Infecté:Xpantivirus et autre virus

chester57 Messages postés 26 Date d'inscription   Statut Membre Dernière intervention   -  
chester57 Messages postés 26 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour, Je m'appelle William J'ai été récemment infecté pas quelque virus qui en ont entrainer d'autre, du moin c'est ce que je crois. Je reçois fréquemment une alerte d'un popup qui dit que mon est infecter par un virus, cependant je ne suis pas si bete que sa alors je n'ai aps accepter la protection que ce soi disant poup meproposait..... Mais mon pere l'a fait...Après quoi mon ordinateur a été infecter par Xp antivirus 2008 qui me disait qu'il y avait 12 millions de virus sur mon ordinateur... Je n'ai meme pas un dixieme de fichiers pour 1 virus Wow! Bon ce pogramme est évidemment ridicule, en fait c'est pratiquement pas un programme, Je l'ai effacer en redémarrant en mode sans échec mais apres cela je recevais toujours de propositions pour soigner mon pauvre ordinateur malade. Et la Antivir me sort des nom de virus: TR/Crypt.XPACK.Gen - Trojan Et VBS/Agent.1002 JE me rappelle également qu'il m'a sortit un Vundo récemment que je n'ai pas vraiment pu me débarasser completement... Bon Voila un rapport Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10, on 2008-07-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\zibapcnm\hcrydcrc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\WINDOWS\system32\lphcvedj0enc7.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hehqjuzs.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Will\Local Settings\temp\.tt11.tmp
C:\Documents and Settings\Will\Bureau\fixes\omgsuxor.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [8ccbda41] rundll32.exe "C:\WINDOWS\system32\rtfqyvyn.dll",b
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [lphcvedj0enc7] C:\WINDOWS\system32\lphcvedj0enc7.exe
O4 - HKLM\..\Run: [SMrhcredj0enc7] C:\Program Files\rhcredj0enc7\rhcredj0enc7.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GenProc] C:\WINDOWS\system32\hehqjuzs.exe
O4 - HKLM\..\Policies\Explorer\Run: [9rYUvdUVir] C:\Documents and Settings\All Users\Application Data\zibapcnm\hcrydcrc.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1214440339-2052111302-725345543-1005\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 's?ai?ee')
O4 - HKUS\S-1-5-21-1214440339-2052111302-725345543-1005\..\Run: [GenHlp] C:\WINDOWS\system32\itihobwn.exe (User 's?ai?ee')
O4 - HKUS\S-1-5-21-1214440339-2052111302-725345543-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 's?ai?ee')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: ActChkSet - {58A95214-1550-3AF6-167A-07E21AF846E3} - C:\Program Files\zehgftf\ActChkSet.dll (file missing)
O21 - SSODL: HlpProcAct - {30D627F7-0436-D748-F525-01F41F7CF67A} - C:\Program Files\posgofb\HlpProcAct.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7749 bytes

Wow quelle blague j'ai reçu une erreur disant bad number or file name quand j'ai lancer hijackthis.... Bon aidez-moi Svp!

Ah oui j'ai aussi scanner mon ordinateur avec ad-aware mais il n'a pas vraiment pu m'aider beaucoup, il a juste enlever les spywares qui s'étaient implanter dans mon ordinateur par l'aide des virus. Et également quand je démarre mon ordinateur au démarrage d'une session je reçois ce message... : rtfqyvyn.dll est manquant ou quelquechose du genre.
Configuration: Windows XP
Internet Explorer 7.0

28 réponses

  • 1
  • 2
  1. Utilisateur anonyme
     
    Salut

    Telecharge malwarebytes

    -> http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

    Copie et colle le rapport stp.

    ps : les rapport sont aussi rangé dans l onglet rapport/log
    0
  2. chester57 Messages postés 26 Date d'inscription   Statut Membre Dernière intervention  
     
    Bon il y en avait beaucoup, je les ai effacer, mais il semble que ça eu peu d'effet j'ai toujours des alertes

    Malwarebytes' Anti-Malware 1.21
    Version de la base de données: 967
    Windows 5.1.2600 Service Pack 2

    13:38:27 2008-07-19
    mbam-log-7-19-2008 (13-38-27).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 78113
    Temps écoulé: 21 minute(s), 35 second(s)

    Processus mémoire infecté(s): 2
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 31
    Valeur(s) du Registre infectée(s): 10
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 15
    Fichier(s) infecté(s): 77

    Processus mémoire infecté(s):
    C:\WINDOWS\system32\lphcvedj0enc7.exe (Trojan.FakeAlert) -> Unloaded process successfully.
    C:\WINDOWS\system32\sysrest32.exe (Rootkit.Agent) -> Unloaded process successfully.

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\blphcvedj0enc7.scr (Trojan.FakeAlert) -> Unloaded module successfully.

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcredj0enc7 (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\rhcredj0enc7 (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcvedj0enc7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcredj0enc7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Will\Application Data\rhcredj0enc7 (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Will\Application Data\rhcredj0enc7\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Will\Application Data\rhcredj0enc7\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Will\Application Data\rhcredj0enc7\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Will\Application Data\rhcredj0enc7\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Will\Application Data\rhcredj0enc7\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Will\Application Data\rhcredj0enc7\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Will\Application Data\rhcredj0enc7\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Will\Application Data\rhcredj0enc7\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Will\Application Data\rhcredj0enc7\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Will\Application Data\rhcredj0enc7\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\blphcvedj0enc7.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lphcvedj0enc7.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\phcvedj0enc7.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Will\Local Settings\temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Will\Local Settings\temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Will\Local Settings\temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Will\Local Settings\temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Will\Local Settings\temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Will\Local Settings\temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Will\Local Settings\temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Will\Local Settings\temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

    Antivirus Xp 2008 s'est réinstaller................................................ Et mon ordinateur est vachement lent.

    Voila un rapport hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:46, on 2008-07-19
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\All Users\Application Data\zibapcnm\hcrydcrc.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\hehqjuzs.exe
    C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ibufetor.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\rhcredj0enc7\rhcredj0enc7.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
    C:\WINDOWS\system32\pphcvedj0enc7.exe
    C:\Documents and Settings\Will\Bureau\fixes\omgsuxor.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [8ccbda41] rundll32.exe "C:\WINDOWS\system32\rtfqyvyn.dll",b
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
    O4 - HKLM\..\Run: [lphcvedj0enc7] C:\WINDOWS\system32\lphcvedj0enc7.exe
    O4 - HKLM\..\Run: [SMrhcredj0enc7] C:\Program Files\rhcredj0enc7\rhcredj0enc7.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [GenProc] C:\WINDOWS\system32\hehqjuzs.exe
    O4 - HKCU\..\Run: [uimsgen] C:\WINDOWS\system32\exgzkzsh.exe
    O4 - HKLM\..\Policies\Explorer\Run: [9rYUvdUVir] C:\Documents and Settings\All Users\Application Data\zibapcnm\hcrydcrc.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O21 - SSODL: ActChkSet - {58A95214-1550-3AF6-167A-07E21AF846E3} - C:\Program Files\zehgftf\ActChkSet.dll (file missing)
    O21 - SSODL: HlpProcAct - {30D627F7-0436-D748-F525-01F41F7CF67A} - C:\Program Files\posgofb\HlpProcAct.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    0
  3. Utilisateur anonyme
     
    réouvre malewarebyte
    va sur quarantaine
    supprime tout

    Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique sur combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    -> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    0
  4. chester57 Messages postés 26 Date d'inscription   Statut Membre Dernière intervention  
     
    ComboFix 08-07-18.5 - Will 2008-07-19 14:48:24.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.189 [GMT -4:00]
    Endroit: C:\Documents and Settings\Will\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Will\Application Data\rhcredj0enc7
    C:\WINDOWS\system32\blphcvedj0enc7.scr
    C:\WINDOWS\system32\lphcvedj0enc7.exe
    C:\WINDOWS\system32\phcvedj0enc7.bmp
    C:\WINDOWS\system32\pphcvedj0enc7.exe
    .
    ---- Previous Run -------
    .
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\darqleay.ini
    C:\WINDOWS\system32\ecokok.dll
    C:\WINDOWS\system32\ljdalvrt.dll
    C:\WINDOWS\system32\ljJBrOFX.dll
    C:\WINDOWS\system32\lsmuectj.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\msssc.dll
    C:\WINDOWS\system32\nyvyqftr.ini
    C:\WINDOWS\system32\oriytrwx.ini
    C:\WINDOWS\system32\rtfqyvyn.dll
    C:\WINDOWS\system32\wirjdh.dll
    C:\WINDOWS\system32\XFOrBJjl.ini
    C:\WINDOWS\system32\XFOrBJjl.ini2
    C:\WINDOWS\system32\xkqgskre.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_SYSREST.SYS
    -------\Service_sysrest.sys

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-19 to 2008-07-19 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-19 13:40 . 2008-07-19 13:40 90,112 --a------ C:\WINDOWS\system32\exgzkzsh.exe
    2008-07-19 12:55 . 2008-07-19 12:55 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-19 12:55 . 2008-07-19 12:55 <REP> d-------- C:\Documents and Settings\Will\Application Data\Malwarebytes
    2008-07-19 12:55 . 2008-07-19 12:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-19 12:55 . 2008-07-18 19:15 36,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-07-19 12:55 . 2008-07-18 19:15 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-07-19 12:00 . 2008-07-19 12:00 90,112 --a------ C:\WINDOWS\system32\itihobwn.exe
    2008-07-18 22:03 . 2008-07-18 22:03 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
    2008-07-16 16:25 . 2008-07-16 16:25 131,072 --a------ C:\WINDOWS\system32\hehqjuzs.exe
    2008-07-15 22:48 . 2008-07-15 22:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\zibapcnm
    2008-07-11 15:06 . 2008-07-11 15:06 754 --a------ C:\WINDOWS\WORDPAD.INI
    2008-07-10 09:57 . 2008-04-23 00:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-07-10 09:57 . 2007-04-17 05:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-07-10 09:57 . 2007-03-08 01:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-07-10 09:57 . 2008-04-23 00:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-07-10 09:57 . 2008-04-23 00:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-07-10 09:57 . 2008-04-23 00:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-07-10 09:57 . 2008-04-23 00:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
    2008-07-10 09:57 . 2008-04-23 00:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-07-10 09:57 . 2008-04-22 03:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-07-09 10:21 . 2008-07-10 16:50 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-07-09 10:18 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
    2008-07-09 10:05 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
    2008-07-09 10:05 . 2003-02-28 18:26 46,352 --a------ C:\WINDOWS\setdebug.exe
    2008-07-09 10:05 . 2003-02-28 16:54 7,315 --a------ C:\WINDOWS\system32\javasup.vxd
    2008-07-09 10:05 . 2003-02-28 16:35 6,550 --a------ C:\WINDOWS\jautoexp.dat
    2008-07-09 10:05 . 2008-07-10 16:49 1,374 --a------ C:\WINDOWS\imsins.BAK
    2008-07-09 10:05 . 2003-02-28 16:38 113 --a------ C:\WINDOWS\system32\zonedon.reg
    2008-07-09 10:05 . 2003-02-28 16:38 113 --a------ C:\WINDOWS\system32\zonedoff.reg
    2008-07-09 10:01 . 2008-07-09 10:01 <REP> d-------- C:\Program Files\CCleaner
    2008-07-08 17:13 . 2008-07-08 17:16 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-07-08 14:42 . 2004-07-20 17:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
    2008-07-08 14:42 . 2004-07-20 17:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
    2008-07-08 14:42 . 2004-07-20 17:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
    2008-07-08 14:42 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
    2008-07-08 14:42 . 2004-07-20 17:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
    2008-07-08 14:42 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
    2008-07-08 13:46 . 2008-07-08 14:00 <REP> d-------- C:\Program Files\Lexmark 3100 Series
    2008-07-08 13:46 . 2008-07-08 13:46 <REP> d-------- C:\Lxk3100
    2008-07-08 13:46 . 1997-04-18 11:49 298,496 --a------ C:\WINDOWS\unin040c.exe
    2008-07-08 13:46 . 2003-09-03 23:56 69,632 --a------ C:\WINDOWS\system32\lxbrscin.dll
    2008-07-08 13:46 . 2003-09-03 23:56 57,344 --a------ C:\WINDOWS\system32\lxbrcinf.dll
    2008-07-08 13:46 . 2003-09-03 23:56 49,152 --a------ C:\WINDOWS\system32\lxbrcoin.dll
    2008-07-08 13:46 . 2003-02-12 10:12 181 --a------ C:\WINDOWS\system32\lxbrcoin.ini
    2008-07-08 13:38 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-07-08 13:38 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-07-07 17:55 . 2008-07-07 17:55 <REP> d-------- C:\Program Files\CDBurnerXP
    2008-07-07 17:55 . 2008-07-07 17:55 <REP> d-------- C:\Documents and Settings\Will\Application Data\Canneverbe_Limited
    2008-07-07 17:43 . 2008-07-07 17:43 <REP> d-------- C:\Documents and Settings\Will\Application Data\Ahead
    2008-07-07 17:42 . 2008-07-07 17:42 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
    2008-07-07 17:42 . 2008-07-07 17:42 <REP> d-------- C:\Program Files\Ahead
    2008-07-07 17:42 . 2001-07-06 13:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
    2008-07-07 17:42 . 2001-07-06 11:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
    2008-07-07 17:42 . 2001-07-06 17:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
    2008-07-07 17:42 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
    2008-07-07 17:42 . 2003-03-29 15:45 89,184 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
    2008-07-07 17:42 . 2003-09-15 13:56 57,344 --a------ C:\WINDOWS\system32\ImageDrive.cpl
    2008-07-07 17:42 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
    2008-07-07 17:27 . 2008-07-07 17:41 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-07-06 19:23 . 2008-06-02 07:37 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2008-07-06 19:23 . 2008-06-02 07:37 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-07-06 19:23 . 2008-06-02 12:49 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2008-07-06 19:23 . 2008-06-02 07:37 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
    2008-07-06 19:23 . 2008-06-02 07:37 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2008-07-06 19:23 . 2008-06-02 07:37 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
    2008-07-06 19:23 . 2008-06-02 07:37 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-07-06 19:23 . 2008-07-06 19:23 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-07-04 16:14 . 2008-07-04 16:14 <REP> d-------- C:\Program Files\Lavasoft
    2008-07-04 16:14 . 2008-07-04 16:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-07-02 16:49 . 2008-07-02 16:49 94,208 --a------ C:\WINDOWS\DIIUnin.exe
    2008-07-02 16:49 . 2008-07-02 16:56 35,342 --a------ C:\WINDOWS\DIIUnin.dat
    2008-07-02 16:49 . 2008-07-02 16:49 2,829 --a------ C:\WINDOWS\DIIUnin.pif
    2008-06-22 16:06 . 2008-06-23 13:05 <REP> d-------- C:\Program Files\World of Warcraft Trial
    2008-06-22 16:06 . 2008-06-22 16:06 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
    2008-06-22 12:36 . 2008-06-22 12:36 <REP> d-------- C:\Program Files\Ventrilo
    2008-06-22 12:36 . 2008-06-22 12:37 <REP> d-------- C:\Documents and Settings\Will\Application Data\Ventrilo
    2008-06-22 12:35 . 2008-07-04 16:14 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-06-20 13:41 . 2008-06-20 13:41 247,808 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
    2008-06-20 06:44 . 2008-06-20 06:44 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-19 00:11 --------- d-----w C:\Documents and Settings\Will\Application Data\LimeWire
    2008-07-18 13:48 --------- d-----w C:\Program Files\Diablo II
    2008-07-18 02:00 --------- d-----w C:\Program Files\Warcraft III
    2008-07-04 21:34 --------- d-----w C:\Program Files\Circle Developement
    2008-07-03 23:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-07-02 22:46 --------- d-----w C:\Program Files\Starcraft
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-19 14:48 --------- d-----w C:\Program Files\LimeWire
    2008-06-17 18:04 --------- d-----w C:\Documents and Settings\Will\Application Data\Apple Computer
    2008-06-17 00:15 --------- d-----w C:\Program Files\iTunes
    2008-06-17 00:15 --------- d-----w C:\Program Files\iPod
    2008-06-17 00:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-06-17 00:14 --------- d-----w C:\Program Files\QuickTime
    2008-06-17 00:14 --------- d-----w C:\Program Files\Bonjour
    2008-06-17 00:13 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2008-06-17 00:13 --------- d-----w C:\Program Files\Apple Software Update
    2008-06-17 00:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2008-06-16 18:11 --------- d-----w C:\Documents and Settings\Will\Application Data\gtk-2.0
    2008-06-16 18:08 --------- d-----w C:\Program Files\GIMP-2.0
    2008-06-16 15:32 --------- d-----w C:\Program Files\Robster Productions
    2008-06-15 05:34 --------- d-----w C:\Program Files\Windows Live
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-10 22:50 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-06-10 22:50 --------- d-----w C:\Program Files\Windows Live Favorites
    2008-06-10 22:50 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
    2008-06-10 22:49 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-06-10 22:47 --------- d-----w C:\Program Files\MSN Messenger
    2008-06-10 22:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-06-09 00:21 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-06-09 00:21 --------- d-----w C:\Program Files\Exit hope
    2008-06-08 20:46 --------- d-----w C:\Program Files\Valve
    2008-06-06 01:40 --------- d-----w C:\Documents and Settings\Will\Application Data\MSN6
    2008-06-06 01:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
    2008-06-03 16:12 2,829 ----a-w C:\WINDOWS\War3Unin.pif
    2008-06-03 16:12 139,264 ----a-w C:\WINDOWS\War3Unin.exe
    2008-06-03 15:05 --------- d-----w C:\Program Files\Java
    2008-06-03 15:04 --------- d-----w C:\Program Files\Fichiers communs\Java
    2008-06-02 19:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
    2008-06-02 19:12 70,656 ----a-w C:\WINDOWS\ScUnin.exe
    2008-06-02 19:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-02 19:07 --------- d-----w C:\Program Files\EA GAMES
    2008-06-02 19:06 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-06-02 17:53 --------- d-----w C:\Program Files\Avira
    2008-06-02 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
    2008-06-02 17:33 --------- d-----w C:\Program Files\ATI Technologies
    2008-06-02 17:31 --------- d-----w C:\Program Files\SiSLan
    2008-06-02 17:30 --------- d-----w C:\Program Files\Analog Devices
    2008-06-02 16:56 --------- d-----w C:\Program Files\microsoft frontpage
    2008-06-02 16:54 --------- d-----w C:\Program Files\Services en ligne
    .

    ((((((((((((((((((((((((((((( snapshot@2008-07-07_10.19.29.03 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-07-07 21:51:22 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2008-07-07 21:51:32 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2008-07-07 21:51:32 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2008-07-07 21:51:34 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2008-07-07 21:51:29 2,878,976 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    + 2008-07-07 21:51:15 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2008-07-07 21:51:15 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2008-07-07 21:51:39 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2008-07-07 21:51:25 5,025,792 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    + 2008-07-07 21:51:21 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2008-07-07 21:51:14 503,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2008-07-07 21:51:16 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2008-07-07 21:51:31 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2008-07-07 21:51:31 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2008-07-07 21:51:31 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2008-07-07 21:51:18 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2008-07-07 21:51:19 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2008-07-07 21:51:19 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2008-07-07 21:51:20 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2008-07-07 21:51:16 745,472 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2008-07-07 21:51:42 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2008-07-07 21:51:41 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2008-07-07 21:51:13 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    + 2008-07-07 21:51:41 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2008-07-07 21:51:42 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2008-07-07 21:51:14 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2008-07-07 21:51:13 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2008-07-07 21:51:14 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2008-07-07 21:51:37 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2008-07-07 21:51:22 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2008-07-07 21:51:37 389,120 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2008-07-07 21:51:35 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2008-07-07 21:51:16 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2008-07-07 21:51:30 5,050,368 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2008-07-07 21:51:23 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2008-07-07 21:51:23 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2008-07-07 21:51:23 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2008-07-07 21:51:38 700,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2008-07-07 21:51:35 368,640 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2008-07-07 21:51:39 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2008-07-07 21:51:36 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2008-07-07 21:51:36 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2008-07-07 21:51:21 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2008-07-07 21:51:24 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2008-07-07 21:51:40 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2008-07-07 21:51:26 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    + 2008-07-07 21:51:26 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2008-07-07 21:51:28 5,316,608 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2008-07-07 21:51:28 2,035,712 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    + 2008-07-07 21:51:38 3,018,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2008-07-08 14:59:00 26,624 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\b10481a48cc3b74aba28eb8eedc24d69\Accessibility.ni.dll
    + 2008-07-08 14:59:04 860,160 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b9da635eec3d3c4b88fcec9b017ceaa5\AspNetMMCExt.ni.dll
    + 2008-07-08 14:59:06 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\08dae506cfb3614e9aaa2f0e25da9e97\CustomMarshalers.ni.dll
    + 2008-07-08 14:59:05 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\229f2a278c1ead4b830ebb3a02be3c09\dfsvc.ni.exe
    + 2008-07-08 14:59:08 880,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\492ae2e8a0faa344a38aaa580b97e204\Microsoft.Build.Engine.ni.dll
    + 2008-07-08 14:59:09 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\f11b22ce25125440b189ea87459be8ba\Microsoft.Build.Framework.ni.dll
    + 2008-07-08 14:59:13 1,691,648 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\14c74cc85e6b214e8608a289550033b3\Microsoft.Build.Tasks.ni.dll
    + 2008-07-08 14:59:14 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\7c767357ce03234fbd4c3176ba3b8f31\Microsoft.Build.Utilities.ni.dll
    + 2008-07-08 14:59:17 1,724,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\0bc28b42f0c426439f2afe1857cc4033\Microsoft.VisualBasic.ni.dll
    + 2008-07-07 21:52:41 11,415,552 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\14347d2b73fba548a68a7aabf495df07\mscorlib.ni.dll
    + 2008-07-08 14:59:20 962,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\2c4336f6006aab4681055546b763b108\System.Configuration.ni.dll
    + 2008-07-07 21:54:23 6,688,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\2e2bb2849037c4489cb75078863a8ef1\System.Data.ni.dll
    + 2008-07-08 14:59:22 1,712,128 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\3964fbe80d2555489d87b9c53fb00065\System.Deployment.ni.dll
    + 2008-07-07 21:54:46 10,723,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\355bd7ddee5f1945ab242388441fcadf\System.Design.ni.dll
    + 2008-07-08 14:59:25 1,220,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\b13d4cb7db8dd04ea0d17edae0f3e661\System.DirectoryServices.ni.dll
    + 2008-07-08 14:59:26 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\fbaa22fa5a5f024799ea8c67e113fbfb\System.DirectoryServices.Protocols.ni.dll
    + 2008-07-07 21:53:16 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\f79c670903c78847868415629d700930\System.Drawing.Design.ni.dll
    + 2008-07-07 21:53:21 1,626,112 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\918a65297062dd46b820499596c30a41\System.Drawing.ni.dll
    + 2008-07-08 14:59:28 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\0bc03eefd8c39944a2fa0e045b017458\System.EnterpriseServices.ni.dll
    + 2008-07-08 14:59:28 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\0bc03eefd8c39944a2fa0e045b017458\System.EnterpriseServices.Wrapper.dll
    + 2008-07-08 14:59:29 729,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\3489470650494f48a6014ae05d956eb7\System.Security.ni.dll
    + 2008-07-08 14:59:31 684,032 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\e9d64903b587f4498a2f495f430688ea\System.Transactions.ni.dll
    + 2008-07-08 16:30:47 2,310,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\a47b483552e8b04b9a953c8bc85c2c1d\System.Web.Mobile.ni.dll
    + 2008-07-08 16:30:48 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\f09e559846c0f848b1134c366a78adb5\System.Web.RegularExpressions.ni.dll
    + 2008-07-08 16:30:52 1,945,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\dc60876f5c0dc243b4986b6c1ee38442\System.Web.Services.ni.dll
    + 2008-07-08 16:30:39 11,808,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d15d9fd915a7fa4baec1779cd4d0992f\System.Web.ni.dll
    + 2008-07-07 21:53:55 13,107,200 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e524063b6ccd94ab8a833166d27bece\System.Windows.Forms.ni.dll
    + 2008-07-07 21:54:09 5,640,192 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3073f9fb0221b645a58a0c53bfb4f763\System.Xml.ni.dll
    + 2008-07-07 21:53:12 8,093,696 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\fda879d6c30ff54f93714486abc41c5a\System.ni.dll
    + 2004-08-19 20:09:20 61,440 -c----w C:\WINDOWS\ie7\admparse.dll
    + 2004-08-19 20:09:20 101,888 -c----w C:\WINDOWS\ie7\advpack.dll
    + 2004-08-19 20:09:22 35,328 -c----w C:\WINDOWS\ie7\corpol.dll
    + 2006-06-02 19:32:20 33,792 -c----w C:\WINDOWS\ie7\custsat.dll
    + 2008-04-21 07:02:28 357,888 -c----w C:\WINDOWS\ie7\dxtmsft.dll
    + 2008-04-21 07:02:28 205,312 -c----w C:\WINDOWS\ie7\dxtrans.dll
    + 2008-04-21 07:02:28 55,808 -c----w C:\WINDOWS\ie7\extmgr.dll
    + 2004-08-19 20:09:28 38,912 -c----w C:\WINDOWS\ie7\hmmapi.dll
    + 2004-08-19 20:09:56 34,304 -c----w C:\WINDOWS\ie7\ie4uinit.exe
    + 2004-08-19 20:09:28 139,264 -c----w C:\WINDOWS\ie7\ieakeng.dll
    + 2004-08-19 20:09:28 221,696 -c----w C:\WINDOWS\ie7\ieaksie.dll
    + 2002-08-30 12:00:00 245,760 -c----w C:\WINDOWS\ie7\ieakui.dll
    + 2004-08-19 20:09:28 323,584 -c----w C:\WINDOWS\ie7\iedkcs32.dll
    + 2008-04-17 10:52:54 18,432 -c----w C:\WINDOWS\ie7\iedw.exe
    + 2004-08-19 20:09:28 81,920 -c----w C:\WINDOWS\ie7\ieencode.dll
    + 2008-04-21 07:02:29 251,392 -c----w C:\WINDOWS\ie7\iepeers.dll
    + 2004-08-19 20:09:28 49,152 -c----w C:\WINDOWS\ie7\iernonce.dll
    + 2004-08-19 20:09:28 63,488 -c----w C:\WINDOWS\ie7\iesetup.dll
    + 2004-08-19 20:09:56 93,184 -c----w C:\WINDOWS\ie7\iexplore.exe
    + 2004-08-19 20:09:30 35,840 -c----w C:\WINDOWS\ie7\imgutil.dll
    + 2008-04-21 07:02:29 96,768 -c----w C:\WINDOWS\ie7\inseng.dll
    + 2007-12-18 14:41:58 450,560 -c----w C:\WINDOWS\ie7\jscript.dll
    + 2008-04-21 07:02:29 16,384 -c----w C:\WINDOWS\ie7\jsproxy.dll
    + 2004-08-19 20:09:32 22,528 -c----w C:\WINDOWS\ie7\licmgr10.dll
    + 2004-08-19 20:10:00 29,184 -c----w C:\WINDOWS\ie7\mshta.exe
    + 2008-04-21 07:02:34 3,080,704 -c----w C:\WINDOWS\ie7\mshtml.dll
    + 2008-04-21 07:02:34 449,024 -c----w C:\WINDOWS\ie7\mshtmled.dll
    + 2004-08-19 20:08:28 57,344 -c----w C:\WINDOWS\ie7\mshtmler.dll
    + 2002-08-30 12:00:00 146,432 -c----w C:\WINDOWS\ie7\msls31.dll
    + 2008-04-21 07:02:34 146,432 -c----w C:\WINDOWS\ie7\msrating.dll
    + 2008-04-21 07:02:35 532,480 -c----w C:\WINDOWS\ie7\mstime.dll
    + 2004-08-19 20:09:38 97,280 -c----w C:\WINDOWS\ie7\occache.dll
    + 2008-04-21 07:02:35 39,424 -c----w C:\WINDOWS\ie7\pngfilt.dll
    + 2007-09-26 22:34:42 33,472 -c----w C:\WINDOWS\ie7\spuninst\iecustom.dll
    + 2007-09-26 22:32:30 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
    + 2006-09-06 21:43:28 216,800 -c----w C:\WINDOWS\ie7\spuninst\spuninst.exe
    + 2006-09-06 21:43:30 394,976 -c----w C:\WINDOWS\ie7\spuninst\updspapi.dll
    + 2004-08-19 20:09:48 37,888 -c----w C:\WINDOWS\ie7\url.dll
    + 2008-04-21 07:02:39 617,984 -c----w C:\WINDOWS\ie7\urlmon.dll
    + 2007-12-18 14:41:59 417,792 -c----w C:\WINDOWS\ie7\vbscript.dll
    + 2007-06-26 13:56:54 851,968 -c----w C:\WINDOWS\ie7\vgx.dll
    + 2004-08-19 20:09:48 281,600 -c----w C:\WINDOWS\ie7\webcheck.dll
    + 2008-04-21 07:02:40 663,552 -c----w C:\WINDOWS\ie7\wininet.dll
    + 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
    + 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
    + 2007-08-13 22:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
    + 2007-08-13 22:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
    + 2007-08-13 22:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
    + 2007-08-13 22:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
    + 2007-08-13 22:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
    + 2007-08-13 22:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
    + 2007-08-13 22:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
    + 2007-08-13 22:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
    + 2007-08-13 22:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
    + 2007-08-13 21:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
    + 2007-02-12 20:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dat
    + 2007-07-11 16:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
    + 2007-08-13 22:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
    + 2007-08-13 22:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
    + 2007-08-13 22:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
    + 2007-08-13 22:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
    + 2007-08-13 22:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
    + 2007-08-13 22:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
    + 2007-08-13 22:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
    + 2007-08-13 22:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
    + 2007-08-13 22:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
    + 2007-08-13 22:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
    + 2007-08-13 22:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
    + 2007-08-13 22:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
    + 2007-08-13 22:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
    + 2007-08-13 22:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
    + 2007-08-13 22:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
    + 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
    + 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
    + 2007-08-13 22:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
    + 2007-08-13 22:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
    + 2007-08-13 22:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
    + 2007-08-13 22:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
    + 2008-07-09 14:05:28 2,678 ----a-w C:\WINDOWS\java\Packages\Data\2FTFV3H3.DAT
    + 2008-07-09 14:05:24 2,678 ----a-w C:\WINDOWS\java\Packages\Data\4F5J3DVD.DAT
    + 2008-07-09 14:05:24 2,678 ----a-w C:\WINDOWS\java\Packages\Data\539VF75B.DAT
    + 2008-07-09 14:05:24 2,678 ----a-w C:\WINDOWS\java\Packages\Data\7ZLJB71N.DAT
    + 2008-07-09 14:05:25 2,678 ----a-w C:\WINDOWS\java\Packages\Data\J5V3LBRN.DAT
    + 2008-07-09 14:05:30 2,232 ----a-w C:\WINDOWS\java\Packages\Data\NT3P3V3N.DAT
    - 2003-02-20 23:09:46 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
    + 2005-09-23 11:28:52 72,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
    - 2003-02-20 23:09:32 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
    + 2005-09-23 11:28:52 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
    + 2005-09-23 11:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
    + 2005-09-23 11:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
    + 2005-09-23 11:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
    - 2003-02-20 22:43:50 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
    + 2005-09-23 11:28:52 86,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
    + 2005-09-23 11:28:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
    + 2005-09-23 11:28:42 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
    + 2005-09-23 11:28:44 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
    + 2005-09-23 11:29:04 183,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
    + 2005-09-23 11:28:28 208,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
    + 2005-09-23 11:28:56 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
    + 2005-09-23 11:28:58 138,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
    + 2005-09-23 11:28:36 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
    + 2005-09-23 11:28:58 55,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
    + 2005-09-23 11:28:32 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
    + 2005-09-23 11:28:32 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
    + 2005-09-23 11:28:32 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
    + 2005-09-23 11:28:32 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
    + 2005-09-23 11:28:32 70,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
    + 2005-09-23 11:28:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
    + 2005-09-23 11:28:32 26,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
    + 2005-09-23 11:28:32 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
    + 2005-09-23 11:28:32 29,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    + 2005-09-23 11:28:32 29,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
    + 2005-09-23 11:28:32 503,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
    + 2005-09-23 11:28:56 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
    + 2005-09-23 11:28:56 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
    + 2005-09-23 11:28:42 76,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
    + 2005-09-23 11:28:42 1,144,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
    + 2005-09-23 11:28:42 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
    + 2005-09-23 11:28:58 17,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
    + 2005-09-23 11:28:56 68,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
    + 2005-09-23 11:28:44 31,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    + 2005-09-23 11:28:38 52,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
    + 2005-09-23 11:28:38 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
    + 2005-09-23 11:29:12 547,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
    + 2005-09-23 11:28:56 788,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
    + 2005-09-23 11:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
    + 2005-09-23 11:28:56 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
    + 2005-09-23 11:28:56 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
    + 2005-09-23 11:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
    + 2005-09-23 11:28:56 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
    + 2005-09-23 11:28:56 224,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
    + 2005-09-23 11:28:56 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
    + 2005-09-23 11:28:56 55,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
    + 2005-09-23 11:28:56 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
    + 2005-09-23 11:28:48 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
    + 2005-09-23 11:01:16 609,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    + 2005-09-23 10:29:48 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1025.dll
    + 2005-09-23 10:32:24 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1028.dll
    + 2005-09-23 10:34:10 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1029.dll
    + 2005-09-23 10:34:12 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1030.dll
    + 2005-09-23 10:34:44 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1031.dll
    + 2005-09-23 10:36:24 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1032.dll
    + 2005-09-23 07:46:14 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1033.dll
    + 2005-09-23 10:38:26 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1035.dll
    + 2005-09-23 10:38:52 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1036.dll
    + 2005-09-23 10:40:30 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1037.dll
    + 2005-09-23 10:40:32 83,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1038.dll
    + 2005-09-23 10:40:56 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1040.dll
    + 2005-09-23 10:42:58 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1041.dll
    + 2005-09-23 10:44:58 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1042.dll
    + 2005-09-23 10:46:38 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1043.dll
    + 2005-09-23 10:46:38 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1044.dll
    + 2005-09-23 10:46:40 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1045.dll
    + 2005-09-23 10:47:04 82,432 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1046.dll
    + 2005-09-23 10:47:30 82,432 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1049.dll
    + 2005-09-23 10:47:32 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1053.dll
    + 2005-09-23 10:47:32 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1055.dll
    + 2005-09-23 10:30:18 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2052.dll
    + 2005-09-23 10:47:06 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2070.dll
    + 2005-09-23 10:29:50 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3076.dll
    + 2005-09-23 10:36:48 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3082.dll
    + 2005-09-23 11:57:06 245,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\unicows.dll
    + 2005-09-23 11:28:48 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
    + 2005-09-23 11:28:48 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
    + 2005-09-23 11:28:48 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
    + 2005-09-23 11:28:48 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
    + 2005-09-23 11:28:48 745,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
    + 2005-09-23 11:29:10 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2005-09-23 11:29:10 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
    + 2005-09-23 11:29:08 667,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
    + 2005-09-23 11:28:30 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
    + 2005-09-23 11:29:10 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
    + 2005-09-23 11:28:30 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
    + 2005-09-23 11:28:30 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2005-09-23 11:28:30 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
    + 2005-09-23 11:28:32 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
    + 2005-09-23 11:28:48 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
    + 2005-09-23 11:28:56 800,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    + 2005-09-23 11:28:56 73,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
    + 2005-09-23 11:28:56 288,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
    + 2005-09-23 11:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
    + 2005-09-23 11:28:56 326,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
    + 2005-09-23 11:28:56 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
    + 2005-09-23 11:28:56 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    + 2005-09-23 11:28:56 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
    + 2005-09-23 11:29:00 330,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
    + 2005-09-23 11:28:56 67,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
    + 2005-09-23 11:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
    + 2005-09-23 11:28:56 226,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
    + 2005-09-23 11:28:56 66,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    + 2005-09-23 11:28:56 10,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
    + 2005-09-23 11:28:50 5,615,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    + 2005-09-23 11:29:00 22,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
    + 2005-09-23 11:28:56 96,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
    + 2005-09-23 11:28:56 14,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
    + 2005-09-23 11:28:56 78,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
    + 2005-09-23 11:28:50 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
    + 2005-09-23 11:28:56 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
    + 2005-09-23 11:28:56 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
    + 2005-09-23 11:29:02 59,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
    + 2005-09-23 11:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
    + 2005-09-23 11:28:56 107,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
    + 2005-09-23 11:29:00 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
    + 2005-09-23 11:28:56 377,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    + 2005-09-23 11:28:56 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
    + 2005-09-23 11:28:58 389,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
    + 2005-09-23 11:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
    + 2005-09-23 11:28:56 2,878,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
    + 2005-09-23 11:28:56 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
    + 2005-09-23 11:28:56 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
    + 2005-09-23 11:28:38 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
    + 2005-09-23 11:28:56 5,050,368 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
    + 2005-09-23 11:28:56 397,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
    + 2005-09-23 11:28:56 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
    + 2005-09-23 11:28:56 3,018,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
    + 2005-09-23 11:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
    + 2005-09-23 11:28:56 700,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
    + 2005-09-23 11:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
    + 2005-09-23 11:28:56 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
    + 2005-09-23 11:28:56 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
    + 2005-09-23 11:28:56 368,640 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
    + 2005-09-23 11:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
    + 2005-09-23 11:28:56 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
    + 2005-09-23 11:28:56 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
    + 2005-09-23 11:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
    + 2005-09-23 11:28:56 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
    + 2005-09-23 11:28:56 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
    + 2005-09-23 11:28:56 5,025,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
    + 2005-09-23 11:28:56 835,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
    + 2005-09-23 11:28:56 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
    + 2005-09-23 11:28:56 823,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
    + 2005-09-23 11:28:56 5,316,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
    + 2005-09-23 11:28:56 2,035,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
    + 2005-09-23 11:28:56 71,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
    + 2005-09-23 11:29:06 1,140,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    + 2005-09-23 11:28:30 1,306,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
    + 2005-09-23 11:28:32 298,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
    + 2005-09-23 11:28:56 28,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
    + 2006-06-02 19:32:20 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll
    + 2006-10-10 12:44:50 557,568 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe
    - 2004-08-19 20:09:20 61,440 ----a-w C:\WINDOWS\system32\admparse.dll
    + 2007-08-13 22:39:20 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
    - 2004-08-19 20:09:20 101,888 ----a-w C:\WINDOWS\system32\advpack.dll
    + 2008-04-23 04:16:39 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
    - 2002-08-30 12:00:00 49,182 ----a-w C:\WINDOWS\system32\clspack.exe
    + 2003-02-28 22:26:26 49,424 ----a-w C:\WINDOWS\system32\clspack.exe
    - 2004-08-19 20:09:22 35,328 ----a-w C:\WINDOWS\system32\corpol.dll
    + 2007-08-13 22:42:54 17,408 ----a-w C:\WINDOWS\system32\corpol.dll
    + 2005-09-23 11:28:38 83,456 ----a-w C:\WINDOWS\system32\dfshim.dll
    + 2007-08-13 22:39:20 71,680 -c----w C:\WINDOWS\system32\dllcache\admparse.dll
    + 2008-04-23 04:16:39 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
    + 2007-08-13 22:42:54 17,408 -c----w C:\WINDOWS\system32\dllcache\corpol.dll
    - 2008-02-20 05:35:05 148,992 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll
    + 2008-06-20 17:41:06 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    - 2008-04-21 07:02:28 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    + 2008-04-23 04:16:39 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    - 2008-04-21 07:02:28 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
    + 2008-04-23 04:16:39 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    - 2008-04-21 07:02:28 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
    + 2008-04-23 04:16:39 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    + 2007-08-13 22:18:02 60,416 -c----w C:\WINDOWS\system32\dllcache\hmmapi.dll
    + 2008-04-22 07:41:08 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    + 2008-04-23 04:16:39 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
    + 2008-04-23 04:16:39 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
    - 2002-08-30 12:00:00 245,760 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    + 2008-04-20 05:07:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    + 2008-04-23 04:16:39 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    - 2008-04-17 10:52:54 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe
    + 2007-08-13 22:44:02 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
    + 2007-08-13 22:45:18 78,336 -c----w C:\WINDOWS\system32\dllcache\ieencode.dll
    - 2008-04-21 07:02:29 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
    + 2007-08-13 22:54:10 191,488 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
    + 2008-04-23 04:16:39 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
    + 2007-08-13 22:39:12 55,296 -c----w C:\WINDOWS\system32\dllcache\iesetup.dll
    + 2008-04-22 07:41:30 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
    + 2007-08-13 22:36:06 36,352 -c----w C:\WINDOWS\system32\dllcache\imgutil.dll
    - 2008-04-21 07:02:29 96,768 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
    + 2007-08-13 22:39:02 92,672 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
    - 2007-12-18 14:41:58 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
    + 2007-08-13 22:38:04 491,520 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
    - 2008-04-21 07:02:29 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
    + 2008-04-23 04:16:40 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    + 2007-08-13 22:44:18 40,960 -c----w C:\WINDOWS\system32\dllcache\licmgr10.dll
    + 2008-02-26 12:00:31 294,912 -c----w C:\WINDOWS\system32\dllcache\msctf.dll
    + 2007-08-13 22:32:30 45,568 -c----w C:\WINDOWS\system32\dllcache\mshta.exe
    - 2008-04-21 07:02:34 3,080,704 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
    + 2008-04-24 02:16:42 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    - 2008-04-21 07:02:34 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
    + 2008-04-23 04:16:40 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    + 2007-08-13 22:01:12 48,128 -c----w C:\WINDOWS\system32\dllcache\mshtmler.dll
    - 2002-08-30 12:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
    + 2007-08-13 22:54:10 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
    - 2008-04-21 07:02:34 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
    + 2008-04-23 04:16:40 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
    - 2008-04-21 07:02:35 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
    + 2008-04-23 04:16:40 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
    + 2008-04-23 04:16:40 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
    - 2008-04-21 07:02:35 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
    + 2008-04-23 04:16:40 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    - 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
    + 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    - 2006-08-16 09:37:30 225,664 -c----w C:\WINDOWS\system32\dllcache\tcpip6.sys
    + 2008-06-20 09:52:06 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
    + 2008-04-23 04:16:40 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
    - 2008-04-21 07:02:39 617,984 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
    + 2008-04-23 04:16:40 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    - 2007-12-18 14:41:59 417,792 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll
    + 2007-08-13 22:54:10 413,696 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
    - 2007-06-26 13:56:54 851,968 -c----w C:\WINDOWS\system32\dllcache\vgx.dll
    + 2007-07-12 23:30:52 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
    + 2008-04-23 04:16:40 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
    + 2007-04-10 18:00:52 236,928 -c----w C:\WINDOWS\system32\dllcache\WgaLogon.dll
    + 2007-04-10 18:01:40 337,280 -c----w C:\WINDOWS\system32\dllcache\WgaTray.exe
    + 2001-08-23 21:47:22 87,040 -c--a-w C:\WINDOWS\system32\dllcache\wiafbdrv.dll
    - 2008-04-21 07:02:40 663,552 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
    + 2008-04-23 04:16:40 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
    - 2008-02-20 05:35:05 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
    + 2008-06-20 17:41:06 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
    - 2008-01-21 22:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
    + 2008-07-18 14:42:32 45,376 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
    - 2008-03-04 17:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
    + 2008-07-18 14:42:32 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
    - 2002-08-30 12:00:00 313,856 ----a-w C:\WINDOWS\system32\dx3j.dll
    + 2003-02-28 20:34:42 313,856 ----a-w C:\WINDOWS\system32\dx3j.dll
    - 2008-04-21 07:02:28 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
    + 2008-04-23 04:16:39 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
    - 2008-04-21 07:02:28 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
    + 2008-04-23 04:16:39 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
    - 2008-04-21 07:02:28 55,808 ------w C:\WINDOWS\system32\extmgr.dll
    + 2008-04-23 04:16:39 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
    + 2005-02-02 20:07:00 1,773,568 ----a-w C:\WINDOWS\system32\gdiplus.dll
    + 2008-04-23 04:16:39 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
    + 2006-06-29 12:05:44 26,112 ------w C:\WINDOWS\system32\idndl.dll
    - 2004-08-19 20:09:56 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
    + 2008-04-22 07:41:08 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
    - 2004-08-19 20:09:28 139,264 ----a-w C:\WINDOWS\system32\ieakeng.dll
    + 2008-04-23 04:16:39 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
    - 2004-08-19 20:09:28 221,696 ----a-w C:\WINDOWS\system32\ieaksie.dll
    + 2008-04-23 04:16:39 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
    - 2002-08-30 12:00:00 245,760 ----a-w C:\WINDOWS\system32\ieakui.dll
    + 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
    + 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
    + 2008-04-23 04:16:39 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
    - 2004-08-19 20:09:28 323,584 ----a-w C:\WINDOWS\system32\iedkcs32.dll
    + 2008-04-23 04:16:39 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
    - 2004-08-19 20:09:28 81,920 ------w C:\WINDOWS\system32\ieencode.dll
    + 2007-08-13 22:45:18 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
    + 2008-04-23 04:16:39 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
    - 2008-04-21 07:02:29 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
    + 2007-08-13 22:54:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
    - 2004-08-19 20:09:28 49,152 ----a-w C:\WINDOWS\system32\iernonce.dll
    + 2008-04-23 04:16:39 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
    + 2008-04-23 04:16:39 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
    - 2004-08-19 20:09:28 63,488 ----a-w C:\WINDOWS\system32\iesetup.dll
    + 2007-08-13 22:39:12 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
    + 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
    + 2007-08-13 22:54:10 180,736 ------w C:\WINDOWS\system32\ieui.dll
    - 2004-08-19 20:09:30 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
    + 2007-08-13 22:36:06 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
    - 2008-04-21 07:02:29 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
    + 2007-08-13 22:39:02 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
    - 2002-08-30 12:00:00 186,911 ----a-w C:\WINDOWS\system32\javacypt.dll
    + 2003-02-28 22:26:16 187,152 ----a-w C:\WINDOWS\system32\javacypt.dll
    - 2002-08-30 12:00:00 63,007 ----a-w C:\WINDOWS\system32\javaprxy.dll
    + 2003-02-28 22:26:18 63,248 ----a-w C:\WINDOWS\system32\javaprxy.dll
    - 2002-08-30 12:00:00 404,509 ----a-w C:\WINDOWS\system32\javart.dll
    + 2003-02-28 22:26:18 404,752 ----a-w C:\WINDOWS\system32\javart.dll
    - 2002-08-30 12:00:00 14,878 ----a-w C:\WINDOWS\system32\jdbgmgr.exe
    + 2003-02-28 22:26:30 15,120 ----a-w C:\WINDOWS\system32\jdbgmgr.exe
    - 2002-08-30 12:00:00 171,034 ----a-w C:\WINDOWS\system32\jit.dll
    + 2003-02-28 22:26:20 171,280 ----a-w C:\WINDOWS\system32\jit.dll
    - 2007-12-18 14:41:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
    + 2007-08-13 22:38:04 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
    - 2008-04-21 07:02:29 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
    + 2008-04-23 04:16:40 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
    - 2002-08-30 12:00:00 172,060 ----a-w C:\WINDOWS\system32\jview.exe
    + 2003-02-28 22:26:30 172,304 ----a-w C:\WINDOWS\system32\jview.exe
    + 2007-04-10 18:02:50 1,476,992 ------w C:\WINDOWS\system32\LegitCheckControl.dll
    + 2003-08-29 13:57:20 197,120 ----a-w C:\WINDOWS\system32\LEX2KUSB.DLL
    + 2003-08-29 13:51:48 147,456 ----a-w C:\WINDOWS\system32\LEXBCE.DLL
    + 2003-08-29 13:54:16 307,200 ----a-w C:\WINDOWS\system32\LEXBCES.EXE
    + 2003-08-29 14:20:06 200,192 ----a-w C:\WINDOWS\system32\LEXLMPM.DLL
    + 2003-08-29 13:49:48 201,216 ----a-w C:\WINDOWS\system32\LEXP2P32.DLL
    + 2003-08-29 13:50:24 174,592 ----a-w C:\WINDOWS\system32\LEXPPS.EXE
    - 2004-08-19 20:09:32 22,528 ----a-w C:\WINDOWS\system32\licmgr10.dll
    + 2007-08-13 22:44:18 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
    + 2003-09-04 01:30:08 73,728 ----a-w C:\WINDOWS\system32\lxbrpwr.dll
    + 2002-11-13 14:40:22 40,960 ----a-w C:\WINDOWS\system32\lxbrvs.dll
    + 2003-03-19 17:19:58 1,060,864 ----a-w C:\WINDOWS\system32\MFC71.dll
    + 2003-03-19 17:12:10 1,047,552 ----a-w C:\WINDOWS\system32\MFC71u.dll
    + 2008-06-25 13:15:48 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe
    - 2002-08-30 12:00:00 154,140 ----a-w C:\WINDOWS\system32\msawt.dll
    + 2003-02-28 22:26:20 154,384 ----a-w C:\WINDOWS\system32\msawt.dll
    + 2004-02-23 05:00:00 78,848 ----a-w C:\WINDOWS\system32\MSBIND.DLL
    - 2004-07-15 03:34:06 16,896 ----a-w C:\WINDOWS\system32\mscorier.dll
    + 2005-09-23 11:28:52 150,016 ----a-w C:\WINDOWS\system32\mscorier.dll
    - 2003-02-20 23:09:14 106,496 ----a-w C:\WINDOWS\system32\mscories.dll
    + 2005-09-23 11:28:52 74,240 ----a-w C:\WINDOWS\system32\mscories.dll
    - 2004-08-19 20:09:34 294,400 ----a-w C:\WINDOWS\system32\msctf.dll
    + 2008-02-26 12:00:31 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
    + 2008-04-23 04:16:40 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
    + 2008-04-23 04:16:40 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
    + 2007-08-13 22:36:40 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
    - 2004-08-19 20:10:00 29,184 ----a-w C:\WINDOWS\system32\mshta.exe
    + 2007-08-13 22:32:30 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
    - 2008-04-21 07:02:34 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll
    + 2008-04-24 02:16:42 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
    - 2008-04-21 07:02:34 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
    + 2008-04-23 04:16:40 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
    - 2004-08-19 20:08:28 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll
    + 2007-08-13 22:01:12 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
    - 2002-08-30 12:00:00 945,693 ----a-w C:\WINDOWS\system32\msjava.dll
    + 2003-02-28 22:26:26 947,472 ----a-w C:\WINDOWS\system32\msjava.dll
    - 2002-08-30 12:00:00 21,023 ----a-w C:\WINDOWS\system32\msjdbc10.dll
    + 2003-02-28 22:26:26 21,264 ----a-w C:\WINDOWS\system32\msjdbc10.dll
    - 2002-08-30 12:00:00 146,432 ----a-w C:\WINDOWS\system32\msls31.dll
    + 2007-08-13 22:54:10 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
    - 2008-04-21 07:02:34 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
    + 2008-04-23 04:16:40 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
    - 2008-04-21 07:02:35 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
    + 2008-04-23 04:16:40 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
    - 2004-08-19 20:09:36 1,392,671 ----a-w C:\WINDOWS\system32\msvbvm60.dll
    + 2004-11-13 01:27:23 1,386,496 ----a-w C:\WINDOWS\system32\MSVBVM60.DLL
    + 2003-08-27 19:43:16 499,712 ----a-w C:\WINDOWS\sy
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    le rapport n est pas complet

    envoi aussi un nouveau rapport hijackthis stp
    0
  7. chester57 Messages postés 26 Date d'inscription   Statut Membre Dernière intervention  
     
    c'est le rapport complet qui était dans c:/combofix/combofix.txt

    Je reçois toujours un popup, qui m'averti d'un risque c'est Windows security alert, je crois bien que c'est une connerie qui tente d'impersonnifier Mon systeme d'exploitation. Je suis pas sure.. parce que il faut etre vraiment con pour copier le nom d'une compagnie qui fait des milliards de dollars.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:09, on 2008-07-19
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\All Users\Application Data\zibapcnm\hcrydcrc.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\exgzkzsh.exe
    C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Valve\Steam\Steam.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\exgzkzsh.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\Will\Bureau\fixes\omgsuxor.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [8ccbda41] rundll32.exe "C:\WINDOWS\system32\rtfqyvyn.dll",b
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
    O4 - HKLM\..\Run: [lphcvedj0enc7] C:\WINDOWS\system32\lphcvedj0enc7.exe
    O4 - HKLM\..\Run: [SMrhcredj0enc7] C:\Program Files\rhcredj0enc7\rhcredj0enc7.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [GenProc] C:\WINDOWS\system32\hehqjuzs.exe
    O4 - HKCU\..\Run: [uimsgen] C:\WINDOWS\system32\exgzkzsh.exe
    O4 - HKLM\..\Policies\Explorer\Run: [9rYUvdUVir] C:\Documents and Settings\All Users\Application Data\zibapcnm\hcrydcrc.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O21 - SSODL: ActChkSet - {58A95214-1550-3AF6-167A-07E21AF846E3} - C:\Program Files\zehgftf\ActChkSet.dll (file missing)
    O21 - SSODL: HlpProcAct - {30D627F7-0436-D748-F525-01F41F7CF67A} - C:\Program Files\posgofb\HlpProcAct.dll (file missing)
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    0
  8. Utilisateur anonyme
     
    oui c normal pour le message (pub) car il reste quelques merdouille

    le scan hijackthis est pas bon : Scan saved at 18:09, on 2008-07-19

    et il me faut la fin du rapport combofix qui ressemble a ça :

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
    2008-05-24 06:48 1470488 --a------ C:\Program Files\P2P_Energy\tbP2P1.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "C:\Program Files\P2P_Energy\tbP2P1.dll" [2008-05-24 06:48 1470488]

    [HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c­3a}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "C:\Program Files\P2P_Energy\tbP2P1.dll" [2008-05-24 06:48 1470488]

    [HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c­3a}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion­\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe&­quot; [2004-08-19 17:09 15360]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­n\Run]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-03-30 14:55 185896]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2008-04-16 17:56 985440]
    "EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYST­EM\EM_EXEC.EXE" [2002-07-01 09:50 28672]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCh­eck.exe" [2001-07-09 11:50 155648]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 10:06 88363 C:\WINDOWS\AGRSMMSG.exe]
    "SoundMan"="SOUNDMAN.EXE" [2006-07-21 17:14 86016 C:\WINDOWS\SoundMan.exe]
    "AlcWzrd"="ALCWZRD.EXE" [2006-05-04 17:26 2808832 C:\WINDOWS\alcwzrd.exe]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion­\policies\explorer]
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    "NoDesktopCleanupWizard"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)
    "NoStrCmpLogical"= 0 (0x0)
    "NoInstrumentation"= 0 (0x0)

    [HKEY_USERS\.default\software\microsoft\windows\currentversi­on\policies\explorer]
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    "NoDesktopCleanupWizard"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.YV12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    "DisablePagingExecutive"=dword:00000001
    "SecondLevelDataCache"=dword:00000200

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\stan­dardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\stan­dardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Shareaza\\Shareaza.exe"=
    "C:\\Program Files\\BitLord\\BitLord.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\stan­dardprofile\GloballyOpenPorts\List]
    "6346:TCP"= 6346:TCP:Shareaza
    "6346:UDP"= 6346:UDP:Shareaza

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
    S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-05-30 16:49]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion­\explorer\mountpoints2\{2de2add1-ded7-11dc-9439-000feace6d0d­}]
    \Shell\AutoRun\command - J:\start.exe
    \Shell\iledefrance\command - J:\start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion­\explorer\mountpoints2\{3294d9a7-f402-11dc-9465-000feace6d0d­}]
    \Shell\AutoRun\command - J:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion­\explorer\mountpoints2\{526eff32-e45b-11dc-9449-000feace6d0d­}]
    \Shell\AutoRun\command - J:\start.exe
    \Shell\iledefrance\command - J:\start.exe
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-07-17 17:15:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-07-19 15:04:09 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
    - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
    "2008-07-19 15:04:07 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
    - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{4E57F6E8-BED2-4093-818B-B349EF9964BF} - (no file)
    BHO-{CDA46C9C-A772-4F9C-B9F3-7C7A86EE0013} - (no file)
    BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
    HKCU-Run-Open Remote - C:\DOCUME~1\Dimitri\APPLIC~1\ERRORO~1\Bend Kind Inter.exe
    HKCU-Run-LDM - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

    ************************************************************­**************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-19 22:41:03
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    ************************************************************­**************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\Packs\Crystal XP\YzToolbar\YzToolBar.exe
    C:\Program Files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\verclsid.exe
    .
    ************************************************************­**************
    .
    Temps d'accomplissement: 2008-07-19 22:44:50 - machine was rebooted [Dimitri]
    ComboFix-quarantined-files.txt 2008-07-19 20:44:45

    Pre-Run: 38,755,688,448 octets libres
    Post-Run: 39,316,865,024 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
    C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    294 --- E O F --- 2008-07-10 18:33:08

    0
  9. chester57 Messages postés 26 Date d'inscription   Statut Membre Dernière intervention  
     
    Bon le bout de corde que j'avais réussis a tirer de ces foutu virus, je l'ai reperdue... la situation ne semble pas s'empirer mais antivirus xp 2008 n'a pas foutu le camp, quel enfoirer, je vais le dire a bill gates que quelqu'un lui fout de la merde sur le dos et le foutu connard qui a fait ce virus aura de gros ennuis.
    0
    1. BOB3
       
      Salut chester,

      verifis dans :proprieté internet explorer, Confidentialité, Parametres-->>>et tu vires tout ce que tu trouves dans sites autorisés.
      BOB3
      0
  10. Utilisateur anonyme
     
    Bon le bout de corde que j'avais réussis a tirer de ces foutu virus, je l'ai reperdue... la situation ne semble pas s'empirer mais antivirus xp 2008 n'a pas foutu le camp

    oui comme je t ai dis il reste des fichers a supprimer comme tu peux pas me donner le rapport combofix au complet fais ceci :

    Télécharge sur ton bureau DSS (ex Comboscan) de Deckard:

    http://deckard.geekstogo.com/dss.exe

    (choisis enregistrer, puis Bureau comme emplacement)

    Ferme toutes les applications en cours.

    Double-clic sur DSS.exe pour lancer l'outil.

    Une fenêtre s'ouvre, invitant à fermer toutes les applications, clique sur OK.

    A la fin de l'analyse, une fenêtre s'ouvre, clique sur OK.

    Le rapport main.txt va s'afficher, copie le dans ta prochaine réponse.
    Si un rapport complémentaire a été créé ( extra.txt ), poste le aussi dans ta réponse.

    Les rapports sont ici :
    (!) C:\Deckard\System Scanner\main.txt
    (!) C:\Deckard\System Scanner\extra.txt

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    0
  11. chester57 Messages postés 26 Date d'inscription   Statut Membre Dernière intervention  
     
    Deckard's System Scanner v20071014.68
    Run by Will on 2008-07-20 15:20:21
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Failed to create restore point; System Restore is disabled (service is not running).

    Backed up registry hives.
    Performed disk cleanup.

    -- HijackThis (run as Will.exe) ------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:23, on 2008-07-20
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\All Users\Application Data\zibapcnm\hcrydcrc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
    C:\WINDOWS\system32\lphcvedj0enc7.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\hehqjuzs.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
    C:\Program Files\Valve\Steam\Steam.exe
    C:\Documents and Settings\Will\Bureau\dss.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
    C:\DOCUME~1\Will\Bureau\fixes\Will.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [8ccbda41] rundll32.exe "C:\WINDOWS\system32\rtfqyvyn.dll",b
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
    O4 - HKLM\..\Run: [lphcvedj0enc7] C:\WINDOWS\system32\lphcvedj0enc7.exe
    O4 - HKLM\..\Run: [SMrhcredj0enc7] C:\Program Files\rhcredj0enc7\rhcredj0enc7.exe
    O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [GenProc] C:\WINDOWS\system32\hehqjuzs.exe
    O4 - HKCU\..\Run: [uimsgen] C:\WINDOWS\system32\exgzkzsh.exe
    O4 - HKCU\..\Run: [msgchk] C:\WINDOWS\system32\tctidkvo.exe
    O4 - HKLM\..\Policies\Explorer\Run: [9rYUvdUVir] C:\Documents and Settings\All Users\Application Data\zibapcnm\hcrydcrc.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O21 - SSODL: ActChkSet - {58A95214-1550-3AF6-167A-07E21AF846E3} - C:\Program Files\zehgftf\ActChkSet.dll (file missing)
    O21 - SSODL: HlpProcAct - {30D627F7-0436-D748-F525-01F41F7CF67A} - C:\Program Files\posgofb\HlpProcAct.dll (file missing)
    O21 - SSODL: cmdweb - {6877326A-BA76-455E-248D-0A7267B9760A} - C:\Program Files\janivv\cmdweb.dll (file missing)
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    0
  12. Utilisateur anonyme
     
    Copie le texte ci-dessous :

    File::
    C:\WINDOWS\system32\blphcvedj0enc7.scr
    C:\WINDOWS\system32\tctidkvo.exe
    C:\WINDOWS\system32\fghihcrc.exe
    C:\WINDOWS\system32\kfutsxgr.exe
    C:\WINDOWS\system32\lphcvedj0enc7.exe
    C:\WINDOWS\system32\exgzkzsh.exe
    C:\WINDOWS\system32\hehqjuzs.exe
    C:\WINDOWS\system32\sysrest3­2.exe
    C:\Documents and Settings\All Users\Application Data\zibapcnm\hcrydcrc.exe

    Folder::
    C:\Documents and Settings\Will\Application Data\rhcredj0enc7
    C:\Program Files\rhcredj0enc7
    C:\Program Files\zehgftf
    C:\Program Files\posgofb
    C:\Program Files\janivv

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­n\Run]
    "8ccbda41"=-
    "lphcvedj0enc7"=-
    "SMrhcredj0enc7"=-
    "sysrest32.exe"=
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion­\Run]
    "GenProc"=-
    "uimsgen"=-
    "msgchk"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversio­n\policies\explorer\Run]
    "9rYUvdUVir"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­n\ShellServiceObjectDelayLoad]
    "ActChkSet"=-
    "HlpProcAct"=-
    "cmdweb"=-

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    0
  13. chester57 Messages postés 26 Date d'inscription   Statut Membre Dernière intervention  
     
    ComboFix 08-07-18.5 - Will 2008-07-20 21:30:24.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.210 [GMT -4:00]
    Endroit: C:\Documents and Settings\Will\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Will\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE ::
    C:\Documents and Settings\All Users\Application Data\zibapcnm\hcrydcrc.exe
    C:\WINDOWS\system32\blphcvedj0enc7.scr
    C:\WINDOWS\system32\exgzkzsh.exe
    C:\WINDOWS\system32\fghihcrc.exe
    C:\WINDOWS\system32\hehqjuzs.exe
    C:\WINDOWS\system32\kfutsxgr.exe
    C:\WINDOWS\system32\lphcvedj0enc7.exe
    C:\WINDOWS\system32\sysrest3­2.exe
    C:\WINDOWS\system32\tctidkvo.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\zibapcnm\hcrydcrc.exe
    C:\Documents and Settings\Will\Application Data\rhcredj0enc7
    C:\WINDOWS\system32\blphcvedj0enc7.scr
    C:\WINDOWS\system32\exgzkzsh.exe
    C:\WINDOWS\system32\fghihcrc.exe
    C:\WINDOWS\system32\hehqjuzs.exe
    C:\WINDOWS\system32\kfutsxgr.exe
    C:\WINDOWS\system32\lphcvedj0enc7.exe
    C:\WINDOWS\system32\phcvedj0enc7.bmp
    C:\WINDOWS\system32\sysrest.sys
    C:\WINDOWS\system32\tctidkvo.exe
    .
    ---- Previous Run -------
    .
    C:\Documents and Settings\Will\Application Data\rhcredj0enc7
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\blphcvedj0enc7.scr
    C:\WINDOWS\system32\darqleay.ini
    C:\WINDOWS\system32\ecokok.dll
    C:\WINDOWS\system32\ljdalvrt.dll
    C:\WINDOWS\system32\ljJBrOFX.dll
    C:\WINDOWS\system32\lphcvedj0enc7.exe
    C:\WINDOWS\system32\lsmuectj.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\msssc.dll
    C:\WINDOWS\system32\nyvyqftr.ini
    C:\WINDOWS\system32\oriytrwx.ini
    C:\WINDOWS\system32\phcvedj0enc7.bmp
    C:\WINDOWS\system32\pphcvedj0enc7.exe
    C:\WINDOWS\system32\rtfqyvyn.dll
    C:\WINDOWS\system32\wirjdh.dll
    C:\WINDOWS\system32\XFOrBJjl.ini
    C:\WINDOWS\system32\XFOrBJjl.ini2
    C:\WINDOWS\system32\xkqgskre.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_SYSREST.SYS
    -------\Service_sysrest.sys
    -------\Legacy_SYSREST.SYS
    -------\Service_sysrest.sys

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-21 to 2008-07-21 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-20 15:19 . 2008-07-20 15:19 <REP> d-------- C:\Deckard
    2008-07-19 16:30 . 2008-07-19 16:30 <REP> d-------- C:\Program Files\uTorrent
    2008-07-19 16:29 . 2008-07-19 16:34 <REP> d-------- C:\Documents and Settings\Will\Application Data\uTorrent
    2008-07-19 12:55 . 2008-07-19 12:55 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-19 12:55 . 2008-07-19 12:55 <REP> d-------- C:\Documents and Settings\Will\Application Data\Malwarebytes
    2008-07-19 12:55 . 2008-07-19 12:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-19 12:55 . 2008-07-18 19:15 36,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-07-19 12:55 . 2008-07-18 19:15 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-07-19 12:00 . 2008-07-19 12:00 90,112 --a------ C:\WINDOWS\system32\itihobwn.exe
    2008-07-18 22:03 . 2008-07-18 22:03 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
    2008-07-15 22:48 . 2008-07-20 21:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\zibapcnm
    2008-07-11 15:06 . 2008-07-11 15:06 754 --a------ C:\WINDOWS\WORDPAD.INI
    2008-07-10 09:57 . 2008-04-23 00:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-07-10 09:57 . 2007-04-17 05:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-07-10 09:57 . 2007-03-08 01:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-07-10 09:57 . 2008-04-23 00:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-07-10 09:57 . 2008-04-23 00:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-07-10 09:57 . 2008-04-23 00:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-07-10 09:57 . 2008-04-23 00:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
    2008-07-10 09:57 . 2008-04-23 00:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-07-10 09:57 . 2008-04-22 03:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-07-09 10:21 . 2008-07-10 16:50 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-07-09 10:18 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
    2008-07-09 10:05 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
    2008-07-09 10:05 . 2003-02-28 18:26 46,352 --a------ C:\WINDOWS\setdebug.exe
    2008-07-09 10:05 . 2003-02-28 16:54 7,315 --a------ C:\WINDOWS\system32\javasup.vxd
    2008-07-09 10:05 . 2003-02-28 16:35 6,550 --a------ C:\WINDOWS\jautoexp.dat
    2008-07-09 10:05 . 2008-07-10 16:49 1,374 --a------ C:\WINDOWS\imsins.BAK
    2008-07-09 10:05 . 2003-02-28 16:38 113 --a------ C:\WINDOWS\system32\zonedon.reg
    2008-07-09 10:05 . 2003-02-28 16:38 113 --a------ C:\WINDOWS\system32\zonedoff.reg
    2008-07-09 10:01 . 2008-07-09 10:01 <REP> d-------- C:\Program Files\CCleaner
    2008-07-08 17:13 . 2008-07-08 17:16 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-07-08 14:42 . 2004-07-20 17:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
    2008-07-08 14:42 . 2004-07-20 17:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
    2008-07-08 14:42 . 2004-07-20 17:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
    2008-07-08 14:42 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
    2008-07-08 14:42 . 2004-07-20 17:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
    2008-07-08 14:42 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
    2008-07-08 13:46 . 2008-07-08 14:00 <REP> d-------- C:\Program Files\Lexmark 3100 Series
    2008-07-08 13:46 . 2008-07-08 13:46 <REP> d-------- C:\Lxk3100
    2008-07-08 13:46 . 1997-04-18 11:49 298,496 --a------ C:\WINDOWS\unin040c.exe
    2008-07-08 13:46 . 2003-09-03 23:56 69,632 --a------ C:\WINDOWS\system32\lxbrscin.dll
    2008-07-08 13:46 . 2003-09-03 23:56 57,344 --a------ C:\WINDOWS\system32\lxbrcinf.dll
    2008-07-08 13:46 . 2003-09-03 23:56 49,152 --a------ C:\WINDOWS\system32\lxbrcoin.dll
    2008-07-08 13:46 . 2003-02-12 10:12 181 --a------ C:\WINDOWS\system32\lxbrcoin.ini
    2008-07-08 13:38 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-07-08 13:38 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-07-07 17:55 . 2008-07-07 17:55 <REP> d-------- C:\Program Files\CDBurnerXP
    2008-07-07 17:55 . 2008-07-07 17:55 <REP> d-------- C:\Documents and Settings\Will\Application Data\Canneverbe_Limited
    2008-07-07 17:43 . 2008-07-07 17:43 <REP> d-------- C:\Documents and Settings\Will\Application Data\Ahead
    2008-07-07 17:42 . 2008-07-07 17:42 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
    2008-07-07 17:42 . 2008-07-07 17:42 <REP> d-------- C:\Program Files\Ahead
    2008-07-07 17:42 . 2001-07-06 13:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
    2008-07-07 17:42 . 2001-07-06 11:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
    2008-07-07 17:42 . 2001-07-06 17:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
    2008-07-07 17:42 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
    2008-07-07 17:42 . 2003-03-29 15:45 89,184 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
    2008-07-07 17:42 . 2003-09-15 13:56 57,344 --a------ C:\WINDOWS\system32\ImageDrive.cpl
    2008-07-07 17:42 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
    2008-07-07 17:27 . 2008-07-07 17:41 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-07-06 19:23 . 2008-06-02 07:37 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2008-07-06 19:23 . 2008-06-02 07:37 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-07-06 19:23 . 2008-06-02 12:49 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2008-07-06 19:23 . 2008-06-02 07:37 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
    2008-07-06 19:23 . 2008-06-02 07:37 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2008-07-06 19:23 . 2008-06-02 07:37 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
    2008-07-06 19:23 . 2008-06-02 07:37 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-07-06 19:23 . 2008-07-06 19:23 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-07-04 16:14 . 2008-07-04 16:14 <REP> d-------- C:\Program Files\Lavasoft
    2008-07-04 16:14 . 2008-07-04 16:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-07-02 16:49 . 2008-07-02 16:49 94,208 --a------ C:\WINDOWS\DIIUnin.exe
    2008-07-02 16:49 . 2008-07-02 16:56 35,342 --a------ C:\WINDOWS\DIIUnin.dat
    2008-07-02 16:49 . 2008-07-02 16:49 2,829 --a------ C:\WINDOWS\DIIUnin.pif
    2008-06-22 16:06 . 2008-06-23 13:05 <REP> d-------- C:\Program Files\World of Warcraft Trial
    2008-06-22 16:06 . 2008-06-22 16:06 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
    2008-06-22 12:36 . 2008-06-22 12:36 <REP> d-------- C:\Program Files\Ventrilo
    2008-06-22 12:36 . 2008-06-22 12:37 <REP> d-------- C:\Documents and Settings\Will\Application Data\Ventrilo
    2008-06-22 12:35 . 2008-07-04 16:14 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-20 21:47 --------- d-----w C:\Program Files\Diablo II
    2008-07-19 20:29 --------- d-----w C:\Documents and Settings\Will\Application Data\LimeWire
    2008-07-18 02:00 --------- d-----w C:\Program Files\Warcraft III
    2008-07-09 14:05 155,995 ----a-w C:\WINDOWS\java\Packages\Q83ZN9F3.ZIP
    2008-07-04 21:34 --------- d-----w C:\Program Files\Circle Developement
    2008-07-03 23:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-07-02 22:46 --------- d-----w C:\Program Files\Starcraft
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-19 14:48 --------- d-----w C:\Program Files\LimeWire
    2008-06-17 18:04 --------- d-----w C:\Documents and Settings\Will\Application Data\Apple Computer
    2008-06-17 00:15 --------- d-----w C:\Program Files\iTunes
    2008-06-17 00:15 --------- d-----w C:\Program Files\iPod
    2008-06-17 00:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-06-17 00:14 --------- d-----w C:\Program Files\QuickTime
    2008-06-17 00:14 --------- d-----w C:\Program Files\Bonjour
    2008-06-17 00:13 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2008-06-17 00:13 --------- d-----w C:\Program Files\Apple Software Update
    2008-06-17 00:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2008-06-16 18:11 --------- d-----w C:\Documents and Settings\Will\Application Data\gtk-2.0
    2008-06-16 18:08 --------- d-----w C:\Program Files\GIMP-2.0
    2008-06-16 15:32 --------- d-----w C:\Program Files\Robster Productions
    2008-06-15 05:34 --------- d-----w C:\Program Files\Windows Live
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-10 22:50 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-06-10 22:50 --------- d-----w C:\Program Files\Windows Live Favorites
    2008-06-10 22:50 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
    2008-06-10 22:49 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-06-10 22:47 --------- d-----w C:\Program Files\MSN Messenger
    2008-06-10 22:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-06-09 00:21 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-06-09 00:21 --------- d-----w C:\Program Files\Exit hope
    2008-06-08 20:46 --------- d-----w C:\Program Files\Valve
    2008-06-06 01:40 --------- d-----w C:\Documents and Settings\Will\Application Data\MSN6
    2008-06-06 01:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
    2008-06-03 16:12 2,829 ----a-w C:\WINDOWS\War3Unin.pif
    2008-06-03 16:12 139,264 ----a-w C:\WINDOWS\War3Unin.exe
    2008-06-03 15:05 --------- d-----w C:\Program Files\Java
    2008-06-03 15:04 --------- d-----w C:\Program Files\Fichiers communs\Java
    2008-06-02 19:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
    2008-06-02 19:12 70,656 ----a-w C:\WINDOWS\ScUnin.exe
    2008-06-02 19:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-02 19:07 --------- d-----w C:\Program Files\EA GAMES
    2008-06-02 19:06 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-06-02 17:53 --------- d-----w C:\Program Files\Avira
    2008-06-02 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
    2008-06-02 17:33 --------- d-----w C:\Program Files\ATI Technologies
    2008-06-02 17:31 --------- d-----w C:\Program Files\SiSLan
    2008-06-02 17:30 --------- d-----w C:\Program Files\Analog Devices
    2008-06-02 16:56 --------- d-----w C:\Program Files\microsoft frontpage
    2008-06-02 16:54 --------- d-----w C:\Program Files\Services en ligne
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 06:15 106496]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 10:42 266497]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
    "8ccbda41"="C:\WINDOWS\system32\rtfqyvyn.dll" [BU]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "Lexmark 3100 Series"="C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe" [2003-09-03 22:39 106496]
    "lphcvedj0enc7"="C:\WINDOWS\system32\lphcvedj0enc7.exe" [BU]
    "SMrhcredj0enc7"="C:\Program Files\rhcredj0enc7\rhcredj0enc7.exe" [BU]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "ActChkSet"= {58A95214-1550-3AF6-167A-07E21AF846E3} - C:\Program Files\zehgftf\ActChkSet.dll [BU]
    "HlpProcAct"= {30D627F7-0436-D748-F525-01F41F7CF67A} - C:\Program Files\posgofb\HlpProcAct.dll [BU]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Starcraft\\StarCraft.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\chester57\\counter-strike\\hl.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\chester57\\condition zero\\hl.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\chester57\\day of defeat\\hl.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=

    R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
    R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-07-18 10:42]
    R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 15:34]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-07-18 20:58:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-07-21 00:48:06 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:38, on 2008-07-20
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\Will\Bureau\fixes\omgsuxor.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [8ccbda41] rundll32.exe "C:\WINDOWS\system32\rtfqyvyn.dll",b
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
    O4 - HKLM\..\Run: [lphcvedj0enc7] C:\WINDOWS\system32\lphcvedj0enc7.exe
    O4 - HKLM\..\Run: [SMrhcredj0enc7] C:\Program Files\rhcredj0enc7\rhcredj0enc7.exe
    O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [GenProc] C:\WINDOWS\system32\hehqjuzs.exe
    O4 - HKCU\..\Run: [uimsgen] C:\WINDOWS\system32\exgzkzsh.exe
    O4 - HKCU\..\Run: [msgchk] C:\WINDOWS\system32\tctidkvo.exe
    O4 - HKLM\..\Policies\Explorer\Run: [9rYUvdUVir] C:\Documents and Settings\All Users\Application Data\zibapcnm\hcrydcrc.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O21 - SSODL: ActChkSet - {58A95214-1550-3AF6-167A-07E21AF846E3} - C:\Program Files\zehgftf\ActChkSet.dll (file missing)
    O21 - SSODL: HlpProcAct - {30D627F7-0436-D748-F525-01F41F7CF67A} - C:\Program Files\posgofb\HlpProcAct.dll (file missing)
    O21 - SSODL: cmdweb - {6877326A-BA76-455E-248D-0A7267B9760A} - C:\Program Files\janivv\cmdweb.dll (file missing)
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    0
  14. Utilisateur anonyme
     
    un second passage est necessaire

    Copie le texte ci-dessous :

    File::
    C:\WINDOWS\system32\rtfqyvyn.dll&­quot
    C:\WINDOWS\system32\rtfqyvyn.dll
    C:\WINDOWS\system32\lphcvedj­0enc7.exe
    C:\Program Files\rhcredj0enc7\rhcredj0enc7.exe
    C:\Program Files\zehgftf\ActChkSet.dll
    C:\Program Files\posgofb\HlpProcAct.dll

    Folder::
    C:\Program Files\Exit hope
    C:\Program Files\posgofb
    C:\Program Files\zehgftf
    C:\Program Files\rhcredj0enc7

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­n\Run]
    "8ccbda41"=-
    "lphcvedj0enc7"=-
    "SMrhcredj0enc7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­n\ShellServiceObjectDelayLoad]
    "ActChkSet"=-
    "HlpProcAct"=-

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    0
  15. chester57 Messages postés 26 Date d'inscription   Statut Membre Dernière intervention  
     
    Bon j'ai runner Cf mais la j'obtient seulement ce log.

    Malheureusement, j'avais un dossier c:/combofix... mais il a disparue, je n'ai pu trouver de combofix.txt, pourquoi a-t-il été effacer?

    ComboFix 08-07-18.5 - Will 2008-07-20 23:27:46.5 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.240 [GMT -4:00]
    Endroit: C:\Documents and Settings\Will\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Will\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE ::
    C:\Program Files\posgofb\HlpProcAct.dll
    C:\Program Files\rhcredj0enc7\rhcredj0enc7.exe
    C:\Program Files\zehgftf\ActChkSet.dll
    C:\WINDOWS\system32\lphcvedj­0enc7.exe
    C:\WINDOWS\system32\rtfqyvyn.dll
    C:\WINDOWS\system32\rtfqyvyn.dll&­quot
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-06-21 to 2008-07-21 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-20 15:19 . 2008-07-20 15:19 <REP> d-------- C:\Deckard
    2008-07-19 16:30 . 2008-07-19 16:30 <REP> d-------- C:\Program Files\uTorrent
    2008-07-19 16:29 . 2008-07-19 16:34 <REP> d-------- C:\Documents and Settings\Will\Application Data\uTorrent
    2008-07-19 12:55 . 2008-07-19 12:55 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-19 12:55 . 2008-07-19 12:55 <REP> d-------- C:\Documents and Settings\Will\Application Data\Malwarebytes
    2008-07-19 12:55 . 2008-07-19 12:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-19 12:55 . 2008-07-18 19:15 36,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-07-19 12:55 . 2008-07-18 19:15 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-07-19 12:00 . 2008-07-19 12:00 90,112 --a------ C:\WINDOWS\system32\itihobwn.exe
    2008-07-18 22:03 . 2008-07-18 22:03 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
    2008-07-15 22:48 . 2008-07-20 21:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\zibapcnm
    2008-07-11 15:06 . 2008-07-11 15:06 754 --a------ C:\WINDOWS\WORDPAD.INI
    2008-07-10 09:57 . 2008-04-23 00:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-07-10 09:57 . 2007-04-17 05:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-07-10 09:57 . 2007-03-08 01:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-07-10 09:57 . 2008-04-23 00:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-07-10 09:57 . 2008-04-23 00:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-07-10 09:57 . 2008-04-23 00:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-07-10 09:57 . 2008-04-23 00:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
    2008-07-10 09:57 . 2008-04-23 00:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-07-10 09:57 . 2008-04-22 03:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-07-09 10:21 . 2008-07-10 16:50 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-07-09 10:18 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
    2008-07-09 10:05 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
    2008-07-09 10:05 . 2003-02-28 18:26 46,352 --a------ C:\WINDOWS\setdebug.exe
    2008-07-09 10:05 . 2003-02-28 16:54 7,315 --a------ C:\WINDOWS\system32\javasup.vxd
    2008-07-09 10:05 . 2003-02-28 16:35 6,550 --a------ C:\WINDOWS\jautoexp.dat
    2008-07-09 10:05 . 2008-07-10 16:49 1,374 --a------ C:\WINDOWS\imsins.BAK
    2008-07-09 10:05 . 2003-02-28 16:38 113 --a------ C:\WINDOWS\system32\zonedon.reg
    2008-07-09 10:05 . 2003-02-28 16:38 113 --a------ C:\WINDOWS\system32\zonedoff.reg
    2008-07-09 10:01 . 2008-07-09 10:01 <REP> d-------- C:\Program Files\CCleaner
    2008-07-08 17:13 . 2008-07-08 17:16 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-07-08 14:42 . 2004-07-20 17:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
    2008-07-08 14:42 . 2004-07-20 17:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
    2008-07-08 14:42 . 2004-07-20 17:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
    2008-07-08 14:42 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
    2008-07-08 14:42 . 2004-07-20 17:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
    2008-07-08 14:42 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
    2008-07-08 13:46 . 2008-07-08 14:00 <REP> d-------- C:\Program Files\Lexmark 3100 Series
    2008-07-08 13:46 . 2008-07-08 13:46 <REP> d-------- C:\Lxk3100
    2008-07-08 13:46 . 1997-04-18 11:49 298,496 --a------ C:\WINDOWS\unin040c.exe
    2008-07-08 13:46 . 2003-09-03 23:56 69,632 --a------ C:\WINDOWS\system32\lxbrscin.dll
    2008-07-08 13:46 . 2003-09-03 23:56 57,344 --a------ C:\WINDOWS\system32\lxbrcinf.dll
    2008-07-08 13:46 . 2003-09-03 23:56 49,152 --a------ C:\WINDOWS\system32\lxbrcoin.dll
    2008-07-08 13:46 . 2003-02-12 10:12 181 --a------ C:\WINDOWS\system32\lxbrcoin.ini
    2008-07-08 13:38 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-07-08 13:38 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-07-07 17:55 . 2008-07-07 17:55 <REP> d-------- C:\Program Files\CDBurnerXP
    2008-07-07 17:55 . 2008-07-07 17:55 <REP> d-------- C:\Documents and Settings\Will\Application Data\Canneverbe_Limited
    2008-07-07 17:43 . 2008-07-07 17:43 <REP> d-------- C:\Documents and Settings\Will\Application Data\Ahead
    2008-07-07 17:42 . 2008-07-07 17:42 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
    2008-07-07 17:42 . 2008-07-07 17:42 <REP> d-------- C:\Program Files\Ahead
    2008-07-07 17:42 . 2001-07-06 13:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
    2008-07-07 17:42 . 2001-07-06 11:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
    2008-07-07 17:42 . 2001-07-06 17:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
    2008-07-07 17:42 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
    2008-07-07 17:42 . 2003-03-29 15:45 89,184 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
    2008-07-07 17:42 . 2003-09-15 13:56 57,344 --a------ C:\WINDOWS\system32\ImageDrive.cpl
    2008-07-07 17:42 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
    2008-07-07 17:27 . 2008-07-07 17:41 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-07-06 19:23 . 2008-06-02 07:37 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
    2008-07-06 19:23 . 2008-06-02 07:37 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-07-06 19:23 . 2008-06-02 12:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
    2008-07-06 19:23 . 2008-06-02 07:37 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
    2008-07-06 19:23 . 2008-06-02 07:37 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
    2008-07-06 19:23 . 2008-06-02 07:37 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
    2008-07-06 19:23 . 2008-06-02 07:37 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-07-06 19:23 . 2008-07-06 19:23 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-07-04 16:14 . 2008-07-04 16:14 <REP> d-------- C:\Program Files\Lavasoft
    2008-07-04 16:14 . 2008-07-04 16:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-07-02 16:49 . 2008-07-02 16:49 94,208 --a------ C:\WINDOWS\DIIUnin.exe
    2008-07-02 16:49 . 2008-07-02 16:56 35,342 --a------ C:\WINDOWS\DIIUnin.dat
    2008-07-02 16:49 . 2008-07-02 16:49 2,829 --a------ C:\WINDOWS\DIIUnin.pif
    2008-06-22 16:06 . 2008-06-23 13:05 <REP> d-------- C:\Program Files\World of Warcraft Trial
    2008-06-22 16:06 . 2008-06-22 16:06 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
    2008-06-22 12:36 . 2008-06-22 12:36 <REP> d-------- C:\Program Files\Ventrilo
    2008-06-22 12:36 . 2008-06-22 12:37 <REP> d-------- C:\Documents and Settings\Will\Application Data\Ventrilo
    2008-06-22 12:35 . 2008-07-04 16:14 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-21 02:08 --------- d-----w C:\Program Files\Diablo II
    2008-07-19 20:29 --------- d-----w C:\Documents and Settings\Will\Application Data\LimeWire
    2008-07-18 02:00 --------- d-----w C:\Program Files\Warcraft III
    2008-07-09 14:05 155,995 ----a-w C:\WINDOWS\java\Packages\Q83ZN9F3.ZIP
    2008-07-04 21:34 --------- d-----w C:\Program Files\Circle Developement
    2008-07-03 23:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-07-02 22:46 --------- d-----w C:\Program Files\Starcraft
    2008-07-02 20:55 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
    2008-07-02 20:55 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
    2008-07-02 20:55 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-19 14:48 --------- d-----w C:\Program Files\LimeWire
    2008-06-17 20:20 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
    2008-06-17 18:04 --------- d-----w C:\Documents and Settings\Will\Application Data\Apple Computer
    2008-06-17 00:15 --------- d-----w C:\Program Files\iTunes
    2008-06-17 00:15 --------- d-----w C:\Program Files\iPod
    2008-06-17 00:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-06-17 00:14 --------- d-----w C:\Program Files\QuickTime
    2008-06-17 00:14 --------- d-----w C:\Program Files\Bonjour
    2008-06-17 00:13 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2008-06-17 00:13 --------- d-----w C:\Program Files\Apple Software Update
    2008-06-17 00:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2008-06-16 18:11 --------- d-----w C:\Documents and Settings\Will\Application Data\gtk-2.0
    2008-06-16 18:08 --------- d-----w C:\Program Files\GIMP-2.0
    2008-06-16 15:32 --------- d-----w C:\Program Files\Robster Productions
    2008-06-15 05:34 --------- d-----w C:\Program Files\Windows Live
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-10 22:50 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-06-10 22:50 --------- d-----w C:\Program Files\Windows Live Favorites
    2008-06-10 22:50 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
    2008-06-10 22:49 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-06-10 22:47 --------- d-----w C:\Program Files\MSN Messenger
    2008-06-10 22:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-06-09 00:21 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-06-08 20:46 --------- d-----w C:\Program Files\Valve
    2008-06-06 01:40 --------- d-----w C:\Documents and Settings\Will\Application Data\MSN6
    2008-06-06 01:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
    2008-06-03 16:12 2,829 ----a-w C:\WINDOWS\War3Unin.pif
    2008-06-03 16:12 139,264 ----a-w C:\WINDOWS\War3Unin.exe
    2008-06-03 15:05 --------- d-----w C:\Program Files\Java
    2008-06-03 15:04 --------- d-----w C:\Program Files\Fichiers communs\Java
    2008-06-02 19:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
    2008-06-02 19:12 70,656 ----a-w C:\WINDOWS\ScUnin.exe
    2008-06-02 19:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-02 19:07 --------- d-----w C:\Program Files\EA GAMES
    2008-06-02 19:06 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-06-02 17:53 --------- d-----w C:\Program Files\Avira
    2008-06-02 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
    2008-06-02 17:33 --------- d-----w C:\Program Files\ATI Technologies
    2008-06-02 17:31 --------- d-----w C:\Program Files\SiSLan
    2008-06-02 17:30 --------- d-----w C:\Program Files\Analog Devices
    2008-06-02 16:56 --------- d-----w C:\Program Files\microsoft frontpage
    2008-06-02 16:54 --------- d-----w C:\Program Files\Services en ligne
    2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "GenProc"="C:\WINDOWS\system32\hehqjuzs.exe" [BU]
    "uimsgen"="C:\WINDOWS\system32\exgzkzsh.exe" [BU]
    "msgchk"="C:\WINDOWS\system32\tctidkvo.exe" [BU]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 06:15 106496]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 10:42 266497]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
    "8ccbda41"="C:\WINDOWS\system32\rtfqyvyn.dll" [BU]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "Lexmark 3100 Series"="C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe" [2003-09-03 22:39 106496]
    "lphcvedj0enc7"="C:\WINDOWS\system32\lphcvedj0enc7.exe" [BU]
    "SMrhcredj0enc7"="C:\Program Files\rhcredj0enc7\rhcredj0enc7.exe" [BU]
    "sysrest32.exe"="C:\WINDOWS\system32\sysrest32.exe" [BU]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "9rYUvdUVir"="C:\Documents and Settings\All Users\Application Data\zibapcnm\hcrydcrc.exe" [BU]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "ActChkSet"= {58A95214-1550-3AF6-167A-07E21AF846E3} - C:\Program Files\zehgftf\ActChkSet.dll [BU]
    "HlpProcAct"= {30D627F7-0436-D748-F525-01F41F7CF67A} - C:\Program Files\posgofb\HlpProcAct.dll [BU]
    "cmdweb"= {6877326A-BA76-455E-248D-0A7267B9760A} - C:\Program Files\janivv\cmdweb.dll [BU]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Starcraft\\StarCraft.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\chester57\\counter-strike\\hl.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\chester57\\condition zero\\hl.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\chester57\\day of defeat\\hl.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=

    R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
    R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-07-18 10:42]
    R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 15:34]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-07-18 20:58:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-07-21 02:48:05 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-20 23:29:11
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-20 23:30:00
    ComboFix-quarantined-files.txt 2008-07-21 03:29:54
    ComboFix2.txt 2008-07-21 03:00:20

    Pre-Run: 57,208,717,312 octets libres
    Post-Run: 57,198,850,048 octets libres

    229 --- E O F --- 2008-07-10 20:50:26

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:34:36, on 2008-07-20
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\Will\Bureau\fixes\omgsuxor.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [8ccbda41] rundll32.exe "C:\WINDOWS\system32\rtfqyvyn.dll",b
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
    O4 - HKLM\..\Run: [lphcvedj0enc7] C:\WINDOWS\system32\lphcvedj0enc7.exe
    O4 - HKLM\..\Run: [SMrhcredj0enc7] C:\Program Files\rhcredj0enc7\rhcredj0enc7.exe
    O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [GenProc] C:\WINDOWS\system32\hehqjuzs.exe
    O4 - HKCU\..\Run: [uimsgen] C:\WINDOWS\system32\exgzkzsh.exe
    O4 - HKCU\..\Run: [msgchk] C:\WINDOWS\system32\tctidkvo.exe
    O4 - HKLM\..\Policies\Explorer\Run: [9rYUvdUVir] C:\Documents and Settings\All Users\Application Data\zibapcnm\hcrydcrc.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O21 - SSODL: ActChkSet - {58A95214-1550-3AF6-167A-07E21AF846E3} - C:\Program Files\zehgftf\ActChkSet.dll (file missing)
    O21 - SSODL: HlpProcAct - {30D627F7-0436-D748-F525-01F41F7CF67A} - C:\Program Files\posgofb\HlpProcAct.dll (file missing)
    O21 - SSODL: cmdweb - {6877326A-BA76-455E-248D-0A7267B9760A} - C:\Program Files\janivv\cmdweb.dll (file missing)
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    0
  16. Utilisateur anonyme
     
    ok

    je voudrais que tu refasse un scan complet malewraebyte

    avant tu verifie les mises a jours et tu scan (complet) et tu post le rappor stp
    0
  17. chester57 Messages postés 26 Date d'inscription   Statut Membre Dernière intervention  
     
    Il n'y avait qu'un rapport c'est celui du 19, celui du 21 juillet n'apparait pas... pourquoi?
    0
  18. Utilisateur anonyme
     
    tu as supprimé la selection ??

    encore des soucis ?

    post un rapport DSS
    0
  19. chester57 Messages postés 26 Date d'inscription   Statut Membre Dernière intervention  
     
    Moi je n'ai rien effacer

    Deckard's System Scanner v20071014.68
    Run by Will on 2008-07-21 20:09:30
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- HijackThis (run as Will.exe) ------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:09:38, on 2008-07-21
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
    C:\Program Files\Valve\Steam\Steam.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\Will\Bureau\dss.exe
    C:\DOCUME~1\Will\Bureau\fixes\Will.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [8ccbda41] rundll32.exe "C:\WINDOWS\system32\rtfqyvyn.dll",b
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
    O4 - HKLM\..\Run: [lphcvedj0enc7] C:\WINDOWS\system32\lphcvedj0enc7.exe
    O4 - HKLM\..\Run: [SMrhcredj0enc7] C:\Program Files\rhcredj0enc7\rhcredj0enc7.exe
    O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [GenProc] C:\WINDOWS\system32\hehqjuzs.exe
    O4 - HKCU\..\Run: [uimsgen] C:\WINDOWS\system32\exgzkzsh.exe
    O4 - HKCU\..\Run: [msgchk] C:\WINDOWS\system32\tctidkvo.exe
    O4 - HKLM\..\Policies\Explorer\Run: [9rYUvdUVir] C:\Documents and Settings\All Users\Application Data\zibapcnm\hcrydcrc.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O21 - SSODL: ActChkSet - {58A95214-1550-3AF6-167A-07E21AF846E3} - C:\Program Files\zehgftf\ActChkSet.dll (file missing)
    O21 - SSODL: HlpProcAct - {30D627F7-0436-D748-F525-01F41F7CF67A} - C:\Program Files\posgofb\HlpProcAct.dll (file missing)
    O21 - SSODL: cmdweb - {6877326A-BA76-455E-248D-0A7267B9760A} - C:\Program Files\janivv\cmdweb.dll (file missing)
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    0
  20. Utilisateur anonyme
     
    il faut que tu refasse le scan malewarebyte (complet) et que tu supprime la selection a la fin du scan
    0
  21. chester57 Messages postés 26 Date d'inscription   Statut Membre Dernière intervention  
     
    c'est fait, le log au cas ou.

    Malwarebytes' Anti-Malware 1.22
    Version de la base de données: 973
    Windows 5.1.2600 Service Pack 2

    21:37:48 2008-07-21
    mbam-log-7-21-2008 (21-37-48).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 76693
    Temps écoulé: 32 minute(s), 44 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 5
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 1

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcredj0enc7 (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\rhcredj0enc7 (Rogue.Multiple) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcvedj0enc7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcredj0enc7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\QooBox\Quarantine\C\WINDOWS\system32\pphcvedj0enc7.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    0
  • 1
  • 2