Bonjour, Salut, Je supose être infecté car Ordinateur rame beaucoup Plein de pub pour Anti virus, Casino, ect ect Mon Anti virus Avast m'a prévenu qu'un virus était dans mon PC Qu'en pensez vous ? Que dois je faire ? Merci à ceux qui me répondront

Infection probable ?

Réponse 1 / 12

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

on commence :
Télécharges VirtumundoBegone sur ton bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

!!Ce déconnecter et fermer toute ces applications le temps de la manipe !!

Double cliquer sur VirtumundoBeGone.exe et suivre les instructions.
Une fois terminé, redémarrer le PC, le rapport VBG.TXT sera crée sur le bureau .
(Si un message Ecran bleu "Erreur fatale" apparaît, pas d’inquiétude car c'est normal et attendu).

Postes le rapport VBG accompagné d'un nouveau rapport Hijackthis pour analyse ...

DACINJO

Ci dessous rapport VBG

[05/15/2008, 18:29:18] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\HENRY\Bureau\VirtumundoBeGone.exe" )
[05/15/2008, 18:29:30] - Detected System Information:
[05/15/2008, 18:29:30] - Windows Version: 5.1.2600, Service Pack 2
[05/15/2008, 18:29:30] - Current Username: HENRY (Admin)
[05/15/2008, 18:29:30] - Windows is in NORMAL mode.
[05/15/2008, 18:29:30] - Searching for Browser Helper Objects:
[05/15/2008, 18:29:30] - BHO 1: {2FD12ED9-D07B-46AE-81FC-91E4B302E821} ()
[05/15/2008, 18:29:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/15/2008, 18:29:30] - Checking for HKLM\...\Winlogon\Notify\vtUnmJCv
[05/15/2008, 18:29:30] - Key not found: HKLM\...\Winlogon\Notify\vtUnmJCv, continuing.
[05/15/2008, 18:29:30] - BHO 2: {7544888b-2977-492d-9291-077c4f9fc5d2} ()
[05/15/2008, 18:29:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/15/2008, 18:29:30] - Checking for HKLM\...\Winlogon\Notify\sttneojm
[05/15/2008, 18:29:30] - Key not found: HKLM\...\Winlogon\Notify\sttneojm, continuing.
[05/15/2008, 18:29:30] - BHO 3: {F9DF827A-8FA7-48A3-B268-CA4DB563EA40} ()
[05/15/2008, 18:29:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/15/2008, 18:29:30] - Checking for HKLM\...\Winlogon\Notify\urqNDUkl
[05/15/2008, 18:29:30] - Found: HKLM\...\Winlogon\Notify\urqNDUkl - This is probably Virtumundo.
[05/15/2008, 18:29:30] - Assigning {F9DF827A-8FA7-48A3-B268-CA4DB563EA40} MSEvents Object
[05/15/2008, 18:29:30] - BHO list has been changed! Starting over...
[05/15/2008, 18:29:30] - BHO 1: {2FD12ED9-D07B-46AE-81FC-91E4B302E821} ()
[05/15/2008, 18:29:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/15/2008, 18:29:31] - Checking for HKLM\...\Winlogon\Notify\vtUnmJCv
[05/15/2008, 18:29:31] - Key not found: HKLM\...\Winlogon\Notify\vtUnmJCv, continuing.
[05/15/2008, 18:29:31] - BHO 2: {7544888b-2977-492d-9291-077c4f9fc5d2} ()
[05/15/2008, 18:29:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/15/2008, 18:29:31] - Checking for HKLM\...\Winlogon\Notify\sttneojm
[05/15/2008, 18:29:31] - Key not found: HKLM\...\Winlogon\Notify\sttneojm, continuing.
[05/15/2008, 18:29:31] - BHO 3: {F9DF827A-8FA7-48A3-B268-CA4DB563EA40} (MSEvents Object)
[05/15/2008, 18:29:31] - ALERT: Found MSEvents Object!
[05/15/2008, 18:29:31] - Finished Searching Browser Helper Objects
[05/15/2008, 18:29:31] - *** Detected MSEvents Object
[05/15/2008, 18:29:31] - Trying to remove MSEvents Object...
[05/15/2008, 18:29:32] - Terminating Process: IEXPLORE.EXE
[05/15/2008, 18:29:33] - Terminating Process: RUNDLL32.EXE
[05/15/2008, 18:29:33] - Disabling Automatic Shell Restart
[05/15/2008, 18:29:33] - Terminating Process: EXPLORER.EXE
[05/15/2008, 18:29:33] - Suspending the NT Session Manager System Service
[05/15/2008, 18:29:34] - Terminating Windows NT Logon/Logoff Manager
[05/15/2008, 18:29:34] - Re-enabling Automatic Shell Restart
[05/15/2008, 18:29:34] - File to disable: C:\WINDOWS\system32\urqNDUkl.dll
[05/15/2008, 18:29:34] - Renaming C:\WINDOWS\system32\urqNDUkl.dll -> C:\WINDOWS\system32\urqNDUkl.dll.vir
[05/15/2008, 18:29:35] - File successfully renamed!
[05/15/2008, 18:29:35] - Removing HKLM\...\Browser Helper Objects\{F9DF827A-8FA7-48A3-B268-CA4DB563EA40}
[05/15/2008, 18:29:35] - Removing HKCR\CLSID\{F9DF827A-8FA7-48A3-B268-CA4DB563EA40}
[05/15/2008, 18:29:35] - Adding Kill Bit for ActiveX for GUID: {F9DF827A-8FA7-48A3-B268-CA4DB563EA40}
[05/15/2008, 18:29:35] - Deleting ATLEvents/MSEvents Registry entries
[05/15/2008, 18:29:35] - Removing HKLM\...\Winlogon\Notify\urqNDUkl
[05/15/2008, 18:29:35] - Searching for Browser Helper Objects:
[05/15/2008, 18:29:35] - BHO 1: {2FD12ED9-D07B-46AE-81FC-91E4B302E821} ()
[05/15/2008, 18:29:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/15/2008, 18:29:35] - Checking for HKLM\...\Winlogon\Notify\vtUnmJCv
[05/15/2008, 18:29:35] - Key not found: HKLM\...\Winlogon\Notify\vtUnmJCv, continuing.
[05/15/2008, 18:29:35] - BHO 2: {7544888b-2977-492d-9291-077c4f9fc5d2} ()
[05/15/2008, 18:29:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/15/2008, 18:29:35] - Checking for HKLM\...\Winlogon\Notify\sttneojm
[05/15/2008, 18:29:36] - Key not found: HKLM\...\Winlogon\Notify\sttneojm, continuing.
[05/15/2008, 18:29:36] - Finished Searching Browser Helper Objects
[05/15/2008, 18:29:36] - Finishing up...
[05/15/2008, 18:29:36] - A restart is needed.
[05/15/2008, 18:29:36] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[05/15/2008, 18:29:48] - Attempting to Restart via STOP error (Blue Screen!)

et
Rapport monjack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:37:49, on 15/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: {2d5cf9f4-c770-1929-d294-7792b8884457} - {7544888b-2977-492d-9291-077c4f9fc5d2} - C:\WINDOWS\system32\sttneojm.dll
O2 - BHO: (no name) - {E970FA61-5CEF-41D5-BFDB-413520BC87CE} - C:\WINDOWS\system32\vtUnmJCv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [00fd4e5e] rundll32.exe "C:\WINDOWS\system32\llkbwbcd.dll",b
O4 - HKLM\..\Run: [BM03ce7dc2] Rundll32.exe "C:\WINDOWS\system32\plyjxfds.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

Réponse 2 / 12

sasukedu91 Messages postés 437 Statut Membre 2

si tu a avast fait un scan

Réponse 3 / 12

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

salut,
Télécharges et instales le logiciel HijackThis :

ftp://ftp.commentcamarche.com/download/HJTInstall.exe

Important :
1-Faire un click droit sur le lien ci-dessus et choisir "enregistrer la cible sous ... " et renommer Hijackthis en "thejack" .

Cliker sur thejack.exe pour lancer l'instale . laisses toi guider et instale le à l'endroit par défaut ( C\: programme file \ ) .
A la fin tu doit avoir un raccouci sur ton bureau et aussi un cheminement comme : "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe " .

2-Renommer le prg HijackThis :
dans "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe", clik droit sur ce dernier et choisis "renommer" : tapes monjack et valide .

tuto pour l’utiliser
regarde ici c'est parfaitement expliqué en images
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

!!Déconnectes toi et fermes toute tes applications en cours !!

Double clik sur le raccourci du bureau,
Fais un scan monjack (ou HijackThis renommé) et postes le rapport générer pour analyse ...

DACINJO

Voila je crois que j'ai réussi à faire ce que tu m'a dit ???
Merci de tes conseils

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:03:11, on 15/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BM03ce7dc2] Rundll32.exe "C:\WINDOWS\system32\plyjxfds.dll",s
O4 - HKLM\..\Run: [00fd4e5e] rundll32.exe "C:\WINDOWS\system32\llkbwbcd.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

Réponse 4 / 12

polo255 Messages postés 712 Statut Membre 50

fait un scan disc avec avast et des que sa te dit que ta un virus tu le supprime. si tout c'est bien passer ton ordi devrait aller plus vite

Réponse 5 / 12

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

pas tout à fait ;)
rends toi sur ton PC ici : "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe" <---clik droit sur ce dernier et choisis "renommer" : tapes monjack et valide .

refait un scan hijack ( ou monjack ... ) et postes le nouveau rapport obtenu ...

DACINJO

Désolé, je suis pas un As en informatique
Merci

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:54, on 15/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {2FD12ED9-D07B-46AE-81FC-91E4B302E821} - C:\WINDOWS\system32\vtUnmJCv.dll
O2 - BHO: {2d5cf9f4-c770-1929-d294-7792b8884457} - {7544888b-2977-492d-9291-077c4f9fc5d2} - C:\WINDOWS\system32\sttneojm.dll
O2 - BHO: (no name) - {F9DF827A-8FA7-48A3-B268-CA4DB563EA40} - C:\WINDOWS\system32\urqNDUkl.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BM03ce7dc2] Rundll32.exe "C:\WINDOWS\system32\plyjxfds.dll",s
O4 - HKLM\..\Run: [00fd4e5e] rundll32.exe "C:\WINDOWS\system32\llkbwbcd.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O20 - Winlogon Notify: urqNDUkl - C:\WINDOWS\SYSTEM32\urqNDUkl.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

Réponse 6 / 12

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

Télécharges ComboFix (par sUBs) sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe <--- clik droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix et valide .

Démarrer en mode sans echec :
Comment aller en Mode sans échec
1) Redémarres ton ordi
2) Tapotes la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )
(attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreur ...)
Double cliquer combofix.exe.

Appuyer sur la touche Y (Yes) pour démarrer le scan .

Attention : n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
---> si un message d'erreur windows apparait à un momment , clik sur la croix en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! )

Le rapport sera crée dans: C:\Combofix.txt

Redémarres ton PC ( mode normal )
Postes le rapport combo fix et un nouveau rapport hijackthis pour analyse ...

DACINJO

Merci sKe69

Ai recu message Avast intrusion Win32 privacy Set Troj

Sinon voici les rapport
ComboFix 08-05-12.1 - HENRY 2008-05-15 18:52:02.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.626 [GMT 2:00]
Endroit: C:\Documents and Settings\HENRY\Bureau\C-Fix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ctsdpxqp.ini
C:\WINDOWS\system32\dcbwbkll.ini
C:\WINDOWS\system32\gnqepiwg.ini
C:\WINDOWS\system32\gwmhpqmo.ini
C:\WINDOWS\system32\hirmrlpn.ini
C:\WINDOWS\system32\kpeidwbu.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\suoymttm.ini
C:\WINDOWS\system32\vCJmnUtv.ini
C:\WINDOWS\system32\vCJmnUtv.ini2
C:\WINDOWS\system32\winntify.exe

----- BITS: Possible sites infect‚s -----

hxxp://www.lookme.biz
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))))))))
.

2008-05-15 19:04 . 2008-05-15 19:04 294 ---hs---- C:\WINDOWS\system32\dcbwbkll.ini
2008-05-15 17:59 . 2008-05-15 17:59 <REP> d-------- C:\Program Files\Trend Micro
2008-05-15 17:57 . 2008-05-15 17:57 812,344 --a------ C:\Program Files\monjack.exe
2008-05-15 17:44 . 2008-05-15 17:44 116,736 --a------ C:\WINDOWS\system32\llkbwbcd.dll
2008-05-15 17:38 . 2008-05-15 17:38 133,632 --a------ C:\WINDOWS\system32\sttneojm.dll
2008-05-15 17:35 . 2008-05-15 17:35 126,464 --a------ C:\WINDOWS\system32\plyjxfds.dll
2008-05-14 14:19 . 2008-05-14 14:19 2,048 --a------ C:\WINDOWS\system32\hviiyqtd.exe
2008-05-14 14:16 . 2008-05-14 14:16 133,632 --a------ C:\WINDOWS\system32\ribpbpdw.dll
2008-05-14 14:13 . 2008-05-14 14:13 115,200 --a------ C:\WINDOWS\system32\omqphmwg.dll
2008-05-14 14:07 . 2008-05-14 14:07 125,952 --a------ C:\WINDOWS\system32\ircrviyp.dll
2008-05-13 14:11 . 2008-05-13 14:11 132,096 --a------ C:\WINDOWS\system32\eoqeshrd.dll
2008-05-13 14:11 . 2008-05-13 14:11 2,048 --a------ C:\WINDOWS\system32\nbvclnky.exe
2008-05-13 14:08 . 2008-05-13 14:08 124,416 --a------ C:\WINDOWS\system32\adrkponl.dll
2008-05-12 14:10 . 2008-05-12 14:10 132,608 --a------ C:\WINDOWS\system32\jwlmtnhi.dll
2008-05-12 14:07 . 2008-05-12 14:07 124,416 --a------ C:\WINDOWS\system32\impwwnmv.dll
2008-05-12 14:07 . 2008-05-12 14:07 2,048 --a------ C:\WINDOWS\system32\ttbqpdjm.exe
2008-05-11 14:10 . 2008-05-11 14:10 2,048 --a------ C:\WINDOWS\system32\ltyberje.exe
2008-05-11 14:07 . 2008-05-11 14:07 134,656 --a------ C:\WINDOWS\system32\qffmllvk.dll
2008-05-11 14:06 . 2008-05-11 14:06 125,440 --a------ C:\WINDOWS\system32\agwoslss.dll
2008-05-10 01:03 . 2008-05-10 01:03 133,632 --a------ C:\WINDOWS\system32\ydyrsybl.dll
2008-05-10 01:00 . 2008-05-10 01:00 2,048 --a------ C:\WINDOWS\system32\ffuhgbyx.exe
2008-05-10 00:54 . 2008-05-10 00:54 125,440 --a------ C:\WINDOWS\system32\twjeyuuy.dll
2008-05-09 23:50 . 2008-05-09 23:50 134,144 --a------ C:\WINDOWS\system32\xahyghnd.dll
2008-05-08 22:01 . 2008-05-08 22:01 <REP> d-------- C:\WINDOWS\system32\sX1
2008-05-08 22:01 . 2008-05-08 22:01 371,712 --a------ C:\WINDOWS\system32\vtUnmJCv.dll
2008-05-08 22:00 . 2008-05-08 22:00 52,736 --a------ C:\WINDOWS\system32\pmnkJaWm.dll
2008-05-08 21:58 . 2008-05-08 22:00 37,376 --a------ C:\WINDOWS\17PHolmes572.exe
2008-05-08 21:56 . 2008-05-08 21:56 <REP> d-------- C:\WINDOWS\system32\bkEur01
2008-05-08 21:56 . 2008-05-08 21:56 52,736 --a------ C:\WINDOWS\system32\urqNDUkl.dll.vir
2008-05-08 21:29 . 2008-05-08 21:29 134,144 --a------ C:\WINDOWS\system32\kipcgtfv.dll
2008-05-08 21:26 . 2008-05-08 21:26 2,048 --a------ C:\WINDOWS\system32\mkwnajec.exe
2008-05-08 21:25 . 2008-05-08 21:25 126,464 --a------ C:\WINDOWS\system32\bvpsugsy.dll
2008-05-08 21:25 . 2008-05-15 19:04 109,807 --a------ C:\WINDOWS\BM03ce7dc2.xml
2008-05-08 11:13 . 2008-05-08 11:13 3,317,625 --a------ C:\WINDOWS\system32\shell32.zip
2008-04-25 01:58 . 2008-04-25 01:58 0 --a------ C:\WINDOWS\file532.exe
2008-04-24 01:11 . 2008-04-24 01:11 <REP> d-------- C:\Documents and Settings\HENRY\Application Data\DivX

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 10:50 --------- d-----w C:\Documents and Settings\HENRY\Application Data\AdobeUM
2008-05-10 00:42 --------- d-----w C:\Program Files\LimeWire
2008-04-23 23:29 --------- d-----w C:\Program Files\Incomplete
2008-04-23 22:44 --------- d-----w C:\Documents and Settings\HENRY\Application Data\LimeWire
2008-04-22 15:57 --------- d-----w C:\Program Files\Dofus
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-27 01:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-03-21 20:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-03-21 20:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-03-21 20:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-03-21 20:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.

------- Sigcheck -------

2004-08-18 11:22 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-23 00:35 1036288 998f3f568f6074a35ab08cd3395a9dc2 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48A4ED64-7A15-4EA5-B83C-F95771639854}]
2008-05-08 22:01 371712 --a------ C:\WINDOWS\system32\vtUnmJCv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7544888b-2977-492d-9291-077c4f9fc5d2}]
2008-05-15 17:38 133632 --a------ C:\WINDOWS\system32\sttneojm.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:54 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:55 5674352]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-12 18:39 79224]
"00fd4e5e"="C:\WINDOWS\system32\llkbwbcd.dll" [2008-05-15 17:44 116736]
"BM03ce7dc2"="C:\WINDOWS\system32\plyjxfds.dll" [2008-05-15 17:35 126464]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-12 18:36]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
R3 N100;Pilote de carte réseau Ethernet ou Fast Ethernet Compaq;C:\WINDOWS\system32\DRIVERS\n100325.sys [2001-08-23 18:09]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2006-01-18 15:08]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-08-03 15:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-08-14 20:12:06 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job"
- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 19:03:52
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

C:\WINDOWS\system32\wuapi.dll.mui_fr
C:\WINDOWS\system32\wuapi.dll.wusetup.195531.bak 432640 bytes executable
C:\WINDOWS\system32\wuauclt.exe.wusetup.196873.bak 112640 bytes executable
C:\WINDOWS\system32\wuaucpl.cpl.mui_fr
C:\WINDOWS\system32\wuaucpl.cpl.wusetup.198144.bak 163840 bytes executable
C:\WINDOWS\system32\wuaueng.dll.mui_fr
C:\WINDOWS\system32\wuaueng.dll.wusetup.199106.bak 1134592 bytes executable
C:\WINDOWS\system32\wucltui.dll.mui_fr 38232 bytes executable
C:\WINDOWS\system32\wups2.dll 43352 bytes executable

Scan termin‚ avec succŠs
Les fichiers cach‚s: 9

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\llkbwbcd.dll
-> C:\WINDOWS\system32\plyjxfds.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-15 19:07:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-15 17:07:34

Pre-Run: 752,914,432 octets libres
Post-Run: 1,047,748,608 octets libres

183
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:12, on 15/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: {2d5cf9f4-c770-1929-d294-7792b8884457} - {7544888b-2977-492d-9291-077c4f9fc5d2} - C:\WINDOWS\system32\sttneojm.dll
O2 - BHO: (no name) - {8456C3D8-A0B8-44CE-AF37-67F93098A72C} - C:\WINDOWS\system32\vtUnmJCv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [00fd4e5e] rundll32.exe "C:\WINDOWS\system32\llkbwbcd.dll",b
O4 - HKLM\..\Run: [BM03ce7dc2] Rundll32.exe "C:\WINDOWS\system32\plyjxfds.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

Réponse 7 / 12

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

j'ai oublier de faire ce-ci :
1-Télécharges Vundofix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4

!!Ce déconnecter et fermer toute ces applications le temps de la manipe !!

Double-cliquer sur VundoFix.exe afin de le lancer.
Cliquer sur le bouton Scan for Vundo.

Lorsque le scan est complété, cliquer sur le bouton fix Vundo.

Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES

Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.

Le contenu du rapport est situé dans C:\vundofix.txt : postes ce rapport

2-Refaire combo-fix :

Démarrer en mode sans echec :
Comment aller en Mode sans échec
1) Redémarres ton ordi
2) Tapotes la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )
(attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreur ...)
Double cliquer combofix.exe.

Appuyer sur la touche Y (Yes) pour démarrer le scan .

Attention : n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
---> si un message d'erreur windows apparait à un momment , clik sur la croix en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! )

Le rapport sera crée dans: C:\Combofix.txt

Redémarres ton PC ( mode normal )
Postes le rapport combo fix et un nouveau rapport hijackthis pour analyse ...

DACINJO

Voila les rapports
A chaque fois que je vais sur le forum, Avast me préviens de l'intrusion de Win 32 privacy St troj, je le met en quarantaine, est ce la bonne solution ?

VundoFix V7.0.3

Scan started at 19:53:18 15/05/2008

Listing files found while scanning....

No infected files were found.

Beginning removal...

Beginning removal...

Beginning removal...

ComboFix 08-05-12.1 - HENRY 2008-05-15 20:06:00.2 - NTFSx86 MINIMAL
Endroit: C:\Documents and Settings\HENRY\Bureau\C-Fix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\dtlyulgd.ini
C:\WINDOWS\system32\vCJmnUtv.ini
C:\WINDOWS\system32\vCJmnUtv.ini2

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))))))))
.

2008-05-15 20:16 . 2008-05-15 20:16 294 ---hs---- C:\WINDOWS\system32\dtlyulgd.ini
2008-05-15 20:16 . 2008-05-15 20:16 22 --a------ C:\WINDOWS\pskt.ini
2008-05-15 19:53 . 2008-05-15 19:53 <REP> d----c--- C:\VundoFix Backups
2008-05-15 19:13 . 2008-05-15 19:13 133,632 --a------ C:\WINDOWS\system32\drjwyyap.dll
2008-05-15 19:13 . 2008-05-15 19:13 116,736 --a------ C:\WINDOWS\system32\dgluyltd.dll
2008-05-15 19:12 . 2008-05-15 19:12 126,464 --a------ C:\WINDOWS\system32\fkbjpvwk.dll
2008-05-15 19:04 . 2008-05-15 19:07 354 ---hs---- C:\WINDOWS\system32\dcbwbkll.ini
2008-05-15 17:59 . 2008-05-15 17:59 <REP> d-------- C:\Program Files\Trend Micro
2008-05-15 17:57 . 2008-05-15 17:57 812,344 --a------ C:\Program Files\monjack.exe
2008-05-15 17:38 . 2008-05-15 17:38 133,632 --a------ C:\WINDOWS\system32\sttneojm.dll
2008-05-15 17:35 . 2008-05-15 17:35 126,464 --a------ C:\WINDOWS\system32\plyjxfds.dll
2008-05-14 14:19 . 2008-05-14 14:19 2,048 --a------ C:\WINDOWS\system32\hviiyqtd.exe
2008-05-14 14:16 . 2008-05-14 14:16 133,632 --a------ C:\WINDOWS\system32\ribpbpdw.dll
2008-05-14 14:13 . 2008-05-14 14:13 115,200 --a------ C:\WINDOWS\system32\omqphmwg.dll
2008-05-14 14:07 . 2008-05-14 14:07 125,952 --a------ C:\WINDOWS\system32\ircrviyp.dll
2008-05-13 14:11 . 2008-05-13 14:11 132,096 --a------ C:\WINDOWS\system32\eoqeshrd.dll
2008-05-13 14:11 . 2008-05-13 14:11 2,048 --a------ C:\WINDOWS\system32\nbvclnky.exe
2008-05-13 14:08 . 2008-05-13 14:08 124,416 --a------ C:\WINDOWS\system32\adrkponl.dll
2008-05-12 14:10 . 2008-05-12 14:10 132,608 --a------ C:\WINDOWS\system32\jwlmtnhi.dll
2008-05-12 14:07 . 2008-05-12 14:07 124,416 --a------ C:\WINDOWS\system32\impwwnmv.dll
2008-05-12 14:07 . 2008-05-12 14:07 2,048 --a------ C:\WINDOWS\system32\ttbqpdjm.exe
2008-05-11 14:10 . 2008-05-11 14:10 2,048 --a------ C:\WINDOWS\system32\ltyberje.exe
2008-05-11 14:07 . 2008-05-11 14:07 134,656 --a------ C:\WINDOWS\system32\qffmllvk.dll
2008-05-11 14:06 . 2008-05-11 14:06 125,440 --a------ C:\WINDOWS\system32\agwoslss.dll
2008-05-10 01:03 . 2008-05-10 01:03 133,632 --a------ C:\WINDOWS\system32\ydyrsybl.dll
2008-05-10 01:00 . 2008-05-10 01:00 2,048 --a------ C:\WINDOWS\system32\ffuhgbyx.exe
2008-05-10 00:54 . 2008-05-10 00:54 125,440 --a------ C:\WINDOWS\system32\twjeyuuy.dll
2008-05-09 23:50 . 2008-05-09 23:50 134,144 --a------ C:\WINDOWS\system32\xahyghnd.dll
2008-05-08 22:01 . 2008-05-08 22:01 <REP> d-------- C:\WINDOWS\system32\sX1
2008-05-08 22:01 . 2008-05-08 22:01 371,712 --a------ C:\WINDOWS\system32\vtUnmJCv.dll
2008-05-08 22:00 . 2008-05-08 22:00 52,736 --a------ C:\WINDOWS\system32\pmnkJaWm.dll
2008-05-08 21:58 . 2008-05-08 22:00 37,376 --a------ C:\WINDOWS\17PHolmes572.exe
2008-05-08 21:56 . 2008-05-08 21:56 <REP> d-------- C:\WINDOWS\system32\bkEur01
2008-05-08 21:56 . 2008-05-08 21:56 52,736 --a------ C:\WINDOWS\system32\urqNDUkl.dll.vir
2008-05-08 21:29 . 2008-05-08 21:29 134,144 --a------ C:\WINDOWS\system32\kipcgtfv.dll
2008-05-08 21:26 . 2008-05-08 21:26 2,048 --a------ C:\WINDOWS\system32\mkwnajec.exe
2008-05-08 21:25 . 2008-05-08 21:25 126,464 --a------ C:\WINDOWS\system32\bvpsugsy.dll
2008-05-08 21:25 . 2008-05-15 20:16 109,807 --a------ C:\WINDOWS\BM03ce7dc2.xml
2008-05-08 11:13 . 2008-05-08 11:13 3,317,625 --a------ C:\WINDOWS\system32\shell32.zip
2008-04-25 01:58 . 2008-04-25 01:58 0 --a------ C:\WINDOWS\file532.exe
2008-04-24 01:11 . 2008-04-24 01:11 <REP> d-------- C:\Documents and Settings\HENRY\Application Data\DivX

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 10:50 --------- d-----w C:\Documents and Settings\HENRY\Application Data\AdobeUM
2008-05-10 00:42 --------- d-----w C:\Program Files\LimeWire
2008-04-23 23:29 --------- d-----w C:\Program Files\Incomplete
2008-04-23 22:44 --------- d-----w C:\Documents and Settings\HENRY\Application Data\LimeWire
2008-04-22 15:57 --------- d-----w C:\Program Files\Dofus
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-27 01:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-03-21 20:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-03-21 20:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-03-21 20:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-03-21 20:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.

------- Sigcheck -------

2004-08-18 11:22 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-23 00:35 1036288 998f3f568f6074a35ab08cd3395a9dc2 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-15_19.06.58.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-15 17:02:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-15 18:15:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2004-08-04 00:54:22 66,560 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2007-07-30 17:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
- 2004-08-04 00:54:22 66,560 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2007-07-30 17:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
- 2004-08-04 00:54:48 432,640 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
+ 2007-07-30 17:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
- 2004-08-04 00:55:04 112,640 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2007-07-30 17:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2004-08-04 00:54:48 1,134,592 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2007-07-30 17:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
- 2004-08-04 00:54:48 114,176 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2007-07-30 17:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
- 2004-08-04 00:54:48 36,864 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
+ 2007-07-30 17:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
- 2004-08-04 00:54:48 120,320 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2007-07-30 17:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2007-07-30 17:18:40 33,624 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
- 2004-08-04 00:54:48 432,640 ----a-w C:\WINDOWS\system32\wuapi.dll
+ 2007-07-30 17:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
- 2004-08-04 00:55:04 112,640 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2007-07-30 17:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2004-08-04 00:54:48 1,134,592 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2007-07-30 17:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2004-08-04 00:54:48 114,176 ----a-w C:\WINDOWS\system32\wucltui.dll
+ 2007-07-30 17:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2004-08-04 00:54:48 36,864 ----a-w C:\WINDOWS\system32\wups.dll
+ 2007-07-30 17:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
+ 2007-07-30 17:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
- 2004-08-04 00:54:48 120,320 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2007-07-30 17:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2008-05-15 18:15:31 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_658.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06C7B98F-A762-4080-AB1F-0ED0528C7E4E}]
2008-05-08 22:01 371712 --a------ C:\WINDOWS\system32\vtUnmJCv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{940c8e5e-bc20-4aba-a0a7-f7248f00916d}]
2008-05-15 19:13 133632 --a------ C:\WINDOWS\system32\drjwyyap.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:54 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:55 5674352]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-12 18:39 79224]
"00fd4e5e"="C:\WINDOWS\system32\dgluyltd.dll" [2008-05-15 19:13 116736]
"BM03ce7dc2"="C:\WINDOWS\system32\fkbjpvwk.dll" [2008-05-15 19:12 126464]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-12 18:36]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
R3 N100;Pilote de carte réseau Ethernet ou Fast Ethernet Compaq;C:\WINDOWS\system32\DRIVERS\n100325.sys [2001-08-23 18:09]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2006-01-18 15:08]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-08-03 15:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-08-14 20:12:06 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job"
- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 20:16:24
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

C:\WINDOWS\system32\dtlyulgd.ini 294 bytes

Scan termin‚ avec succŠs
Les fichiers cach‚s: 1

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\dgluyltd.dll
-> C:\WINDOWS\system32\fkbjpvwk.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-15 20:20:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-15 18:20:04
ComboFix2.txt 2008-05-15 17:07:49

Pre-Run: 1,121,128,448 octets libres
Post-Run: 1,115,357,184 octets libres

204

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:28, on 15/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {B5E92863-33BD-42F7-8F2B-73F12D085A24} - C:\WINDOWS\system32\vtUnmJCv.dll
O2 - BHO: {8063f7d6-c785-49e8-de24-29058153c09c} - {c90c3518-5092-42ed-8e94-587c6d7f3608} - C:\WINDOWS\system32\asmgpdui.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [00fd4e5e] rundll32.exe "C:\WINDOWS\system32\llklodqt.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

Réponse 8 / 12

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

Télécharges MalwareByte's : ftp://ftp.commentcamarche.com/download/mbam-setup.exe
un tuto sympa : https://forum.pcastuces.com/sujet.asp?f=31&s=3

Instales le et mets le à jour .

Puis redémarres en mode sans échec :
Comment aller en Mode sans échec
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )

Lances Malwarebyte's .

Fais un scan dit "complet" et supprimes tout ce qu'il peut trouver ...

Redémarres ton PC (mode normal ).
Postes le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log") accompagné d'un nouvel hijackthis ...

DACINJO

Re bonjour
Ci joint rapport
Malwarebytes' Anti-Malware 1.08
Version de la base de données: 471

Type de recherche: Examen complet (C:\|)
Eléments examinés: 70037
Temps écoulé: 30 minute(s), 34 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\vtUnmJCv.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4213b6b2-0279-4429-bccb-42fd009853f5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4213b6b2-0279-4429-bccb-42fd009853f5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtunmjcv -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\llklodqt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tqdolkll.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUnmJCv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\vCJmnUtv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vCJmnUtv.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sX1\gvserchka.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\17PHolmes572.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:08, on 15/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\monjack.exe
C:\WINDOWS\SoftwareDistribution\Download\02970179a133da43483e5e8495d03f51\update\update.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: {8063f7d6-c785-49e8-de24-29058153c09c} - {c90c3518-5092-42ed-8e94-587c6d7f3608} - C:\WINDOWS\system32\asmgpdui.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [00fd4e5e] rundll32.exe "C:\WINDOWS\system32\llklodqt.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

Réponse 9 / 12

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

Télécharges SDFix sur ton bureau :
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe.

--->Double clique sur SDFix.exe et choisis "Install" .

Puis une fois l'instale faite ,redémarre en mode sans échec .
Comment aller en Mode sans échec :
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )

Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le script.
--->Tape Y pour lancer le script.
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc :
presses une touche pour redémarrer quand il te le sera demandé .

Le PC va mettre du temps avant de démarrer ( c'est normale ), après le chargement du Bureau presses une touche lorsque "Finished" s'affiche .

Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier C:\SDFix sous le nom "Report.txt".
Postes ce dernier dans ta prochaine réponse accompagné d'un nouveau rapport Hijakcthis pour analyse ...

DACINJO

[b]SDFix: Version 1.182 [/b]
Run by HENRY on 15/05/2008 at 23:01

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\system32\bkEur01\bkEur011065.exe - Deleted

Folder C:\WINDOWS\system32\bkEur01 - Removed

Removing Temp Files

[b]ADS Check [/b]:

[b]Final Check [/b]:

catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 23:14:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[b]Remaining Files [/b]:

File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Sat 14 Apr 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 15 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5f7e6ca31b0549017e70d2963c0f01bb\BIT8.tmp"
Thu 15 May 2008 3,118,632 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\90e550d1a108d8bbd6da9841aafd83a8\BIT6.tmp"
Thu 15 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e8ac11bc9e4687d6c2a32699ff0541d6\BITA.tmp"
Thu 15 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa7431e5b6c6ef5b2a4a86419ca21980\BIT1.tmp"

[b]Finished![/b]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:21, on 15/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: {8063f7d6-c785-49e8-de24-29058153c09c} - {c90c3518-5092-42ed-8e94-587c6d7f3608} - C:\WINDOWS\system32\asmgpdui.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [00fd4e5e] rundll32.exe "C:\WINDOWS\system32\llklodqt.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

Réponse 10 / 12

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

re-refait un coup de combofix ( je sais j'insiste mais tu es très infecter ;) )
Démarrer en mode sans echec :
Comment aller en Mode sans échec
1) Redémarres ton ordi
2) Tapotes la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )
(attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreur ...)
Double cliquer combofix.exe.

Appuyer sur la touche Y (Yes) pour démarrer le scan .

Attention : n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
---> si un message d'erreur windows apparait à un momment , clik sur la croix en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! )

Le rapport sera crée dans: C:\Combofix.txt

Redémarres ton PC ( mode normal )
Postes le rapport combo fix et un nouveau rapport hijackthis pour analyse .

DACINJO

ComboFix 08-05-12.1 - HENRY 2008-05-15 23:34:30.3 - NTFSx86 MINIMAL
Endroit: C:\Documents and Settings\HENRY\Bureau\C-Fix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))))))))
.

2008-05-15 22:35 . 2008-05-15 22:35 <REP> d-------- C:\Program Files\MSXML 4.0
2008-05-15 21:19 . 2008-05-15 21:19 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-15 21:19 . 2008-05-15 21:19 <REP> d-------- C:\Documents and Settings\HENRY\Application Data\Malwarebytes
2008-05-15 21:19 . 2008-05-15 21:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-15 17:59 . 2008-05-15 17:59 <REP> d-------- C:\Program Files\Trend Micro
2008-05-15 17:57 . 2008-05-15 17:57 812,344 --a------ C:\Program Files\monjack.exe
2008-04-24 01:11 . 2008-04-24 01:11 <REP> d-------- C:\Documents and Settings\HENRY\Application Data\DivX

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 10:50 --------- d-----w C:\Documents and Settings\HENRY\Application Data\AdobeUM
2008-05-10 00:42 --------- d-----w C:\Program Files\LimeWire
2008-04-23 23:29 --------- d-----w C:\Program Files\Incomplete
2008-04-23 22:44 --------- d-----w C:\Documents and Settings\HENRY\Application Data\LimeWire
2008-04-22 15:57 --------- d-----w C:\Program Files\Dofus
2008-03-27 01:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-03-21 20:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-03-21 20:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-03-21 20:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
.

((((((((((((((((((((((((((((( snapshot_2008-05-15_20.19.34.61 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-15 18:15:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-15 21:39:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2006-03-17 00:33:10 262,784 ------w C:\WINDOWS\Driver Cache\i386\http.sys
+ 2006-05-05 09:41:45 453,120 ------w C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
+ 2007-02-28 16:02:21 2,138,112 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2007-02-28 16:02:36 2,059,648 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2007-02-28 16:02:21 2,017,792 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2007-02-28 16:02:36 2,182,400 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2008-05-13 00:55:56 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-05-15 20:58:33 6,758,400 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-05-15 20:58:33 12,288 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-05-13 00:55:56 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-05-15 20:58:22 6,758,400 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-05-15 20:58:22 12,288 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
- 2004-08-22 22:35:29 1,036,288 ----a-w C:\WINDOWS\explorer.exe
+ 2007-06-13 13:22:28 1,037,312 ----a-w C:\WINDOWS\explorer.exe
+ 2008-05-15 20:35:27 32,768 ----a-r C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
- 2004-08-04 00:54:22 41,984 ----a-w C:\WINDOWS\msagent\agentdp2.dll
+ 2006-10-12 14:04:13 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll
- 2004-08-04 00:54:22 58,880 -c--a-w C:\WINDOWS\msagent\agentdpv.dll
+ 2006-10-12 14:04:13 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll
- 2004-08-04 00:54:50 256,512 -c--a-w C:\WINDOWS\msagent\agentsvr.exe
+ 2006-10-12 11:09:53 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
+ 2008-05-15 18:18:57 3,424 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{62915198-5E04-481C-B9AC-57169845575E}.bin
+ 2008-05-15 18:27:50 133,632 ----a-w C:\WINDOWS\system32\asmgpdui.dll
- 2004-08-04 00:54:22 56,832 ----a-w C:\WINDOWS\system32\authz.dll
+ 2005-03-02 18:10:36 56,832 ----a-w C:\WINDOWS\system32\authz.dll
- 2004-08-04 00:54:22 41,984 -c--a-w C:\WINDOWS\system32\dllcache\agentdp2.dll
+ 2006-10-12 14:04:13 42,496 -c--a-w C:\WINDOWS\system32\dllcache\agentdp2.dll
- 2004-08-04 00:54:22 58,880 -c--a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
+ 2006-10-12 14:04:13 57,344 -c--a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
- 2004-08-04 00:54:50 256,512 -c--a-w C:\WINDOWS\system32\dllcache\agentsvr.exe
+ 2006-10-12 11:09:53 256,512 -c--a-w C:\WINDOWS\system32\dllcache\agentsvr.exe
- 2004-08-04 00:54:22 56,832 -c--a-w C:\WINDOWS\system32\dllcache\authz.dll
+ 2005-03-02 18:10:36 56,832 -c--a-w C:\WINDOWS\system32\dllcache\authz.dll
- 2004-08-04 00:54:24 561,179 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:25 554,008 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
- 2004-08-04 00:54:24 148,480 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:35:05 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2004-08-04 00:54:24 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
+ 2008-02-20 05:35:05 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
- 2004-08-04 00:54:26 1,097,728 -c--a-w C:\WINDOWS\system32\dllcache\esent.dll
+ 2005-10-20 22:25:53 1,097,728 -c--a-w C:\WINDOWS\system32\dllcache\esent.dll
+ 2007-06-13 13:22:28 1,037,312 -c----w C:\WINDOWS\system32\dllcache\explorer.exe
- 2001-08-24 14:00:00 79,360 -c--a-w C:\WINDOWS\system32\dllcache\fontsub.dll
+ 2005-10-17 21:21:08 80,896 -c--a-w C:\WINDOWS\system32\dllcache\fontsub.dll
- 2004-08-03 23:04:52 134,912 -c--a-w C:\WINDOWS\system32\dllcache\ipnat.sys
+ 2004-09-29 22:28:37 134,912 -c--a-w C:\WINDOWS\system32\dllcache\ipnat.sys
- 2004-08-04 00:54:30 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-12-18 14:41:58 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2004-08-04 00:54:30 1,048,576 -c--a-w C:\WINDOWS\system32\dllcache\kernel32.dll
+ 2007-04-16 15:53:11 1,049,600 -c--a-w C:\WINDOWS\system32\dllcache\kernel32.dll
- 2004-08-04 00:54:30 18,944 -c--a-w C:\WINDOWS\system32\dllcache\linkinfo.dll
+ 2005-09-01 01:43:37 19,968 -c--a-w C:\WINDOWS\system32\dllcache\linkinfo.dll
- 2004-08-04 00:54:30 728,576 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:28:31 728,576 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2006-05-05 09:41:45 453,120 -c----w C:\WINDOWS\system32\dllcache\mrxsmb.sys
- 2004-08-04 00:54:34 425,472 -c--a-w C:\WINDOWS\system32\dllcache\msdtcprx.dll
+ 2006-03-01 19:43:50 426,496 -c--a-w C:\WINDOWS\system32\dllcache\msdtcprx.dll
- 2004-08-04 00:54:34 949,248 -c--a-w C:\WINDOWS\system32\dllcache\msdtctm.dll
+ 2006-03-01 19:43:50 956,416 -c--a-w C:\WINDOWS\system32\dllcache\msdtctm.dll
- 2004-08-04 00:54:34 161,280 -c--a-w C:\WINDOWS\system32\dllcache\msdtcuiu.dll
+ 2006-03-01 19:43:51 161,280 -c--a-w C:\WINDOWS\system32\dllcache\msdtcuiu.dll
- 2004-08-04 00:54:34 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
- 2004-08-04 00:54:34 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
- 2004-08-04 00:54:34 537,088 -c--a-w C:\WINDOWS\system32\dllcache\msftedit.dll
+ 2006-11-27 14:55:30 539,136 -c--a-w C:\WINDOWS\system32\dllcache\msftedit.dll
- 2004-08-04 00:54:34 2,804,224 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
+ 2005-05-04 12:45:32 2,890,240 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
- 2004-08-04 00:54:58 77,312 -c--a-w C:\WINDOWS\system32\dllcache\msiexec.exe
+ 2005-05-04 12:45:36 78,848 -c--a-w C:\WINDOWS\system32\dllcache\msiexec.exe
- 2004-08-04 00:54:34 331,264 -c--a-w C:\WINDOWS\system32\dllcache\msihnd.dll
+ 2005-05-04 12:45:36 271,360 -c--a-w C:\WINDOWS\system32\dllcache\msihnd.dll
- 2004-08-04 00:53:32 884,736 -c--a-w C:\WINDOWS\system32\dllcache\msimsg.dll
+ 2005-05-04 12:45:36 884,736 -c--a-w C:\WINDOWS\system32\dllcache\msimsg.dll
- 2004-08-04 00:54:34 44,032 -c--a-w C:\WINDOWS\system32\dllcache\msisip.dll
+ 2005-05-04 12:45:36 15,360 -c--a-w C:\WINDOWS\system32\dllcache\msisip.dll
- 2004-08-04 00:54:34 1,507,356 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
- 2004-07-17 11:34:48 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
- 2004-08-04 00:54:34 184,351 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-25 04:51:08 194,144 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
- 2004-08-04 00:54:34 53,279 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
- 2004-08-04 00:54:34 241,693 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
- 2004-08-04 00:54:34 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 08:20:46 219,936 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:51:09 621,344 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2006-03-01 19:43:51 66,560 -c--a-w C:\WINDOWS\system32\dllcache\mtxclu.dll
+ 2006-03-01 19:43:51 91,136 -c--a-w C:\WINDOWS\system32\dllcache\mtxoci.dll
+ 2006-08-17 12:29:49 332,288 -c--a-w C:\WINDOWS\system32\dllcache\netapi32.dll
+ 2005-08-22 18:35:10 197,632 -c--a-w C:\WINDOWS\system32\dllcache\netman.dll
+ 2007-02-09 11:10:35 574,464 -c--a-w C:\WINDOWS\system32\dllcache\ntfs.sys
+ 2007-02-28 16:02:21 2,138,112 -c--a-w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
+ 2007-02-28 16:02:36 2,059,648 -c----w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
+ 2007-02-28 16:02:21 2,017,792 -c----w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
+ 2007-02-28 16:02:36 2,182,400 -c----w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
+ 2005-04-28 19:32:30 1,284,608 -c--a-w C:\WINDOWS\system32\dllcache\ole32.dll
+ 2007-12-04 18:41:36 550,912 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
+ 2005-04-28 19:32:30 75,264 -c--a-w C:\WINDOWS\system32\dllcache\olecli32.dll
+ 2005-04-28 19:32:30 37,888 -c--a-w C:\WINDOWS\system32\dllcache\olecnv32.dll
+ 2007-10-29 22:43:32 1,293,824 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2006-06-26 17:41:32 8,192 -c--a-w C:\WINDOWS\system32\dllcache\rasadhlp.dll
+ 2006-05-05 09:47:57 174,592 -c--a-w C:\WINDOWS\system32\dllcache\rdbss.sys
+ 2006-11-27 14:55:31 433,152 -c--a-w C:\WINDOWS\system32\dllcache\riched20.dll
+ 2005-04-28 19:32:30 395,776 -c--a-w C:\WINDOWS\system32\dllcache\rpcss.dll
+ 2007-04-25 14:22:35 144,896 -c--a-w C:\WINDOWS\system32\dllcache\schannel.dll
+ 2005-09-03 00:06:11 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2006-08-14 10:34:41 332,928 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys
+ 2004-12-07 19:34:00 96,768 -c--a-w C:\WINDOWS\system32\dllcache\srvsvc.dll
+ 2005-10-17 21:21:08 118,272 -c--a-w C:\WINDOWS\system32\dllcache\t2embed.dll
+ 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2005-05-11 02:30:03 78,336 -c--a-w C:\WINDOWS\system32\dllcache\telnet.exe
+ 2005-08-23 03:39:36 124,928 -c--a-w C:\WINDOWS\system32\dllcache\umpnpmgr.dll
+ 2005-03-02 18:10:36 578,048 -c--a-w C:\WINDOWS\system32\dllcache\user32.dll
+ 2007-12-18 14:41:59 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2007-06-26 13:56:54 851,968 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2005-03-02 18:07:53 1,836,416 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2007-03-17 13:44:47 293,376 -c--a-w C:\WINDOWS\system32\dllcache\winsrv.dll
+ 2006-08-17 12:29:49 132,096 -c--a-w C:\WINDOWS\system32\dllcache\wkssvc.dll
+ 2007-04-30 06:20:24 5,537,792 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2006-12-07 06:40:49 2,362,184 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-03-01 19:43:51 11,776 -c--a-w C:\WINDOWS\system32\dllcache\xolehlp.dll
- 2004-08-04 00:54:24 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-02-20 05:35:05 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2004-08-04 00:54:24 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
+ 2008-02-20 05:35:05 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
+ 2004-08-04 00:46:20 154,496 -c--a-w C:\WINDOWS\system32\drivers\dmio.sys
+ 2001-08-24 14:00:00 5,888 -c--a-w C:\WINDOWS\system32\drivers\dmload.sys
+ 2004-08-03 23:07:40 52,864 ----a-w C:\WINDOWS\system32\drivers\DMusic.sys
+ 2004-08-03 21:08:00 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
+ 2004-08-03 23:07:58 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
+ 2001-08-24 14:00:00 10,496 ----a-w C:\WINDOWS\system32\drivers\dxapi.sys
+ 2004-08-03 23:00:56 71,040 ----a-w C:\WINDOWS\system32\drivers\dxg.sys
+ 2001-08-24 14:00:00 3,328 ----a-w C:\WINDOWS\system32\drivers\dxgthk.sys
+ 2001-08-17 19:19:34 40,704 -c--a-w C:\WINDOWS\system32\drivers\es1371mp.sys
+ 2004-08-03 23:14:18 143,360 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
+ 2004-08-03 22:59:28 27,392 ----a-w C:\WINDOWS\system32\drivers\fdc.sys
+ 2001-08-24 14:00:00 35,072 ----a-w C:\WINDOWS\system32\drivers\fips.sys
+ 2004-08-03 22:59:28 20,480 ----a-w C:\WINDOWS\system32\drivers\flpydisk.sys
+ 2004-08-03 23:01:20 124,800 -c--a-w C:\WINDOWS\system32\drivers\fltMgr.sys
+ 2001-08-24 14:00:00 7,936 ----a-w C:\WINDOWS\system32\drivers\fs_rec.sys
+ 2001-08-24 14:00:00 12,416 -c--a-w C:\WINDOWS\system32\drivers\fsvga.sys
+ 2001-08-24 14:00:00 126,080 -c--a-w C:\WINDOWS\system32\drivers\ftdisk.sys
+ 2004-08-03 23:08:22 10,624 ----a-w C:\WINDOWS\system32\drivers\gameenum.sys
+ 2004-08-03 23:08:20 36,224 -c--a-w C:\WINDOWS\system32\drivers\hidclass.sys
+ 2001-08-17 21:02:32 8,576 -c--a-w C:\WINDOWS\system32\drivers\hidgame.sys
+ 2004-08-03 23:08:18 24,960 -c--a-w C:\WINDOWS\system32\drivers\hidparse.sys
+ 2001-08-24 14:00:00 9,600 -c--a-w C:\WINDOWS\system32\drivers\hidusb.sys
+ 2006-03-17 00:33:10 262,784 ----a-w C:\WINDOWS\system32\drivers\http.sys
+ 2004-08-04 00:41:24 54,400 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
+ 2004-08-03 23:00:16 41,856 ----a-w C:\WINDOWS\system32\drivers\imapi.sys
+ 2004-08-04 00:43:40 40,320 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
+ 2004-08-03 23:00:08 29,056 -c--a-w C:\WINDOWS\system32\drivers\ip6fw.sys
+ 2001-08-24 14:00:00 32,896 -c--a-w C:\WINDOWS\system32\drivers\ipfltdrv.sys
+ 2004-08-03 23:04:46 20,992 -c--a-w C:\WINDOWS\system32\drivers\ipinip.sys
+ 2004-09-29 22:28:37 134,912 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
+ 2004-08-03 23:14:30 74,752 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
+ 2004-08-03 23:00:48 11,264 -c--a-w C:\WINDOWS\system32\drivers\irenum.sys
+ 2001-08-24 14:00:00 36,224 -c--a-w C:\WINDOWS\system32\drivers\isapnp.sys
+ 2004-08-04 00:45:12 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
+ 2004-08-03 23:07:50 171,776 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
+ 2004-08-03 21:15:22 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys
+ 2004-08-03 22:59:48 92,032 -c--a-w C:\WINDOWS\system32\drivers\ksecdd.sys
+ 2001-08-24 14:00:00 7,680 -c--a-w C:\WINDOWS\system32\drivers\mcd.sys
+ 2004-08-04 01:05:42 63,744 -c--a-w C:\WINDOWS\system32\drivers\mf.sys
+ 2001-08-24 14:00:00 4,224 ----a-w C:\WINDOWS\system32\drivers\mnmdd.sys
+ 2004-08-04 01:05:42 30,336 -c--a-w C:\WINDOWS\system32\drivers\modem.sys
+ 2004-08-03 22:37:26 23,680 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
+ 2001-08-23 15:04:42 12,288 ----a-w C:\WINDOWS\system32\drivers\mouhid.sys
+ 2004-08-03 22:58:32 42,240 -c--a-w C:\WINDOWS\system32\drivers\mountmgr.sys
+ 2004-08-03 22:58:22 72,960 -c--a-w C:\WINDOWS\system32\drivers\mqac.sys
+ 2004-08-03 23:00:58 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2006-05-05 09:41:45 453,120 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
+ 2004-08-03 23:00:42 19,072 ----a-w C:\WINDOWS\system32\drivers\msfs.sys
+ 2004-08-03 23:04:14 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
+ 2004-08-03 22:58:42 7,552 -c--a-w C:\WINDOWS\system32\drivers\MSKSSRV.sys
+ 2001-08-17 22:00:04 2,944 ----a-w C:\WINDOWS\system32\drivers\msmpu401.sys
+ 2004-08-03 22:58:40 5,376 -c--a-w C:\WINDOWS\system32\drivers\MSPCLOCK.sys
+ 2004-08-03 22:58:42 4,992 -c--a-w C:\WINDOWS\system32\drivers\MSPQM.sys
+ 2004-08-04 01:05:42 15,488 ----a-w C:\WINDOWS\system32\drivers\mssmbios.sys
+ 2004-08-03 20:58:40 5,504 -c--a-w C:\WINDOWS\system32\drivers\MSTEE.sys
+ 2004-08-03 23:15:22 107,904 -c--a-w C:\WINDOWS\system32\drivers\mup.sys
+ 2001-08-23 16:09:02 131,072 ----a-w C:\WINDOWS\system32\drivers\n100325.sys
+ 2004-08-03 21:10:30 85,376 -c--a-w C:\WINDOWS\system32\drivers\NABTSFEC.sys
+ 2004-08-03 23:14:30 182,912 -c--a-w C:\WINDOWS\system32\drivers\ndis.sys
+ 2004-08-03 21:10:14 10,880 -c--a-w C:\WINDOWS\system32\drivers\NdisIP.sys
+ 2001-08-24 14:00:00 9,600 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
+ 2004-08-04 01:05:42 12,928 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
+ 2004-08-03 23:14:32 91,776 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
+ 2001-08-24 14:00:00 38,016 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
+ 2004-08-03 23:03:22 34,560 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
+ 2004-08-03 23:14:38 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
+ 2004-08-04 01:05:42 61,824 -c--a-w C:\WINDOWS\system32\drivers\nic1394.sys
+ 2001-08-24 14:00:00 12,032 -c--a-w C:\WINDOWS\system32\drivers\nikedrv.sys
+ 2004-08-03 22:59:52 40,320 -c--a-w C:\WINDOWS\system32\drivers\nmnt.sys
+ 2004-08-03 23:00:44 30,848 ----a-w C:\WINDOWS\system32\drivers\npfs.sys
+ 2007-02-09 11:10:35 574,464 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
+ 2001-08-24 14:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
+ 2001-08-24 14:00:00 12,416 -c--a-w C:\WINDOWS\system32\drivers\nwlnkflt.sys
+ 2001-08-24 14:00:00 32,512 -c--a-w C:\WINDOWS\system32\drivers\nwlnkfwd.sys
+ 2004-08-03 23:03:36 88,448 -c--a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
+ 2001-08-24 14:00:00 63,232 -c--a-w C:\WINDOWS\system32\drivers\nwlnknb.sys
+ 2001-08-24 14:00:00 55,936 -c--a-w C:\WINDOWS\system32\drivers\nwlnkspx.sys
+ 2004-08-03 23:02:24 163,584 -c--a-w C:\WINDOWS\system32\drivers\nwrdr.sys
+ 2001-08-24 14:00:00 3,456 -c--a-w C:\WINDOWS\system32\drivers\oprghdlr.sys
+ 2003-09-24 17:00:00 25,211 -c--a-r C:\WINDOWS\system32\drivers\ov519cmd.sys
+ 2003-09-24 17:00:00 174,530 -c--a-r C:\WINDOWS\system32\drivers\ov519vid.sys
+ 2004-08-04 01:05:42 46,720 -c--a-w C:\WINDOWS\system32\drivers\p3.sys
+ 2004-08-04 01:05:42 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys
+ 2001-08-24 14:00:00 18,688 -c--a-w C:\WINDOWS\system32\drivers\partmgr.sys
+ 2001-08-24 14:00:00 6,912 ----a-w C:\WINDOWS\system32\drivers\parvdm.sys
+ 2004-08-04 00:37:06 68,608 -c--a-w C:\WINDOWS\system32\drivers\pci.sys
+ 2001-08-24 14:00:00 3,328 -c--a-w C:\WINDOWS\system32\drivers\pciide.sys
+ 2004-08-03 22:59:42 25,088 -c--a-w C:\WINDOWS\system32\drivers\pciidex.sys
+ 2004-08-04 00:37:12 120,320 -c--a-w C:\WINDOWS\system32\drivers\pcmcia.sys
+ 2001-08-17 19:11:22 35,328 -c--a-w C:\WINDOWS\system32\drivers\pcntpci5.sys
+ 2006-11-08 07:02:34 21,760 ----a-w C:\WINDOWS\system32\drivers\point32.sys
+ 2004-08-03 21:15:50 145,792 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
+ 2002-09-16 17:07:24 4,228 ----a-w C:\WINDOWS\system32\drivers\PQNTDRV.sys
+ 2004-08-04 01:05:42 39,552 -c--a-w C:\WINDOWS\system32\drivers\processr.sys
+ 2004-08-03 23:04:20 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
+ 2001-08-24 14:00:00 17,792 ----a-w C:\WINDOWS\system32\drivers\ptilink.sys
+ 2001-08-24 14:00:00 8,832 ----a-w C:\WINDOWS\system32\drivers\rasacd.sys
+ 2004-08-03 23:14:24 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
+ 2004-08-03 23:05:08 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
+ 2004-08-03 23:14:28 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
+ 2001-08-24 14:00:00 16,512 ----a-w C:\WINDOWS\system32\drivers\raspti.sys
+ 2001-08-24 14:00:00 34,432 -c--a-w C:\WINDOWS\system32\drivers\rawwan.sys
+ 2006-05-05 09:47:57 174,592 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
+ 2001-08-24 14:00:00 4,224 ----a-w C:\WINDOWS\system32\drivers\rdpcdd.sys
+ 2004-08-03 22:01:16 196,864 ----a-w C:\WINDOWS\system32\drivers\rdpdr.sys
+ 2004-08-04 00:55:14 139,400 -c--a-w C:\WINDOWS\system32\drivers\rdpwd.sys
+ 2004-08-04 00:39:44 58,496 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
+ 2001-08-24 14:00:00 12,032 -c--a-w C:\WINDOWS\system32\drivers\rio8drv.sys
+ 2001-08-24 14:00:00 12,032 -c--a-w C:\WINDOWS\system32\drivers\riodrv.sys
+ 2001-08-24 14:00:00 200,064 -c--a-w C:\WINDOWS\system32\drivers\RMCast.sys
+ 2004-08-03 23:04:32 30,080 -c--a-w C:\WINDOWS\system32\drivers\rndismp.sys
+ 2001-08-24 14:00:00 5,888 -c--a-w C:\WINDOWS\system32\drivers\rootmdm.sys
+ 2002-10-22 14:45:42 668,160 -c--a-w C:\WINDOWS\system32\drivers\sbpci.sys
+ 2004-08-03 22:59:42 96,256 -c--a-w C:\WINDOWS\system32\drivers\scsiport.sys
+ 2004-08-03 23:07:48 67,584 -c--a-w C:\WINDOWS\system32\drivers\sdbus.sys
+ 2007-11-13 10:25:54 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
+ 2004-08-03 22:59:08 15,488 ----a-w C:\WINDOWS\system32\drivers\serenum.sys
+ 2004-08-04 00:41:26 66,560 ----a-w C:\WINDOWS\system32\drivers\serial.sys
+ 2001-08-23 16:20:50 18,432 -c--a-w C:\WINDOWS\system32\drivers\sermouse.sys
+ 2004-08-03 22:59:56 11,136 -c--a-w C:\WINDOWS\system32\drivers\sffdisk.sys
+ 2004-08-03 22:59:56 10,240 -c--a-w C:\WINDOWS\system32\drivers\sffp_sd.sys
+ 2004-08-03 22:59:56 11,392 ----a-w C:\WINDOWS\system32\drivers\sfloppy.sys
+ 2004-08-03 23:07:44 41,088 -c--a-w C:\WINDOWS\system32\drivers\SISAGP.SYS
+ 2003-07-18 08:58:20 36,992 -c--a-w C:\WINDOWS\system32\drivers\SISAGPX.SYS
+ 2004-08-03 21:31:36 32,768 ----a-w C:\WINDOWS\system32\drivers\sisnic.sys
+ 2004-08-03 21:10:18 11,136 -c--a-w C:\WINDOWS\system32\drivers\SLIP.sys
+ 2001-08-24 14:00:00 14,592 -c--a-w C:\WINDOWS\system32\drivers\smclib.sys
+ 2004-08-04 01:05:42 25,472 -c--a-w C:\WINDOWS\system32\drivers\sonydcam.sys
+ 2004-08-03 23:07:48 6,400 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
+ 2004-08-04 00:49:46 73,600 -c--a-w C:\WINDOWS\system32\drivers\sr.sys
+ 2006-08-14 10:34:41 332,928 ----a-w C:\WINDOWS\system32\drivers\srv.sys
+ 2005-08-30 15:57:18 58,320 ----a-w C:\WINDOWS\system32\drivers\ss_bus.sys
+ 2005-08-30 15:58:50 6,144 ----a-w C:\WINDOWS\system32\drivers\ss_cm.sys
+ 2005-08-30 15:58:50 6,144 -c--a-w C:\WINDOWS\system32\drivers\ss_cmnt.sys
+ 2005-08-30 15:58:56 8,304 ----a-w C:\WINDOWS\system32\drivers\ss_mdfl.sys
+ 2005-08-30 15:59:00 94,000 ----a-w C:\WINDOWS\system32\drivers\ss_mdm.sys
+ 2005-08-30 15:57:14 5,808 ----a-w C:\WINDOWS\system32\drivers\ss_wh.sys
+ 2005-08-30 15:57:14 5,808 -c--a-w C:\WINDOWS\system32\drivers\ss_whnt.sys
+ 2006-07-24 14:05:00 5,632 ----a-w C:\WINDOWS\system32\drivers\StarOpen.sys
+ 2004-08-03 21:08:04 48,640 -c--a-w C:\WINDOWS\system32\drivers\stream.sys
+ 2004-08-03 21:10:14 15,360 -c--a-w C:\WINDOWS\system32\drivers\StreamIP.sys
+ 2004-08-04 01:05:42 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys
+ 2001-08-17 22:00:52 54,272 ----a-w C:\WINDOWS\system32\drivers\swmidi.sys
+ 2004-08-03 23:15:56 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
+ 2004-08-03 23:00:00 14,976 -c--a-w C:\WINDOWS\system32\drivers\tape.sys
+ 2007-10-30 17:20:55 360,064 ------w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2004-08-03 23:07:46 223,616 -c--a-w C:\WINDOWS\system32\drivers\tcpip6.sys
+ 2004-08-03 23:07:50 18,560 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
+ 2004-08-04 00:55:12 12,040 -c--a-w C:\WINDOWS\system32\drivers\tdpipe.sys
+ 2004-08-04 00:55:14 21,896 -c--a-w C:\WINDOWS\system32\drivers\tdtcp.sys
+ 2004-08-03 23:55:12 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
+ 2001-08-24 14:00:00 51,712 -c--a-w C:\WINDOWS\system32\drivers\tosdvd.sys
+ 2001-08-24 14:00:00 21,376 -c--a-w C:\WINDOWS\system32\drivers\tsbvcap.sys
+ 2004-08-04 01:05:42 12,416 -c--a-w C:\WINDOWS\system32\drivers\tunmp.sys
+ 2004-08-03 23:00:32 66,176 -c--a-w C:\WINDOWS\system32\drivers\udfs.sys
+ 2004-08-03 22:58:34 209,408 ----a-w C:\WINDOWS\system32\drivers\update.sys
+ 2004-08-03 23:04:34 12,672 -c--a-w C:\WINDOWS\system32\drivers\usb8023.sys
+ 2004-08-03 21:07:56 59,264 -c--a-w C:\WINDOWS\system32\drivers\USBAUDIO.sys
+ 2001-08-24 14:00:00 23,808 -c--a-w C:\WINDOWS\system32\drivers\usbcamd.sys
+ 2001-08-24 14:00:00 23,936 -c--a-w C:\WINDOWS\system32\drivers\usbcamd2.sys
+ 2004-08-03 21:08:48 31,616 -c--a-w C:\WINDOWS\system32\drivers\usbccgp.sys
+ 2001-08-24 14:00:00 4,736 ----a-w C:\WINDOWS\system32\drivers\usbd.sys
+ 2004-08-03 23:08:44 57,600 ----a-w C:\WINDOWS\system32\drivers\usbhub.sys
+ 2004-08-04 01:05:42 16,000 -c--a-w C:\WINDOWS\system32\drivers\usbintel.sys
+ 2004-08-03 23:08:38 17,024 ----a-w C:\WINDOWS\system32\drivers\usbohci.sys
+ 2004-08-03 23:08:44 142,976 ----a-w C:\WINDOWS\system32\drivers\usbport.sys
+ 2004-08-03 22:08:48 26,496 ----a-w C:\WINDOWS\system32\drivers\USBSTOR.SYS
+ 2001-08-24 14:00:00 58,112 -c--a-w C:\WINDOWS\system32\drivers\vdmindvd.sys
+ 2004-08-03 23:07:08 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
+ 2004-08-03 23:07:06 79,744 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
+ 2004-08-04 00:44:16 53,376 -c--a-w C:\WINDOWS\system32\drivers\volsnap.sys
+ 2004-08-03 23:04:58 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
+ 2004-08-03 23:15:06 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
+ 2006-01-18 13:08:56 493,440 -c--a-w C:\WINDOWS\system32\drivers\WlanBZ64.SYS
+ 2006-01-18 13:08:54 402,432 -c--a-w C:\WINDOWS\system32\drivers\WlanBZXP.sys
+ 2001-08-24 14:00:00 4,352 ----a-w C:\WINDOWS\system32\drivers\wmilib.sys
+ 2004-08-10 21:05:50 18,944 -c--a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2001-08-24 14:00:00 12,032 -c--a-w C:\WINDOWS\system32\drivers\ws2ifsl.sys
+ 2004-08-03 21:10:22 19,328 -c--a-w C:\WINDOWS\system32\drivers\WSTCODEC.SYS
+ 2006-01-18 13:08:56 17,664 -c--a-w C:\WINDOWS\system32\drivers\ZDPSp50.sys
+ 2006-01-18 13:08:56 31,744 -c--a-w C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
- 2004-08-04 00:54:26 1,097,728 ----a-w C:\WINDOWS\system32\esent.dll
+ 2005-10-20 22:25:53 1,097,728 ----a-w C:\WINDOWS\system32\esent.dll
- 2007-09-17 23:46:25 250,288 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-05-15 20:40:57 250,288 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2001-08-24 14:00:00 79,360 ----a-w C:\WINDOWS\system32\fontsub.dll
+ 2005-10-17 21:21:08 80,896 ----a-w C:\WINDOWS\system32\fontsub.dll
- 2004-08-04 00:54:30 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-12-18 14:41:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2004-08-04 00:54:30 1,048,576 ----a-w C:\WINDOWS\system32\kernel32.dll
+ 2007-04-16 15:53:11 1,049,600 ----a-w C:\WINDOWS\system32\kernel32.dll
- 2004-08-04 00:54:30 18,944 ----a-w C:\WINDOWS\system32\linkinfo.dll
+ 2005-09-01 01:43:37 19,968 ----a-w C:\WINDOWS\system32\linkinfo.dll
- 2004-08-04 00:54:30 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-07 09:28:31 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-21 00:04:14 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
+ 2008-02-04 16:59:24 74,137 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2001-08-24 14:00:00 17,920 -c--a-w C:\WINDOWS\system32\Microsoft\tftp.exe
+ 2001-08-24 14:00:00 19,429 -c--a-w C:\WINDOWS\system32\MsDtc\Trace\msdtcvtr.bat
- 2004-08-04 00:54:34 425,472 ----a-w C:\WINDOWS\system32\msdtcprx.dll
+ 2006-03-01 19:43:50 426,496 ----a-w C:\WINDOWS\system32\msdtcprx.dll
- 2004-08-04 00:54:34 949,248 ----a-w C:\WINDOWS\system32\msdtctm.dll
+ 2006-03-01 19:43:50 956,416 ----a-w C:\WINDOWS\system32\msdtctm.dll
- 2004-08-04 00:54:34 161,280 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
+ 2006-03-01 19:43:51 161,280 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
- 2004-08-04 00:54:34 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2004-08-04 00:54:34 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
- 2004-08-04 00:54:34 537,088 ----a-w C:\WINDOWS\system32\msftedit.dll
+ 2006-11-27 14:55:30 539,136 ----a-w C:\WINDOWS\system32\msftedit.dll
- 2004-08-04 00:54:34 2,804,224 ----a-w C:\WINDOWS\system32\msi.dll
+ 2005-05-04 12:45:32 2,890,240 ----a-w C:\WINDOWS\system32\msi.dll
- 2004-08-04 00:54:58 77,312 ----a-w C:\WINDOWS\system32\msiexec.exe
+ 2005-05-04 12:45:36 78,848 ----a-w C:\WINDOWS\system32\msiexec.exe
- 2004-08-04 00:54:34 331,264 ----a-w C:\WINDOWS\system32\msihnd.dll
+ 2005-05-04 12:45:36 271,360 ----a-w C:\WINDOWS\system32\msihnd.dll
- 2004-08-04 00:53:32 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
+ 2005-05-04 12:45:36 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
- 2004-08-04 00:54:34 44,032 ----a-w C:\WINDOWS\system32\msisip.dll
+ 2005-05-04 12:45:36 15,360 ----a-w C:\WINDOWS\system32\msisip.dll
- 2004-08-04 00:54:34 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2004-07-17 11:34:48 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2004-08-04 00:54:34 184,351 ----a-w C:\WINDOWS\system32\msjint40.dll
+ 2008-03-25 04:51:08 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
- 2004-08-04 00:54:34 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2004-08-04 00:54:34 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2004-08-04 00:54:34 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 08:20:46 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2004-08-04 00:54:34 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2004-08-04 00:54:36 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2004-08-04 00:54:36 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2004-08-04 00:54:36 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2004-08-04 00:54:36 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2004-08-04 00:54:36 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2004-08-04 00:54:36 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll
+ 2008-03-25 04:51:09 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
- 2004-08-04 00:54:36 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
- 2003-04-18 14:46:22 1,233,920 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 2007-05-08 13:03:04 1,275,392 ----a-w C:\WINDOWS\system32\msxml4.dll
- 2004-08-04 00:54:36 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll
+ 2006-03-01 19:43:51 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll
- 2004-08-04 00:54:36 90,112 ----a-w C:\WINDOWS\system32\mtxoci.dll
+ 2006-03-01 19:43:51 91,136 ----a-w C:\WINDOWS\system32\mtxoci.dll
+ 2001-08-24 14:00:00 92,160 ----a-w C:\WINDOWS\system32\mui\[u]0[/u]00C\hhctrlui.dll
- 2004-08-04 00:54:36 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2006-08-17 12:29:49 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
- 2004-08-04 00:54:36 198,144 ----a-w C:\WINDOWS\system32\netman.dll
+ 2005-08-22 18:35:10 197,632 ----a-w C:\WINDOWS\system32\netman.dll
+ 2004-08-04 00:54:36 57,344 -c--a-w C:\WINDOWS\system32\npp\ndisnpp.dll
+ 2004-08-04 00:55:00 15,360 -c--a-w C:\WINDOWS\system32\npp\nppagent.exe
- 2004-08-04 01:05:42 2,058,880 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
+ 2007-02-28 16:02:36 2,059,648 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
+ 2007-02-28 16:02:36 2,182,400 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
- 2004-08-04 00:54:36 1,281,024 ----a-w C:\WINDOWS\system32\ole32.dll
+ 2005-04-28 19:32:30 1,284,608 ----a-w C:\WINDOWS\system32\ole32.dll
- 2004-08-04 00:54:36 553,472 ----a-w C:\WINDOWS\system32\oleaut32.dll
+ 2007-12-04 18:41:36 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
- 2001-08-24 14:00:00 69,120 ----a-w C:\WINDOWS\system32\olecli32.dll
+ 2005-04-28 19:32:30 75,264 ----a-w C:\WINDOWS\system32\olecli32.dll
- 2001-08-24 14:00:00 34,304 ----a-w C:\WINDOWS\system32\olecnv32.dll
+ 2005-04-28 19:32:30 37,888 ----a-w C:\WINDOWS\system32\olecnv32.dll
+ 2004-08-04 00:54:34 122,368 -c--a-w C:\WINDOWS\system32\oobe\msobcomm.dll
+ 2004-08-04 00:54:34 16,384 -c--a-w C:\WINDOWS\system32\oobe\msobdl.dll
+ 2004-08-04 00:54:34 563,200 -c--a-w C:\WINDOWS\system32\oobe\msobmain.dll
+ 2004-08-04 00:54:34 30,720 -c--a-w C:\WINDOWS\system32\oobe\msobshel.dll
+ 2004-08-04 00:54:34 18,944 -c--a-w C:\WINDOWS\system32\oobe\msobweb.dll
+ 2001-08-24 14:00:00 28,160 -c--a-w C:\WINDOWS\system32\oobe\msoobe.exe
+ 2004-08-04 00:55:00 51,712 -c--a-w C:\WINDOWS\system32\oobe\oobebaln.exe
- 2008-05-09 21:52:32 42,222 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-15 20:06:44 42,222 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-09 21:52:32 51,338 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-05-15 20:06:44 51,338 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-05-09 21:52:32 317,326 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-15 20:06:44 317,326 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-05-09 21:52:32 373,658 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-05-15 20:06:44 373,658 ----a-w C:\WINDOWS\system32\perfh00C.dat
- 2004-08-04 00:54:38 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2007-10-29 22:43:32 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
- 2004-08-04 00:54:38 8,192 ----a-w C:\WINDOWS\system32\rasadhlp.dll
+ 2006-06-26 17:41:32 8,192 ----a-w C:\WINDOWS\system32\rasadhlp.dll
+ 2004-08-03 23:07:44 41,088 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]000\DriverFiles\i386\SISAGP.SYS
+ 2004-08-03 23:08:00 60,288 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\drmk.sys
+ 2001-08-17 19:19:34 40,704 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\es1371mp.sys
+ 2004-08-04 01:05:42 140,928 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\ks.sys
+ 2004-08-04 00:54:30 4,096 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\ksuser.dll
+ 2004-08-03 23:15:50 145,792 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\portcls.sys
+ 2004-08-04 01:05:42 48,640 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\stream.sys
+ 2004-08-04 01:05:42 23,552 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\wdmaud.drv
+ 2004-08-04 01:05:42 23,680 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]002\DriverFiles\i386\mouclass.sys
+ 2001-08-24 14:00:00 12,288 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]002\DriverFiles\i386\mouhid.sys
+ 2007-03-26 09:39:26 3,879,388 -c--a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2004-08-04 00:55:02 384,512 ----a-w C:\WINDOWS\system32\Restore\rstrui.exe
+ 2001-08-24 14:00:00 47,104 -c--a-w C:\WINDOWS\system32\Restore\srdiag.exe
- 2004-08-04 00:54:38 431,616 ----a-w C:\WINDOWS\system32\riched20.dll
+ 2006-11-27 14:55:31 433,152 ----a-w C:\WINDOWS\system32\riched20.dll
- 2004-08-04 00:54:38 395,776 ----a-w C:\WINDOWS\system32\rpcss.dll
+ 2005-04-28 19:32:30 395,776 ----a-w C:\WINDOWS\system32\rpcss.dll
+ 2005-08-30 15:57:18 58,320 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\ss_bus.sys
+ 2005-08-30 15:58:50 6,144 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\ss_cmnt.sys
+ 2005-08-30 15:58:56 8,304 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\ss_mdfl.sys
+ 2005-08-30 15:59:00 94,000 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\ss_mdm.sys
+ 2005-08-26 16:07:28 81,920 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
+ 2005-08-30 15:57:14 5,808 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\ss_whnt.sys
+ 2005-08-29 23:47:38 58,320 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\ssm_bus.sys
+ 2005-08-29 23:49:28 6,176 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\ssm_cmnt.sys
+ 2005-08-29 23:49:34 8,336 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\ssm_mdfl.sys
+ 2005-08-29 23:49:38 94,000 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\ssm_mdm.sys
+ 2005-08-29 23:46:16 81,920 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
+ 2005-08-29 23:47:34 5,840 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\ssm_whnt.sys
+ 2005-12-22 10:24:50 80,272 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdbus.sys
+ 2005-12-22 10:24:52 11,877 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdcmnt.sys
+ 2005-12-22 10:24:52 10,864 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdmdfl.sys
+ 2005-12-22 10:24:52 137,884 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdmdm.sys
+ 2005-12-22 10:24:52 108,003 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdserd.sys
+ 2005-12-22 10:24:52 65,536 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
+ 2005-12-22 10:24:54 11,188 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdwhnt.sys
+ 2006-07-21 10:12:56 66,672 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdbus.sys
+ 2006-07-21 10:15:26 6,208 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdcmnt.sys
+ 2006-07-21 10:13:48 9,232 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdmdfl.sys
+ 2006-07-21 10:13:52 100,304 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdmdm.sys
+ 2006-07-21 10:14:40 91,744 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdmgmt.sys
+ 2006-07-21 10:15:28 89,584 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdobex.sys
+ 2006-07-21 10:15:56 53,760 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
+ 2006-07-21 10:12:52 5,872 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdwhnt.sys
+ 2007-01-07 16:10:28 66,880 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\ssbcbus.sys
+ 2007-01-07 16:11:16 6,272 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\ssbccmnt.sys
+ 2007-01-07 16:11:18 9,360 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\ssbcmdfl.sys
+ 2007-01-07 16:11:22 100,864 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\ssbcmdm.sys
+ 2007-01-07 16:11:48 55,296 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
+ 2007-01-07 16:10:24 5,936 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\ssbcwhnt.sys
- 2004-08-04 00:54:38 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
+ 2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
+ 2001-08-24 14:00:00 259,584 -c--a-w C:\WINDOWS\system32\Setup\comsetup.dll
+ 2004-08-04 00:54:26 32,828 -c--a-w C:\WINDOWS\system32\Setup\fp40ext.dll
+ 2001-08-24 14:00:00 6,144 -c--a-w C:\WINDOWS\system32\Setup\fsconins.dll
+ 2004-08-04 00:54:28 132,608 -c--a-w C:\WINDOWS\system32\Setup\fxsocm.dll
+ 2004-08-04 00:53:04 508,416 -c--a-w C:\WINDOWS\system32\Setup\iis.dll
+ 2001-08-24 14:00:00 118,784 -c--a-w C:\WINDOWS\system32\Setup\imsinsnt.dll
+ 2004-08-04 00:54:32 16,896 -c--a-w C:\WINDOWS\system32\Setup\medctroc.dll
+ 2001-08-24 14:00:00 82,432 -c--a-w C:\WINDOWS\system32\Setup\msdtcstp.dll
+ 2004-08-04 00:54:34 15,872 -c--a-w C:\WINDOWS\system32\Setup\msgrocm.dll
+ 2004-08-04 00:54:34 169,984 -c--a-w C:\WINDOWS\system32\Setup\msmqocm.dll
+ 2004-08-03 22:10:58 126,976 -c--a-w C:\WINDOWS\system32\Setup\netfxocm.dll
+ 2004-08-04 00:54:36 78,336 -c--a-w C:\WINDOWS\system32\Setup\netoc.dll
+ 2004-08-04 00:54:36 63,488 -c--a-w C:\WINDOWS\system32\Setup\ntoc.dll
+ 2004-08-04 00:54:36 15,872 -c--a-w C:\WINDOWS\system32\Setup\ocgen.dll
+ 2004-08-04 00:54:36 17,408 -c--a-w C:\WINDOWS\system32\Setup\ocmsn.dll
+ 2004-08-04 00:54:40 101,888 -c--a-w C:\WINDOWS\system32\Setup\setupqry.dll
+ 2004-08-04 00:54:44 34,304 -c--a-w C:\WINDOWS\system32\Setup\tabletoc.dll
+ 2004-08-04 00:54:44 123,904 -c--a-w C:\WINDOWS\system32\Setup\tsoc.dll
+ 2001-08-24 14:00:00 8,261 -c--a-w C:\WINDOWS\system32\Setup\zoneoc.dll
- 2004-08-22 22:33:46 8,440,320 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2006-03-17 04:07:40 8,508,416 ----a-w C:\WINDOWS\system32\shell32.dll
- 2004-08-04 00:54:40 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2005-09-03 00:06:11 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2007-07-30 17:18:40 33,624 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
+ 2007-03-06 01:34:33 15,072 ------w C:\WINDOWS\system32\spmsg.dll
+ 2003-06-18 23:31:44 758,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll
+ 2003-06-18 23:31:46 35,328 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2003-06-18 23:31:44 758,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll
+ 2003-06-18 23:31:46 35,328 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll
+ 2003-06-18 23:31:48 18,944 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2005-06-28 08:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2004-08-04 00:54:42 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll
+ 2004-12-07 19:34:00 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll
- 2004-08-04 00:54:44 210,432 ----a-w C:\WINDOWS\system32\t2embed.dll
+ 2005-10-17 21:21:08 118,272 ----a-w C:\WINDOWS\system32\t2embed.dll
- 2004-08-04 00:55:02 77,824 ----a-w C:\WINDOWS\system32\telnet.exe
+ 2005-05-11 02:30:03 78,336 ----a-w C:\WINDOWS\system32\telnet.exe
- 2004-08-04 00:54:44 119,808 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
+ 2005-08-23 03:39:36 124,928 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
+ 2008-05-15 18:21:36 126,464 ----a-w C:\WINDOWS\system32\upxyctvm.dll
- 2004-08-04 00:54:44 578,048 ----a-w C:\WINDOWS\system32\user32.dll
+ 2005-03-02 18:10:36 578,048 ----a-w C:\WINDOWS\system32\user32.dll
+ 2004-08-04 00:54:28 125,440 -c--a-w C:\WINDOWS\system32\usmt\guitrn.dll
+ 2004-08-04 00:54:28 109,056 -c--a-w C:\WINDOWS\system32\usmt\guitrn_a.dll
+ 2004-08-04 00:54:28 4,096 -c--a-w C:\WINDOWS\system32\usmt\iconlib.dll
+ 2004-08-04 00:54:30 19,968 -c--a-w C:\WINDOWS\system32\usmt\log.dll
+ 2004-08-04 00:54:32 201,216 -c--a-w C:\WINDOWS\system32\usmt\migism.dll
+ 2004-08-04 00:54:32 192,512 -c--a-w C:\WINDOWS\system32\usmt\migism_a.dll
+ 2004-08-04 00:54:54 103,936 -c--a-w C:\WINDOWS\system32\usmt\migload.exe
+ 2004-08-04 00:54:54 246,784 ----a-w C:\WINDOWS\system32\usmt\migwiz.exe
+ 2004-08-04 00:54:54 242,688 -c--a-w C:\WINDOWS\system32\usmt\migwiz_a.exe
+ 2004-08-04 00:54:38 204,800 -c--a-w C:\WINDOWS\system32\usmt\script.dll
+ 2004-08-04 00:54:38 189,440 -c--a-w C:\WINDOWS\system32\usmt\script_a.dll
+ 2004-08-04 00:54:44 169,472 -c--a-w C:\WINDOWS\system32\usmt\sysmod.dll
+ 2004-08-04 00:54:44 155,648 -c--a-w C:\WINDOWS\system32\usmt\sysmod_a.dll
- 2004-08-04 00:54:44 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-12-18 14:41:59 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2006-03-17 00:38:01 28,672 ------w C:\WINDOWS\system32\verclsid.exe
+ 2004-08-04 00:54:24 1,352,704 ----a-w C:\WINDOWS\system32\wbem\cimwin32.dll
+ 2004-08-04 00:54:26 45,568 -c--a-w C:\WINDOWS\system32\wbem\CmdEvTgProv.dll
+ 2001-08-24 14:00:00 120,320 -c--a-w C:\WINDOWS\system32\wbem\dsprov.dll
+ 2004-08-04 00:54:26 247,808 ----a-w C:\WINDOWS\system32\wbem\esscli.dll
+ 2004-08-04 00:54:26 22,016 -c--a-w C:\WINDOWS\system32\wbem\evntrprv.dll
+ 2004-08-04 00:54:26 472,064 ----a-w C:\WINDOWS\system32\wbem\fastprox.dll
+ 2004-08-04 00:54:26 185,856 ----a-w C:\WINDOWS\system32\wbem\framedyn.dll
+ 2001-08-24 14:00:00 53,248 -c--a-w C:\WINDOWS\system32\wbem\fwdprov.dll
+ 2004-08-04 00:54:30 24,576 -c--a-w C:\WINDOWS\system32\wbem\krnlprov.dll
+ 2004-08-04 00:54:56 16,896 -c--a-w C:\WINDOWS\system32\wbem\mofcomp.exe
+ 2004-08-04 00:54:32 124,928 -c--a-w C:\WINDOWS\system32\wbem\mofd.dll
+ 2001-08-24 14:00:00 273,920 -c--a-w C:\WINDOWS\system32\wbem\msiprov.dll
+ 2004-08-04 00:54:36 47,104 ----a-w C:\WINDOWS\system32\wbem\ncprov.dll
+ 2004-08-04 00:54:36 212,992 -c--a-w C:\WINDOWS\system32\wbem\ntevt.dll
+ 2004-08-04 00:54:38 92,672 -c--a-w C:\WINDOWS\system32\wbem\policman.dll
+ 2004-08-04 00:54:38 237,056 -c--a-w C:\WINDOWS\system32\wbem\provthrd.dll
+ 2004-08-04 00:54:38 177,152 ----a-w C:\WINDOWS\system32\wbem\repdrvfs.dll
+ 2004-08-04 00:55:02 36,864 -c--a-w C:\WINDOWS\system32\wbem\scrcons.exe
+ 2001-08-24 14:00:00 40,960 -c--a-w C:\WINDOWS\system32\wbem\smtpcons.dll
+ 2004-08-04 00:54:44 86,528 -c--a-w C:\WINDOWS\system32\wbem\stdprov.dll
+ 2001-08-24 14:00:00 61,952 -c--a-w C:\WINDOWS\system32\wbem\tmplprov.dll
+ 2001-08-24 14:00:00 59,904 -c--a-w C:\WINDOWS\system32\wbem\trnsprov.dll
+ 2001-08-24 14:00:00 16,896 -c--a-w C:\WINDOWS\system32\wbem\unsecapp.exe
+ 2001-08-24 14:00:00 116,224 -c--a-w C:\WINDOWS\system32\wbem\updprov.dll
+ 2004-08-04 00:54:44 131,584 -c--a-w C:\WINDOWS\system32\wbem\viewprov.dll
+ 2001-08-24 14:00:00 12,288 -c--a-w C:\WINDOWS\system32\wbem\wbemads.dll
+ 2004-08-04 00:54:44 201,216 -c--a-w C:\WINDOWS\system32\wbem\wbemcntl.dll
+ 2004-08-04 00:54:44 214,528 ----a-w C:\WINDOWS\system32\wbem\wbemcomn.dll
+ 2004-08-04 00:54:44 71,680 ----a-w C:\WINDOWS\system32\wbem\wbemcons.dll
+ 2004-08-04 00:54:44 530,944 ----a-w C:\WINDOWS\system32\wbem\wbemcore.dll
+ 2004-08-04 00:54:44 178,176 -c--a-w C:\WINDOWS\system32\wbem\wbemdisp.dll
+ 2004-08-04 00:54:44 273,920 ----a-w C:\WINDOWS\system32\wbem\wbemess.dll
+ 2004-08-04 00:54:44 44,544 -c--a-w C:\WINDOWS\system32\wbem\wbemperf.dll
+ 2004-08-04 00:54:44 18,944 ----a-w C:\WINDOWS\system32\wbem\wbemprox.dll
+ 2004-08-04 00:54:44 43,520 ----a-w C:\WINDOWS\system32\wbem\wbemsvc.dll
+ 2004-08-04 00:55:02 119,808 -c--a-w C:\WINDOWS\system32\wbem\wbemtest.exe
+ 2004-08-04 00:54:44 197,120 -c--a-w C:\WINDOWS\system32\wbem\wbemupgd.dll
+ 2001-08-24 14:00:00 14,336 -c--a-w C:\WINDOWS\system32\wbem\winmgmt.exe
+ 2001-08-24 14:00:00 18,944 -c--a-w C:\WINDOWS\system32\wbem\winmgmtr.dll
+ 2004-08-04 00:55:02 196,608 -c--a-w C:\WINDOWS\system32\wbem\wmiadap.exe
+ 2004-08-04 00:54:10 7,680 -c--a-w C:\WINDOWS\system32\wbem\wmiapres.dll
+ 2004-08-04 00:54:48 89,088 -c--a-w C:\WINDOWS\system32\wbem\wmiaprpl.dll
+ 2004-08-04 00:55:02 126,464 -c--a-w C:\WINDOWS\system32\wbem\wmiapsrv.exe
+ 2004-08-04 00:55:02 369,664 -c--a-w C:\WINDOWS\system32\wbem\wmic.exe
+ 2004-08-04 00:54:48 60,928 -c--a-w C:\WINDOWS\system32\wbem\wmicookr.dll
+ 2004-08-04 00:54:48 140,800 -c--a-w C:\WINDOWS\system32\wbem\wmidcprv.dll
+ 2001-08-24 14:00:00 61,440 -c--a-w C:\WINDOWS\system32\wbem\wmimsg.dll
+ 2004-08-04 00:54:48 156,672 -c--a-w C:\WINDOWS\system32\wbem\wmipcima.dll
+ 2004-08-04 00:54:48 132,096 -c--a-w C:\WINDOWS\system32\wbem\wmipdskq.dll
+ 2001-08-24 14:00:00 77,312 -c--a-w C:\WINDOWS\system32\wbem\wmipicmp.dll
+ 2004-08-04 00:54:48 62,464 -c--a-w C:\WINDOWS\system32\wbem\wmipiprt.dll
+ 2004-08-04 00:54:48 62,976 -c--a-w C:\WINDOWS\system32\wbem\wmipjobj.dll
+ 2004-08-04 00:54:48 144,896 -c--a-w C:\WINDOWS\system32\wbem\wmiprov.dll
+ 2004-08-04 00:54:48 437,248 ----a-w C:\WINDOWS\system32\wbem\wmiprvsd.dll
+ 2004-08-04 00:55:02 218,112 ----a-w C:\WINDOWS\system32\wbem\wmiprvse.exe
+ 2004-08-04 00:54:48 41,472 -c--a-w C:\WINDOWS\system32\wbem\wmipsess.dll
+ 2004-08-04 00:54:48 145,408 ----a-w C:\WINDOWS\system32\wbem\wmisvc.dll
+ 2001-08-24 14:00:00 52,224 -c--a-w C:\WINDOWS\system32\wbem\wmitimep.dll
+ 2004-08-04 00:54:48 99,328 ----a-w C:\WINDOWS\system32\wbem\wmiutils.dll
+ 2001-08-24 14:00:00 45,568 ----a-w C:\WINDOWS\system32\wbem\xml\wmi2xml.dll
- 2004-08-04 00:45:58 1,836,032 ----a-w C:\WINDOWS\system32\win32k.sys
+ 2005-03-02 18:07:53 1,836,416 ----a-w C:\WINDOWS\system32\win32k.sys
- 2004-08-04 00:54:46 291,328 ----a-w C:\WINDOWS\system32\winsrv.dll
+ 2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
- 2004-08-04 00:54:46 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll
+ 2006-08-17 12:29:49 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll
- 2004-08-10 23:41:20 5,550,080 -c--a-w C:\WINDOWS\system32\wmp.dll
+ 2007-04-30 06:20:24 5,537,792 ----a-w C:\WINDOWS\system32\wmp.dll
- 2004-08-11 00:39:08 2,362,104 -c--a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-12-07 06:40:49 2,362,184 ----a-w C:\WINDOWS\system32\wmvcore.dll
- 2004-08-04 00:54:48 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll
+ 2006-03-01 19:43:51 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll
+ 2006-10-16 01:40:52 121,856 ------w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-05-15 21:39:41 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_674.dat
+ 2007-05-08 13:06:44 1,275,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll
+ 2007-04-18 08:36:40 82,432 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2001-08-24 14:00:00 57,344 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries.Resources_6595b64144ccf1df_6.0.0.0_fr-FR_9d8c4a39\mfc42fra.dll
+ 2001-08-24 14:00:00 74,802 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\atl.dll
+ 2001-08-24 14:00:00 995,383 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42.dll
+ 2001-08-24 14:00:00 995,384 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42u.dll
+ 2001-08-24 14:00:00 401,462 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\msvcp60.dll
+ 2006-06-05 13:14:28 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2006-06-05 13:14:28 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 13:14:28 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
+ 2001-08-24 14:00:00 921,088 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
+ 2004-08-04 00:52:46 1,050,624 ----a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
+ 2001-08-24 14:00:00 50,688 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcirt.dll
+ 2001-08-24 14:00:00 322,560 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
+ 2004-08-04 00:52:46 54,784 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcirt.dll
+ 2004-08-04 00:52:46 343,040 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
+ 2001-08-24 14:00:00 1,700,352 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll
+ 2004-08-04 00:52:46 1,712,128 ----a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll
+ 2004-08-04 00:52:46 852,992 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll
+ 2004-08-04 00:52:46 994,816 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll
+ 2004-08-04 00:52:46 137,728 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_fr_457ebf3d\rtcres.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c90c3518-5092-42ed-8e94-587c6d7f3608}]
2008-05-15 20:27 133632 --a------ C:\WINDOWS\system32\asmgpdui.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:54 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:55 5674352]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-12 18:39 79224]
"00fd4e5e"="C:\WINDOWS\system32\llklodqt.dll" [ ]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-12 18:36]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
R3 N100;Pilote de carte réseau Ethernet ou Fast Ethernet Compaq;C:\WINDOWS\system32\DRIVERS\n100325.sys [2001-08-23 18:09]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-03-09 17:29]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2006-01-18 15:08]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-08-03 15:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-08-14 20:12:06 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job"
- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 23:40:53
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-15 23:44:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-15 21:44:40
ComboFix2.txt 2008-05-15 17:07:49

Pre-Run: 316,755,968 octets libres
Post-Run: 317,169,664 octets libres

733 --- E O F --- 2008-05-15 19:12:03

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:46, on 15/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: {8063f7d6-c785-49e8-de24-29058153c09c} - {c90c3518-5092-42ed-8e94-587c6d7f3608} - C:\WINDOWS\system32\asmgpdui.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [00fd4e5e] rundll32.exe "C:\WINDOWS\system32\llklodqt.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\

DACINJO

ComboFix 08-05-12.1 - HENRY 2008-05-15 23:34:30.3 - NTFSx86 MINIMAL
Endroit: C:\Documents and Settings\HENRY\Bureau\C-Fix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))))))))
.

2008-05-15 22:35 . 2008-05-15 22:35 <REP> d-------- C:\Program Files\MSXML 4.0
2008-05-15 21:19 . 2008-05-15 21:19 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-15 21:19 . 2008-05-15 21:19 <REP> d-------- C:\Documents and Settings\HENRY\Application Data\Malwarebytes
2008-05-15 21:19 . 2008-05-15 21:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-15 17:59 . 2008-05-15 17:59 <REP> d-------- C:\Program Files\Trend Micro
2008-05-15 17:57 . 2008-05-15 17:57 812,344 --a------ C:\Program Files\monjack.exe
2008-04-24 01:11 . 2008-04-24 01:11 <REP> d-------- C:\Documents and Settings\HENRY\Application Data\DivX

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 10:50 --------- d-----w C:\Documents and Settings\HENRY\Application Data\AdobeUM
2008-05-10 00:42 --------- d-----w C:\Program Files\LimeWire
2008-04-23 23:29 --------- d-----w C:\Program Files\Incomplete
2008-04-23 22:44 --------- d-----w C:\Documents and Settings\HENRY\Application Data\LimeWire
2008-04-22 15:57 --------- d-----w C:\Program Files\Dofus
2008-03-27 01:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-03-21 20:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-03-21 20:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-03-21 20:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
.

((((((((((((((((((((((((((((( snapshot_2008-05-15_20.19.34.61 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-15 18:15:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-15 21:39:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2006-03-17 00:33:10 262,784 ------w C:\WINDOWS\Driver Cache\i386\http.sys
+ 2006-05-05 09:41:45 453,120 ------w C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
+ 2007-02-28 16:02:21 2,138,112 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2007-02-28 16:02:36 2,059,648 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2007-02-28 16:02:21 2,017,792 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2007-02-28 16:02:36 2,182,400 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2008-05-13 00:55:56 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-05-15 20:58:33 6,758,400 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-05-15 20:58:33 12,288 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-05-13 00:55:56 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-05-15 20:58:22 6,758,400 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-05-15 20:58:22 12,288 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
- 2004-08-22 22:35:29 1,036,288 ----a-w C:\WINDOWS\explorer.exe
+ 2007-06-13 13:22:28 1,037,312 ----a-w C:\WINDOWS\explorer.exe
+ 2008-05-15 20:35:27 32,768 ----a-r C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
- 2004-08-04 00:54:22 41,984 ----a-w C:\WINDOWS\msagent\agentdp2.dll
+ 2006-10-12 14:04:13 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll
- 2004-08-04 00:54:22 58,880 -c--a-w C:\WINDOWS\msagent\agentdpv.dll
+ 2006-10-12 14:04:13 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll
- 2004-08-04 00:54:50 256,512 -c--a-w C:\WINDOWS\msagent\agentsvr.exe
+ 2006-10-12 11:09:53 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
+ 2008-05-15 18:18:57 3,424 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{62915198-5E04-481C-B9AC-57169845575E}.bin
+ 2008-05-15 18:27:50 133,632 ----a-w C:\WINDOWS\system32\asmgpdui.dll
- 2004-08-04 00:54:22 56,832 ----a-w C:\WINDOWS\system32\authz.dll
+ 2005-03-02 18:10:36 56,832 ----a-w C:\WINDOWS\system32\authz.dll
- 2004-08-04 00:54:22 41,984 -c--a-w C:\WINDOWS\system32\dllcache\agentdp2.dll
+ 2006-10-12 14:04:13 42,496 -c--a-w C:\WINDOWS\system32\dllcache\agentdp2.dll
- 2004-08-04 00:54:22 58,880 -c--a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
+ 2006-10-12 14:04:13 57,344 -c--a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
- 2004-08-04 00:54:50 256,512 -c--a-w C:\WINDOWS\system32\dllcache\agentsvr.exe
+ 2006-10-12 11:09:53 256,512 -c--a-w C:\WINDOWS\system32\dllcache\agentsvr.exe
- 2004-08-04 00:54:22 56,832 -c--a-w C:\WINDOWS\system32\dllcache\authz.dll
+ 2005-03-02 18:10:36 56,832 -c--a-w C:\WINDOWS\system32\dllcache\authz.dll
- 2004-08-04 00:54:24 561,179 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:25 554,008 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
- 2004-08-04 00:54:24 148,480 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:35:05 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2004-08-04 00:54:24 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
+ 2008-02-20 05:35:05 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
- 2004-08-04 00:54:26 1,097,728 -c--a-w C:\WINDOWS\system32\dllcache\esent.dll
+ 2005-10-20 22:25:53 1,097,728 -c--a-w C:\WINDOWS\system32\dllcache\esent.dll
+ 2007-06-13 13:22:28 1,037,312 -c----w C:\WINDOWS\system32\dllcache\explorer.exe
- 2001-08-24 14:00:00 79,360 -c--a-w C:\WINDOWS\system32\dllcache\fontsub.dll
+ 2005-10-17 21:21:08 80,896 -c--a-w C:\WINDOWS\system32\dllcache\fontsub.dll
- 2004-08-03 23:04:52 134,912 -c--a-w C:\WINDOWS\system32\dllcache\ipnat.sys
+ 2004-09-29 22:28:37 134,912 -c--a-w C:\WINDOWS\system32\dllcache\ipnat.sys
- 2004-08-04 00:54:30 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-12-18 14:41:58 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2004-08-04 00:54:30 1,048,576 -c--a-w C:\WINDOWS\system32\dllcache\kernel32.dll
+ 2007-04-16 15:53:11 1,049,600 -c--a-w C:\WINDOWS\system32\dllcache\kernel32.dll
- 2004-08-04 00:54:30 18,944 -c--a-w C:\WINDOWS\system32\dllcache\linkinfo.dll
+ 2005-09-01 01:43:37 19,968 -c--a-w C:\WINDOWS\system32\dllcache\linkinfo.dll
- 2004-08-04 00:54:30 728,576 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:28:31 728,576 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2006-05-05 09:41:45 453,120 -c----w C:\WINDOWS\system32\dllcache\mrxsmb.sys
- 2004-08-04 00:54:34 425,472 -c--a-w C:\WINDOWS\system32\dllcache\msdtcprx.dll
+ 2006-03-01 19:43:50 426,496 -c--a-w C:\WINDOWS\system32\dllcache\msdtcprx.dll
- 2004-08-04 00:54:34 949,248 -c--a-w C:\WINDOWS\system32\dllcache\msdtctm.dll
+ 2006-03-01 19:43:50 956,416 -c--a-w C:\WINDOWS\system32\dllcache\msdtctm.dll
- 2004-08-04 00:54:34 161,280 -c--a-w C:\WINDOWS\system32\dllcache\msdtcuiu.dll
+ 2006-03-01 19:43:51 161,280 -c--a-w C:\WINDOWS\system32\dllcache\msdtcuiu.dll
- 2004-08-04 00:54:34 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
- 2004-08-04 00:54:34 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
- 2004-08-04 00:54:34 537,088 -c--a-w C:\WINDOWS\system32\dllcache\msftedit.dll
+ 2006-11-27 14:55:30 539,136 -c--a-w C:\WINDOWS\system32\dllcache\msftedit.dll
- 2004-08-04 00:54:34 2,804,224 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
+ 2005-05-04 12:45:32 2,890,240 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
- 2004-08-04 00:54:58 77,312 -c--a-w C:\WINDOWS\system32\dllcache\msiexec.exe
+ 2005-05-04 12:45:36 78,848 -c--a-w C:\WINDOWS\system32\dllcache\msiexec.exe
- 2004-08-04 00:54:34 331,264 -c--a-w C:\WINDOWS\system32\dllcache\msihnd.dll
+ 2005-05-04 12:45:36 271,360 -c--a-w C:\WINDOWS\system32\dllcache\msihnd.dll
- 2004-08-04 00:53:32 884,736 -c--a-w C:\WINDOWS\system32\dllcache\msimsg.dll
+ 2005-05-04 12:45:36 884,736 -c--a-w C:\WINDOWS\system32\dllcache\msimsg.dll
- 2004-08-04 00:54:34 44,032 -c--a-w C:\WINDOWS\system32\dllcache\msisip.dll
+ 2005-05-04 12:45:36 15,360 -c--a-w C:\WINDOWS\system32\dllcache\msisip.dll
- 2004-08-04 00:54:34 1,507,356 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
- 2004-07-17 11:34:48 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
- 2004-08-04 00:54:34 184,351 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-25 04:51:08 194,144 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
- 2004-08-04 00:54:34 53,279 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
- 2004-08-04 00:54:34 241,693 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
- 2004-08-04 00:54:34 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 08:20:46 219,936 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:51:09 621,344 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2006-03-01 19:43:51 66,560 -c--a-w C:\WINDOWS\system32\dllcache\mtxclu.dll
+ 2006-03-01 19:43:51 91,136 -c--a-w C:\WINDOWS\system32\dllcache\mtxoci.dll
+ 2006-08-17 12:29:49 332,288 -c--a-w C:\WINDOWS\system32\dllcache\netapi32.dll
+ 2005-08-22 18:35:10 197,632 -c--a-w C:\WINDOWS\system32\dllcache\netman.dll
+ 2007-02-09 11:10:35 574,464 -c--a-w C:\WINDOWS\system32\dllcache\ntfs.sys
+ 2007-02-28 16:02:21 2,138,112 -c--a-w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
+ 2007-02-28 16:02:36 2,059,648 -c----w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
+ 2007-02-28 16:02:21 2,017,792 -c----w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
+ 2007-02-28 16:02:36 2,182,400 -c----w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
+ 2005-04-28 19:32:30 1,284,608 -c--a-w C:\WINDOWS\system32\dllcache\ole32.dll
+ 2007-12-04 18:41:36 550,912 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
+ 2005-04-28 19:32:30 75,264 -c--a-w C:\WINDOWS\system32\dllcache\olecli32.dll
+ 2005-04-28 19:32:30 37,888 -c--a-w C:\WINDOWS\system32\dllcache\olecnv32.dll
+ 2007-10-29 22:43:32 1,293,824 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2006-06-26 17:41:32 8,192 -c--a-w C:\WINDOWS\system32\dllcache\rasadhlp.dll
+ 2006-05-05 09:47:57 174,592 -c--a-w C:\WINDOWS\system32\dllcache\rdbss.sys
+ 2006-11-27 14:55:31 433,152 -c--a-w C:\WINDOWS\system32\dllcache\riched20.dll
+ 2005-04-28 19:32:30 395,776 -c--a-w C:\WINDOWS\system32\dllcache\rpcss.dll
+ 2007-04-25 14:22:35 144,896 -c--a-w C:\WINDOWS\system32\dllcache\schannel.dll
+ 2005-09-03 00:06:11 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2006-08-14 10:34:41 332,928 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys
+ 2004-12-07 19:34:00 96,768 -c--a-w C:\WINDOWS\system32\dllcache\srvsvc.dll
+ 2005-10-17 21:21:08 118,272 -c--a-w C:\WINDOWS\system32\dllcache\t2embed.dll
+ 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2005-05-11 02:30:03 78,336 -c--a-w C:\WINDOWS\system32\dllcache\telnet.exe
+ 2005-08-23 03:39:36 124,928 -c--a-w C:\WINDOWS\system32\dllcache\umpnpmgr.dll
+ 2005-03-02 18:10:36 578,048 -c--a-w C:\WINDOWS\system32\dllcache\user32.dll
+ 2007-12-18 14:41:59 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2007-06-26 13:56:54 851,968 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2005-03-02 18:07:53 1,836,416 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2007-03-17 13:44:47 293,376 -c--a-w C:\WINDOWS\system32\dllcache\winsrv.dll
+ 2006-08-17 12:29:49 132,096 -c--a-w C:\WINDOWS\system32\dllcache\wkssvc.dll
+ 2007-04-30 06:20:24 5,537,792 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2006-12-07 06:40:49 2,362,184 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-03-01 19:43:51 11,776 -c--a-w C:\WINDOWS\system32\dllcache\xolehlp.dll
- 2004-08-04 00:54:24 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-02-20 05:35:05 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2004-08-04 00:54:24 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
+ 2008-02-20 05:35:05 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
+ 2004-08-04 00:46:20 154,496 -c--a-w C:\WINDOWS\system32\drivers\dmio.sys
+ 2001-08-24 14:00:00 5,888 -c--a-w C:\WINDOWS\system32\drivers\dmload.sys
+ 2004-08-03 23:07:40 52,864 ----a-w C:\WINDOWS\system32\drivers\DMusic.sys
+ 2004-08-03 21:08:00 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
+ 2004-08-03 23:07:58 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
+ 2001-08-24 14:00:00 10,496 ----a-w C:\WINDOWS\system32\drivers\dxapi.sys
+ 2004-08-03 23:00:56 71,040 ----a-w C:\WINDOWS\system32\drivers\dxg.sys
+ 2001-08-24 14:00:00 3,328 ----a-w C:\WINDOWS\system32\drivers\dxgthk.sys
+ 2001-08-17 19:19:34 40,704 -c--a-w C:\WINDOWS\system32\drivers\es1371mp.sys
+ 2004-08-03 23:14:18 143,360 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
+ 2004-08-03 22:59:28 27,392 ----a-w C:\WINDOWS\system32\drivers\fdc.sys
+ 2001-08-24 14:00:00 35,072 ----a-w C:\WINDOWS\system32\drivers\fips.sys
+ 2004-08-03 22:59:28 20,480 ----a-w C:\WINDOWS\system32\drivers\flpydisk.sys
+ 2004-08-03 23:01:20 124,800 -c--a-w C:\WINDOWS\system32\drivers\fltMgr.sys
+ 2001-08-24 14:00:00 7,936 ----a-w C:\WINDOWS\system32\drivers\fs_rec.sys
+ 2001-08-24 14:00:00 12,416 -c--a-w C:\WINDOWS\system32\drivers\fsvga.sys
+ 2001-08-24 14:00:00 126,080 -c--a-w C:\WINDOWS\system32\drivers\ftdisk.sys
+ 2004-08-03 23:08:22 10,624 ----a-w C:\WINDOWS\system32\drivers\gameenum.sys
+ 2004-08-03 23:08:20 36,224 -c--a-w C:\WINDOWS\system32\drivers\hidclass.sys
+ 2001-08-17 21:02:32 8,576 -c--a-w C:\WINDOWS\system32\drivers\hidgame.sys
+ 2004-08-03 23:08:18 24,960 -c--a-w C:\WINDOWS\system32\drivers\hidparse.sys
+ 2001-08-24 14:00:00 9,600 -c--a-w C:\WINDOWS\system32\drivers\hidusb.sys
+ 2006-03-17 00:33:10 262,784 ----a-w C:\WINDOWS\system32\drivers\http.sys
+ 2004-08-04 00:41:24 54,400 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
+ 2004-08-03 23:00:16 41,856 ----a-w C:\WINDOWS\system32\drivers\imapi.sys
+ 2004-08-04 00:43:40 40,320 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
+ 2004-08-03 23:00:08 29,056 -c--a-w C:\WINDOWS\system32\drivers\ip6fw.sys
+ 2001-08-24 14:00:00 32,896 -c--a-w C:\WINDOWS\system32\drivers\ipfltdrv.sys
+ 2004-08-03 23:04:46 20,992 -c--a-w C:\WINDOWS\system32\drivers\ipinip.sys
+ 2004-09-29 22:28:37 134,912 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
+ 2004-08-03 23:14:30 74,752 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
+ 2004-08-03 23:00:48 11,264 -c--a-w C:\WINDOWS\system32\drivers\irenum.sys
+ 2001-08-24 14:00:00 36,224 -c--a-w C:\WINDOWS\system32\drivers\isapnp.sys
+ 2004-08-04 00:45:12 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
+ 2004-08-03 23:07:50 171,776 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
+ 2004-08-03 21:15:22 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys
+ 2004-08-03 22:59:48 92,032 -c--a-w C:\WINDOWS\system32\drivers\ksecdd.sys
+ 2001-08-24 14:00:00 7,680 -c--a-w C:\WINDOWS\system32\drivers\mcd.sys
+ 2004-08-04 01:05:42 63,744 -c--a-w C:\WINDOWS\system32\drivers\mf.sys
+ 2001-08-24 14:00:00 4,224 ----a-w C:\WINDOWS\system32\drivers\mnmdd.sys
+ 2004-08-04 01:05:42 30,336 -c--a-w C:\WINDOWS\system32\drivers\modem.sys
+ 2004-08-03 22:37:26 23,680 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
+ 2001-08-23 15:04:42 12,288 ----a-w C:\WINDOWS\system32\drivers\mouhid.sys
+ 2004-08-03 22:58:32 42,240 -c--a-w C:\WINDOWS\system32\drivers\mountmgr.sys
+ 2004-08-03 22:58:22 72,960 -c--a-w C:\WINDOWS\system32\drivers\mqac.sys
+ 2004-08-03 23:00:58 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2006-05-05 09:41:45 453,120 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
+ 2004-08-03 23:00:42 19,072 ----a-w C:\WINDOWS\system32\drivers\msfs.sys
+ 2004-08-03 23:04:14 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
+ 2004-08-03 22:58:42 7,552 -c--a-w C:\WINDOWS\system32\drivers\MSKSSRV.sys
+ 2001-08-17 22:00:04 2,944 ----a-w C:\WINDOWS\system32\drivers\msmpu401.sys
+ 2004-08-03 22:58:40 5,376 -c--a-w C:\WINDOWS\system32\drivers\MSPCLOCK.sys
+ 2004-08-03 22:58:42 4,992 -c--a-w C:\WINDOWS\system32\drivers\MSPQM.sys
+ 2004-08-04 01:05:42 15,488 ----a-w C:\WINDOWS\system32\drivers\mssmbios.sys
+ 2004-08-03 20:58:40 5,504 -c--a-w C:\WINDOWS\system32\drivers\MSTEE.sys
+ 2004-08-03 23:15:22 107,904 -c--a-w C:\WINDOWS\system32\drivers\mup.sys
+ 2001-08-23 16:09:02 131,072 ----a-w C:\WINDOWS\system32\drivers\n100325.sys
+ 2004-08-03 21:10:30 85,376 -c--a-w C:\WINDOWS\system32\drivers\NABTSFEC.sys
+ 2004-08-03 23:14:30 182,912 -c--a-w C:\WINDOWS\system32\drivers\ndis.sys
+ 2004-08-03 21:10:14 10,880 -c--a-w C:\WINDOWS\system32\drivers\NdisIP.sys
+ 2001-08-24 14:00:00 9,600 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
+ 2004-08-04 01:05:42 12,928 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
+ 2004-08-03 23:14:32 91,776 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
+ 2001-08-24 14:00:00 38,016 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
+ 2004-08-03 23:03:22 34,560 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
+ 2004-08-03 23:14:38 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
+ 2004-08-04 01:05:42 61,824 -c--a-w C:\WINDOWS\system32\drivers\nic1394.sys
+ 2001-08-24 14:00:00 12,032 -c--a-w C:\WINDOWS\system32\drivers\nikedrv.sys
+ 2004-08-03 22:59:52 40,320 -c--a-w C:\WINDOWS\system32\drivers\nmnt.sys
+ 2004-08-03 23:00:44 30,848 ----a-w C:\WINDOWS\system32\drivers\npfs.sys
+ 2007-02-09 11:10:35 574,464 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
+ 2001-08-24 14:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
+ 2001-08-24 14:00:00 12,416 -c--a-w C:\WINDOWS\system32\drivers\nwlnkflt.sys
+ 2001-08-24 14:00:00 32,512 -c--a-w C:\WINDOWS\system32\drivers\nwlnkfwd.sys
+ 2004-08-03 23:03:36 88,448 -c--a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
+ 2001-08-24 14:00:00 63,232 -c--a-w C:\WINDOWS\system32\drivers\nwlnknb.sys
+ 2001-08-24 14:00:00 55,936 -c--a-w C:\WINDOWS\system32\drivers\nwlnkspx.sys
+ 2004-08-03 23:02:24 163,584 -c--a-w C:\WINDOWS\system32\drivers\nwrdr.sys
+ 2001-08-24 14:00:00 3,456 -c--a-w C:\WINDOWS\system32\drivers\oprghdlr.sys
+ 2003-09-24 17:00:00 25,211 -c--a-r C:\WINDOWS\system32\drivers\ov519cmd.sys
+ 2003-09-24 17:00:00 174,530 -c--a-r C:\WINDOWS\system32\drivers\ov519vid.sys
+ 2004-08-04 01:05:42 46,720 -c--a-w C:\WINDOWS\system32\drivers\p3.sys
+ 2004-08-04 01:05:42 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys
+ 2001-08-24 14:00:00 18,688 -c--a-w C:\WINDOWS\system32\drivers\partmgr.sys
+ 2001-08-24 14:00:00 6,912 ----a-w C:\WINDOWS\system32\drivers\parvdm.sys
+ 2004-08-04 00:37:06 68,608 -c--a-w C:\WINDOWS\system32\drivers\pci.sys
+ 2001-08-24 14:00:00 3,328 -c--a-w C:\WINDOWS\system32\drivers\pciide.sys
+ 2004-08-03 22:59:42 25,088 -c--a-w C:\WINDOWS\system32\drivers\pciidex.sys
+ 2004-08-04 00:37:12 120,320 -c--a-w C:\WINDOWS\system32\drivers\pcmcia.sys
+ 2001-08-17 19:11:22 35,328 -c--a-w C:\WINDOWS\system32\drivers\pcntpci5.sys
+ 2006-11-08 07:02:34 21,760 ----a-w C:\WINDOWS\system32\drivers\point32.sys
+ 2004-08-03 21:15:50 145,792 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
+ 2002-09-16 17:07:24 4,228 ----a-w C:\WINDOWS\system32\drivers\PQNTDRV.sys
+ 2004-08-04 01:05:42 39,552 -c--a-w C:\WINDOWS\system32\drivers\processr.sys
+ 2004-08-03 23:04:20 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
+ 2001-08-24 14:00:00 17,792 ----a-w C:\WINDOWS\system32\drivers\ptilink.sys
+ 2001-08-24 14:00:00 8,832 ----a-w C:\WINDOWS\system32\drivers\rasacd.sys
+ 2004-08-03 23:14:24 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
+ 2004-08-03 23:05:08 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
+ 2004-08-03 23:14:28 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
+ 2001-08-24 14:00:00 16,512 ----a-w C:\WINDOWS\system32\drivers\raspti.sys
+ 2001-08-24 14:00:00 34,432 -c--a-w C:\WINDOWS\system32\drivers\rawwan.sys
+ 2006-05-05 09:47:57 174,592 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
+ 2001-08-24 14:00:00 4,224 ----a-w C:\WINDOWS\system32\drivers\rdpcdd.sys
+ 2004-08-03 22:01:16 196,864 ----a-w C:\WINDOWS\system32\drivers\rdpdr.sys
+ 2004-08-04 00:55:14 139,400 -c--a-w C:\WINDOWS\system32\drivers\rdpwd.sys
+ 2004-08-04 00:39:44 58,496 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
+ 2001-08-24 14:00:00 12,032 -c--a-w C:\WINDOWS\system32\drivers\rio8drv.sys
+ 2001-08-24 14:00:00 12,032 -c--a-w C:\WINDOWS\system32\drivers\riodrv.sys
+ 2001-08-24 14:00:00 200,064 -c--a-w C:\WINDOWS\system32\drivers\RMCast.sys
+ 2004-08-03 23:04:32 30,080 -c--a-w C:\WINDOWS\system32\drivers\rndismp.sys
+ 2001-08-24 14:00:00 5,888 -c--a-w C:\WINDOWS\system32\drivers\rootmdm.sys
+ 2002-10-22 14:45:42 668,160 -c--a-w C:\WINDOWS\system32\drivers\sbpci.sys
+ 2004-08-03 22:59:42 96,256 -c--a-w C:\WINDOWS\system32\drivers\scsiport.sys
+ 2004-08-03 23:07:48 67,584 -c--a-w C:\WINDOWS\system32\drivers\sdbus.sys
+ 2007-11-13 10:25:54 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
+ 2004-08-03 22:59:08 15,488 ----a-w C:\WINDOWS\system32\drivers\serenum.sys
+ 2004-08-04 00:41:26 66,560 ----a-w C:\WINDOWS\system32\drivers\serial.sys
+ 2001-08-23 16:20:50 18,432 -c--a-w C:\WINDOWS\system32\drivers\sermouse.sys
+ 2004-08-03 22:59:56 11,136 -c--a-w C:\WINDOWS\system32\drivers\sffdisk.sys
+ 2004-08-03 22:59:56 10,240 -c--a-w C:\WINDOWS\system32\drivers\sffp_sd.sys
+ 2004-08-03 22:59:56 11,392 ----a-w C:\WINDOWS\system32\drivers\sfloppy.sys
+ 2004-08-03 23:07:44 41,088 -c--a-w C:\WINDOWS\system32\drivers\SISAGP.SYS
+ 2003-07-18 08:58:20 36,992 -c--a-w C:\WINDOWS\system32\drivers\SISAGPX.SYS
+ 2004-08-03 21:31:36 32,768 ----a-w C:\WINDOWS\system32\drivers\sisnic.sys
+ 2004-08-03 21:10:18 11,136 -c--a-w C:\WINDOWS\system32\drivers\SLIP.sys
+ 2001-08-24 14:00:00 14,592 -c--a-w C:\WINDOWS\system32\drivers\smclib.sys
+ 2004-08-04 01:05:42 25,472 -c--a-w C:\WINDOWS\system32\drivers\sonydcam.sys
+ 2004-08-03 23:07:48 6,400 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
+ 2004-08-04 00:49:46 73,600 -c--a-w C:\WINDOWS\system32\drivers\sr.sys
+ 2006-08-14 10:34:41 332,928 ----a-w C:\WINDOWS\system32\drivers\srv.sys
+ 2005-08-30 15:57:18 58,320 ----a-w C:\WINDOWS\system32\drivers\ss_bus.sys
+ 2005-08-30 15:58:50 6,144 ----a-w C:\WINDOWS\system32\drivers\ss_cm.sys
+ 2005-08-30 15:58:50 6,144 -c--a-w C:\WINDOWS\system32\drivers\ss_cmnt.sys
+ 2005-08-30 15:58:56 8,304 ----a-w C:\WINDOWS\system32\drivers\ss_mdfl.sys
+ 2005-08-30 15:59:00 94,000 ----a-w C:\WINDOWS\system32\drivers\ss_mdm.sys
+ 2005-08-30 15:57:14 5,808 ----a-w C:\WINDOWS\system32\drivers\ss_wh.sys
+ 2005-08-30 15:57:14 5,808 -c--a-w C:\WINDOWS\system32\drivers\ss_whnt.sys
+ 2006-07-24 14:05:00 5,632 ----a-w C:\WINDOWS\system32\drivers\StarOpen.sys
+ 2004-08-03 21:08:04 48,640 -c--a-w C:\WINDOWS\system32\drivers\stream.sys
+ 2004-08-03 21:10:14 15,360 -c--a-w C:\WINDOWS\system32\drivers\StreamIP.sys
+ 2004-08-04 01:05:42 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys
+ 2001-08-17 22:00:52 54,272 ----a-w C:\WINDOWS\system32\drivers\swmidi.sys
+ 2004-08-03 23:15:56 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
+ 2004-08-03 23:00:00 14,976 -c--a-w C:\WINDOWS\system32\drivers\tape.sys
+ 2007-10-30 17:20:55 360,064 ------w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2004-08-03 23:07:46 223,616 -c--a-w C:\WINDOWS\system32\drivers\tcpip6.sys
+ 2004-08-03 23:07:50 18,560 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
+ 2004-08-04 00:55:12 12,040 -c--a-w C:\WINDOWS\system32\drivers\tdpipe.sys
+ 2004-08-04 00:55:14 21,896 -c--a-w C:\WINDOWS\system32\drivers\tdtcp.sys
+ 2004-08-03 23:55:12 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
+ 2001-08-24 14:00:00 51,712 -c--a-w C:\WINDOWS\system32\drivers\tosdvd.sys
+ 2001-08-24 14:00:00 21,376 -c--a-w C:\WINDOWS\system32\drivers\tsbvcap.sys
+ 2004-08-04 01:05:42 12,416 -c--a-w C:\WINDOWS\system32\drivers\tunmp.sys
+ 2004-08-03 23:00:32 66,176 -c--a-w C:\WINDOWS\system32\drivers\udfs.sys
+ 2004-08-03 22:58:34 209,408 ----a-w C:\WINDOWS\system32\drivers\update.sys
+ 2004-08-03 23:04:34 12,672 -c--a-w C:\WINDOWS\system32\drivers\usb8023.sys
+ 2004-08-03 21:07:56 59,264 -c--a-w C:\WINDOWS\system32\drivers\USBAUDIO.sys
+ 2001-08-24 14:00:00 23,808 -c--a-w C:\WINDOWS\system32\drivers\usbcamd.sys
+ 2001-08-24 14:00:00 23,936 -c--a-w C:\WINDOWS\system32\drivers\usbcamd2.sys
+ 2004-08-03 21:08:48 31,616 -c--a-w C:\WINDOWS\system32\drivers\usbccgp.sys
+ 2001-08-24 14:00:00 4,736 ----a-w C:\WINDOWS\system32\drivers\usbd.sys
+ 2004-08-03 23:08:44 57,600 ----a-w C:\WINDOWS\system32\drivers\usbhub.sys
+ 2004-08-04 01:05:42 16,000 -c--a-w C:\WINDOWS\system32\drivers\usbintel.sys
+ 2004-08-03 23:08:38 17,024 ----a-w C:\WINDOWS\system32\drivers\usbohci.sys
+ 2004-08-03 23:08:44 142,976 ----a-w C:\WINDOWS\system32\drivers\usbport.sys
+ 2004-08-03 22:08:48 26,496 ----a-w C:\WINDOWS\system32\drivers\USBSTOR.SYS
+ 2001-08-24 14:00:00 58,112 -c--a-w C:\WINDOWS\system32\drivers\vdmindvd.sys
+ 2004-08-03 23:07:08 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
+ 2004-08-03 23:07:06 79,744 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
+ 2004-08-04 00:44:16 53,376 -c--a-w C:\WINDOWS\system32\drivers\volsnap.sys
+ 2004-08-03 23:04:58 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
+ 2004-08-03 23:15:06 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
+ 2006-01-18 13:08:56 493,440 -c--a-w C:\WINDOWS\system32\drivers\WlanBZ64.SYS
+ 2006-01-18 13:08:54 402,432 -c--a-w C:\WINDOWS\system32\drivers\WlanBZXP.sys
+ 2001-08-24 14:00:00 4,352 ----a-w C:\WINDOWS\system32\drivers\wmilib.sys
+ 2004-08-10 21:05:50 18,944 -c--a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2001-08-24 14:00:00 12,032 -c--a-w C:\WINDOWS\system32\drivers\ws2ifsl.sys
+ 2004-08-03 21:10:22 19,328 -c--a-w C:\WINDOWS\system32\drivers\WSTCODEC.SYS
+ 2006-01-18 13:08:56 17,664 -c--a-w C:\WINDOWS\system32\drivers\ZDPSp50.sys
+ 2006-01-18 13:08:56 31,744 -c--a-w C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
- 2004-08-04 00:54:26 1,097,728 ----a-w C:\WINDOWS\system32\esent.dll
+ 2005-10-20 22:25:53 1,097,728 ----a-w C:\WINDOWS\system32\esent.dll
- 2007-09-17 23:46:25 250,288 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-05-15 20:40:57 250,288 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2001-08-24 14:00:00 79,360 ----a-w C:\WINDOWS\system32\fontsub.dll
+ 2005-10-17 21:21:08 80,896 ----a-w C:\WINDOWS\system32\fontsub.dll
- 2004-08-04 00:54:30 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-12-18 14:41:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2004-08-04 00:54:30 1,048,576 ----a-w C:\WINDOWS\system32\kernel32.dll
+ 2007-04-16 15:53:11 1,049,600 ----a-w C:\WINDOWS\system32\kernel32.dll
- 2004-08-04 00:54:30 18,944 ----a-w C:\WINDOWS\system32\linkinfo.dll
+ 2005-09-01 01:43:37 19,968 ----a-w C:\WINDOWS\system32\linkinfo.dll
- 2004-08-04 00:54:30 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-07 09:28:31 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-21 00:04:14 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
+ 2008-02-04 16:59:24 74,137 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2001-08-24 14:00:00 17,920 -c--a-w C:\WINDOWS\system32\Microsoft\tftp.exe
+ 2001-08-24 14:00:00 19,429 -c--a-w C:\WINDOWS\system32\MsDtc\Trace\msdtcvtr.bat
- 2004-08-04 00:54:34 425,472 ----a-w C:\WINDOWS\system32\msdtcprx.dll
+ 2006-03-01 19:43:50 426,496 ----a-w C:\WINDOWS\system32\msdtcprx.dll
- 2004-08-04 00:54:34 949,248 ----a-w C:\WINDOWS\system32\msdtctm.dll
+ 2006-03-01 19:43:50 956,416 ----a-w C:\WINDOWS\system32\msdtctm.dll
- 2004-08-04 00:54:34 161,280 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
+ 2006-03-01 19:43:51 161,280 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
- 2004-08-04 00:54:34 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2004-08-04 00:54:34 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
- 2004-08-04 00:54:34 537,088 ----a-w C:\WINDOWS\system32\msftedit.dll
+ 2006-11-27 14:55:30 539,136 ----a-w C:\WINDOWS\system32\msftedit.dll
- 2004-08-04 00:54:34 2,804,224 ----a-w C:\WINDOWS\system32\msi.dll
+ 2005-05-04 12:45:32 2,890,240 ----a-w C:\WINDOWS\system32\msi.dll
- 2004-08-04 00:54:58 77,312 ----a-w C:\WINDOWS\system32\msiexec.exe
+ 2005-05-04 12:45:36 78,848 ----a-w C:\WINDOWS\system32\msiexec.exe
- 2004-08-04 00:54:34 331,264 ----a-w C:\WINDOWS\system32\msihnd.dll
+ 2005-05-04 12:45:36 271,360 ----a-w C:\WINDOWS\system32\msihnd.dll
- 2004-08-04 00:53:32 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
+ 2005-05-04 12:45:36 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
- 2004-08-04 00:54:34 44,032 ----a-w C:\WINDOWS\system32\msisip.dll
+ 2005-05-04 12:45:36 15,360 ----a-w C:\WINDOWS\system32\msisip.dll
- 2004-08-04 00:54:34 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2004-07-17 11:34:48 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2004-08-04 00:54:34 184,351 ----a-w C:\WINDOWS\system32\msjint40.dll
+ 2008-03-25 04:51:08 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
- 2004-08-04 00:54:34 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2004-08-04 00:54:34 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2004-08-04 00:54:34 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 08:20:46 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2004-08-04 00:54:34 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2004-08-04 00:54:36 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2004-08-04 00:54:36 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2004-08-04 00:54:36 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2004-08-04 00:54:36 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2004-08-04 00:54:36 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2004-08-04 00:54:36 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll
+ 2008-03-25 04:51:09 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
- 2004-08-04 00:54:36 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
- 2003-04-18 14:46:22 1,233,920 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 2007-05-08 13:03:04 1,275,392 ----a-w C:\WINDOWS\system32\msxml4.dll
- 2004-08-04 00:54:36 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll
+ 2006-03-01 19:43:51 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll
- 2004-08-04 00:54:36 90,112 ----a-w C:\WINDOWS\system32\mtxoci.dll
+ 2006-03-01 19:43:51 91,136 ----a-w C:\WINDOWS\system32\mtxoci.dll
+ 2001-08-24 14:00:00 92,160 ----a-w C:\WINDOWS\system32\mui\[u]0[/u]00C\hhctrlui.dll
- 2004-08-04 00:54:36 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2006-08-17 12:29:49 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
- 2004-08-04 00:54:36 198,144 ----a-w C:\WINDOWS\system32\netman.dll
+ 2005-08-22 18:35:10 197,632 ----a-w C:\WINDOWS\system32\netman.dll
+ 2004-08-04 00:54:36 57,344 -c--a-w C:\WINDOWS\system32\npp\ndisnpp.dll
+ 2004-08-04 00:55:00 15,360 -c--a-w C:\WINDOWS\system32\npp\nppagent.exe
- 2004-08-04 01:05:42 2,058,880 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
+ 2007-02-28 16:02:36 2,059,648 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
+ 2007-02-28 16:02:36 2,182,400 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
- 2004-08-04 00:54:36 1,281,024 ----a-w C:\WINDOWS\system32\ole32.dll
+ 2005-04-28 19:32:30 1,284,608 ----a-w C:\WINDOWS\system32\ole32.dll
- 2004-08-04 00:54:36 553,472 ----a-w C:\WINDOWS\system32\oleaut32.dll
+ 2007-12-04 18:41:36 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
- 2001-08-24 14:00:00 69,120 ----a-w C:\WINDOWS\system32\olecli32.dll
+ 2005-04-28 19:32:30 75,264 ----a-w C:\WINDOWS\system32\olecli32.dll
- 2001-08-24 14:00:00 34,304 ----a-w C:\WINDOWS\system32\olecnv32.dll
+ 2005-04-28 19:32:30 37,888 ----a-w C:\WINDOWS\system32\olecnv32.dll
+ 2004-08-04 00:54:34 122,368 -c--a-w C:\WINDOWS\system32\oobe\msobcomm.dll
+ 2004-08-04 00:54:34 16,384 -c--a-w C:\WINDOWS\system32\oobe\msobdl.dll
+ 2004-08-04 00:54:34 563,200 -c--a-w C:\WINDOWS\system32\oobe\msobmain.dll
+ 2004-08-04 00:54:34 30,720 -c--a-w C:\WINDOWS\system32\oobe\msobshel.dll
+ 2004-08-04 00:54:34 18,944 -c--a-w C:\WINDOWS\system32\oobe\msobweb.dll
+ 2001-08-24 14:00:00 28,160 -c--a-w C:\WINDOWS\system32\oobe\msoobe.exe
+ 2004-08-04 00:55:00 51,712 -c--a-w C:\WINDOWS\system32\oobe\oobebaln.exe
- 2008-05-09 21:52:32 42,222 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-15 20:06:44 42,222 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-09 21:52:32 51,338 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-05-15 20:06:44 51,338 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-05-09 21:52:32 317,326 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-15 20:06:44 317,326 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-05-09 21:52:32 373,658 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-05-15 20:06:44 373,658 ----a-w C:\WINDOWS\system32\perfh00C.dat
- 2004-08-04 00:54:38 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2007-10-29 22:43:32 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
- 2004-08-04 00:54:38 8,192 ----a-w C:\WINDOWS\system32\rasadhlp.dll
+ 2006-06-26 17:41:32 8,192 ----a-w C:\WINDOWS\system32\rasadhlp.dll
+ 2004-08-03 23:07:44 41,088 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]000\DriverFiles\i386\SISAGP.SYS
+ 2004-08-03 23:08:00 60,288 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\drmk.sys
+ 2001-08-17 19:19:34 40,704 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\es1371mp.sys
+ 2004-08-04 01:05:42 140,928 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\ks.sys
+ 2004-08-04 00:54:30 4,096 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\ksuser.dll
+ 2004-08-03 23:15:50 145,792 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\portcls.sys
+ 2004-08-04 01:05:42 48,640 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\stream.sys
+ 2004-08-04 01:05:42 23,552 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\wdmaud.drv
+ 2004-08-04 01:05:42 23,680 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]002\DriverFiles\i386\mouclass.sys
+ 2001-08-24 14:00:00 12,288 -c--a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]002\DriverFiles\i386\mouhid.sys
+ 2007-03-26 09:39:26 3,879,388 -c--a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2004-08-04 00:55:02 384,512 ----a-w C:\WINDOWS\system32\Restore\rstrui.exe
+ 2001-08-24 14:00:00 47,104 -c--a-w C:\WINDOWS\system32\Restore\srdiag.exe
- 2004-08-04 00:54:38 431,616 ----a-w C:\WINDOWS\system32\riched20.dll
+ 2006-11-27 14:55:31 433,152 ----a-w C:\WINDOWS\system32\riched20.dll
- 2004-08-04 00:54:38 395,776 ----a-w C:\WINDOWS\system32\rpcss.dll
+ 2005-04-28 19:32:30 395,776 ----a-w C:\WINDOWS\system32\rpcss.dll
+ 2005-08-30 15:57:18 58,320 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\ss_bus.sys
+ 2005-08-30 15:58:50 6,144 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\ss_cmnt.sys
+ 2005-08-30 15:58:56 8,304 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\ss_mdfl.sys
+ 2005-08-30 15:59:00 94,000 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\ss_mdm.sys
+ 2005-08-26 16:07:28 81,920 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
+ 2005-08-30 15:57:14 5,808 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\ss_whnt.sys
+ 2005-08-29 23:47:38 58,320 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\ssm_bus.sys
+ 2005-08-29 23:49:28 6,176 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\ssm_cmnt.sys
+ 2005-08-29 23:49:34 8,336 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\ssm_mdfl.sys
+ 2005-08-29 23:49:38 94,000 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\ssm_mdm.sys
+ 2005-08-29 23:46:16 81,920 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
+ 2005-08-29 23:47:34 5,840 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\ssm_whnt.sys
+ 2005-12-22 10:24:50 80,272 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdbus.sys
+ 2005-12-22 10:24:52 11,877 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdcmnt.sys
+ 2005-12-22 10:24:52 10,864 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdmdfl.sys
+ 2005-12-22 10:24:52 137,884 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdmdm.sys
+ 2005-12-22 10:24:52 108,003 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdserd.sys
+ 2005-12-22 10:24:52 65,536 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
+ 2005-12-22 10:24:54 11,188 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\sscdwhnt.sys
+ 2006-07-21 10:12:56 66,672 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdbus.sys
+ 2006-07-21 10:15:26 6,208 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdcmnt.sys
+ 2006-07-21 10:13:48 9,232 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdmdfl.sys
+ 2006-07-21 10:13:52 100,304 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdmdm.sys
+ 2006-07-21 10:14:40 91,744 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdmgmt.sys
+ 2006-07-21 10:15:28 89,584 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdobex.sys
+ 2006-07-21 10:15:56 53,760 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
+ 2006-07-21 10:12:52 5,872 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\sssdwhnt.sys
+ 2007-01-07 16:10:28 66,880 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\ssbcbus.sys
+ 2007-01-07 16:11:16 6,272 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\ssbccmnt.sys
+ 2007-01-07 16:11:18 9,360 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\ssbcmdfl.sys
+ 2007-01-07 16:11:22 100,864 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\ssbcmdm.sys
+ 2007-01-07 16:11:48 55,296 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
+ 2007-01-07 16:10:24 5,936 -c--a-w C:\WINDOWS\system32\Samsung_USB_Drivers\6\ssbcwhnt.sys
- 2004-08-04 00:54:38 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
+ 2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
+ 2001-08-24 14:00:00 259,584 -c--a-w C:\WINDOWS\system32\Setup\comsetup.dll
+ 2004-08-04 00:54:26 32,828 -c--a-w C:\WINDOWS\system32\Setup\fp40ext.dll
+ 2001-08-24 14:00:00 6,144 -c--a-w C:\WINDOWS\system32\Setup\fsconins.dll
+ 2004-08-04 00:54:28 132,608 -c--a-w C:\WINDOWS\system32\Setup\fxsocm.dll
+ 2004-08-04 00:53:04 508,416 -c--a-w C:\WINDOWS\system32\Setup\iis.dll
+ 2001-08-24 14:00:00 118,784 -c--a-w C:\WINDOWS\system32\Setup\imsinsnt.dll
+ 2004-08-04 00:54:32 16,896 -c--a-w C:\WINDOWS\system32\Setup\medctroc.dll
+ 2001-08-24 14:00:00 82,432 -c--a-w C:\WINDOWS\system32\Setup\msdtcstp.dll
+ 2004-08-04 00:54:34 15,872 -c--a-w C:\WINDOWS\system32\Setup\msgrocm.dll
+ 2004-08-04 00:54:34 169,984 -c--a-w C:\WINDOWS\system32\Setup\msmqocm.dll
+ 2004-08-03 22:10:58 126,976 -c--a-w C:\WINDOWS\system32\Setup\netfxocm.dll
+ 2004-08-04 00:54:36 78,336 -c--a-w C:\WINDOWS\system32\Setup\netoc.dll
+ 2004-08-04 00:54:36 63,488 -c--a-w C:\WINDOWS\system32\Setup\ntoc.dll
+ 2004-08-04 00:54:36 15,872 -c--a-w C:\WINDOWS\system32\Setup\ocgen.dll
+ 2004-08-04 00:54:36 17,408 -c--a-w C:\WINDOWS\system32\Setup\ocmsn.dll
+ 2004-08-04 00:54:40 101,888 -c--a-w C:\WINDOWS\system32\Setup\setupqry.dll
+ 2004-08-04 00:54:44 34,304 -c--a-w C:\WINDOWS\system32\Setup\tabletoc.dll
+ 2004-08-04 00:54:44 123,904 -c--a-w C:\WINDOWS\system32\Setup\tsoc.dll
+ 2001-08-24 14:00:00 8,261 -c--a-w C:\WINDOWS\system32\Setup\zoneoc.dll
- 2004-08-22 22:33:46 8,440,320 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2006-03-17 04:07:40 8,508,416 ----a-w C:\WINDOWS\system32\shell32.dll
- 2004-08-04 00:54:40 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2005-09-03 00:06:11 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2007-07-30 17:18:40 33,624 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
+ 2007-03-06 01:34:33 15,072 ------w C:\WINDOWS\system32\spmsg.dll
+ 2003-06-18 23:31:44 758,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll
+ 2003-06-18 23:31:46 35,328 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2003-06-18 23:31:44 758,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll
+ 2003-06-18 23:31:46 35,328 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll
+ 2003-06-18 23:31:48 18,944 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2005-06-28 08:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2004-08-04 00:54:42 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll
+ 2004-12-07 19:34:00 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll
- 2004-08-04 00:54:44 210,432 ----a-w C:\WINDOWS\system32\t2embed.dll
+ 2005-10-17 21:21:08 118,272 ----a-w C:\WINDOWS\system32\t2embed.dll
- 2004-08-04 00:55:02 77,824 ----a-w C:\WINDOWS\system32\telnet.exe
+ 2005-05-11 02:30:03 78,336 ----a-w C:\WINDOWS\system32\telnet.exe
- 2004-08-04 00:54:44 119,808 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
+ 2005-08-23 03:39:36 124,928 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
+ 2008-05-15 18:21:36 126,464 ----a-w C:\WINDOWS\system32\upxyctvm.dll
- 2004-08-04 00:54:44 578,048 ----a-w C:\WINDOWS\system32\user32.dll
+ 2005-03-02 18:10:36 578,048 ----a-w C:\WINDOWS\system32\user32.dll
+ 2004-08-04 00:54:28 125,440 -c--a-w C:\WINDOWS\system32\usmt\guitrn.dll
+ 2004-08-04 00:54:28 109,056 -c--a-w C:\WINDOWS\system32\usmt\guitrn_a.dll
+ 2004-08-04 00:54:28 4,096 -c--a-w C:\WINDOWS\system32\usmt\iconlib.dll
+ 2004-08-04 00:54:30 19,968 -c--a-w C:\WINDOWS\system32\usmt\log.dll
+ 2004-08-04 00:54:32 201,216 -c--a-w C:\WINDOWS\system32\usmt\migism.dll
+ 2004-08-04 00:54:32 192,512 -c--a-w C:\WINDOWS\system32\usmt\migism_a.dll
+ 2004-08-04 00:54:54 103,936 -c--a-w C:\WINDOWS\system32\usmt\migload.exe
+ 2004-08-04 00:54:54 246,784 ----a-w C:\WINDOWS\system32\usmt\migwiz.exe
+ 2004-08-04 00:54:54 242,688 -c--a-w C:\WINDOWS\system32\usmt\migwiz_a.exe
+ 2004-08-04 00:54:38 204,800 -c--a-w C:\WINDOWS\system32\usmt\script.dll
+ 2004-08-04 00:54:38 189,440 -c--a-w C:\WINDOWS\system32\usmt\script_a.dll
+ 2004-08-04 00:54:44 169,472 -c--a-w C:\WINDOWS\system32\usmt\sysmod.dll
+ 2004-08-04 00:54:44 155,648 -c--a-w C:\WINDOWS\system32\usmt\sysmod_a.dll
- 2004-08-04 00:54:44 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-12-18 14:41:59 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2006-03-17 00:38:01 28,672 ------w C:\WINDOWS\system32\verclsid.exe
+ 2004-08-04 00:54:24 1,352,704 ----a-w C:\WINDOWS\system32\wbem\cimwin32.dll
+ 2004-08-04 00:54:26 45,568 -c--a-w C:\WINDOWS\system32\wbem\CmdEvTgProv.dll
+ 2001-08-24 14:00:00 120,320 -c--a-w C:\WINDOWS\system32\wbem\dsprov.dll
+ 2004-08-04 00:54:26 247,808 ----a-w C:\WINDOWS\system32\wbem\esscli.dll
+ 2004-08-04 00:54:26 22,016 -c--a-w C:\WINDOWS\system32\wbem\evntrprv.dll
+ 2004-08-04 00:54:26 472,064 ----a-w C:\WINDOWS\system32\wbem\fastprox.dll
+ 2004-08-04 00:54:26 185,856 ----a-w C:\WINDOWS\system32\wbem\framedyn.dll
+ 2001-08-24 14:00:00 53,248 -c--a-w C:\WINDOWS\system32\wbem\fwdprov.dll
+ 2004-08-04 00:54:30 24,576 -c--a-w C:\WINDOWS\system32\wbem\krnlprov.dll
+ 2004-08-04 00:54:56 16,896 -c--a-w C:\WINDOWS\system32\wbem\mofcomp.exe
+ 2004-08-04 00:54:32 124,928 -c--a-w C:\WINDOWS\system32\wbem\mofd.dll
+ 2001-08-24 14:00:00 273,920 -c--a-w C:\WINDOWS\system32\wbem\msiprov.dll
+ 2004-08-04 00:54:36 47,104 ----a-w C:\WINDOWS\system32\wbem\ncprov.dll
+ 2004-08-04 00:54:36 212,992 -c--a-w C:\WINDOWS\system32\wbem\ntevt.dll
+ 2004-08-04 00:54:38 92,672 -c--a-w C:\WINDOWS\system32\wbem\policman.dll
+ 2004-08-04 00:54:38 237,056 -c--a-w C:\WINDOWS\system32\wbem\provthrd.dll
+ 2004-08-04 00:54:38 177,152 ----a-w C:\WINDOWS\system32\wbem\repdrvfs.dll
+ 2004-08-04 00:55:02 36,864 -c--a-w C:\WINDOWS\system32\wbem\scrcons.exe
+ 2001-08-24 14:00:00 40,960 -c--a-w C:\WINDOWS\system32\wbem\smtpcons.dll
+ 2004-08-04 00:54:44 86,528 -c--a-w C:\WINDOWS\system32\wbem\stdprov.dll
+ 2001-08-24 14:00:00 61,952 -c--a-w C:\WINDOWS\system32\wbem\tmplprov.dll
+ 2001-08-24 14:00:00 59,904 -c--a-w C:\WINDOWS\system32\wbem\trnsprov.dll
+ 2001-08-24 14:00:00 16,896 -c--a-w C:\WINDOWS\system32\wbem\unsecapp.exe
+ 2001-08-24 14:00:00 116,224 -c--a-w C:\WINDOWS\system32\wbem\updprov.dll
+ 2004-08-04 00:54:44 131,584 -c--a-w C:\WINDOWS\system32\wbem\viewprov.dll
+ 2001-08-24 14:00:00 12,288 -c--a-w C:\WINDOWS\system32\wbem\wbemads.dll
+ 2004-08-04 00:54:44 201,216 -c--a-w C:\WINDOWS\system32\wbem\wbemcntl.dll
+ 2004-08-04 00:54:44 214,528 ----a-w C:\WINDOWS\system32\wbem\wbemcomn.dll
+ 2004-08-04 00:54:44 71,680 ----a-w C:\WINDOWS\system32\wbem\wbemcons.dll
+ 2004-08-04 00:54:44 530,944 ----a-w C:\WINDOWS\system32\wbem\wbemcore.dll
+ 2004-08-04 00:54:44 178,176 -c--a-w C:\WINDOWS\system32\wbem\wbemdisp.dll
+ 2004-08-04 00:54:44 273,920 ----a-w C:\WINDOWS\system32\wbem\wbemess.dll
+ 2004-08-04 00:54:44 44,544 -c--a-w C:\WINDOWS\system32\wbem\wbemperf.dll
+ 2004-08-04 00:54:44 18,944 ----a-w C:\WINDOWS\system32\wbem\wbemprox.dll
+ 2004-08-04 00:54:44 43,520 ----a-w C:\WINDOWS\system32\wbem\wbemsvc.dll
+ 2004-08-04 00:55:02 119,808 -c--a-w C:\WINDOWS\system32\wbem\wbemtest.exe
+ 2004-08-04 00:54:44 197,120 -c--a-w C:\WINDOWS\system32\wbem\wbemupgd.dll
+ 2001-08-24 14:00:00 14,336 -c--a-w C:\WINDOWS\system32\wbem\winmgmt.exe
+ 2001-08-24 14:00:00 18,944 -c--a-w C:\WINDOWS\system32\wbem\winmgmtr.dll
+ 2004-08-04 00:55:02 196,608 -c--a-w C:\WINDOWS\system32\wbem\wmiadap.exe
+ 2004-08-04 00:54:10 7,680 -c--a-w C:\WINDOWS\system32\wbem\wmiapres.dll
+ 2004-08-04 00:54:48 89,088 -c--a-w C:\WINDOWS\system32\wbem\wmiaprpl.dll
+ 2004-08-04 00:55:02 126,464 -c--a-w C:\WINDOWS\system32\wbem\wmiapsrv.exe
+ 2004-08-04 00:55:02 369,664 -c--a-w C:\WINDOWS\system32\wbem\wmic.exe
+ 2004-08-04 00:54:48 60,928 -c--a-w C:\WINDOWS\system32\wbem\wmicookr.dll
+ 2004-08-04 00:54:48 140,800 -c--a-w C:\WINDOWS\system32\wbem\wmidcprv.dll
+ 2001-08-24 14:00:00 61,440 -c--a-w C:\WINDOWS\system32\wbem\wmimsg.dll
+ 2004-08-04 00:54:48 156,672 -c--a-w C:\WINDOWS\system32\wbem\wmipcima.dll
+ 2004-08-04 00:54:48 132,096 -c--a-w C:\WINDOWS\system32\wbem\wmipdskq.dll
+ 2001-08-24 14:00:00 77,312 -c--a-w C:\WINDOWS\system32\wbem\wmipicmp.dll
+ 2004-08-04 00:54:48 62,464 -c--a-w C:\WINDOWS\system32\wbem\wmipiprt.dll
+ 2004-08-04 00:54:48 62,976 -c--a-w C:\WINDOWS\system32\wbem\wmipjobj.dll
+ 2004-08-04 00:54:48 144,896 -c--a-w C:\WINDOWS\system32\wbem\wmiprov.dll
+ 2004-08-04 00:54:48 437,248 ----a-w C:\WINDOWS\system32\wbem\wmiprvsd.dll
+ 2004-08-04 00:55:02 218,112 ----a-w C:\WINDOWS\system32\wbem\wmiprvse.exe
+ 2004-08-04 00:54:48 41,472 -c--a-w C:\WINDOWS\system32\wbem\wmipsess.dll
+ 2004-08-04 00:54:48 145,408 ----a-w C:\WINDOWS\system32\wbem\wmisvc.dll
+ 2001-08-24 14:00:00 52,224 -c--a-w C:\WINDOWS\system32\wbem\wmitimep.dll
+ 2004-08-04 00:54:48 99,328 ----a-w C:\WINDOWS\system32\wbem\wmiutils.dll
+ 2001-08-24 14:00:00 45,568 ----a-w C:\WINDOWS\system32\wbem\xml\wmi2xml.dll
- 2004-08-04 00:45:58 1,836,032 ----a-w C:\WINDOWS\system32\win32k.sys
+ 2005-03-02 18:07:53 1,836,416 ----a-w C:\WINDOWS\system32\win32k.sys
- 2004-08-04 00:54:46 291,328 ----a-w C:\WINDOWS\system32\winsrv.dll
+ 2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
- 2004-08-04 00:54:46 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll
+ 2006-08-17 12:29:49 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll
- 2004-08-10 23:41:20 5,550,080 -c--a-w C:\WINDOWS\system32\wmp.dll
+ 2007-04-30 06:20:24 5,537,792 ----a-w C:\WINDOWS\system32\wmp.dll
- 2004-08-11 00:39:08 2,362,104 -c--a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-12-07 06:40:49 2,362,184 ----a-w C:\WINDOWS\system32\wmvcore.dll
- 2004-08-04 00:54:48 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll
+ 2006-03-01 19:43:51 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll
+ 2006-10-16 01:40:52 121,856 ------w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-05-15 21:39:41 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_674.dat
+ 2007-05-08 13:06:44 1,275,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll
+ 2007-04-18 08:36:40 82,432 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2001-08-24 14:00:00 57,344 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries.Resources_6595b64144ccf1df_6.0.0.0_fr-FR_9d8c4a39\mfc42fra.dll
+ 2001-08-24 14:00:00 74,802 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\atl.dll
+ 2001-08-24 14:00:00 995,383 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42.dll
+ 2001-08-24 14:00:00 995,384 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42u.dll
+ 2001-08-24 14:00:00 401,462 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\msvcp60.dll
+ 2006-06-05 13:14:28 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2006-06-05 13:14:28 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 13:14:28 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
+ 2001-08-24 14:00:00 921,088 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
+ 2004-08-04 00:52:46 1,050,624 ----a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
+ 2001-08-24 14:00:00 50,688 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcirt.dll
+ 2001-08-24 14:00:00 322,560 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
+ 2004-08-04 00:52:46 54,784 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcirt.dll
+ 2004-08-04 00:52:46 343,040 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
+ 2001-08-24 14:00:00 1,700,352 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll
+ 2004-08-04 00:52:46 1,712,128 ----a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll
+ 2004-08-04 00:52:46 852,992 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll
+ 2004-08-04 00:52:46 994,816 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll
+ 2004-08-04 00:52:46 137,728 -c--a-r C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_fr_457ebf3d\rtcres.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c90c3518-5092-42ed-8e94-587c6d7f3608}]
2008-05-15 20:27 133632 --a------ C:\WINDOWS\system32\asmgpdui.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:54 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:55 5674352]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-12 18:39 79224]
"00fd4e5e"="C:\WINDOWS\system32\llklodqt.dll" [ ]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-12 18:36]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
R3 N100;Pilote de carte réseau Ethernet ou Fast Ethernet Compaq;C:\WINDOWS\system32\DRIVERS\n100325.sys [2001-08-23 18:09]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-03-09 17:29]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2006-01-18 15:08]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-08-03 15:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-08-14 20:12:06 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job"
- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 23:40:53
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-15 23:44:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-15 21:44:40
ComboFix2.txt 2008-05-15 17:07:49

Pre-Run: 316,755,968 octets libres
Post-Run: 317,169,664 octets libres

733 --- E O F --- 2008-05-15 19:12:03

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:46, on 15/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: {8063f7d6-c785-49e8-de24-29058153c09c} - {c90c3518-5092-42ed-8e94-587c6d7f3608} - C:\WINDOWS\system32\asmgpdui.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [00fd4e5e] rundll32.exe "C:\WINDOWS\system32\llklodqt.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\

Réponse 11 / 12

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

une question , combofix tu l'as fait en mode sans échec ?

DACINJO

OUI TOUJOURS

Réponse 12 / 12

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

Bon .... Très bien , on continue :

1-Crée un doc texte sur ton bureau :
pointes ta souris sur ton bureau , click droit : vas dans "nouveau" et choisis "document texte" .

Ensuite copie/colle le texte ci-dessous ( et rien d'autre!) dans le fichier texte que tu viens de crée :

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c90c3518-5092-42ed-8e94-587c6d7f3608}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00fd4e5e"=-

File::
C:\WINDOWS\system32\asmgpdui.dll

Puis vas dans "fichier" et choisis "enregistrer sous ..." et tu le nommes exactement ainsi :
CFScript puis valides ...

2-Nettoyage :
!!Déconnectes toi,fermes toute tes application et désactive ton antivirus le temps de la manipe ( tu le réactiveras après ) !!

--->Sur ton bureau, fais un glisser avec ta souris le fichier CFScript sur l'icone de ComboFix.exe .

(Regarde ici : http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif )

Cette manipulation va relancer combofix .
--> Une fenêtre bleue va apparaître: au message qui apparaît "Type 1 to continue, or 2 to abort" : tape 1 puis valide.

Puis patientes le temps du scan.( Le Bureau va disparaître à plusieurs reprises : c'est normal!)

!!Ne touche à rien tant que le scan n'est pas terminé !!

Note : en fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisses-le faire.

Une fois le scan achevé, un rapport va s'afficher : Postes le accompagné d' un nouveau rapport HijackThis pour analyse ...

DACINJO

Je vais arreter la pour ce soir, suis claqué et commence à 5h
Merci beaucoup pour tout le temp passé avec moi et de tes précieux conseils
Je finirai le chantier demain
Bonne nuit
A bientôt

sKe69 Messages postés 21955 Statut Contributeur sécurité 463 > DACINJO

A demain pour la suite =)

Infection probable ?

12 réponses

Votre réponse

Discussions similaires

Newsletters