpwd.sys
      + 2004-08-04 00:39:44 58,496 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
      + 2001-08-24 14:00:00 12,032 -c--a-w C:\WINDOWS\system32\drivers\rio8drv.sys
      + 2001-08-24 14:00:00 12,032 -c--a-w C:\WINDOWS\system32\drivers\riodrv.sys
      + 2001-08-24 14:00:00 200,064 -c--a-w C:\WINDOWS\system32\drivers\RMCast.sys
      + 2004-08-03 23:04:32 30,080 -c--a-w C:\WINDOWS\system32\drivers\rndismp.sys
      + 2001-08-24 14:00:00 5,888 -c--a-w C:\WINDOWS\system32\drivers\rootmdm.sys
      + 2002-10-22 14:45:42 668,160 -c--a-w C:\WINDOWS\system32\drivers\sbpci.sys
      + 2004-08-03 22:59:42 96,256 -c--a-w C:\WINDOWS\system32\drivers\scsiport.sys
      + 2004-08-03 23:07:48 67,584 -c--a-w C:\WINDOWS\system32\drivers\sdbus.sys
      + 2007-11-13 10:25:54 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
      + 2004-08-03 22:59:08 15,488 ----a-w C:\WINDOWS\system32\drivers\serenum.sys
      + 2004-08-04 00:41:26 66,560 ----a-w C:\WINDOWS\system32\drivers\serial.sys
      + 2001-08-23 16:20:50 18,432 -c--a-w C:\WINDOWS\system32\drivers\sermouse.sys
      + 2004-08-03 22:59:56 11,136 -c--a-w C:\WINDOWS\system32\drivers\sffdisk.sys
      + 2004-08-03 22:59:56 10,240 -c--a-w C:\WINDOWS\system32\drivers\sffp_sd.sys
      + 2004-08-03 22:59:56 11,392 ----a-w C:\WINDOWS\system32\drivers\sfloppy.sys
      + 2004-08-03 23:07:44 41,088 -c--a-w C:\WINDOWS\system32\drivers\SISAGP.SYS
      + 2003-07-18 08:58:20 36,992 -c--a-w C:\WINDOWS\system32\drivers\SISAGPX.SYS
      + 2004-08-03 21:31:36 32,768 ----a-w C:\WINDOWS\system32\drivers\sisnic.sys
      + 2004-08-03 21:10:18 11,136 -c--a-w C:\WINDOWS\system32\drivers\SLIP.sys
      + 2001-08-24 14:00:00 14,592 -c--a-w C:\WINDOWS\system32\drivers\smclib.sys
      + 2004-08-04 01:05:42 25,472 -c--a-w C:\WINDOWS\system32\drivers\sonydcam.sys
      + 2004-08-03 23:07:48 6,400 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
      + 2004-08-04 00:49:46 73,600 -c--a-w C:\WINDOWS\system32\drivers\sr.sys
      + 2006-08-14 10:34:41 332,928 ----a-w C:\WINDOWS\system32\drivers\srv.sys
      + 2005-08-30 15:57:18 58,320 ----a-w C:\WINDOWS\system32\drivers\ss_bus.sys
      + 2005-08-30 15:58:50 6,144 ----a-w C:\WINDOWS\system32\drivers\ss_cm.sys
      + 2005-08-30 15:58:50 6,144 -c--a-w C:\WINDOWS\system32\drivers\ss_cmnt.sys
      + 2005-08-30 15:58:56 8,304 ----a-w C:\WINDOWS\system32\drivers\ss_mdfl.sys
      + 2005-08-30 15:59:00 94,000 ----a-w C:\WINDOWS\system32\drivers\ss_mdm.sys
      + 2005-08-30 15:57:14 5,808 ----a-w C:\WINDOWS\system32\drivers\ss_wh.sys
      + 2005-08-30 15:57:14 5,808 -c--a-w C:\WINDOWS\system32\drivers\ss_whnt.sys
      + 2006-07-24 14:05:00 5,632 ----a-w C:\WINDOWS\system32\drivers\StarOpen.sys
      + 2004-08-03 21:08:04 48,640 -c--a-w C:\WINDOWS\system32\drivers\stream.sys
      + 2004-08-03 21:10:14 15,360 -c--a-w C:\WINDOWS\system32\drivers\StreamIP.sys
      + 2004-08-04 01:05:42 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys
      + 2001-08-17 22:00:52 54,272 ----a-w C:\WINDOWS\system32\drivers\swmidi.sys
      + 2004-08-03 23:15:56 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
      + 2004-08-03 23:00:00 14,976 -c--a-w C:\WINDOWS\system32\drivers\tape.sys
      + 2007-10-30 17:20:55 360,064 ------w C:\WINDOWS\system32\drivers\tcpip.sys
      + 2004-08-03 23:07:46 223,616 -c--a-w C:\WINDOWS\system32\drivers\tcpip6.sys
      + 2004-08-03 23:07:50 18,560 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
      + 2004-08-04 00:55:12 12,040 -c--a-w C:\WINDOWS\system32\drivers\tdpipe.sys
      + 2004-08-04 00:55:14 21,896 -c--a-w C:\WINDOWS\system32\drivers\tdtcp.sys
      + 2004-08-03 23:55:12 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
      + 2001-08-24 14:00:00 51,712 -c--a-w C:\WINDOWS\system32\drivers\tosdvd.sys
      + 2001-08-24 14:00:00 21,376 -c--a-w C:\WINDOWS\system32\drivers\tsbvcap.sys
      + 2004-08-04 01:05:42 12,416 -c--a-w C:\WINDOWS\system32\drivers\tunmp.sys
      + 2004-08-03 23:00:32 66,176 -c--a-w C:\WINDOWS\system32\drivers\udfs.sys
      + 2004-08-03 22:58:34 209,408 ----a-w C:\WINDOWS\system32\drivers\update.sys
      + 2004-08-03 23:04:34 12,672 -c--a-w C:\WINDOWS\system32\drivers\usb8023.sys
      + 2004-08-03 21:07:56 59,264 -c--a-w C:\WINDOWS\system32\drivers\USBAUDIO.sys
      + 2001-08-24 14:00:00 23,808 -c--a-w C:\WINDOWS\system32\drivers\usbcamd.sys
      + 2001-08-24 14:00:00 23,936 -c--a-w C:\WINDOWS\system32\drivers\usbcamd2.sys
      + 2004-08-03 21:08:48 31,616 -c--a-w C:\WINDOWS\system32\drivers\usbccgp.sys
      + 2001-08-24 14:00:00 4,736 ----a-w C:\WINDOWS\system32\drivers\usbd.sys
      + 2004-08-03 23:08:44 57,600 ----a-w C:\WINDOWS\system32\drivers\usbhub.sys
      + 2004-08-04 01:05:42 16,000 -c--a-w C:\WINDOWS\system32\drivers\usbintel.sys
      + 2004-08-03 23:08:38 17,024 ----a-w C:\WINDOWS\system32\drivers\usbohci.sys
      + 2004-08-03 23:08:44 142,976 ----a-w C:\WINDOWS\system32\drivers\usbport.sys
      + 2004-08-03 22:08:48 26,496 ----a-w C:\WINDOWS\system32\drivers\USBSTOR.SYS
      + 2001-08-24 14:00:00 58,112 -c--a-w C:\WINDOWS\system32\drivers\vdmindvd.sys
      + 2004-08-03 23:07:08 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
      + 2004-08-03 23:07:06 79,744 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
      + 2004-08-04 00:44:16 53,376 -c--a-w C:\WINDOWS\system32\drivers\volsnap.sys
      + 2004-08-03 23:04:58 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
      + 2004-08-03 23:15:06 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
      + 2006-01-18 13:08:56 493,440 -c--a-w C:\WINDOWS\system32\drivers\WlanBZ64.SYS
      + 2006-01-18 13:08:54 402,432 -c--a-w C:\WINDOWS\system32\drivers\WlanBZXP.sys
      + 2001-08-24 14:00:00 4,352 ----a-w C:\WINDOWS\system32\drivers\wmilib.sys
      + 2004-08-10 21:05:50 18,944 -c--a-w C:\WINDOWS\system32\drivers\wpdusb.sys
      + 2001-08-24 14:00:00 12,032 -c--a-w C:\WINDOWS\system32\drivers\ws2ifsl.sys
      + 2004-08-03 21:10:22 19,328 -c--a-w C:\WINDOWS\system32\drivers\WSTCODEC.SYS
      + 2006-01-18 13:08:56 17,664 -c--a-w C:\WINDOWS\system32\drivers\ZDPSp50.sys
      + 2006-01-18 13:08:56 31,744 -c--a-w C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
      - 2004-08-04 00:54:26 1,097,728 ----a-w C:\WINDOWS\system32\esent.dll
      + 2005-10-20 22:25:53 1,097,728 ----a-w C:\WINDOWS\system32\esent.dll
      - 2007-09-17 23:46:25 250,288 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
      + 2008-05-15 20:40:57 250,288 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
      - 2001-08-24 14:00:00 79,360 ----a-w C:\WINDOWS\system32\fontsub.dll
      + 2005-10-17 21:21:08 80,896 ----a-w C:\WINDOWS\system32\fontsub.dll
      - 2004-08-04 00:54:30 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
      + 2007-12-18 14:41:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
      - 2004-08-04 00:54:30 1,048,576 ----a-w C:\WINDOWS\system32\kernel32.dll
      + 2007-04-16 15:53:11 1,049,600 ----a-w C:\WINDOWS\system32\kernel32.dll
      - 2004-08-04 00:54:30 18,944 ----a-w C:\WINDOWS\system32\linkinfo.dll
      + 2005-09-01 01:43:37 19,968 ----a-w C:\WINDOWS\system32\linkinfo.dll
      - 2004-08-04 00:54:30 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
      + 2007-11-07 09:28:31 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
      + 2007-11-21 00:04:14 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
      + 2008-02-04 16:59:24 74,137 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
      + 2001-08-24 14:00:00 17,920 -c--a-w C:\WINDOWS\system32\Microsoft\tftp.exe
      + 2001-08-24 14:00:00 19,429 -c--a-w C:\WINDOWS\system32\MsDtc\Trace\msdtcvtr.bat
      - 2004-08-04 00:54:34 425,472 ----a-w C:\WINDOWS\system32\msdtcprx.dll
      + 2006-03-01 19:43:50 426,496 ----a-w C:\WINDOWS\system32\msdtcprx.dll
      - 2004-08-04 00:54:34 949,248 ----a-w C:\WINDOWS\system32\msdtctm.dll
      + 2006-03-01 19:43:50 956,416 ----a-w C:\WINDOWS\system32\msdtctm.dll
      - 2004-08-04 00:54:34 161,280 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
      + 2006-03-01 19:43:51 161,280 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
      - 2004-08-04 00:54:34 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
      + 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
      - 2004-08-04 00:54:34 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
      + 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
      - 2004-08-04 00:54:34 537,088 ----a-w C:\WINDOWS\system32\msftedit.dll
      + 2006-11-27 14:55:30 539,136 ----a-w C:\WINDOWS\system32\msftedit.dll
      - 2004-08-04 00:54:34 2,804,224 ----a-w C:\WINDOWS\system32\msi.dll
      + 2005-05-04 12:45:32 2,890,240 ----a-w C:\WINDOWS\system32\msi.dll
      - 2004-08-04 00:54:58 77,312 ----a-w C:\WINDOWS\system32\msiexec.exe
      + 2005-05-04 12:45:36 78,848 ----a-w C:\WINDOWS\system32\msiexec.exe
      - 2004-08-04 00:54:34 331,264 ----a-w C:\WINDOWS\system32\msihnd.dll
      + 2005-05-04 12:45:36 271,360 ----a-w C:\WINDOWS\system32\msihnd.dll
      - 2004-08-04 00:53:32 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
      + 2005-05-04 12:45:36 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
      - 2004-08-04 00:54:34 44,032 ----a-w C:\WINDOWS\system32\msisip.dll
      + 2005-05-04 12:45:36 15,360 ----a-w C:\WINDOWS\system32\msisip.dll
      - 2004-08-04 00:54:34 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
      + 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
      - 2004-07-17 11:34:48 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
      + 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
      - 2004-08-04 00:54:34 184,351 ----a-w C:\WINDOWS\system32\msjint40.dll
      + 2008-03-25 04:51:08 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
      - 2004-08-04 00:54:34 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
      + 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
      - 2004-08-04 00:54:34 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
      + 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
      - 2004-08-04 00:54:34 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
      + 2008-03-25 08:20:46 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
      - 2004-08-04 00:54:34 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
      + 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
      - 2004-08-04 00:54:36 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
      + 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
      - 2004-08-04 00:54:36 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
      + 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
      - 2004-08-04 00:54:36 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
      + 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
      - 2004-08-04 00:54:36 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
      + 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
      - 2004-08-04 00:54:36 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
      + 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
      - 2004-08-04 00:54:36 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll
      + 2008-03-25 04:51:09 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
      - 2004-08-04 00:54:36 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
      + 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
      - 2003-04-18 14:46:22 1,233,920 ----a-w C:\WINDOWS\system32\msxml4.dll
      + 2007-05-08 13:03:04 1,275,392 ----a-w C:\WINDOWS\system32\msxml4.dll
      - 2004-08-04 00:54:36 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll
      + 2006-03-01 19:43:51 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll
      - 2004-08-04 00:54:36 90,112 ----a-w C:\WINDOWS\system32\mtxoci.dll
      + 2006-03-01 19:43:51 91,136 ----a-w C:\WINDOWS\system32\mtxoci.dll
      + 2001-08-24 14:00:00 92,160 ----a-w C:\WINDOWS\system32\mui\[u]0[/u]00C\hhctrlui.dll
      - 2004-08-04 00:54:36 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
      + 2006-08-17 12:29:49 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
      - 2004-08-04 00:54:36 198,144 ----a-w C:\WINDOWS\system32\netman.dll
      + 2005-08-22 18:35:10 197,632 ----a-w C:\WINDOWS\system32\netman.dll
      + 2004-08-04 00:54:36 57,344 -c--a-w C:\WINDOWS\system32\npp\ndisnpp.dll
      + 2004-08-04 00:55:00 15,360 -c--a-w C:\WINDOWS\system32\npp\nppagent.exe
      - 2004-08-04 01:05:42 2,058,880 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
      + 2007-02-28 16:02:36 2,059,648 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
      + 2007-02-28 16:02:36 2,182,400 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
      - 2004-08-04 00:54:36 1,281,024 ----a-w C:\WINDOWS\system32\ole32.dll
      + 2005-04-28 19:32:30 1,284,608 ----a-w C:\WINDOWS\system32\ole32.dll
      - 2004-08-04 00:54:36 553,472 ----a-w C:\WINDOWS\system32\oleaut32.dll
      + 2007-12-04 18:41:36 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
      - 2001-08-24 14:00:00 69,120 ----a-w C:\WINDOWS\system32\olecli32.dll
      + 2005-04-28 19:32:30 75,264 ----a-w C:\WINDOWS\system32\olecli32.dll
      - 2001-08-24 14:00:00 34,304 ----a-w C:\WINDOWS\system32\olecnv32.dll
      + 2005-04-28 19:32:30 37,888 ----a-w C:\WINDOWS\system32\olecnv32.dll
      + 2004-08-04 00:54:34 122,368 -c--a-w C:\WINDOWS\system32\oobe\msobcomm.dll
      + 2004-08-04 00:54:34 16,384 -c--a-w C:\WINDOWS\system32\oobe\msobdl.dll
      + 2004-08-04 00:54:34 563,200 -c--a-w C:\WINDOWS\system32\oobe\msobmain.dll
      + 2004-08-04 00:54:34 30,720 -c--a-w C:\WINDOWS\system32\oobe\msobshel.dll
      + 2004-08-04 00:54:34 18,944 -c--a-w C:\WINDOWS\system32\oobe\msobweb.dll
      + 2001-08-24 14:00:00 28,160 -c--a-w C:\WINDOWS\system32\oobe\msoobe.exe
      + 2004-08-04 00:55:00 51,712 -c--a-w C:\WINDOWS\system32\oobe\oobebaln.exe
      - 2008-05-09 21:52:32 42,222 ----a-w C:\WINDOWS\system32\perfc009.dat
      + 2008-05-15 20:06:44 42,222 ----a-w C:\WINDOWS\system32\perfc009.dat
      - 2008-05-09 21:52:32 51,338 ----a-w C:\WINDOWS\system32\perfc00C.dat
      + 2008-05-15 20:06:44 51,338 ----a-w C:\WINDOWS\system32\perfc00C.dat
      - 2008-05-09 21:52:32 317,326 ----a-w C:\WINDOWS\system32\perfh009.dat
      + 2008-05-15 20:06:44 317,326 ----a-w C:\WINDOWS\system32\perfh009.dat
      - 2008-05-09 21:52:32 373,658 ----a-w C:\WINDOWS\system32\perfh00C.dat
      + 2008-05-15 20:06:44 373,658 ----a-w C:\WINDOWS\system32\perfh00C.dat
      - 2004-08-04 00:54:38 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
      + 2007-10-29 22:43:32 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
      - 2004-08-04 00:54:38 8,192 ----a-w C:\WINDOWS\system32\rasadhlp.dll
      + 2006-06-26 17:41:32 8,192 ----a-w C:\WINDOWS\system32\rasadhlp.dll
      + 2004-08-03 23:07:44 41,088 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]000\DriverFiles\i386\SISAGP.SYS
      + 2004-08-03 23:08:00 60,288 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\drmk.sys
      + 2001-08-17 19:19:34 40,704 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\es1371mp.sys
      + 2004-08-04 01:05:42 140,928 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\ks.sys
      + 2004-08-04 00:54:30 4,096 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\ksuser.dll
      + 2004-08-03 23:15:50 145,792 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\portcls.sys
      + 2004-08-04 01:05:42 48,640 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\stream.sys
      + 2004-08-04 01:05:42 23,552 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\wdmaud.drv
      + 2004-08-04 01:05:42 23,680 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]002\DriverFiles\i386\mouclass.sys
      + 2001-08-24 14:00:00 12,288 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]002\DriverFiles\i386\mouhid.sys
      + 2007-03-26 09:39:26 3,879,388 -c--a-w C:\WINDOWS\system32\Restore\rstrlog.dat
      + 2004-08-04 00:55:02 384,512 ----a-w C:\WINDOWS\system32\Restore\rstrui.exe
      + 2001-08-24 14:00:00 47,104 -c--a-w C:\WINDOWS\system32\Restore\srdiag.exe
      - 2004-08-04 00:54:38 431,616 ----a-w C:\WINDOWS\system32\riched20.dll
      + 2006-11-27 14:55:31 433,152 ----a-w C:\WINDOWS\system32\riched20.dll
      - 2004-08-04 00:54:38 395,776 ----a-w C:\WINDOWS\system32\rpcss.dll
      + 2005-04-28 19:32:30 395,776 ----a-w C:\WINDOWS\system32\rpcss.dll
      + 2005-08-30 15:57:18 58,320 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\ss_bus.sys
      + 2005-08-30 15:58:50 6,144 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\ss_cmnt.sys
      + 2005-08-30 15:58:56 8,304 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\ss_mdfl.sys
      + 2005-08-30 15:59:00 94,000 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\ss_mdm.sys
      + 2005-08-26 16:07:28 81,920 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
      + 2005-08-30 15:57:14 5,808 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\ss_whnt.sys
      + 2005-08-29 23:47:38 58,320 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\ssm_bus.sys
      + 2005-08-29 23:49:28 6,176 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\ssm_cmnt.sys
      + 2005-08-29 23:49:34 8,336 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\ssm_mdfl.sys
      + 2005-08-29 23:49:38 94,000 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\ssm_mdm.sys
      + 2005-08-29 23:46:16 81,920 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
      + 2005-08-29 23:47:34 5,840 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\ssm_whnt.sys
      + 2005-12-22 10:24:50 80,272 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdbus.sys
      + 2005-12-22 10:24:52 11,877 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdcmnt.sys
      + 2005-12-22 10:24:52 10,864 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdmdfl.sys
      + 2005-12-22 10:24:52 137,884 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdmdm.sys
      + 2005-12-22 10:24:52 108,003 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdserd.sys
      + 2005-12-22 10:24:52 65,536 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
      + 2005-12-22 10:24:54 11,188 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdwhnt.sys
      + 2006-07-21 10:12:56 66,672 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdbus.sys
      + 2006-07-21 10:15:26 6,208 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdcmnt.sys
      + 2006-07-21 10:13:48 9,232 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdmdfl.sys
      + 2006-07-21 10:13:52 100,304 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdmdm.sys
      + 2006-07-21 10:14:40 91,744 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdmgmt.sys
      + 2006-07-21 10:15:28 89,584 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdobex.sys
      + 2006-07-21 10:15:56 53,760 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
      + 2006-07-21 10:12:52 5,872 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdwhnt.sys
      + 2007-01-07 16:10:28 66,880 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\ssbcbus.sys
      + 2007-01-07 16:11:16 6,272 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\ssbccmnt.sys
      + 2007-01-07 16:11:18 9,360 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\ssbcmdfl.sys
      + 2007-01-07 16:11:22 100,864 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\ssbcmdm.sys
      + 2007-01-07 16:11:48 55,296 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
      + 2007-01-07 16:10:24 5,936 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\ssbcwhnt.sys
      - 2004-08-04 00:54:38 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
      + 2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
      + 2001-08-24 14:00:00 259,584 -c--a-w C:\WINDOWS\system32\Setup\comsetup.dll
      + 2004-08-04 00:54:26 32,828 -c--a-w C:\WINDOWS\system32\Setup\fp40ext.dll
      + 2001-08-24 14:00:00 6,144 -c--a-w C:\WINDOWS\system32\Setup\fsconins.dll
      + 2004-08-04 00:54:28 132,608 -c--a-w C:\WINDOWS\system32\Setup\fxsocm.dll
      + 2004-08-04 00:53:04 508,416 -c--a-w C:\WINDOWS\system32\Setup\iis.dll
      + 2001-08-24 14:00:00 118,784 -c--a-w C:\WINDOWS\system32\Setup\imsinsnt.dll
      + 2004-08-04 00:54:32 16,896 -c--a-w C:\WINDOWS\system32\Setup\medctroc.dll
      + 2001-08-24 14:00:00 82,432 -c--a-w C:\WINDOWS\system32\Setup\msdtcstp.dll
      + 2004-08-04 00:54:34 15,872 -c--a-w C:\WINDOWS\system32\Setup\msgrocm.dll
      + 2004-08-04 00:54:34 169,984 -c--a-w C:\WINDOWS\system32\Setup\msmqocm.dll
      + 2004-08-03 22:10:58 126,976 -c--a-w C:\WINDOWS\system32\Setup\netfxocm.dll
      + 2004-08-04 00:54:36 78,336 -c--a-w C:\WINDOWS\system32\Setup\netoc.dll
      + 2004-08-04 00:54:36 63,488 -c--a-w C:\WINDOWS\system32\Setup\ntoc.dll
      + 2004-08-04 00:54:36 15,872 -c--a-w C:\WINDOWS\system32\Setup\ocgen.dll
      + 2004-08-04 00:54:36 17,408 -c--a-w C:\WINDOWS\system32\Setup\ocmsn.dll
      + 2004-08-04 00:54:40 101,888 -c--a-w C:\WINDOWS\system32\Setup\setupqry.dll
      + 2004-08-04 00:54:44 34,304 -c--a-w C:\WINDOWS\system32\Setup\tabletoc.dll
      + 2004-08-04 00:54:44 123,904 -c--a-w C:\WINDOWS\system32\Setup\tsoc.dll
      + 2001-08-24 14:00:00 8,261 -c--a-w C:\WINDOWS\system32\Setup\zoneoc.dll
      - 2004-08-22 22:33:46 8,440,320 ----a-w C:\WINDOWS\system32\shell32.dll
      + 2006-03-17 04:07:40 8,508,416 ----a-w C:\WINDOWS\system32\shell32.dll
      - 2004-08-04 00:54:40 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
      + 2005-09-03 00:06:11 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
      + 2007-07-30 17:18:40 33,624 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
      + 2007-03-06 01:34:33 15,072 ------w C:\WINDOWS\system32\spmsg.dll
      + 2003-06-18 23:31:44 758,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll
      + 2003-06-18 23:31:46 35,328 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
      + 2003-06-18 23:31:44 758,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll
      + 2003-06-18 23:31:46 35,328 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll
      + 2003-06-18 23:31:48 18,944 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
      + 2005-06-28 08:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
      - 2004-08-04 00:54:42 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll
      + 2004-12-07 19:34:00 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll
      - 2004-08-04 00:54:44 210,432 ----a-w C:\WINDOWS\system32\t2embed.dll
      + 2005-10-17 21:21:08 118,272 ----a-w C:\WINDOWS\system32\t2embed.dll
      - 2004-08-04 00:55:02 77,824 ----a-w C:\WINDOWS\system32\telnet.exe
      + 2005-05-11 02:30:03 78,336 ----a-w C:\WINDOWS\system32\telnet.exe
      - 2004-08-04 00:54:44 119,808 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
      + 2005-08-23 03:39:36 124,928 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
      + 2008-05-15 18:21:36 126,464 ----a-w C:\WINDOWS\system32\upxyctvm.dll
      - 2004-08-04 00:54:44 578,048 ----a-w C:\WINDOWS\system32\user32.dll
      + 2005-03-02 18:10:36 578,048 ----a-w C:\WINDOWS\system32\user32.dll
      + 2004-08-04 00:54:28 125,440 -c--a-w C:\WINDOWS\system32\usmt\guitrn.dll
      + 2004-08-04 00:54:28 109,056 -c--a-w C:\WINDOWS\system32\usmt\guitrn_a.dll
      + 2004-08-04 00:54:28 4,096 -c--a-w C:\WINDOWS\system32\usmt\iconlib.dll
      + 2004-08-04 00:54:30 19,968 -c--a-w C:\WINDOWS\system32\usmt\log.dll
      + 2004-08-04 00:54:32 201,216 -c--a-w C:\WINDOWS\system32\usmt\migism.dll
      + 2004-08-04 00:54:32 192,512 -c--a-w C:\WINDOWS\system32\usmt\migism_a.dll
      + 2004-08-04 00:54:54 103,936 -c--a-w C:\WINDOWS\system32\usmt\migload.exe
      + 2004-08-04 00:54:54 246,784 ----a-w C:\WINDOWS\system32\usmt\migwiz.exe
      + 2004-08-04 00:54:54 242,688 -c--a-w C:\WINDOWS\system32\usmt\migwiz_a.exe
      + 2004-08-04 00:54:38 204,800 -c--a-w C:\WINDOWS\system32\usmt\script.dll
      + 2004-08-04 00:54:38 189,440 -c--a-w C:\WINDOWS\system32\usmt\script_a.dll
      + 2004-08-04 00:54:44 169,472 -c--a-w C:\WINDOWS\system32\usmt\sysmod.dll
      + 2004-08-04 00:54:44 155,648 -c--a-w C:\WINDOWS\system32\usmt\sysmod_a.dll
      - 2004-08-04 00:54:44 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
      + 2007-12-18 14:41:59 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
      + 2006-03-17 00:38:01 28,672 ------w C:\WINDOWS\system32\verclsid.exe
      + 2004-08-04 00:54:24 1,352,704 ----a-w C:\WINDOWS\system32\wbem\cimwin32.dll
      + 2004-08-04 00:54:26 45,568 -c--a-w C:\WINDOWS\system32\wbem\CmdEvTgProv.dll
      + 2001-08-24 14:00:00 120,320 -c--a-w C:\WINDOWS\system32\wbem\dsprov.dll
      + 2004-08-04 00:54:26 247,808 ----a-w C:\WINDOWS\system32\wbem\esscli.dll
      + 2004-08-04 00:54:26 22,016 -c--a-w C:\WINDOWS\system32\wbem\evntrprv.dll
      + 2004-08-04 00:54:26 472,064 ----a-w C:\WINDOWS\system32\wbem\fastprox.dll
      + 2004-08-04 00:54:26 185,856 ----a-w C:\WINDOWS\system32\wbem\framedyn.dll
      + 2001-08-24 14:00:00 53,248 -c--a-w C:\WINDOWS\system32\wbem\fwdprov.dll
      + 2004-08-04 00:54:30 24,576 -c--a-w C:\WINDOWS\system32\wbem\krnlprov.dll
      + 2004-08-04 00:54:56 16,896 -c--a-w C:\WINDOWS\system32\wbem\mofcomp.exe
      + 2004-08-04 00:54:32 124,928 -c--a-w C:\WINDOWS\system32\wbem\mofd.dll
      + 2001-08-24 14:00:00 273,920 -c--a-w C:\WINDOWS\system32\wbem\msiprov.dll
      + 2004-08-04 00:54:36 47,104 ----a-w C:\WINDOWS\system32\wbem\ncprov.dll
      + 2004-08-04 00:54:36 212,992 -c--a-w C:\WINDOWS\system32\wbem\ntevt.dll
      + 2004-08-04 00:54:38 92,672 -c--a-w C:\WINDOWS\system32\wbem\policman.dll
      + 2004-08-04 00:54:38 237,056 -c--a-w C:\WINDOWS\system32\wbem\provthrd.dll
      + 2004-08-04 00:54:38 177,152 ----a-w C:\WINDOWS\system32\wbem\repdrvfs.dll
      + 2004-08-04 00:55:02 36,864 -c--a-w C:\WINDOWS\system32\wbem\scrcons.exe
      + 2001-08-24 14:00:00 40,960 -c--a-w C:\WINDOWS\system32\wbem\smtpcons.dll
      + 2004-08-04 00:54:44 86,528 -c--a-w C:\WINDOWS\system32\wbem\stdprov.dll
      + 2001-08-24 14:00:00 61,952 -c--a-w C:\WINDOWS\system32\wbem\tmplprov.dll
      + 2001-08-24 14:00:00 59,904 -c--a-w C:\WINDOWS\system32\wbem\trnsprov.dll
      + 2001-08-24 14:00:00 16,896 -c--a-w C:\WINDOWS\system32\wbem\unsecapp.exe
      + 2001-08-24 14:00:00 116,224 -c--a-w C:\WINDOWS\system32\wbem\updprov.dll
      + 2004-08-04 00:54:44 131,584 -c--a-w C:\WINDOWS\system32\wbem\viewprov.dll
      + 2001-08-24 14:00:00 12,288 -c--a-w C:\WINDOWS\system32\wbem\wbemads.dll
      + 2004-08-04 00:54:44 201,216 -c--a-w C:\WINDOWS\system32\wbem\wbemcntl.dll
      + 2004-08-04 00:54:44 214,528 ----a-w C:\WINDOWS\system32\wbem\wbemcomn.dll
      + 2004-08-04 00:54:44 71,680 ----a-w C:\WINDOWS\system32\wbem\wbemcons.dll
      + 2004-08-04 00:54:44 530,944 ----a-w C:\WINDOWS\system32\wbem\wbemcore.dll
      + 2004-08-04 00:54:44 178,176 -c--a-w C:\WINDOWS\system32\wbem\wbemdisp.dll
      + 2004-08-04 00:54:44 273,920 ----a-w C:\WINDOWS\system32\wbem\wbemess.dll
      + 2004-08-04 00:54:44 44,544 -c--a-w C:\WINDOWS\system32\wbem\wbemperf.dll
      + 2004-08-04 00:54:44 18,944 ----a-w C:\WINDOWS\system32\wbem\wbemprox.dll
      + 2004-08-04 00:54:44 43,520 ----a-w C:\WINDOWS\system32\wbem\wbemsvc.dll
      + 2004-08-04 00:55:02 119,808 -c--a-w C:\WINDOWS\system32\wbem\wbemtest.exe
      + 2004-08-04 00:54:44 197,120 -c--a-w C:\WINDOWS\system32\wbem\wbemupgd.dll
      + 2001-08-24 14:00:00 14,336 -c--a-w C:\WINDOWS\system32\wbem\winmgmt.exe
      + 2001-08-24 14:00:00 18,944 -c--a-w C:\WINDOWS\system32\wbem\winmgmtr.dll
      + 2004-08-04 00:55:02 196,608 -c--a-w C:\WINDOWS\system32\wbem\wmiadap.exe
      + 2004-08-04 00:54:10 7,680 -c--a-w C:\WINDOWS\system32\wbem\wmiapres.dll
      + 2004-08-04 00:54:48 89,088 -c--a-w C:\WINDOWS\system32\wbem\wmiaprpl.dll
      + 2004-08-04 00:55:02 126,464 -c--a-w C:\WINDOWS\system32\wbem\wmiapsrv.exe
      + 2004-08-04 00:55:02 369,664 -c--a-w C:\WINDOWS\system32\wbem\wmic.exe
      + 2004-08-04 00:54:48 60,928 -c--a-w C:\WINDOWS\system32\wbem\wmicookr.dll
      + 2004-08-04 00:54:48 140,800 -c--a-w C:\WINDOWS\system32\wbem\wmidcprv.dll
      + 2001-08-24 14:00:00 61,440 -c--a-w C:\WINDOWS\system32\wbem\wmimsg.dll
      + 2004-08-04 00:54:48 156,672 -c--a-w C:\WINDOWS\system32\wbem\wmipcima.dll
      + 2004-08-04 00:54:48 132,096 -c--a-w C:\WINDOWS\system32\wbem\wmipdskq.dll
      + 2001-08-24 14:00:00 77,312 -c--a-w C:\WINDOWS\system32\wbem\wmipicmp.dll
      + 2004-08-04 00:54:48 62,464 -c--a-w C:\WINDOWS\system32\wbem\wmipiprt.dll
      + 2004-08-04 00:54:48 62,976 -c--a-w C:\WINDOWS\system32\wbem\wmipjobj.dll
      + 2004-08-04 00:54:48 144,896 -c--a-w C:\WINDOWS\system32\wbem\wmiprov.dll
      + 2004-08-04 00:54:48 437,248 ----a-w C:\WINDOWS\system32\wbem\wmiprvsd.dll
      + 2004-08-04 00:55:02 218,112 ----a-w C:\WINDOWS\system32\wbem\wmiprvse.exe
      + 2004-08-04 00:54:48 41,472 -c--a-w C:\WINDOWS\system32\wbem\wmipsess.dll
      + 2004-08-04 00:54:48 145,408 ----a-w C:\WINDOWS\system32\wbem\wmisvc.dll
      + 2001-08-24 14:00:00 52,224 -c--a-w C:\WINDOWS\system32\wbem\wmitimep.dll
      + 2004-08-04 00:54:48 99,328 ----a-w C:\WINDOWS\system32\wbem\wmiutils.dll
      + 2001-08-24 14:00:00 45,568 ----a-w C:\WINDOWS\system32\wbem\xml\wmi2xml.dll
      - 2004-08-04 00:45:58 1,836,032 ----a-w C:\WINDOWS\system32\win32k.sys
      + 2005-03-02 18:07:53 1,836,416 ----a-w C:\WINDOWS\system32\win32k.sys
      - 2004-08-04 00:54:46 291,328 ----a-w C:\WINDOWS\system32\winsrv.dll
      + 2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
      - 2004-08-04 00:54:46 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll
      + 2006-08-17 12:29:49 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll
      - 2004-08-10 23:41:20 5,550,080 -c--a-w C:\WINDOWS\system32\wmp.dll
      + 2007-04-30 06:20:24 5,537,792 ----a-w C:\WINDOWS\system32\wmp.dll
      - 2004-08-11 00:39:08 2,362,104 -c--a-w C:\WINDOWS\system32\wmvcore.dll
      + 2006-12-07 06:40:49 2,362,184 ----a-w C:\WINDOWS\system32\wmvcore.dll
      - 2004-08-04 00:54:48 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll
      + 2006-03-01 19:43:51 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll
      + 2006-10-16 01:40:52 121,856 ------w C:\WINDOWS\system32\xpsp3res.dll
      + 2008-05-15 21:39:41 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_674.dat
      + 2007-05-08 13:06:44 1,275,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll
      + 2007-04-18 08:36:40 82,432 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
      + 2001-08-24 14:00:00 57,344 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries.Resources_6595b64144ccf1df_6.0.0.0_fr-FR_9d8c4a39\mfc42fra.dll
      + 2001-08-24 14:00:00 74,802 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\atl.dll
      + 2001-08-24 14:00:00 995,383 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42.dll
      + 2001-08-24 14:00:00 995,384 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42u.dll
      + 2001-08-24 14:00:00 401,462 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\msvcp60.dll
      + 2006-06-05 13:14:28 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
      + 2006-06-05 13:14:28 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
      + 2006-06-05 13:14:28 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
      + 2001-08-24 14:00:00 921,088 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
      + 2004-08-04 00:52:46 1,050,624 ----a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
      + 2001-08-24 14:00:00 50,688 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcirt.dll
      + 2001-08-24 14:00:00 322,560 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
      + 2004-08-04 00:52:46 54,784 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcirt.dll
      + 2004-08-04 00:52:46 343,040 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
      + 2001-08-24 14:00:00 1,700,352 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll
      + 2004-08-04 00:52:46 1,712,128 ----a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll
      + 2004-08-04 00:52:46 852,992 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll
      + 2004-08-04 00:52:46 994,816 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll
      + 2004-08-04 00:52:46 137,728 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_fr_457ebf3d\rtcres.dll
      .
      -- Snapshot reset to current date --
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c90c3518-5092-42ed-8e94-587c6d7f3608}]
      2008-05-15 20:27 133632 --a------ C:\WINDOWS\system32\asmgpdui.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:54 15360]
      "msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:55 5674352]
      "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-12 18:39 79224]
      "00fd4e5e"="C:\WINDOWS\system32\llklodqt.dll" [ ]

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\MSN Messenger\\livecall.exe"=

      R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-12 18:36]
      R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
      R3 N100;Pilote de carte réseau Ethernet ou Fast Ethernet Compaq;C:\WINDOWS\system32\DRIVERS\n100325.sys [2001-08-23 18:09]
      S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-03-09 17:29]
      S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2006-01-18 15:08]
      S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
      S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
      S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
      S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
      S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

      .
      Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
      "2007-08-03 15:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
      - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
      "2007-08-14 20:12:06 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job"
      - C:\Program Files\Microsoft IntelliPoint\ipoint.exe
      .
      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-05-15 23:40:53
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cach‚s ...

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\system32\wdfmgr.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-05-15 23:44:47 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-05-15 21:44:40
      ComboFix2.txt 2008-05-15 17:07:49

      Pre-Run: 316,755,968 octets libres
      Post-Run: 317,169,664 octets libres

      733 --- E O F --- 2008-05-15 19:12:03


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:46, on 15/05/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\notepad.exe
      C:\Program Files\Trend Micro\HijackThis\monjack.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: {8063f7d6-c785-49e8-de24-29058153c09c} - {c90c3518-5092-42ed-8e94-587c6d7f3608} - C:\WINDOWS\system32\asmgpdui.dll
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [00fd4e5e] rundll32.exe "C:\WINDOWS\system32\llklodqt.dll",b
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\
      0
    2. DACINJO
       
      ComboFix 08-05-12.1 - HENRY 2008-05-15 23:34:30.3 - NTFSx86 MINIMAL
      Endroit: C:\Documents and Settings\HENRY\Bureau\C-Fix.exe

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\pskt.ini

      .
      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))))))))
      .

      2008-05-15 22:35 . 2008-05-15 22:35 <REP> d-------- C:\Program Files\MSXML 4.0
      2008-05-15 21:19 . 2008-05-15 21:19 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-05-15 21:19 . 2008-05-15 21:19 <REP> d-------- C:\Documents and Settings\HENRY\Application Data\Malwarebytes
      2008-05-15 21:19 . 2008-05-15 21:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-05-15 17:59 . 2008-05-15 17:59 <REP> d-------- C:\Program Files\Trend Micro
      2008-05-15 17:57 . 2008-05-15 17:57 812,344 --a------ C:\Program Files\monjack.exe
      2008-04-24 01:11 . 2008-04-24 01:11 <REP> d-------- C:\Documents and Settings\HENRY\Application Data\DivX

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-05-14 10:50 --------- d-----w C:\Documents and Settings\HENRY\Application Data\AdobeUM
      2008-05-10 00:42 --------- d-----w C:\Program Files\LimeWire
      2008-04-23 23:29 --------- d-----w C:\Program Files\Incomplete
      2008-04-23 22:44 --------- d-----w C:\Documents and Settings\HENRY\Application Data\LimeWire
      2008-04-22 15:57 --------- d-----w C:\Program Files\Dofus
      2008-03-27 01:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
      2008-03-21 20:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
      2008-03-21 20:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
      2008-03-21 20:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
      .

      ((((((((((((((((((((((((((((( snapshot_2008-05-15_20.19.34.61 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-05-15 18:15:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat
      + 2008-05-15 21:39:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
      + 2006-03-17 00:33:10 262,784 ------w C:\WINDOWS\Driver Cache\i386\http.sys
      + 2006-05-05 09:41:45 453,120 ------w C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
      + 2007-02-28 16:02:21 2,138,112 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
      + 2007-02-28 16:02:36 2,059,648 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
      + 2007-02-28 16:02:21 2,017,792 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
      + 2007-02-28 16:02:36 2,182,400 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
      + 2008-05-13 00:55:56 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
      + 2008-05-15 20:58:33 6,758,400 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat
      + 2008-05-15 20:58:33 12,288 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
      + 2008-05-13 00:55:56 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
      + 2008-05-15 20:58:22 6,758,400 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat
      + 2008-05-15 20:58:22 12,288 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
      - 2004-08-22 22:35:29 1,036,288 ----a-w C:\WINDOWS\explorer.exe
      + 2007-06-13 13:22:28 1,037,312 ----a-w C:\WINDOWS\explorer.exe
      + 2008-05-15 20:35:27 32,768 ----a-r C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
      - 2004-08-04 00:54:22 41,984 ----a-w C:\WINDOWS\msagent\agentdp2.dll
      + 2006-10-12 14:04:13 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll
      - 2004-08-04 00:54:22 58,880 -c--a-w C:\WINDOWS\msagent\agentdpv.dll
      + 2006-10-12 14:04:13 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll
      - 2004-08-04 00:54:50 256,512 -c--a-w C:\WINDOWS\msagent\agentsvr.exe
      + 2006-10-12 11:09:53 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
      + 2008-05-15 18:18:57 3,424 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{62915198-5E04-481C-B9AC-57169845575E}.bin
      + 2008-05-15 18:27:50 133,632 ----a-w C:\WINDOWS\system32\asmgpdui.dll
      - 2004-08-04 00:54:22 56,832 ----a-w C:\WINDOWS\system32\authz.dll
      + 2005-03-02 18:10:36 56,832 ----a-w C:\WINDOWS\system32\authz.dll
      - 2004-08-04 00:54:22 41,984 -c--a-w C:\WINDOWS\system32\dllcache\agentdp2.dll
      + 2006-10-12 14:04:13 42,496 -c--a-w C:\WINDOWS\system32\dllcache\agentdp2.dll
      - 2004-08-04 00:54:22 58,880 -c--a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
      + 2006-10-12 14:04:13 57,344 -c--a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
      - 2004-08-04 00:54:50 256,512 -c--a-w C:\WINDOWS\system32\dllcache\agentsvr.exe
      + 2006-10-12 11:09:53 256,512 -c--a-w C:\WINDOWS\system32\dllcache\agentsvr.exe
      - 2004-08-04 00:54:22 56,832 -c--a-w C:\WINDOWS\system32\dllcache\authz.dll
      + 2005-03-02 18:10:36 56,832 -c--a-w C:\WINDOWS\system32\dllcache\authz.dll
      - 2004-08-04 00:54:24 561,179 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
      + 2008-03-25 04:50:25 554,008 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
      - 2004-08-04 00:54:24 148,480 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
      + 2008-02-20 05:35:05 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
      - 2004-08-04 00:54:24 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
      + 2008-02-20 05:35:05 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
      - 2004-08-04 00:54:26 1,097,728 -c--a-w C:\WINDOWS\system32\dllcache\esent.dll
      + 2005-10-20 22:25:53 1,097,728 -c--a-w C:\WINDOWS\system32\dllcache\esent.dll
      + 2007-06-13 13:22:28 1,037,312 -c----w C:\WINDOWS\system32\dllcache\explorer.exe
      - 2001-08-24 14:00:00 79,360 -c--a-w C:\WINDOWS\system32\dllcache\fontsub.dll
      + 2005-10-17 21:21:08 80,896 -c--a-w C:\WINDOWS\system32\dllcache\fontsub.dll
      - 2004-08-03 23:04:52 134,912 -c--a-w C:\WINDOWS\system32\dllcache\ipnat.sys
      + 2004-09-29 22:28:37 134,912 -c--a-w C:\WINDOWS\system32\dllcache\ipnat.sys
      - 2004-08-04 00:54:30 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
      + 2007-12-18 14:41:58 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
      - 2004-08-04 00:54:30 1,048,576 -c--a-w C:\WINDOWS\system32\dllcache\kernel32.dll
      + 2007-04-16 15:53:11 1,049,600 -c--a-w C:\WINDOWS\system32\dllcache\kernel32.dll
      - 2004-08-04 00:54:30 18,944 -c--a-w C:\WINDOWS\system32\dllcache\linkinfo.dll
      + 2005-09-01 01:43:37 19,968 -c--a-w C:\WINDOWS\system32\dllcache\linkinfo.dll
      - 2004-08-04 00:54:30 728,576 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
      + 2007-11-07 09:28:31 728,576 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
      + 2006-05-05 09:41:45 453,120 -c----w C:\WINDOWS\system32\dllcache\mrxsmb.sys
      - 2004-08-04 00:54:34 425,472 -c--a-w C:\WINDOWS\system32\dllcache\msdtcprx.dll
      + 2006-03-01 19:43:50 426,496 -c--a-w C:\WINDOWS\system32\dllcache\msdtcprx.dll
      - 2004-08-04 00:54:34 949,248 -c--a-w C:\WINDOWS\system32\dllcache\msdtctm.dll
      + 2006-03-01 19:43:50 956,416 -c--a-w C:\WINDOWS\system32\dllcache\msdtctm.dll
      - 2004-08-04 00:54:34 161,280 -c--a-w C:\WINDOWS\system32\dllcache\msdtcuiu.dll
      + 2006-03-01 19:43:51 161,280 -c--a-w C:\WINDOWS\system32\dllcache\msdtcuiu.dll
      - 2004-08-04 00:54:34 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
      + 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
      - 2004-08-04 00:54:34 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
      + 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
      - 2004-08-04 00:54:34 537,088 -c--a-w C:\WINDOWS\system32\dllcache\msftedit.dll
      + 2006-11-27 14:55:30 539,136 -c--a-w C:\WINDOWS\system32\dllcache\msftedit.dll
      - 2004-08-04 00:54:34 2,804,224 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
      + 2005-05-04 12:45:32 2,890,240 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
      - 2004-08-04 00:54:58 77,312 -c--a-w C:\WINDOWS\system32\dllcache\msiexec.exe
      + 2005-05-04 12:45:36 78,848 -c--a-w C:\WINDOWS\system32\dllcache\msiexec.exe
      - 2004-08-04 00:54:34 331,264 -c--a-w C:\WINDOWS\system32\dllcache\msihnd.dll
      + 2005-05-04 12:45:36 271,360 -c--a-w C:\WINDOWS\system32\dllcache\msihnd.dll
      - 2004-08-04 00:53:32 884,736 -c--a-w C:\WINDOWS\system32\dllcache\msimsg.dll
      + 2005-05-04 12:45:36 884,736 -c--a-w C:\WINDOWS\system32\dllcache\msimsg.dll
      - 2004-08-04 00:54:34 44,032 -c--a-w C:\WINDOWS\system32\dllcache\msisip.dll
      + 2005-05-04 12:45:36 15,360 -c--a-w C:\WINDOWS\system32\dllcache\msisip.dll
      - 2004-08-04 00:54:34 1,507,356 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
      + 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
      - 2004-07-17 11:34:48 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
      + 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
      - 2004-08-04 00:54:34 184,351 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
      + 2008-03-25 04:51:08 194,144 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
      - 2004-08-04 00:54:34 53,279 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
      + 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
      - 2004-08-04 00:54:34 241,693 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
      + 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
      - 2004-08-04 00:54:34 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
      + 2008-03-25 08:20:46 219,936 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
      + 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
      + 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
      + 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
      + 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
      + 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
      + 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
      + 2008-03-25 04:51:09 621,344 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
      + 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
      + 2006-03-01 19:43:51 66,560 -c--a-w C:\WINDOWS\system32\dllcache\mtxclu.dll
      + 2006-03-01 19:43:51 91,136 -c--a-w C:\WINDOWS\system32\dllcache\mtxoci.dll
      + 2006-08-17 12:29:49 332,288 -c--a-w C:\WINDOWS\system32\dllcache\netapi32.dll
      + 2005-08-22 18:35:10 197,632 -c--a-w C:\WINDOWS\system32\dllcache\netman.dll
      + 2007-02-09 11:10:35 574,464 -c--a-w C:\WINDOWS\system32\dllcache\ntfs.sys
      + 2007-02-28 16:02:21 2,138,112 -c--a-w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
      + 2007-02-28 16:02:36 2,059,648 -c----w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
      + 2007-02-28 16:02:21 2,017,792 -c----w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
      + 2007-02-28 16:02:36 2,182,400 -c----w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
      + 2005-04-28 19:32:30 1,284,608 -c--a-w C:\WINDOWS\system32\dllcache\ole32.dll
      + 2007-12-04 18:41:36 550,912 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
      + 2005-04-28 19:32:30 75,264 -c--a-w C:\WINDOWS\system32\dllcache\olecli32.dll
      + 2005-04-28 19:32:30 37,888 -c--a-w C:\WINDOWS\system32\dllcache\olecnv32.dll
      + 2007-10-29 22:43:32 1,293,824 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
      + 2006-06-26 17:41:32 8,192 -c--a-w C:\WINDOWS\system32\dllcache\rasadhlp.dll
      + 2006-05-05 09:47:57 174,592 -c--a-w C:\WINDOWS\system32\dllcache\rdbss.sys
      + 2006-11-27 14:55:31 433,152 -c--a-w C:\WINDOWS\system32\dllcache\riched20.dll
      + 2005-04-28 19:32:30 395,776 -c--a-w C:\WINDOWS\system32\dllcache\rpcss.dll
      + 2007-04-25 14:22:35 144,896 -c--a-w C:\WINDOWS\system32\dllcache\schannel.dll
      + 2005-09-03 00:06:11 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
      + 2006-08-14 10:34:41 332,928 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys
      + 2004-12-07 19:34:00 96,768 -c--a-w C:\WINDOWS\system32\dllcache\srvsvc.dll
      + 2005-10-17 21:21:08 118,272 -c--a-w C:\WINDOWS\system32\dllcache\t2embed.dll
      + 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
      + 2005-05-11 02:30:03 78,336 -c--a-w C:\WINDOWS\system32\dllcache\telnet.exe
      + 2005-08-23 03:39:36 124,928 -c--a-w C:\WINDOWS\system32\dllcache\umpnpmgr.dll
      + 2005-03-02 18:10:36 578,048 -c--a-w C:\WINDOWS\system32\dllcache\user32.dll
      + 2007-12-18 14:41:59 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
      + 2007-06-26 13:56:54 851,968 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
      + 2005-03-02 18:07:53 1,836,416 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
      + 2007-03-17 13:44:47 293,376 -c--a-w C:\WINDOWS\system32\dllcache\winsrv.dll
      + 2006-08-17 12:29:49 132,096 -c--a-w C:\WINDOWS\system32\dllcache\wkssvc.dll
      + 2007-04-30 06:20:24 5,537,792 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
      + 2006-12-07 06:40:49 2,362,184 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
      + 2006-03-01 19:43:51 11,776 -c--a-w C:\WINDOWS\system32\dllcache\xolehlp.dll
      - 2004-08-04 00:54:24 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
      + 2008-02-20 05:35:05 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
      - 2004-08-04 00:54:24 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
      + 2008-02-20 05:35:05 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
      + 2004-08-04 00:46:20 154,496 -c--a-w C:\WINDOWS\system32\drivers\dmio.sys
      + 2001-08-24 14:00:00 5,888 -c--a-w C:\WINDOWS\system32\drivers\dmload.sys
      + 2004-08-03 23:07:40 52,864 ----a-w C:\WINDOWS\system32\drivers\DMusic.sys
      + 2004-08-03 21:08:00 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
      + 2004-08-03 23:07:58 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
      + 2001-08-24 14:00:00 10,496 ----a-w C:\WINDOWS\system32\drivers\dxapi.sys
      + 2004-08-03 23:00:56 71,040 ----a-w C:\WINDOWS\system32\drivers\dxg.sys
      + 2001-08-24 14:00:00 3,328 ----a-w C:\WINDOWS\system32\drivers\dxgthk.sys
      + 2001-08-17 19:19:34 40,704 -c--a-w C:\WINDOWS\system32\drivers\es1371mp.sys
      + 2004-08-03 23:14:18 143,360 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
      + 2004-08-03 22:59:28 27,392 ----a-w C:\WINDOWS\system32\drivers\fdc.sys
      + 2001-08-24 14:00:00 35,072 ----a-w C:\WINDOWS\system32\drivers\fips.sys
      + 2004-08-03 22:59:28 20,480 ----a-w C:\WINDOWS\system32\drivers\flpydisk.sys
      + 2004-08-03 23:01:20 124,800 -c--a-w C:\WINDOWS\system32\drivers\fltMgr.sys
      + 2001-08-24 14:00:00 7,936 ----a-w C:\WINDOWS\system32\drivers\fs_rec.sys
      + 2001-08-24 14:00:00 12,416 -c--a-w C:\WINDOWS\system32\drivers\fsvga.sys
      + 2001-08-24 14:00:00 126,080 -c--a-w C:\WINDOWS\system32\drivers\ftdisk.sys
      + 2004-08-03 23:08:22 10,624 ----a-w C:\WINDOWS\system32\drivers\gameenum.sys
      + 2004-08-03 23:08:20 36,224 -c--a-w C:\WINDOWS\system32\drivers\hidclass.sys
      + 2001-08-17 21:02:32 8,576 -c--a-w C:\WINDOWS\system32\drivers\hidgame.sys
      + 2004-08-03 23:08:18 24,960 -c--a-w C:\WINDOWS\system32\drivers\hidparse.sys
      + 2001-08-24 14:00:00 9,600 -c--a-w C:\WINDOWS\system32\drivers\hidusb.sys
      + 2006-03-17 00:33:10 262,784 ----a-w C:\WINDOWS\system32\drivers\http.sys
      + 2004-08-04 00:41:24 54,400 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
      + 2004-08-03 23:00:16 41,856 ----a-w C:\WINDOWS\system32\drivers\imapi.sys
      + 2004-08-04 00:43:40 40,320 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
      + 2004-08-03 23:00:08 29,056 -c--a-w C:\WINDOWS\system32\drivers\ip6fw.sys
      + 2001-08-24 14:00:00 32,896 -c--a-w C:\WINDOWS\system32\drivers\ipfltdrv.sys
      + 2004-08-03 23:04:46 20,992 -c--a-w C:\WINDOWS\system32\drivers\ipinip.sys
      + 2004-09-29 22:28:37 134,912 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
      + 2004-08-03 23:14:30 74,752 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
      + 2004-08-03 23:00:48 11,264 -c--a-w C:\WINDOWS\system32\drivers\irenum.sys
      + 2001-08-24 14:00:00 36,224 -c--a-w C:\WINDOWS\system32\drivers\isapnp.sys
      + 2004-08-04 00:45:12 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
      + 2004-08-03 23:07:50 171,776 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
      + 2004-08-03 21:15:22 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys
      + 2004-08-03 22:59:48 92,032 -c--a-w C:\WINDOWS\system32\drivers\ksecdd.sys
      + 2001-08-24 14:00:00 7,680 -c--a-w C:\WINDOWS\system32\drivers\mcd.sys
      + 2004-08-04 01:05:42 63,744 -c--a-w C:\WINDOWS\system32\drivers\mf.sys
      + 2001-08-24 14:00:00 4,224 ----a-w C:\WINDOWS\system32\drivers\mnmdd.sys
      + 2004-08-04 01:05:42 30,336 -c--a-w C:\WINDOWS\system32\drivers\modem.sys
      + 2004-08-03 22:37:26 23,680 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
      + 2001-08-23 15:04:42 12,288 ----a-w C:\WINDOWS\system32\drivers\mouhid.sys
      + 2004-08-03 22:58:32 42,240 -c--a-w C:\WINDOWS\system32\drivers\mountmgr.sys
      + 2004-08-03 22:58:22 72,960 -c--a-w C:\WINDOWS\system32\drivers\mqac.sys
      + 2004-08-03 23:00:58 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
      + 2006-05-05 09:41:45 453,120 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
      + 2004-08-03 23:00:42 19,072 ----a-w C:\WINDOWS\system32\drivers\msfs.sys
      + 2004-08-03 23:04:14 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
      + 2004-08-03 22:58:42 7,552 -c--a-w C:\WINDOWS\system32\drivers\MSKSSRV.sys
      + 2001-08-17 22:00:04 2,944 ----a-w C:\WINDOWS\system32\drivers\msmpu401.sys
      + 2004-08-03 22:58:40 5,376 -c--a-w C:\WINDOWS\system32\drivers\MSPCLOCK.sys
      + 2004-08-03 22:58:42 4,992 -c--a-w C:\WINDOWS\system32\drivers\MSPQM.sys
      + 2004-08-04 01:05:42 15,488 ----a-w C:\WINDOWS\system32\drivers\mssmbios.sys
      + 2004-08-03 20:58:40 5,504 -c--a-w C:\WINDOWS\system32\drivers\MSTEE.sys
      + 2004-08-03 23:15:22 107,904 -c--a-w C:\WINDOWS\system32\drivers\mup.sys
      + 2001-08-23 16:09:02 131,072 ----a-w C:\WINDOWS\system32\drivers\n100325.sys
      + 2004-08-03 21:10:30 85,376 -c--a-w C:\WINDOWS\system32\drivers\NABTSFEC.sys
      + 2004-08-03 23:14:30 182,912 -c--a-w C:\WINDOWS\system32\drivers\ndis.sys
      + 2004-08-03 21:10:14 10,880 -c--a-w C:\WINDOWS\system32\drivers\NdisIP.sys
      + 2001-08-24 14:00:00 9,600 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
      + 2004-08-04 01:05:42 12,928 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
      + 2004-08-03 23:14:32 91,776 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
      + 2001-08-24 14:00:00 38,016 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
      + 2004-08-03 23:03:22 34,560 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
      + 2004-08-03 23:14:38 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
      + 2004-08-04 01:05:42 61,824 -c--a-w C:\WINDOWS\system32\drivers\nic1394.sys
      + 2001-08-24 14:00:00 12,032 -c--a-w C:\WINDOWS\system32\drivers\nikedrv.sys
      + 2004-08-03 22:59:52 40,320 -c--a-w C:\WINDOWS\system32\drivers\nmnt.sys
      + 2004-08-03 23:00:44 30,848 ----a-w C:\WINDOWS\system32\drivers\npfs.sys
      + 2007-02-09 11:10:35 574,464 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
      + 2001-08-24 14:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
      + 2001-08-24 14:00:00 12,416 -c--a-w C:\WINDOWS\system32\drivers\nwlnkflt.sys
      + 2001-08-24 14:00:00 32,512 -c--a-w C:\WINDOWS\system32\drivers\nwlnkfwd.sys
      + 2004-08-03 23:03:36 88,448 -c--a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
      + 2001-08-24 14:00:00 63,232 -c--a-w C:\WINDOWS\system32\drivers\nwlnknb.sys
      + 2001-08-24 14:00:00 55,936 -c--a-w C:\WINDOWS\system32\drivers\nwlnkspx.sys
      + 2004-08-03 23:02:24 163,584 -c--a-w C:\WINDOWS\system32\drivers\nwrdr.sys
      + 2001-08-24 14:00:00 3,456 -c--a-w C:\WINDOWS\system32\drivers\oprghdlr.sys
      + 2003-09-24 17:00:00 25,211 -c--a-r C:\WINDOWS\system32\drivers\ov519cmd.sys
      + 2003-09-24 17:00:00 174,530 -c--a-r C:\WINDOWS\system32\drivers\ov519vid.sys
      + 2004-08-04 01:05:42 46,720 -c--a-w C:\WINDOWS\system32\drivers\p3.sys
      + 2004-08-04 01:05:42 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys
      + 2001-08-24 14:00:00 18,688 -c--a-w C:\WINDOWS\system32\drivers\partmgr.sys
      + 2001-08-24 14:00:00 6,912 ----a-w C:\WINDOWS\system32\drivers\parvdm.sys
      + 2004-08-04 00:37:06 68,608 -c--a-w C:\WINDOWS\system32\drivers\pci.sys
      + 2001-08-24 14:00:00 3,328 -c--a-w C:\WINDOWS\system32\drivers\pciide.sys
      + 2004-08-03 22:59:42 25,088 -c--a-w C:\WINDOWS\system32\drivers\pciidex.sys
      + 2004-08-04 00:37:12 120,320 -c--a-w C:\WINDOWS\system32\drivers\pcmcia.sys
      + 2001-08-17 19:11:22 35,328 -c--a-w C:\WINDOWS\system32\drivers\pcntpci5.sys
      + 2006-11-08 07:02:34 21,760 ----a-w C:\WINDOWS\system32\drivers\point32.sys
      + 2004-08-03 21:15:50 145,792 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
      + 2002-09-16 17:07:24 4,228 ----a-w C:\WINDOWS\system32\drivers\PQNTDRV.sys
      + 2004-08-04 01:05:42 39,552 -c--a-w C:\WINDOWS\system32\drivers\processr.sys
      + 2004-08-03 23:04:20 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
      + 2001-08-24 14:00:00 17,792 ----a-w C:\WINDOWS\system32\drivers\ptilink.sys
      + 2001-08-24 14:00:00 8,832 ----a-w C:\WINDOWS\system32\drivers\rasacd.sys
      + 2004-08-03 23:14:24 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
      + 2004-08-03 23:05:08 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
      + 2004-08-03 23:14:28 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
      + 2001-08-24 14:00:00 16,512 ----a-w C:\WINDOWS\system32\drivers\raspti.sys
      + 2001-08-24 14:00:00 34,432 -c--a-w C:\WINDOWS\system32\drivers\rawwan.sys
      + 2006-05-05 09:47:57 174,592 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
      + 2001-08-24 14:00:00 4,224 ----a-w C:\WINDOWS\system32\drivers\rdpcdd.sys
      + 2004-08-03 22:01:16 196,864 ----a-w C:\WINDOWS\system32\drivers\rdpdr.sys
      + 2004-08-04 00:55:14 139,400 -c--a-w C:\WINDOWS\system32\drivers\rdpwd.sys
      + 2004-08-04 00:39:44 58,496 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
      + 2001-08-24 14:00:00 12,032 -c--a-w C:\WINDOWS\system32\drivers\rio8drv.sys
      + 2001-08-24 14:00:00 12,032 -c--a-w C:\WINDOWS\system32\drivers\riodrv.sys
      + 2001-08-24 14:00:00 200,064 -c--a-w C:\WINDOWS\system32\drivers\RMCast.sys
      + 2004-08-03 23:04:32 30,080 -c--a-w C:\WINDOWS\system32\drivers\rndismp.sys
      + 2001-08-24 14:00:00 5,888 -c--a-w C:\WINDOWS\system32\drivers\rootmdm.sys
      + 2002-10-22 14:45:42 668,160 -c--a-w C:\WINDOWS\system32\drivers\sbpci.sys
      + 2004-08-03 22:59:42 96,256 -c--a-w C:\WINDOWS\system32\drivers\scsiport.sys
      + 2004-08-03 23:07:48 67,584 -c--a-w C:\WINDOWS\system32\drivers\sdbus.sys
      + 2007-11-13 10:25:54 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
      + 2004-08-03 22:59:08 15,488 ----a-w C:\WINDOWS\system32\drivers\serenum.sys
      + 2004-08-04 00:41:26 66,560 ----a-w C:\WINDOWS\system32\drivers\serial.sys
      + 2001-08-23 16:20:50 18,432 -c--a-w C:\WINDOWS\system32\drivers\sermouse.sys
      + 2004-08-03 22:59:56 11,136 -c--a-w C:\WINDOWS\system32\drivers\sffdisk.sys
      + 2004-08-03 22:59:56 10,240 -c--a-w C:\WINDOWS\system32\drivers\sffp_sd.sys
      + 2004-08-03 22:59:56 11,392 ----a-w C:\WINDOWS\system32\drivers\sfloppy.sys
      + 2004-08-03 23:07:44 41,088 -c--a-w C:\WINDOWS\system32\drivers\SISAGP.SYS
      + 2003-07-18 08:58:20 36,992 -c--a-w C:\WINDOWS\system32\drivers\SISAGPX.SYS
      + 2004-08-03 21:31:36 32,768 ----a-w C:\WINDOWS\system32\drivers\sisnic.sys
      + 2004-08-03 21:10:18 11,136 -c--a-w C:\WINDOWS\system32\drivers\SLIP.sys
      + 2001-08-24 14:00:00 14,592 -c--a-w C:\WINDOWS\system32\drivers\smclib.sys
      + 2004-08-04 01:05:42 25,472 -c--a-w C:\WINDOWS\system32\drivers\sonydcam.sys
      + 2004-08-03 23:07:48 6,400 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
      + 2004-08-04 00:49:46 73,600 -c--a-w C:\WINDOWS\system32\drivers\sr.sys
      + 2006-08-14 10:34:41 332,928 ----a-w C:\WINDOWS\system32\drivers\srv.sys
      + 2005-08-30 15:57:18 58,320 ----a-w C:\WINDOWS\system32\drivers\ss_bus.sys
      + 2005-08-30 15:58:50 6,144 ----a-w C:\WINDOWS\system32\drivers\ss_cm.sys
      + 2005-08-30 15:58:50 6,144 -c--a-w C:\WINDOWS\system32\drivers\ss_cmnt.sys
      + 2005-08-30 15:58:56 8,304 ----a-w C:\WINDOWS\system32\drivers\ss_mdfl.sys
      + 2005-08-30 15:59:00 94,000 ----a-w C:\WINDOWS\system32\drivers\ss_mdm.sys
      + 2005-08-30 15:57:14 5,808 ----a-w C:\WINDOWS\system32\drivers\ss_wh.sys
      + 2005-08-30 15:57:14 5,808 -c--a-w C:\WINDOWS\system32\drivers\ss_whnt.sys
      + 2006-07-24 14:05:00 5,632 ----a-w C:\WINDOWS\system32\drivers\StarOpen.sys
      + 2004-08-03 21:08:04 48,640 -c--a-w C:\WINDOWS\system32\drivers\stream.sys
      + 2004-08-03 21:10:14 15,360 -c--a-w C:\WINDOWS\system32\drivers\StreamIP.sys
      + 2004-08-04 01:05:42 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys
      + 2001-08-17 22:00:52 54,272 ----a-w C:\WINDOWS\system32\drivers\swmidi.sys
      + 2004-08-03 23:15:56 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
      + 2004-08-03 23:00:00 14,976 -c--a-w C:\WINDOWS\system32\drivers\tape.sys
      + 2007-10-30 17:20:55 360,064 ------w C:\WINDOWS\system32\drivers\tcpip.sys
      + 2004-08-03 23:07:46 223,616 -c--a-w C:\WINDOWS\system32\drivers\tcpip6.sys
      + 2004-08-03 23:07:50 18,560 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
      + 2004-08-04 00:55:12 12,040 -c--a-w C:\WINDOWS\system32\drivers\tdpipe.sys
      + 2004-08-04 00:55:14 21,896 -c--a-w C:\WINDOWS\system32\drivers\tdtcp.sys
      + 2004-08-03 23:55:12 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
      + 2001-08-24 14:00:00 51,712 -c--a-w C:\WINDOWS\system32\drivers\tosdvd.sys
      + 2001-08-24 14:00:00 21,376 -c--a-w C:\WINDOWS\system32\drivers\tsbvcap.sys
      + 2004-08-04 01:05:42 12,416 -c--a-w C:\WINDOWS\system32\drivers\tunmp.sys
      + 2004-08-03 23:00:32 66,176 -c--a-w C:\WINDOWS\system32\drivers\udfs.sys
      + 2004-08-03 22:58:34 209,408 ----a-w C:\WINDOWS\system32\drivers\update.sys
      + 2004-08-03 23:04:34 12,672 -c--a-w C:\WINDOWS\system32\drivers\usb8023.sys
      + 2004-08-03 21:07:56 59,264 -c--a-w C:\WINDOWS\system32\drivers\USBAUDIO.sys
      + 2001-08-24 14:00:00 23,808 -c--a-w C:\WINDOWS\system32\drivers\usbcamd.sys
      + 2001-08-24 14:00:00 23,936 -c--a-w C:\WINDOWS\system32\drivers\usbcamd2.sys
      + 2004-08-03 21:08:48 31,616 -c--a-w C:\WINDOWS\system32\drivers\usbccgp.sys
      + 2001-08-24 14:00:00 4,736 ----a-w C:\WINDOWS\system32\drivers\usbd.sys
      + 2004-08-03 23:08:44 57,600 ----a-w C:\WINDOWS\system32\drivers\usbhub.sys
      + 2004-08-04 01:05:42 16,000 -c--a-w C:\WINDOWS\system32\drivers\usbintel.sys
      + 2004-08-03 23:08:38 17,024 ----a-w C:\WINDOWS\system32\drivers\usbohci.sys
      + 2004-08-03 23:08:44 142,976 ----a-w C:\WINDOWS\system32\drivers\usbport.sys
      + 2004-08-03 22:08:48 26,496 ----a-w C:\WINDOWS\system32\drivers\USBSTOR.SYS
      + 2001-08-24 14:00:00 58,112 -c--a-w C:\WINDOWS\system32\drivers\vdmindvd.sys
      + 2004-08-03 23:07:08 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
      + 2004-08-03 23:07:06 79,744 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
      + 2004-08-04 00:44:16 53,376 -c--a-w C:\WINDOWS\system32\drivers\volsnap.sys
      + 2004-08-03 23:04:58 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
      + 2004-08-03 23:15:06 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
      + 2006-01-18 13:08:56 493,440 -c--a-w C:\WINDOWS\system32\drivers\WlanBZ64.SYS
      + 2006-01-18 13:08:54 402,432 -c--a-w C:\WINDOWS\system32\drivers\WlanBZXP.sys
      + 2001-08-24 14:00:00 4,352 ----a-w C:\WINDOWS\system32\drivers\wmilib.sys
      + 2004-08-10 21:05:50 18,944 -c--a-w C:\WINDOWS\system32\drivers\wpdusb.sys
      + 2001-08-24 14:00:00 12,032 -c--a-w C:\WINDOWS\system32\drivers\ws2ifsl.sys
      + 2004-08-03 21:10:22 19,328 -c--a-w C:\WINDOWS\system32\drivers\WSTCODEC.SYS
      + 2006-01-18 13:08:56 17,664 -c--a-w C:\WINDOWS\system32\drivers\ZDPSp50.sys
      + 2006-01-18 13:08:56 31,744 -c--a-w C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
      - 2004-08-04 00:54:26 1,097,728 ----a-w C:\WINDOWS\system32\esent.dll
      + 2005-10-20 22:25:53 1,097,728 ----a-w C:\WINDOWS\system32\esent.dll
      - 2007-09-17 23:46:25 250,288 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
      + 2008-05-15 20:40:57 250,288 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
      - 2001-08-24 14:00:00 79,360 ----a-w C:\WINDOWS\system32\fontsub.dll
      + 2005-10-17 21:21:08 80,896 ----a-w C:\WINDOWS\system32\fontsub.dll
      - 2004-08-04 00:54:30 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
      + 2007-12-18 14:41:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
      - 2004-08-04 00:54:30 1,048,576 ----a-w C:\WINDOWS\system32\kernel32.dll
      + 2007-04-16 15:53:11 1,049,600 ----a-w C:\WINDOWS\system32\kernel32.dll
      - 2004-08-04 00:54:30 18,944 ----a-w C:\WINDOWS\system32\linkinfo.dll
      + 2005-09-01 01:43:37 19,968 ----a-w C:\WINDOWS\system32\linkinfo.dll
      - 2004-08-04 00:54:30 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
      + 2007-11-07 09:28:31 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
      + 2007-11-21 00:04:14 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
      + 2008-02-04 16:59:24 74,137 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
      + 2001-08-24 14:00:00 17,920 -c--a-w C:\WINDOWS\system32\Microsoft\tftp.exe
      + 2001-08-24 14:00:00 19,429 -c--a-w C:\WINDOWS\system32\MsDtc\Trace\msdtcvtr.bat
      - 2004-08-04 00:54:34 425,472 ----a-w C:\WINDOWS\system32\msdtcprx.dll
      + 2006-03-01 19:43:50 426,496 ----a-w C:\WINDOWS\system32\msdtcprx.dll
      - 2004-08-04 00:54:34 949,248 ----a-w C:\WINDOWS\system32\msdtctm.dll
      + 2006-03-01 19:43:50 956,416 ----a-w C:\WINDOWS\system32\msdtctm.dll
      - 2004-08-04 00:54:34 161,280 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
      + 2006-03-01 19:43:51 161,280 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
      - 2004-08-04 00:54:34 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
      + 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
      - 2004-08-04 00:54:34 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
      + 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
      - 2004-08-04 00:54:34 537,088 ----a-w C:\WINDOWS\system32\msftedit.dll
      + 2006-11-27 14:55:30 539,136 ----a-w C:\WINDOWS\system32\msftedit.dll
      - 2004-08-04 00:54:34 2,804,224 ----a-w C:\WINDOWS\system32\msi.dll
      + 2005-05-04 12:45:32 2,890,240 ----a-w C:\WINDOWS\system32\msi.dll
      - 2004-08-04 00:54:58 77,312 ----a-w C:\WINDOWS\system32\msiexec.exe
      + 2005-05-04 12:45:36 78,848 ----a-w C:\WINDOWS\system32\msiexec.exe
      - 2004-08-04 00:54:34 331,264 ----a-w C:\WINDOWS\system32\msihnd.dll
      + 2005-05-04 12:45:36 271,360 ----a-w C:\WINDOWS\system32\msihnd.dll
      - 2004-08-04 00:53:32 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
      + 2005-05-04 12:45:36 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
      - 2004-08-04 00:54:34 44,032 ----a-w C:\WINDOWS\system32\msisip.dll
      + 2005-05-04 12:45:36 15,360 ----a-w C:\WINDOWS\system32\msisip.dll
      - 2004-08-04 00:54:34 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
      + 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
      - 2004-07-17 11:34:48 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
      + 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
      - 2004-08-04 00:54:34 184,351 ----a-w C:\WINDOWS\system32\msjint40.dll
      + 2008-03-25 04:51:08 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
      - 2004-08-04 00:54:34 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
      + 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
      - 2004-08-04 00:54:34 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
      + 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
      - 2004-08-04 00:54:34 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
      + 2008-03-25 08:20:46 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
      - 2004-08-04 00:54:34 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
      + 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
      - 2004-08-04 00:54:36 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
      + 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
      - 2004-08-04 00:54:36 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
      + 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
      - 2004-08-04 00:54:36 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
      + 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
      - 2004-08-04 00:54:36 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
      + 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
      - 2004-08-04 00:54:36 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
      + 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
      - 2004-08-04 00:54:36 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll
      + 2008-03-25 04:51:09 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
      - 2004-08-04 00:54:36 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
      + 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
      - 2003-04-18 14:46:22 1,233,920 ----a-w C:\WINDOWS\system32\msxml4.dll
      + 2007-05-08 13:03:04 1,275,392 ----a-w C:\WINDOWS\system32\msxml4.dll
      - 2004-08-04 00:54:36 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll
      + 2006-03-01 19:43:51 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll
      - 2004-08-04 00:54:36 90,112 ----a-w C:\WINDOWS\system32\mtxoci.dll
      + 2006-03-01 19:43:51 91,136 ----a-w C:\WINDOWS\system32\mtxoci.dll
      + 2001-08-24 14:00:00 92,160 ----a-w C:\WINDOWS\system32\mui\[u]0[/u]00C\hhctrlui.dll
      - 2004-08-04 00:54:36 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
      + 2006-08-17 12:29:49 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
      - 2004-08-04 00:54:36 198,144 ----a-w C:\WINDOWS\system32\netman.dll
      + 2005-08-22 18:35:10 197,632 ----a-w C:\WINDOWS\system32\netman.dll
      + 2004-08-04 00:54:36 57,344 -c--a-w C:\WINDOWS\system32\npp\ndisnpp.dll
      + 2004-08-04 00:55:00 15,360 -c--a-w C:\WINDOWS\system32\npp\nppagent.exe
      - 2004-08-04 01:05:42 2,058,880 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
      + 2007-02-28 16:02:36 2,059,648 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
      + 2007-02-28 16:02:36 2,182,400 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
      - 2004-08-04 00:54:36 1,281,024 ----a-w C:\WINDOWS\system32\ole32.dll
      + 2005-04-28 19:32:30 1,284,608 ----a-w C:\WINDOWS\system32\ole32.dll
      - 2004-08-04 00:54:36 553,472 ----a-w C:\WINDOWS\system32\oleaut32.dll
      + 2007-12-04 18:41:36 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
      - 2001-08-24 14:00:00 69,120 ----a-w C:\WINDOWS\system32\olecli32.dll
      + 2005-04-28 19:32:30 75,264 ----a-w C:\WINDOWS\system32\olecli32.dll
      - 2001-08-24 14:00:00 34,304 ----a-w C:\WINDOWS\system32\olecnv32.dll
      + 2005-04-28 19:32:30 37,888 ----a-w C:\WINDOWS\system32\olecnv32.dll
      + 2004-08-04 00:54:34 122,368 -c--a-w C:\WINDOWS\system32\oobe\msobcomm.dll
      + 2004-08-04 00:54:34 16,384 -c--a-w C:\WINDOWS\system32\oobe\msobdl.dll
      + 2004-08-04 00:54:34 563,200 -c--a-w C:\WINDOWS\system32\oobe\msobmain.dll
      + 2004-08-04 00:54:34 30,720 -c--a-w C:\WINDOWS\system32\oobe\msobshel.dll
      + 2004-08-04 00:54:34 18,944 -c--a-w C:\WINDOWS\system32\oobe\msobweb.dll
      + 2001-08-24 14:00:00 28,160 -c--a-w C:\WINDOWS\system32\oobe\msoobe.exe
      + 2004-08-04 00:55:00 51,712 -c--a-w C:\WINDOWS\system32\oobe\oobebaln.exe
      - 2008-05-09 21:52:32 42,222 ----a-w C:\WINDOWS\system32\perfc009.dat
      + 2008-05-15 20:06:44 42,222 ----a-w C:\WINDOWS\system32\perfc009.dat
      - 2008-05-09 21:52:32 51,338 ----a-w C:\WINDOWS\system32\perfc00C.dat
      + 2008-05-15 20:06:44 51,338 ----a-w C:\WINDOWS\system32\perfc00C.dat
      - 2008-05-09 21:52:32 317,326 ----a-w C:\WINDOWS\system32\perfh009.dat
      + 2008-05-15 20:06:44 317,326 ----a-w C:\WINDOWS\system32\perfh009.dat
      - 2008-05-09 21:52:32 373,658 ----a-w C:\WINDOWS\system32\perfh00C.dat
      + 2008-05-15 20:06:44 373,658 ----a-w C:\WINDOWS\system32\perfh00C.dat
      - 2004-08-04 00:54:38 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
      + 2007-10-29 22:43:32 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
      - 2004-08-04 00:54:38 8,192 ----a-w C:\WINDOWS\system32\rasadhlp.dll
      + 2006-06-26 17:41:32 8,192 ----a-w C:\WINDOWS\system32\rasadhlp.dll
      + 2004-08-03 23:07:44 41,088 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]000\DriverFiles\i386\SISAGP.SYS
      + 2004-08-03 23:08:00 60,288 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\drmk.sys
      + 2001-08-17 19:19:34 40,704 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\es1371mp.sys
      + 2004-08-04 01:05:42 140,928 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\ks.sys
      + 2004-08-04 00:54:30 4,096 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\ksuser.dll
      + 2004-08-03 23:15:50 145,792 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\portcls.sys
      + 2004-08-04 01:05:42 48,640 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\stream.sys
      + 2004-08-04 01:05:42 23,552 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\wdmaud.drv
      + 2004-08-04 01:05:42 23,680 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]002\DriverFiles\i386\mouclass.sys
      + 2001-08-24 14:00:00 12,288 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]002\DriverFiles\i386\mouhid.sys
      + 2007-03-26 09:39:26 3,879,388 -c--a-w C:\WINDOWS\system32\Restore\rstrlog.dat
      + 2004-08-04 00:55:02 384,512 ----a-w C:\WINDOWS\system32\Restore\rstrui.exe
      + 2001-08-24 14:00:00 47,104 -c--a-w C:\WINDOWS\system32\Restore\srdiag.exe
      - 2004-08-04 00:54:38 431,616 ----a-w C:\WINDOWS\system32\riched20.dll
      + 2006-11-27 14:55:31 433,152 ----a-w C:\WINDOWS\system32\riched20.dll
      - 2004-08-04 00:54:38 395,776 ----a-w C:\WINDOWS\system32\rpcss.dll
      + 2005-04-28 19:32:30 395,776 ----a-w C:\WINDOWS\system32\rpcss.dll
      + 2005-08-30 15:57:18 58,320 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\ss_bus.sys
      + 2005-08-30 15:58:50 6,144 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\ss_cmnt.sys
      + 2005-08-30 15:58:56 8,304 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\ss_mdfl.sys
      + 2005-08-30 15:59:00 94,000 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\ss_mdm.sys
      + 2005-08-26 16:07:28 81,920 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
      + 2005-08-30 15:57:14 5,808 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\ss_whnt.sys
      + 2005-08-29 23:47:38 58,320 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\ssm_bus.sys
      + 2005-08-29 23:49:28 6,176 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\ssm_cmnt.sys
      + 2005-08-29 23:49:34 8,336 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\ssm_mdfl.sys
      + 2005-08-29 23:49:38 94,000 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\ssm_mdm.sys
      + 2005-08-29 23:46:16 81,920 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
      + 2005-08-29 23:47:34 5,840 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\ssm_whnt.sys
      + 2005-12-22 10:24:50 80,272 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdbus.sys
      + 2005-12-22 10:24:52 11,877 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdcmnt.sys
      + 2005-12-22 10:24:52 10,864 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdmdfl.sys
      + 2005-12-22 10:24:52 137,884 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdmdm.sys
      + 2005-12-22 10:24:52 108,003 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdserd.sys
      + 2005-12-22 10:24:52 65,536 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
      + 2005-12-22 10:24:54 11,188 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdwhnt.sys
      + 2006-07-21 10:12:56 66,672 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdbus.sys
      + 2006-07-21 10:15:26 6,208 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdcmnt.sys
      + 2006-07-21 10:13:48 9,232 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdmdfl.sys
      + 2006-07-21 10:13:52 100,304 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdmdm.sys
      + 2006-07-21 10:14:40 91,744 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdmgmt.sys
      + 2006-07-21 10:15:28 89,584 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdobex.sys
      + 2006-07-21 10:15:56 53,760 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
      + 2006-07-21 10:12:52 5,872 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdwhnt.sys
      + 2007-01-07 16:10:28 66,880 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\ssbcbus.sys
      + 2007-01-07 16:11:16 6,272 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\ssbccmnt.sys
      + 2007-01-07 16:11:18 9,360 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\ssbcmdfl.sys
      + 2007-01-07 16:11:22 100,864 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\ssbcmdm.sys
      + 2007-01-07 16:11:48 55,296 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
      + 2007-01-07 16:10:24 5,936 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\ssbcwhnt.sys
      - 2004-08-04 00:54:38 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
      + 2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
      + 2001-08-24 14:00:00 259,584 -c--a-w C:\WINDOWS\system32\Setup\comsetup.dll
      + 2004-08-04 00:54:26 32,828 -c--a-w C:\WINDOWS\system32\Setup\fp40ext.dll
      + 2001-08-24 14:00:00 6,144 -c--a-w C:\WINDOWS\system32\Setup\fsconins.dll
      + 2004-08-04 00:54:28 132,608 -c--a-w C:\WINDOWS\system32\Setup\fxsocm.dll
      + 2004-08-04 00:53:04 508,416 -c--a-w C:\WINDOWS\system32\Setup\iis.dll
      + 2001-08-24 14:00:00 118,784 -c--a-w C:\WINDOWS\system32\Setup\imsinsnt.dll
      + 2004-08-04 00:54:32 16,896 -c--a-w C:\WINDOWS\system32\Setup\medctroc.dll
      + 2001-08-24 14:00:00 82,432 -c--a-w C:\WINDOWS\system32\Setup\msdtcstp.dll
      + 2004-08-04 00:54:34 15,872 -c--a-w C:\WINDOWS\system32\Setup\msgrocm.dll
      + 2004-08-04 00:54:34 169,984 -c--a-w C:\WINDOWS\system32\Setup\msmqocm.dll
      + 2004-08-03 22:10:58 126,976 -c--a-w C:\WINDOWS\system32\Setup\netfxocm.dll
      + 2004-08-04 00:54:36 78,336 -c--a-w C:\WINDOWS\system32\Setup\netoc.dll
      + 2004-08-04 00:54:36 63,488 -c--a-w C:\WINDOWS\system32\Setup\ntoc.dll
      + 2004-08-04 00:54:36 15,872 -c--a-w C:\WINDOWS\system32\Setup\ocgen.dll
      + 2004-08-04 00:54:36 17,408 -c--a-w C:\WINDOWS\system32\Setup\ocmsn.dll
      + 2004-08-04 00:54:40 101,888 -c--a-w C:\WINDOWS\system32\Setup\setupqry.dll
      + 2004-08-04 00:54:44 34,304 -c--a-w C:\WINDOWS\system32\Setup\tabletoc.dll
      + 2004-08-04 00:54:44 123,904 -c--a-w C:\WINDOWS\system32\Setup\tsoc.dll
      + 2001-08-24 14:00:00 8,261 -c--a-w C:\WINDOWS\system32\Setup\zoneoc.dll
      - 2004-08-22 22:33:46 8,440,320 ----a-w C:\WINDOWS\system32\shell32.dll
      + 2006-03-17 04:07:40 8,508,416 ----a-w C:\WINDOWS\system32\shell32.dll
      - 2004-08-04 00:54:40 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
      + 2005-09-03 00:06:11 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
      + 2007-07-30 17:18:40 33,624 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
      + 2007-03-06 01:34:33 15,072 ------w C:\WINDOWS\system32\spmsg.dll
      + 2003-06-18 23:31:44 758,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll
      + 2003-06-18 23:31:46 35,328 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
      + 2003-06-18 23:31:44 758,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll
      + 2003-06-18 23:31:46 35,328 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll
      + 2003-06-18 23:31:48 18,944 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
      + 2005-06-28 08:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
      - 2004-08-04 00:54:42 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll
      + 2004-12-07 19:34:00 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll
      - 2004-08-04 00:54:44 210,432 ----a-w C:\WINDOWS\system32\t2embed.dll
      + 2005-10-17 21:21:08 118,272 ----a-w C:\WINDOWS\system32\t2embed.dll
      - 2004-08-04 00:55:02 77,824 ----a-w C:\WINDOWS\system32\telnet.exe
      + 2005-05-11 02:30:03 78,336 ----a-w C:\WINDOWS\system32\telnet.exe
      - 2004-08-04 00:54:44 119,808 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
      + 2005-08-23 03:39:36 124,928 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
      + 2008-05-15 18:21:36 126,464 ----a-w C:\WINDOWS\system32\upxyctvm.dll
      - 2004-08-04 00:54:44 578,048 ----a-w C:\WINDOWS\system32\user32.dll
      + 2005-03-02 18:10:36 578,048 ----a-w C:\WINDOWS\system32\user32.dll
      + 2004-08-04 00:54:28 125,440 -c--a-w C:\WINDOWS\system32\usmt\guitrn.dll
      + 2004-08-04 00:54:28 109,056 -c--a-w C:\WINDOWS\system32\usmt\guitrn_a.dll
      + 2004-08-04 00:54:28 4,096 -c--a-w C:\WINDOWS\system32\usmt\iconlib.dll
      + 2004-08-04 00:54:30 19,968 -c--a-w C:\WINDOWS\system32\usmt\log.dll
      + 2004-08-04 00:54:32 201,216 -c--a-w C:\WINDOWS\system32\usmt\migism.dll
      + 2004-08-04 00:54:32 192,512 -c--a-w C:\WINDOWS\system32\usmt\migism_a.dll
      + 2004-08-04 00:54:54 103,936 -c--a-w C:\WINDOWS\system32\usmt\migload.exe
      + 2004-08-04 00:54:54 246,784 ----a-w C:\WINDOWS\system32\usmt\migwiz.exe
      + 2004-08-04 00:54:54 242,688 -c--a-w C:\WINDOWS\system32\usmt\migwiz_a.exe
      + 2004-08-04 00:54:38 204,800 -c--a-w C:\WINDOWS\system32\usmt\script.dll
      + 2004-08-04 00:54:38 189,440 -c--a-w C:\WINDOWS\system32\usmt\script_a.dll
      + 2004-08-04 00:54:44 169,472 -c--a-w C:\WINDOWS\system32\usmt\sysmod.dll
      + 2004-08-04 00:54:44 155,648 -c--a-w C:\WINDOWS\system32\usmt\sysmod_a.dll
      - 2004-08-04 00:54:44 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
      + 2007-12-18 14:41:59 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
      + 2006-03-17 00:38:01 28,672 ------w C:\WINDOWS\system32\verclsid.exe
      + 2004-08-04 00:54:24 1,352,704 ----a-w C:\WINDOWS\system32\wbem\cimwin32.dll
      + 2004-08-04 00:54:26 45,568 -c--a-w C:\WINDOWS\system32\wbem\CmdEvTgProv.dll
      + 2001-08-24 14:00:00 120,320 -c--a-w C:\WINDOWS\system32\wbem\dsprov.dll
      + 2004-08-04 00:54:26 247,808 ----a-w C:\WINDOWS\system32\wbem\esscli.dll
      + 2004-08-04 00:54:26 22,016 -c--a-w C:\WINDOWS\system32\wbem\evntrprv.dll
      + 2004-08-04 00:54:26 472,064 ----a-w C:\WINDOWS\system32\wbem\fastprox.dll
      + 2004-08-04 00:54:26 185,856 ----a-w C:\WINDOWS\system32\wbem\framedyn.dll
      + 2001-08-24 14:00:00 53,248 -c--a-w C:\WINDOWS\system32\wbem\fwdprov.dll
      + 2004-08-04 00:54:30 24,576 -c--a-w C:\WINDOWS\system32\wbem\krnlprov.dll
      + 2004-08-04 00:54:56 16,896 -c--a-w C:\WINDOWS\system32\wbem\mofcomp.exe
      + 2004-08-04 00:54:32 124,928 -c--a-w C:\WINDOWS\system32\wbem\mofd.dll
      + 2001-08-24 14:00:00 273,920 -c--a-w C:\WINDOWS\system32\wbem\msiprov.dll
      + 2004-08-04 00:54:36 47,104 ----a-w C:\WINDOWS\system32\wbem\ncprov.dll
      + 2004-08-04 00:54:36 212,992 -c--a-w C:\WINDOWS\system32\wbem\ntevt.dll
      + 2004-08-04 00:54:38 92,672 -c--a-w C:\WINDOWS\system32\wbem\policman.dll
      + 2004-08-04 00:54:38 237,056 -c--a-w C:\WINDOWS\system32\wbem\provthrd.dll
      + 2004-08-04 00:54:38 177,152 ----a-w C:\WINDOWS\system32\wbem\repdrvfs.dll
      + 2004-08-04 00:55:02 36,864 -c--a-w C:\WINDOWS\system32\wbem\scrcons.exe
      + 2001-08-24 14:00:00 40,960 -c--a-w C:\WINDOWS\system32\wbem\smtpcons.dll
      + 2004-08-04 00:54:44 86,528 -c--a-w C:\WINDOWS\system32\wbem\stdprov.dll
      + 2001-08-24 14:00:00 61,952 -c--a-w C:\WINDOWS\system32\wbem\tmplprov.dll
      + 2001-08-24 14:00:00 59,904 -c--a-w C:\WINDOWS\system32\wbem\trnsprov.dll
      + 2001-08-24 14:00:00 16,896 -c--a-w C:\WINDOWS\system32\wbem\unsecapp.exe
      + 2001-08-24 14:00:00 116,224 -c--a-w C:\WINDOWS\system32\wbem\updprov.dll
      + 2004-08-04 00:54:44 131,584 -c--a-w C:\WINDOWS\system32\wbem\viewprov.dll
      + 2001-08-24 14:00:00 12,288 -c--a-w C:\WINDOWS\system32\wbem\wbemads.dll
      + 2004-08-04 00:54:44 201,216 -c--a-w C:\WINDOWS\system32\wbem\wbemcntl.dll
      + 2004-08-04 00:54:44 214,528 ----a-w C:\WINDOWS\system32\wbem\wbemcomn.dll
      + 2004-08-04 00:54:44 71,680 ----a-w C:\WINDOWS\system32\wbem\wbemcons.dll
      + 2004-08-04 00:54:44 530,944 ----a-w C:\WINDOWS\system32\wbem\wbemcore.dll
      + 2004-08-04 00:54:44 178,176 -c--a-w C:\WINDOWS\system32\wbem\wbemdisp.dll
      + 2004-08-04 00:54:44 273,920 ----a-w C:\WINDOWS\system32\wbem\wbemess.dll
      + 2004-08-04 00:54:44 44,544 -c--a-w C:\WINDOWS\system32\wbem\wbemperf.dll
      + 2004-08-04 00:54:44 18,944 ----a-w C:\WINDOWS\system32\wbem\wbemprox.dll
      + 2004-08-04 00:54:44 43,520 ----a-w C:\WINDOWS\system32\wbem\wbemsvc.dll
      + 2004-08-04 00:55:02 119,808 -c--a-w C:\WINDOWS\system32\wbem\wbemtest.exe
      + 2004-08-04 00:54:44 197,120 -c--a-w C:\WINDOWS\system32\wbem\wbemupgd.dll
      + 2001-08-24 14:00:00 14,336 -c--a-w C:\WINDOWS\system32\wbem\winmgmt.exe
      + 2001-08-24 14:00:00 18,944 -c--a-w C:\WINDOWS\system32\wbem\winmgmtr.dll
      + 2004-08-04 00:55:02 196,608 -c--a-w C:\WINDOWS\system32\wbem\wmiadap.exe
      + 2004-08-04 00:54:10 7,680 -c--a-w C:\WINDOWS\system32\wbem\wmiapres.dll
      + 2004-08-04 00:54:48 89,088 -c--a-w C:\WINDOWS\system32\wbem\wmiaprpl.dll
      + 2004-08-04 00:55:02 126,464 -c--a-w C:\WINDOWS\system32\wbem\wmiapsrv.exe
      + 2004-08-04 00:55:02 369,664 -c--a-w C:\WINDOWS\system32\wbem\wmic.exe
      + 2004-08-04 00:54:48 60,928 -c--a-w C:\WINDOWS\system32\wbem\wmicookr.dll
      + 2004-08-04 00:54:48 140,800 -c--a-w C:\WINDOWS\system32\wbem\wmidcprv.dll
      + 2001-08-24 14:00:00 61,440 -c--a-w C:\WINDOWS\system32\wbem\wmimsg.dll
      + 2004-08-04 00:54:48 156,672 -c--a-w C:\WINDOWS\system32\wbem\wmipcima.dll
      + 2004-08-04 00:54:48 132,096 -c--a-w C:\WINDOWS\system32\wbem\wmipdskq.dll
      + 2001-08-24 14:00:00 77,312 -c--a-w C:\WINDOWS\system32\wbem\wmipicmp.dll
      + 2004-08-04 00:54:48 62,464 -c--a-w C:\WINDOWS\system32\wbem\wmipiprt.dll
      + 2004-08-04 00:54:48 62,976 -c--a-w C:\WINDOWS\system32\wbem\wmipjobj.dll
      + 2004-08-04 00:54:48 144,896 -c--a-w C:\WINDOWS\system32\wbem\wmiprov.dll
      + 2004-08-04 00:54:48 437,248 ----a-w C:\WINDOWS\system32\wbem\wmiprvsd.dll
      + 2004-08-04 00:55:02 218,112 ----a-w C:\WINDOWS\system32\wbem\wmiprvse.exe
      + 2004-08-04 00:54:48 41,472 -c--a-w C:\WINDOWS\system32\wbem\wmipsess.dll
      + 2004-08-04 00:54:48 145,408 ----a-w C:\WINDOWS\system32\wbem\wmisvc.dll
      + 2001-08-24 14:00:00 52,224 -c--a-w C:\WINDOWS\system32\wbem\wmitimep.dll
      + 2004-08-04 00:54:48 99,328 ----a-w C:\WINDOWS\system32\wbem\wmiutils.dll
      + 2001-08-24 14:00:00 45,568 ----a-w C:\WINDOWS\system32\wbem\xml\wmi2xml.dll
      - 2004-08-04 00:45:58 1,836,032 ----a-w C:\WINDOWS\system32\win32k.sys
      + 2005-03-02 18:07:53 1,836,416 ----a-w C:\WINDOWS\system32\win32k.sys
      - 2004-08-04 00:54:46 291,328 ----a-w C:\WINDOWS\system32\winsrv.dll
      + 2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
      - 2004-08-04 00:54:46 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll
      + 2006-08-17 12:29:49 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll
      - 2004-08-10 23:41:20 5,550,080 -c--a-w C:\WINDOWS\system32\wmp.dll
      + 2007-04-30 06:20:24 5,537,792 ----a-w C:\WINDOWS\system32\wmp.dll
      - 2004-08-11 00:39:08 2,362,104 -c--a-w C:\WINDOWS\system32\wmvcore.dll
      + 2006-12-07 06:40:49 2,362,184 ----a-w C:\WINDOWS\system32\wmvcore.dll
      - 2004-08-04 00:54:48 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll
      + 2006-03-01 19:43:51 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll
      + 2006-10-16 01:40:52 121,856 ------w C:\WINDOWS\system32\xpsp3res.dll
      + 2008-05-15 21:39:41 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_674.dat
      + 2007-05-08 13:06:44 1,275,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll
      + 2007-04-18 08:36:40 82,432 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
      + 2001-08-24 14:00:00 57,344 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries.Resources_6595b64144ccf1df_6.0.0.0_fr-FR_9d8c4a39\mfc42fra.dll
      + 2001-08-24 14:00:00 74,802 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\atl.dll
      + 2001-08-24 14:00:00 995,383 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42.dll
      + 2001-08-24 14:00:00 995,384 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42u.dll
      + 2001-08-24 14:00:00 401,462 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\msvcp60.dll
      + 2006-06-05 13:14:28 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
      + 2006-06-05 13:14:28 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
      + 2006-06-05 13:14:28 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
      + 2001-08-24 14:00:00 921,088 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
      + 2004-08-04 00:52:46 1,050,624 ----a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
      + 2001-08-24 14:00:00 50,688 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcirt.dll
      + 2001-08-24 14:00:00 322,560 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
      + 2004-08-04 00:52:46 54,784 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcirt.dll
      + 2004-08-04 00:52:46 343,040 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
      + 2001-08-24 14:00:00 1,700,352 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll
      + 2004-08-04 00:52:46 1,712,128 ----a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll
      + 2004-08-04 00:52:46 852,992 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll
      + 2004-08-04 00:52:46 994,816 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll
      + 2004-08-04 00:52:46 137,728 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_fr_457ebf3d\rtcres.dll
      .
      -- Snapshot reset to current date --
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c90c3518-5092-42ed-8e94-587c6d7f3608}]
      2008-05-15 20:27 133632 --a------ C:\WINDOWS\system32\asmgpdui.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:54 15360]
      "msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:55 5674352]
      "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-12 18:39 79224]
      "00fd4e5e"="C:\WINDOWS\system32\llklodqt.dll" [ ]

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\MSN Messenger\\livecall.exe"=

      R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-12 18:36]
      R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
      R3 N100;Pilote de carte réseau Ethernet ou Fast Ethernet Compaq;C:\WINDOWS\system32\DRIVERS\n100325.sys [2001-08-23 18:09]
      S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-03-09 17:29]
      S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2006-01-18 15:08]
      S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
      S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
      S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
      S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
      S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

      .
      Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
      "2007-08-03 15:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
      - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
      "2007-08-14 20:12:06 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job"
      - C:\Program Files\Microsoft IntelliPoint\ipoint.exe
      .
      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-05-15 23:40:53
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cach‚s ...

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\system32\wdfmgr.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-05-15 23:44:47 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-05-15 21:44:40
      ComboFix2.txt 2008-05-15 17:07:49

      Pre-Run: 316,755,968 octets libres
      Post-Run: 317,169,664 octets libres

      733 --- E O F --- 2008-05-15 19:12:03


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:46, on 15/05/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\notepad.exe
      C:\Program Files\Trend Micro\HijackThis\monjack.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: {8063f7d6-c785-49e8-de24-29058153c09c} - {c90c3518-5092-42ed-8e94-587c6d7f3608} - C:\WINDOWS\system32\asmgpdui.dll
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [00fd4e5e] rundll32.exe "C:\WINDOWS\system32\llklodqt.dll",b
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\
      0
  12. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
     
    une question , combofix tu l'as fait en mode sans échec ?
    0
    1. DACINJO
       
      OUI TOUJOURS
      0
  13. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
     
    Bon .... Très bien , on continue :

    1-Crée un doc texte sur ton bureau :
    pointes ta souris sur ton bureau , click droit : vas dans "nouveau" et choisis "document texte" .

    Ensuite copie/colle le texte ci-dessous ( et rien d'autre!) dans le fichier texte que tu viens de crée :

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c90c3518-5092-42ed-8e94-587c6d7f3608}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "00fd4e5e"=-

    File::
    C:\WINDOWS\system32\asmgpdui.dll


    Puis vas dans "fichier" et choisis "enregistrer sous ..." et tu le nommes exactement ainsi :
    CFScript puis valides ...

    2-Nettoyage :
    !!Déconnectes toi,fermes toute tes application et désactive ton antivirus le temps de la manipe ( tu le réactiveras après ) !!

    --->Sur ton bureau, fais un glisser avec ta souris le fichier CFScript sur l'icone de ComboFix.exe .

    (Regarde ici : http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif )

    Cette manipulation va relancer combofix .
    --> Une fenêtre bleue va apparaître: au message qui apparaît "Type 1 to continue, or 2 to abort" : tape 1 puis valide.

    Puis patientes le temps du scan.( Le Bureau va disparaître à plusieurs reprises : c'est normal!)

    !!Ne touche à rien tant que le scan n'est pas terminé !!

    Note : en fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisses-le faire.

    Une fois le scan achevé, un rapport va s'afficher : Postes le accompagné d' un nouveau rapport HijackThis pour analyse ...

    0
    1. DACINJO
       
      Je vais arreter la pour ce soir, suis claqué et commence à 5h
      Merci beaucoup pour tout le temp passé avec moi et de tes précieux conseils
      Je finirai le chantier demain
      Bonne nuit
      A bientôt
      0
      1. sKe69 Messages postés 21955 Statut Contributeur sécurité 463 > DACINJO
         
        A demain pour la suite =)
        0