Probleme avec c:\widows\system32\tdssadw.dll

Résolu

spaghetti Messages postés 205 Date d'inscription Statut Membre Dernière intervention -
geoffrey5 Messages postés 13732 Date d'inscription Statut Contributeur sécurité Dernière intervention - 4 sept. 2008 à 03:03

Bonjour,
mon pc a été infecté par le virus qui affiche sur le bureau "your privacy is in danger" avec un fond rouge; je l'ai aussitot scaner en mode sans echec et le seul problème qui me reste c'est l'ouverture fréquente d'une fenêtre à chaque lancement d'un programme.
La fenêtre affiche ceci: l'application ou la DLL c:\widows\system32\tdssadw.dll n'est pas une image windows valide. Vérifiez à l'aide de votre disquette d'installation.

comment s'en débarasser de cette fenêtre?
Merci

Afficher la suite

20 réponses

Réponse 1 / 20

geoffrey5 Messages postés 13732 Date d'inscription Statut Contributeur sécurité Dernière intervention 10

Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

ensuite :

Télécharger sur le bureau malwarebytes à cette adresse :

https://www.androidworld.fr/

Voici un tuto pour bien l installer et bien l utiliser :

https://www.androidworld.fr/

Après l analyse, redémarrer le pc et poste le rapport !!

Et refais un nouveau rapport hijackthis stp

Réponse 2 / 20

progggg Messages postés 296 Date d'inscription Statut Membre Dernière intervention 23

Il faut vérifier dans le dossier de démarrage par défaut de Windows, puis dans le registre (Exécuter/regedit) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Réponse 3 / 20

geoffrey5 Messages postés 13732 Date d'inscription Statut Contributeur sécurité Dernière intervention 10

Salut !!

Télécharger SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.

(c est le numéro 8 en bas de la page) : https://www.androidworld.fr/

Double cliquer sur SDFix.exe et choisir Install pour l'extraire dans un dossier dédié sur le Bureau.

/!\ Démarre en mode sans échec : après le bip et avant le logo windows tapoter sur la touche F8 (ou F5): menu M.S.E..

Choisir son compte, pas celui de l'Administrateur ou autre.

Dérouler la liste des instructions ci-dessous :
• Ouvrir le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuyer sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuyer sur une touche pour redémarrer le PC.
• Le système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuyer sur une touche pour finir l'exécution du script et charger les icônes du Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copier/coller le contenu du fichier Report.txt dans la prochaine réponse sur le forum

Réponse 4 / 20

spaghetti Messages postés 205 Date d'inscription Statut Membre Dernière intervention 24

Merci pour vos réponses rapide;

geoffrey5 j'ai suivis des indications "précises merci" voici le rapport:

SDFix: Version 1.116

Run by K@mo on 03/09/2008 at 12:46

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\K@mo\Bureau\sdfix\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-03 13:02:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

disk error: C:\WINDOWS\system32\config\system, 0
scanning hidden registry entries ...

disk error: C:\WINDOWS\system32\config\software, 0
disk error: C:\Documents and Settings\K@mo\ntuser.dat, 0
scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

Files with Hidden Attributes:

Fri 30 Mar 2007 1,429,504 A.SH. --- "C:\ella\100CASIO\SIV3.tmp"
Mon 11 Dec 2006 16,384 A.SH. --- "C:\ella\100CASIO\SIVC.tmp"
Wed 4 Aug 2004 100,352 A..H. --- "C:\WINDOWS\system32\6to4svc.dll"
Sat 7 Sep 2002 26,624 A..H. --- "C:\WINDOWS\system32\aaaamon.dll"
Sat 7 Sep 2002 72,192 A..H. --- "C:\WINDOWS\system32\acctres.dll"
Wed 4 Aug 2004 189,952 A..H. --- "C:\WINDOWS\system32\accwiz.exe"
Sat 7 Sep 2002 135,680 A..H. --- "C:\WINDOWS\system32\acledit.dll"
Wed 4 Aug 2004 119,296 A..H. --- "C:\WINDOWS\system32\aclui.dll"
Wed 4 Aug 2004 194,048 A..H. --- "C:\WINDOWS\system32\activeds.dll"
Wed 4 Aug 2004 4,096 A..H. --- "C:\WINDOWS\system32\actmovie.exe"
Wed 4 Aug 2004 101,888 A..H. --- "C:\WINDOWS\system32\actxprxy.dll"
Wed 4 Aug 2004 61,440 A..H. --- "C:\WINDOWS\system32\admparse.dll"
Sat 7 Sep 2002 26,112 A..H. --- "C:\WINDOWS\system32\adptif.dll"
Wed 4 Aug 2004 175,616 A..H. --- "C:\WINDOWS\system32\adsldp.dll"
Wed 4 Aug 2004 143,360 A..H. --- "C:\WINDOWS\system32\adsldpc.dll"
Wed 4 Aug 2004 68,096 A..H. --- "C:\WINDOWS\system32\adsmsext.dll"
Sat 7 Sep 2002 163,328 A..H. --- "C:\WINDOWS\system32\adsnds.dll"
Wed 4 Aug 2004 263,680 A..H. --- "C:\WINDOWS\system32\adsnt.dll"
Sat 7 Sep 2002 109,568 A..H. --- "C:\WINDOWS\system32\adsnw.dll"
Wed 4 Aug 2004 685,056 A..H. --- "C:\WINDOWS\system32\advapi32.dll"
Wed 4 Aug 2004 101,888 A..H. --- "C:\WINDOWS\system32\advpack.dll"
Wed 4 Aug 2004 98,304 A..H. --- "C:\WINDOWS\system32\ahui.exe"
Wed 4 Aug 2004 44,544 A..H. --- "C:\WINDOWS\system32\alg.exe"
Wed 4 Aug 2004 17,408 A..H. --- "C:\WINDOWS\system32\alrsvc.dll"
Wed 4 Aug 2004 70,656 A..H. --- "C:\WINDOWS\system32\amstream.dll"
Sat 7 Sep 2002 9,037 A..H. --- "C:\WINDOWS\system32\ansi.sys"
Sat 7 Sep 2002 102,912 A..H. --- "C:\WINDOWS\system32\apcups.dll"
Sat 7 Sep 2002 12,642 A..H. --- "C:\WINDOWS\system32\append.exe"
Wed 4 Aug 2004 126,976 A..H. --- "C:\WINDOWS\system32\apphelp.dll"
Wed 4 Aug 2004 176,640 A..H. --- "C:\WINDOWS\system32\appmgmts.dll"
Wed 4 Aug 2004 302,592 A..H. --- "C:\WINDOWS\system32\appmgr.dll"
Sat 7 Sep 2002 19,968 A..H. --- "C:\WINDOWS\system32\arp.exe"
Wed 4 Aug 2004 8,704 A..H. --- "C:\WINDOWS\system32\asferror.dll"
Wed 4 Aug 2004 30,720 A..H. --- "C:\WINDOWS\system32\asr_fmt.exe"
Sat 7 Sep 2002 37,888 A..H. --- "C:\WINDOWS\system32\asr_ldm.exe"
Wed 4 Aug 2004 32,768 A..H. --- "C:\WINDOWS\system32\asr_pfu.exe"
Wed 4 Aug 2004 65,024 A..H. --- "C:\WINDOWS\system32\asycfilt.dll"
Wed 4 Aug 2004 25,088 A..H. --- "C:\WINDOWS\system32\at.exe"
Sat 7 Sep 2002 14,336 A..H. --- "C:\WINDOWS\system32\atkctrs.dll"
Wed 4 Aug 2004 58,880 A..H. --- "C:\WINDOWS\system32\atl.dll"
Wed 4 Aug 2004 11,264 A..H. --- "C:\WINDOWS\system32\atmadm.exe"
Wed 4 Aug 2004 285,696 A..H. --- "C:\WINDOWS\system32\atmfd.dll"
Wed 4 Aug 2004 30,208 A..H. --- "C:\WINDOWS\system32\atmlib.dll"
Sat 7 Sep 2002 34,816 A..H. --- "C:\WINDOWS\system32\atmpvcno.dll"
Sat 7 Sep 2002 11,264 A..H. --- "C:\WINDOWS\system32\atrace.dll"
Sat 7 Sep 2002 11,264 A..H. --- "C:\WINDOWS\system32\attrib.exe"
Wed 4 Aug 2004 42,496 A..H. --- "C:\WINDOWS\system32\audiosrv.dll"
Wed 4 Aug 2004 14,336 A..H. --- "C:\WINDOWS\system32\auditusr.exe"
Wed 4 Aug 2004 56,832 A..H. --- "C:\WINDOWS\system32\authz.dll"
Wed 4 Aug 2004 625,152 A..H. --- "C:\WINDOWS\system32\autochk.exe"
Wed 4 Aug 2004 638,976 A..H. --- "C:\WINDOWS\system32\autoconv.exe"
Sat 7 Sep 2002 81,408 A..H. --- "C:\WINDOWS\system32\autodisc.dll"
Wed 4 Aug 2004 616,960 A..H. --- "C:\WINDOWS\system32\autofmt.exe"
Wed 4 Aug 2004 11,264 A..H. --- "C:\WINDOWS\system32\autolfn.exe"
Sat 7 Sep 2002 70,352 A..H. --- "C:\WINDOWS\system32\avicap.dll"
Sat 7 Sep 2002 66,048 A..H. --- "C:\WINDOWS\system32\avicap32.dll"
Wed 4 Aug 2004 85,504 A..H. --- "C:\WINDOWS\system32\avifil32.dll"
Sat 7 Sep 2002 109,568 A..H. --- "C:\WINDOWS\system32\avifile.dll"
Sat 7 Sep 2002 16,384 A..H. --- "C:\WINDOWS\system32\avmeter.dll"
Sat 7 Sep 2002 232,960 A..H. --- "C:\WINDOWS\system32\avtapi.dll"
Sat 7 Sep 2002 73,216 A..H. --- "C:\WINDOWS\system32\avwav.dll"
Wed 4 Aug 2004 52,736 A..H. --- "C:\WINDOWS\system32\basesrv.dll"
Wed 4 Aug 2004 28,672 A..H. --- "C:\WINDOWS\system32\batmeter.dll"
Wed 4 Aug 2004 8,704 A..H. --- "C:\WINDOWS\system32\batt.dll"
Wed 4 Aug 2004 17,408 A..H. --- "C:\WINDOWS\system32\bidispl.dll"
Wed 4 Aug 2004 8,192 A..H. --- "C:\WINDOWS\system32\bitsprx2.dll"
Wed 4 Aug 2004 7,168 A..H. --- "C:\WINDOWS\system32\bitsprx3.dll"
Wed 4 Aug 2004 71,680 A..H. --- "C:\WINDOWS\system32\blastcln.exe"
Sat 7 Sep 2002 152,064 A..H. --- "C:\WINDOWS\system32\bootcfg.exe"
Sat 7 Sep 2002 4,608 A..H. --- "C:\WINDOWS\system32\bootok.exe"
Sat 7 Sep 2002 12,288 A..H. --- "C:\WINDOWS\system32\bootvid.dll"
Sat 7 Sep 2002 5,120 A..H. --- "C:\WINDOWS\system32\bootvrfy.exe"
Wed 4 Aug 2004 70,144 A..H. --- "C:\WINDOWS\system32\browselc.dll"
Wed 4 Aug 2004 77,312 A..H. --- "C:\WINDOWS\system32\browser.dll"
Wed 4 Aug 2004 1,017,344 A..H. --- "C:\WINDOWS\system32\browseui.dll"
Wed 4 Aug 2004 78,336 A..H. --- "C:\WINDOWS\system32\browsewm.dll"
Wed 4 Aug 2004 20,992 A..H. --- "C:\WINDOWS\system32\bthci.dll"
Wed 4 Aug 2004 30,208 A..H. --- "C:\WINDOWS\system32\bthserv.dll"
Wed 4 Aug 2004 50,688 A..H. --- "C:\WINDOWS\system32\btpanui.dll"
Wed 4 Aug 2004 59,904 A..H. --- "C:\WINDOWS\system32\cabinet.dll"
Wed 4 Aug 2004 85,504 A..H. --- "C:\WINDOWS\system32\cabview.dll"
Sat 7 Sep 2002 19,456 A..H. --- "C:\WINDOWS\system32\cacls.exe"
Sat 7 Sep 2002 115,200 A..H. --- "C:\WINDOWS\system32\calc.exe"
Wed 4 Aug 2004 50,688 A..H. --- "C:\WINDOWS\system32\camocx.dll"
Sat 7 Sep 2002 146,432 A..H. --- "C:\WINDOWS\system32\capesnpn.dll"
Sat 7 Sep 2002 359,936 A..H. --- "C:\WINDOWS\system32\cards.dll"
Wed 4 Aug 2004 229,888 A..H. --- "C:\WINDOWS\system32\catsrv.dll"
Wed 4 Aug 2004 85,504 A..H. --- "C:\WINDOWS\system32\catsrvps.dll"
Wed 4 Aug 2004 628,224 A..H. --- "C:\WINDOWS\system32\catsrvut.dll"
Sat 7 Sep 2002 27,648 A..H. --- "C:\WINDOWS\system32\ccfgnt.dll"
Wed 4 Aug 2004 151,552 A..H. --- "C:\WINDOWS\system32\cdfview.dll"
Sat 7 Sep 2002 15,872 A..H. --- "C:\WINDOWS\system32\cdmodem.dll"
Wed 4 Aug 2004 2,067,968 A..H. --- "C:\WINDOWS\system32\cdosys.dll"
Wed 4 Aug 2004 200,192 A..H. --- "C:\WINDOWS\system32\certcli.dll"
Wed 4 Aug 2004 467,968 A..H. --- "C:\WINDOWS\system32\certmgr.dll"
Wed 4 Aug 2004 39,424 A..H. --- "C:\WINDOWS\system32\cfgbkend.dll"
Wed 4 Aug 2004 16,896 A..H. --- "C:\WINDOWS\system32\cfgmgr32.dll"
Sat 7 Sep 2002 80,896 A..H. --- "C:\WINDOWS\system32\charmap.exe"
Sat 7 Sep 2002 7,680 ...H. --- "C:\WINDOWS\system32\chcp.com"
Sat 7 Sep 2002 11,776 A..H. --- "C:\WINDOWS\system32\chkdsk.exe"
Sat 7 Sep 2002 11,264 A..H. --- "C:\WINDOWS\system32\chkntfs.exe"
Sat 7 Sep 2002 166,400 A..H. --- "C:\WINDOWS\system32\ciadmin.dll"
Sat 7 Sep 2002 109,568 A..H. --- "C:\WINDOWS\system32\cic.dll"
Sat 7 Sep 2002 8,192 A..H. --- "C:\WINDOWS\system32\cidaemon.exe"
Wed 4 Aug 2004 69,120 A..H. --- "C:\WINDOWS\system32\ciodm.dll"
Wed 4 Aug 2004 56,832 A..H. --- "C:\WINDOWS\system32\cipher.exe"
Wed 4 Aug 2004 5,632 A..H. --- "C:\WINDOWS\system32\cisvc.exe"
Sat 7 Sep 2002 7,680 A..H. --- "C:\WINDOWS\system32\ckcnv.exe"
Sat 7 Sep 2002 11,264 A..H. --- "C:\WINDOWS\system32\clb.dll"
Wed 4 Aug 2004 110,080 A..H. --- "C:\WINDOWS\system32\clbcatex.dll"
Wed 4 Aug 2004 501,248 A..H. --- "C:\WINDOWS\system32\clbcatq.dll"
Wed 4 Aug 2004 65,536 A..H. --- "C:\WINDOWS\system32\cleanmgr.exe"
Wed 4 Aug 2004 77,824 ...H. --- "C:\WINDOWS\system32\cliconfg.dll"
Wed 4 Aug 2004 20,480 ...H. --- "C:\WINDOWS\system32\cliconfg.exe"
Wed 4 Aug 2004 104,448 A..H. --- "C:\WINDOWS\system32\clipbrd.exe"
Wed 4 Aug 2004 33,280 A..H. --- "C:\WINDOWS\system32\clipsrv.exe"
Wed 4 Aug 2004 57,856 A..H. --- "C:\WINDOWS\system32\clusapi.dll"
Wed 4 Aug 2004 15,872 A..H. --- "C:\WINDOWS\system32\cmcfg32.dll"
Wed 4 Aug 2004 400,896 A..H. --- "C:\WINDOWS\system32\cmd.exe"
Wed 4 Aug 2004 352,256 A..H. --- "C:\WINDOWS\system32\cmdial32.dll"
Wed 4 Aug 2004 47,104 A..H. --- "C:\WINDOWS\system32\cmdl32.exe"
Wed 4 Aug 2004 40,448 A..H. --- "C:\WINDOWS\system32\cmmon32.exe"
Sat 7 Sep 2002 14,336 A..H. --- "C:\WINDOWS\system32\cmpbk32.dll"
Wed 4 Aug 2004 191,488 A..H. --- "C:\WINDOWS\system32\cmprops.dll"
Wed 4 Aug 2004 13,824 A..H. --- "C:\WINDOWS\system32\cmsetACL.dll"
Wed 4 Aug 2004 65,536 A..H. --- "C:\WINDOWS\system32\cmstp.exe"
Wed 4 Aug 2004 40,960 A..H. --- "C:\WINDOWS\system32\cmutil.dll"
Wed 4 Aug 2004 50,688 A..H. --- "C:\WINDOWS\system32\cnbjmon.dll"
Sat 7 Sep 2002 32,768 A..H. --- "C:\WINDOWS\system32\cnetcfg.dll"
Sat 7 Sep 2002 26,624 A..H. --- "C:\WINDOWS\system32\cnvfat.dll"
Wed 4 Aug 2004 62,464 A..H. --- "C:\WINDOWS\system32\colbact.dll"
Sat 7 Sep 2002 25,600 A..H. --- "C:\WINDOWS\system32\comaddin.dll"
Wed 4 Aug 2004 611,328 A..H. --- "C:\WINDOWS\system32\comctl32.dll"
Wed 4 Aug 2004 281,088 A..H. --- "C:\WINDOWS\system32\comdlg32.dll"
Sat 7 Sep 2002 52,103 ...H. --- "C:\WINDOWS\system32\command.com"
Sat 7 Sep 2002 33,904 A..H. --- "C:\WINDOWS\system32\commdlg.dll"
Sat 7 Sep 2002 15,872 A..H. --- "C:\WINDOWS\system32\comp.exe"
Sat 7 Sep 2002 18,432 A..H. --- "C:\WINDOWS\system32\compact.exe"
Wed 4 Aug 2004 253,440 A..H. --- "C:\WINDOWS\system32\compatUI.dll"
Sat 7 Sep 2002 30,160 A..H. --- "C:\WINDOWS\system32\compobj.dll"
Wed 4 Aug 2004 230,912 A..H. --- "C:\WINDOWS\system32\compstui.dll"
Sat 7 Sep 2002 82,432 A..H. --- "C:\WINDOWS\system32\comrepl.dll"
Wed 4 Aug 2004 851,968 A..H. --- "C:\WINDOWS\system32\comres.dll"
Sat 7 Sep 2002 147,456 A..H. --- "C:\WINDOWS\system32\comsnap.dll"
Wed 4 Aug 2004 1,251,840 A..H. --- "C:\WINDOWS\system32\comsvcs.dll"
Wed 4 Aug 2004 540,160 A..H. --- "C:\WINDOWS\system32\comuid.dll"
Sat 7 Sep 2002 3,072 ...H. --- "C:\WINDOWS\system32\CONFIG.TMP"
Sat 7 Sep 2002 346,112 A..H. --- "C:\WINDOWS\system32\confmsp.dll"
Wed 4 Aug 2004 27,648 A..H. --- "C:\WINDOWS\system32\conime.exe"
Sat 7 Sep 2002 67,072 A..H. --- "C:\WINDOWS\system32\console.dll"
Sat 7 Sep 2002 8,192 A..H. --- "C:\WINDOWS\system32\control.exe"
Sat 7 Sep 2002 13,824 A..H. --- "C:\WINDOWS\system32\convert.exe"
Wed 4 Aug 2004 35,328 A..H. --- "C:\WINDOWS\system32\corpol.dll"
Sat 7 Sep 2002 27,097 A..H. --- "C:\WINDOWS\system32\country.sys"
Wed 4 Aug 2004 165,888 A..H. --- "C:\WINDOWS\system32\credui.dll"
Sat 7 Sep 2002 149,019 A..H. --- "C:\WINDOWS\system32\crtdll.dll"
Wed 4 Aug 2004 604,672 A..H. --- "C:\WINDOWS\system32\crypt32.dll"
Wed 4 Aug 2004 75,776 A..H. --- "C:\WINDOWS\system32\cryptdlg.dll"
Wed 4 Aug 2004 33,280 A..H. --- "C:\WINDOWS\system32\cryptdll.dll"
Wed 4 Aug 2004 54,784 A..H. --- "C:\WINDOWS\system32\cryptext.dll"
Wed 4 Aug 2004 63,488 A..H. --- "C:\WINDOWS\system32\cryptnet.dll"
Wed 4 Aug 2004 60,416 A..H. --- "C:\WINDOWS\system32\cryptsvc.dll"
Wed 4 Aug 2004 530,432 A..H. --- "C:\WINDOWS\system32\cryptui.dll"
Wed 4 Aug 2004 102,912 A..H. --- "C:\WINDOWS\system32\cscdll.dll"
Wed 4 Aug 2004 98,304 A..H. --- "C:\WINDOWS\system32\cscript.exe"
Wed 4 Aug 2004 337,920 A..H. --- "C:\WINDOWS\system32\cscui.dll"
Wed 4 Aug 2004 32,768 A..H. --- "C:\WINDOWS\system32\csrsrv.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\csrss.exe"
Sat 7 Sep 2002 73,728 A..H. --- "C:\WINDOWS\system32\csseqchk.dll"
Wed 4 Aug 2004 15,360 A..H. --- "C:\WINDOWS\system32\ctfmon.exe"
Sat 7 Sep 2002 27,200 A..HR --- "C:\WINDOWS\system32\ctl3dv2.dll"
Sat 7 Sep 2002 10,752 A..H. --- "C:\WINDOWS\system32\c_iscii.dll"
Wed 4 Aug 2004 1,179,648 A..H. --- "C:\WINDOWS\system32\d3d8.dll"
Wed 4 Aug 2004 8,192 A..H. --- "C:\WINDOWS\system32\d3d8thk.dll"
Wed 4 Aug 2004 1,689,088 A..H. --- "C:\WINDOWS\system32\d3d9.dll"
Sat 7 Sep 2002 436,224 A..H. --- "C:\WINDOWS\system32\d3dim.dll"
Wed 4 Aug 2004 825,344 A..H. --- "C:\WINDOWS\system32\d3dim700.dll"
Sat 7 Sep 2002 34,816 A..H. --- "C:\WINDOWS\system32\d3dpmesh.dll"
Sat 7 Sep 2002 590,336 A..H. --- "C:\WINDOWS\system32\d3dramp.dll"
Sat 7 Sep 2002 350,208 A..H. --- "C:\WINDOWS\system32\d3drm.dll"
Sat 7 Sep 2002 47,616 A..H. --- "C:\WINDOWS\system32\d3dxof.dll"
Wed 4 Aug 2004 1,056,256 A..H. --- "C:\WINDOWS\system32\danim.dll"
Wed 4 Aug 2004 55,296 A..H. --- "C:\WINDOWS\system32\dataclen.dll"
Sat 7 Sep 2002 152,064 A..H. --- "C:\WINDOWS\system32\datime.dll"
Wed 4 Aug 2004 25,088 A..H. --- "C:\WINDOWS\system32\davclnt.dll"
Sat 7 Sep 2002 847,872 A..H. --- "C:\WINDOWS\system32\dbgeng.dll"
Wed 4 Aug 2004 640,000 A..H. --- "C:\WINDOWS\system32\dbghelp.dll"
Wed 4 Aug 2004 24,576 ...H. --- "C:\WINDOWS\system32\dbmsrpcn.dll"
Wed 4 Aug 2004 110,592 A..H. --- "C:\WINDOWS\system32\dbnetlib.dll"
Wed 4 Aug 2004 28,672 ...H. --- "C:\WINDOWS\system32\dbnmpntw.dll"
Wed 4 Aug 2004 8,704 A..H. --- "C:\WINDOWS\system32\dciman32.dll"
Sat 7 Sep 2002 5,120 A..H. --- "C:\WINDOWS\system32\dcomcnfg.exe"
Sat 7 Sep 2002 39,424 A..H. --- "C:\WINDOWS\system32\ddeml.dll"
Wed 4 Aug 2004 31,744 A..H. --- "C:\WINDOWS\system32\ddeshare.exe"
Wed 4 Aug 2004 266,240 A..H. --- "C:\WINDOWS\system32\ddraw.dll"
Wed 4 Aug 2004 27,136 A..H. --- "C:\WINDOWS\system32\ddrawex.dll"
Sat 7 Sep 2002 21,162 A..H. --- "C:\WINDOWS\system32\debug.exe"
Wed 4 Aug 2004 25,088 A..H. --- "C:\WINDOWS\system32\defrag.exe"
Sat 7 Sep 2002 16,896 A..H. --- "C:\WINDOWS\system32\deskadp.dll"
Sat 7 Sep 2002 16,896 A..H. --- "C:\WINDOWS\system32\deskmon.dll"
Sat 7 Sep 2002 18,944 A..H. --- "C:\WINDOWS\system32\deskperf.dll"
Wed 4 Aug 2004 59,904 A..H. --- "C:\WINDOWS\system32\devenum.dll"
Wed 4 Aug 2004 290,816 A..H. --- "C:\WINDOWS\system32\devmgr.dll"
Wed 4 Aug 2004 82,432 A..H. --- "C:\WINDOWS\system32\dfrgfat.exe"
Wed 4 Aug 2004 104,960 A..H. --- "C:\WINDOWS\system32\dfrgntfs.exe"
Sat 7 Sep 2002 55,808 A..H. --- "C:\WINDOWS\system32\dfrgres.dll"
Wed 4 Aug 2004 39,424 A..H. --- "C:\WINDOWS\system32\dfrgsnap.dll"
Wed 4 Aug 2004 123,904 A..H. --- "C:\WINDOWS\system32\dfrgui.dll"
Wed 4 Aug 2004 28,672 A..H. --- "C:\WINDOWS\system32\dfsshlex.dll"
Wed 4 Aug 2004 115,200 A..H. --- "C:\WINDOWS\system32\dgnet.dll"
Sat 7 Sep 2002 176,157 A..H. --- "C:\WINDOWS\system32\dgrpsetu.dll"
Sat 7 Sep 2002 86,044 A..H. --- "C:\WINDOWS\system32\dgsetup.dll"
Wed 4 Aug 2004 111,616 A..H. --- "C:\WINDOWS\system32\dhcpcsvc.dll"
Sat 7 Sep 2002 401,408 A..H. --- "C:\WINDOWS\system32\dhcpmon.dll"
Sat 7 Sep 2002 78,848 A..H. --- "C:\WINDOWS\system32\dhcpsapi.dll"
Sat 7 Sep 2002 395,264 A..H. --- "C:\WINDOWS\system32\diactfrm.dll"
Wed 4 Aug 2004 85,504 A..H. --- "C:\WINDOWS\system32\diantz.exe"
Wed 4 Aug 2004 68,608 A..H. --- "C:\WINDOWS\system32\digest.dll"
Sat 7 Sep 2002 44,032 A..H. --- "C:\WINDOWS\system32\dimap.dll"
Wed 4 Aug 2004 165,376 A..H. --- "C:\WINDOWS\system32\dinput.dll"
Wed 4 Aug 2004 187,904 A..H. --- "C:\WINDOWS\system32\dinput8.dll"
Sat 7 Sep 2002 9,216 ...H. --- "C:\WINDOWS\system32\diskcomp.com"
Sat 7 Sep 2002 7,168 ...H. --- "C:\WINDOWS\system32\diskcopy.com"
Sat 7 Sep 2002 1,502,208 A..H. --- "C:\WINDOWS\system32\diskcopy.dll"
Wed 4 Aug 2004 167,936 A..H. --- "C:\WINDOWS\system32\diskpart.exe"
Sat 7 Sep 2002 19,456 A..H. --- "C:\WINDOWS\system32\diskperf.exe"
Sat 7 Sep 2002 45,083 A..H. --- "C:\WINDOWS\system32\dispex.dll"
Wed 4 Aug 2004 5,120 A..H. --- "C:\WINDOWS\system32\dllhost.exe"
Sat 7 Sep 2002 4,608 A..H. --- "C:\WINDOWS\system32\dllhst3g.exe"
Wed 4 Aug 2004 225,280 A..H. --- "C:\WINDOWS\system32\dmadmin.exe"
Wed 4 Aug 2004 28,672 A..H. --- "C:\WINDOWS\system32\dmband.dll"
Wed 4 Aug 2004 61,440 A..H. --- "C:\WINDOWS\system32\dmcompos.dll"
Sat 7 Sep 2002 330,752 A..H. --- "C:\WINDOWS\system32\dmconfig.dll"
Sat 7 Sep 2002 273,920 A..H. --- "C:\WINDOWS\system32\dmdlgs.dll"
Wed 4 Aug 2004 200,704 A..H. --- "C:\WINDOWS\system32\dmdskmgr.dll"
Sat 7 Sep 2002 134,656 A..H. --- "C:\WINDOWS\system32\dmdskres.dll"
Wed 4 Aug 2004 181,248 A..H. --- "C:\WINDOWS\system32\dmime.dll"
Sat 7 Sep 2002 18,432 A..H. --- "C:\WINDOWS\system32\dmintf.dll"
Wed 4 Aug 2004 35,840 A..H. --- "C:\WINDOWS\system32\dmloader.dll"
Sat 7 Sep 2002 19,456 A..H. --- "C:\WINDOWS\system32\dmocx.dll"
Wed 4 Aug 2004 15,872 A..H. --- "C:\WINDOWS\system32\dmremote.exe"
Wed 4 Aug 2004 82,432 A..H. --- "C:\WINDOWS\system32\dmscript.dll"
Wed 4 Aug 2004 24,576 A..H. --- "C:\WINDOWS\system32\dmserver.dll"
Wed 4 Aug 2004 105,984 A..H. --- "C:\WINDOWS\system32\dmstyle.dll"
Wed 4 Aug 2004 103,424 A..H. --- "C:\WINDOWS\system32\dmsynth.dll"
Wed 4 Aug 2004 104,448 A..H. --- "C:\WINDOWS\system32\dmusic.dll"
Wed 4 Aug 2004 58,880 A..H. --- "C:\WINDOWS\system32\dmutil.dll"
Wed 4 Aug 2004 148,480 A..H. --- "C:\WINDOWS\system32\dnsapi.dll"
Wed 4 Aug 2004 45,568 A..H. --- "C:\WINDOWS\system32\dnsrslvr.dll"
Sat 7 Sep 2002 47,616 A..H. --- "C:\WINDOWS\system32\docprop.dll"
Wed 4 Aug 2004 48,640 A..H. --- "C:\WINDOWS\system32\docprop2.dll"
Sat 7 Sep 2002 10,752 A..H. --- "C:\WINDOWS\system32\doskey.exe"
Wed 4 Aug 2004 54,080 A..H. --- "C:\WINDOWS\system32\dosx.exe"
Wed 4 Aug 2004 97,280 A..H. --- "C:\WINDOWS\system32\dpcdll.dll"
Sat 7 Sep 2002 33,040 A..H. --- "C:\WINDOWS\system32\dplay.dll"
Wed 4 Aug 2004 30,208 A..H. --- "C:\WINDOWS\system32\dplaysvr.exe"
Wed 4 Aug 2004 229,888 A..H. --- "C:\WINDOWS\system32\dplayx.dll"
Wed 4 Aug 2004 24,064 A..H. --- "C:\WINDOWS\system32\dpmodemx.dll"
Wed 4 Aug 2004 3,584 A..H. --- "C:\WINDOWS\system32\dpnaddr.dll"
Wed 4 Aug 2004 375,296 A..H. --- "C:\WINDOWS\system32\dpnet.dll"
Wed 4 Aug 2004 35,328 A..H. --- "C:\WINDOWS\system32\dpnhpast.dll"
Wed 4 Aug 2004 60,928 A..H. --- "C:\WINDOWS\system32\dpnhupnp.dll"
Wed 4 Aug 2004 3,584 A..H. --- "C:\WINDOWS\system32\dpnlobby.dll"
Sat 7 Sep 2002 62,464 A..H. --- "C:\WINDOWS\system32\dpnmodem.dll"
Wed 4 Aug 2004 18,432 A..H. --- "C:\WINDOWS\system32\dpnsvr.exe"
Sat 7 Sep 2002 61,952 A..H. --- "C:\WINDOWS\system32\dpnwsock.dll"
Sat 7 Sep 2002 54,032 A..H. --- "C:\WINDOWS\system32\dpserial.dll"
Wed 4 Aug 2004 21,504 A..H. --- "C:\WINDOWS\system32\dpvacm.dll"
Wed 4 Aug 2004 213,504 A..H. --- "C:\WINDOWS\system32\dpvoice.dll"
Wed 4 Aug 2004 83,456 A..H. --- "C:\WINDOWS\system32\dpvsetup.exe"
Wed 4 Aug 2004 116,736 A..H. --- "C:\WINDOWS\system32\dpvvox.dll"
Sat 7 Sep 2002 42,768 A..H. --- "C:\WINDOWS\system32\dpwsock.dll"
Wed 4 Aug 2004 57,856 A..H. --- "C:\WINDOWS\system32\dpwsockx.dll"
Sat 7 Sep 2002 60,928 A..H. --- "C:\WINDOWS\system32\driverquery.exe"
Wed 4 Aug 2004 14,336 A..H. --- "C:\WINDOWS\system32\drprov.dll"
Sat 7 Sep 2002 28,400 A..H. --- "C:\WINDOWS\system32\drwatson.exe"
Sat 7 Sep 2002 47,104 A..H. --- "C:\WINDOWS\system32\drwtsn32.exe"
Sat 17 Jul 2004 4,656 A..H. --- "C:\WINDOWS\system32\ds16gt.dLL"
Wed 4 Aug 2004 16,384 A..H. --- "C:\WINDOWS\system32\ds32gt.dll"
Sat 7 Sep 2002 62,976 A..H. --- "C:\WINDOWS\system32\dsauth.dll"
Wed 4 Aug 2004 181,760 A..H. --- "C:\WINDOWS\system32\dsdmo.dll"
Wed 4 Aug 2004 72,192 A..H. --- "C:\WINDOWS\system32\dsdmoprp.dll"
Wed 4 Aug 2004 93,696 A..H. --- "C:\WINDOWS\system32\dskquota.dll"
Sat 7 Sep 2002 150,016 A..H. --- "C:\WINDOWS\system32\dskquoui.dll"
Wed 4 Aug 2004 367,616 A..H. --- "C:\WINDOWS\system32\dsound.dll"
Wed 4 Aug 2004 1,294,336 A..H. --- "C:\WINDOWS\system32\dsound3d.dll"
Wed 4 Aug 2004 145,408 A..H. --- "C:\WINDOWS\system32\dsprop.dll"
Wed 4 Aug 2004 4,096 A..H. --- "C:\WINDOWS\system32\dsprpres.dll"
Wed 4 Aug 2004 240,640 A..H. --- "C:\WINDOWS\system32\dsquery.dll"
Wed 4 Aug 2004 52,736 A..H. --- "C:\WINDOWS\system32\dssec.dll"
Wed 4 Aug 2004 137,216 A..H. --- "C:\WINDOWS\system32\dssenh.dll"
Wed 4 Aug 2004 113,664 A..H. --- "C:\WINDOWS\system32\dsuiext.dll"
Wed 4 Aug 2004 19,456 A..H. --- "C:\WINDOWS\system32\dswave.dll"
Wed 4 Aug 2004 10,752 A..H. --- "C:\WINDOWS\system32\dumprep.exe"
Wed 4 Aug 2004 304,128 A..H. --- "C:\WINDOWS\system32\duser.dll"
Sat 7 Sep 2002 59,392 A..H. --- "C:\WINDOWS\system32\dvdplay.exe"
Wed 4 Aug 2004 17,920 A..H. --- "C:\WINDOWS\system32\dvdupgrd.exe"
Wed 4 Aug 2004 180,224 A..H. --- "C:\WINDOWS\system32\dwwin.exe"
Wed 4 Aug 2004 619,008 A..H. --- "C:\WINDOWS\system32\dx7vb.dll"
Wed 4 Aug 2004 1,227,264 A..H. --- "C:\WINDOWS\system32\dx8vb.dll"
Wed 4 Aug 2004 1,298,432 A..H. --- "C:\WINDOWS\system32\dxdiag.exe"
Wed 4 Aug 2004 2,113,536 A..H. --- "C:\WINDOWS\system32\dxdiagn.dll"
Wed 4 Aug 2004 499,741 A..H. --- "C:\WINDOWS\system32\dxmasf.dll"
Wed 4 Aug 2004 357,888 A..H. --- "C:\WINDOWS\system32\dxtmsft.dll"
Wed 4 Aug 2004 201,728 A..H. --- "C:\WINDOWS\system32\dxtrans.dll"
Sat 7 Sep 2002 71,102 ...H. --- "C:\WINDOWS\system32\edit.com"
Sat 7 Sep 2002 13,010 A..H. --- "C:\WINDOWS\system32\edlin.exe"
Wed 4 Aug 2004 27,136 A..H. --- "C:\WINDOWS\system32\efsadu.dll"
Wed 4 Aug 2004 187,392 A..H. --- "C:\WINDOWS\system32\els.dll"
Wed 4 Aug 2004 20,480 A..H. --- "C:\WINDOWS\system32\encapi.dll"
Wed 4 Aug 2004 186,368 A..H. --- "C:\WINDOWS\system32\encdec.dll"
Sat 7 Sep 2002 103,424 A..H. --- "C:\WINDOWS\system32\EqnClass.Dll"
Wed 4 Aug 2004 23,040 A..H. --- "C:\WINDOWS\system32\ersvc.dll"
Wed 4 Aug 2004 243,200 A..H. --- "C:\WINDOWS\system32\es.dll"
Wed 4 Aug 2004 1,097,728 A..H. --- "C:\WINDOWS\system32\esent.dll"
Sat 7 Sep 2002 1,114,896 A..H. --- "C:\WINDOWS\system32\esent97.dll"
Sat 7 Sep 2002 17,408 A..H. --- "C:\WINDOWS\system32\esentprf.dll"
Sat 7 Sep 2002 39,424 A..H. --- "C:\WINDOWS\system32\esentutl.exe"
Wed 4 Aug 2004 195,072 A..H. --- "C:\WINDOWS\system32\eudcedit.exe"
Sat 7 Sep 2002 33,280 A..H. --- "C:\WINDOWS\system32\eventcls.dll"
Wed 4 Aug 2004 52,736 A..H. --- "C:\WINDOWS\system32\eventcreate.exe"
Wed 4 Aug 2004 55,808 A..H. --- "C:\WINDOWS\system32\eventlog.dll"
Sat 7 Sep 2002 81,408 A..H. --- "C:\WINDOWS\system32\eventtriggers.exe"
Sat 7 Sep 2002 9,216 A..H. --- "C:\WINDOWS\system32\eventvwr.exe"
Sat 7 Sep 2002 8,424 A..H. --- "C:\WINDOWS\system32\exe2bin.exe"
Sat 7 Sep 2002 16,896 A..H. --- "C:\WINDOWS\system32\expand.exe"
Wed 4 Aug 2004 380,957 A..H. --- "C:\WINDOWS\system32\expsrv.dll"
Wed 4 Aug 2004 55,808 A..H. --- "C:\WINDOWS\system32\extmgr.dll"
Wed 4 Aug 2004 45,568 A..H. --- "C:\WINDOWS\system32\extrac32.exe"
Sat 7 Sep 2002 121,856 A..H. --- "C:\WINDOWS\system32\exts.dll"
Sat 7 Sep 2002 882 A..H. --- "C:\WINDOWS\system32\fastopen.exe"
Wed 4 Aug 2004 80,896 A..H. --- "C:\WINDOWS\system32\faultrep.dll"
Sat 7 Sep 2002 14,848 A..H. --- "C:\WINDOWS\system32\fc.exe"
Sat 7 Sep 2002 119,296 A..H. --- "C:\WINDOWS\system32\fde.dll"
Wed 4 Aug 2004 76,288 A..H. --- "C:\WINDOWS\system32\fdeploy.dll"
Wed 4 Aug 2004 21,504 A..H. --- "C:\WINDOWS\system32\feclient.dll"
Wed 4 Aug 2004 348,160 A..H. --- "C:\WINDOWS\system32\filemgmt.dll"
Sat 7 Sep 2002 9,216 A..H. --- "C:\WINDOWS\system32\find.exe"
Wed 4 Aug 2004 29,184 A..H. --- "C:\WINDOWS\system32\findstr.exe"
Sat 7 Sep 2002 10,240 A..H. --- "C:\WINDOWS\system32\finger.exe"
Sat 7 Sep 2002 3,072 A..H. --- "C:\WINDOWS\system32\fixmapi.exe"
Wed 4 Aug 2004 88,064 A..H. --- "C:\WINDOWS\system32\fldrclnr.dll"
Wed 4 Aug 2004 16,896 A..H. --- "C:\WINDOWS\system32\fltlib.dll"
Wed 4 Aug 2004 22,528 A..H. --- "C:\WINDOWS\system32\fltMc.exe"
Sun 3 Aug 2003 1,146,184 ...H. --- "C:\WINDOWS\system32\FM20.DLL"
Thu 31 Jul 2003 42,128 ...H. --- "C:\WINDOWS\system32\FM20FRA.DLL"
Sat 7 Sep 2002 16,384 A..H. --- "C:\WINDOWS\system32\fmifs.dll"
Wed 4 Aug 2004 386,560 A..H. --- "C:\WINDOWS\system32\fontext.dll"
Sat 7 Sep 2002 79,360 A..H. --- "C:\WINDOWS\system32\fontsub.dll"
Wed 4 Aug 2004 21,504 A..H. --- "C:\WINDOWS\system32\fontview.exe"
Sat 7 Sep 2002 7,168 A..H. --- "C:\WINDOWS\system32\forcedos.exe"
Sat 7 Sep 2002 25,600 ...H. --- "C:\WINDOWS\system32\format.com"
Wed 4 Aug 2004 9,344 A..H. --- "C:\WINDOWS\system32\framebuf.dll"
Sat 7 Sep 2002 55,808 A..H. --- "C:\WINDOWS\system32\freecell.exe"
Wed 4 Aug 2004 193,024 A..H. --- "C:\WINDOWS\system32\fsquirt.exe"
Sat 7 Sep 2002 81,920 A..H. --- "C:\WINDOWS\system32\fsusd.dll"
Sat 7 Sep 2002 61,952 A..H. --- "C:\WINDOWS\system32\fsutil.exe"
Sat 7 Sep 2002 6,144 A..H. --- "C:\WINDOWS\system32\ftlx041e.dll"
Wed 4 Aug 2004 46,080 A..H. --- "C:\WINDOWS\system32\ftp.exe"
Sat 7 Sep 2002 177,152 A..H. --- "C:\WINDOWS\system32\ftsrch.dll"
Wed 4 Aug 2004 60,416 A..H. --- "C:\WINDOWS\system32\fwcfg.dll"
Sat 7 Sep 2002 77,824 A..H. --- "C:\WINDOWS\system32\gcdef.dll"
Sat 7 Sep 2002 24,576 A..H. --- "C:\WINDOWS\system32\gdi.exe"
Wed 4 Aug 2004 278,016 A..H. --- "C:\WINDOWS\system32\gdi32.dll"
Sat 7 Sep 2002 57,344 A..H. --- "C:\WINDOWS\system32\getmac.exe"
Sat 7 Sep 2002 634,880 A..H. --- "C:\WINDOWS\system32\getuname.dll"
Sat 7 Sep 2002 285,184 A..H. --- "C:\WINDOWS\system32\glmf32.dll"
Wed 4 Aug 2004 123,904 A..H. --- "C:\WINDOWS\system32\glu32.dll"
Wed 4 Aug 2004 577,536 A..H. --- "C:\WINDOWS\system32\gpedit.dll"
Wed 4 Aug 2004 101,888 A..H. --- "C:\WINDOWS\system32\gpkcsp.dll"
Wed 4 Aug 2004 10,240 A..H. --- "C:\WINDOWS\system32\gpkrsrc.dll"
Wed 4 Aug 2004 123,392 A..H. --- "C:\WINDOWS\system32\gpresult.exe"
Wed 4 Aug 2004 201,216 A..H. --- "C:\WINDOWS\system32\gptext.dll"
Sat 7 Sep 2002 59,392 A..H. --- "C:\WINDOWS\system32\gpupdate.exe"
Sat 7 Sep 2002 26,112 ...H. --- "C:\WINDOWS\system32\graftabl.com"
Sat 7 Sep 2002 19,902 ...H. --- "C:\WINDOWS\system32\graphics.com"
Wed 4 Aug 2004 39,424 A..H. --- "C:\WINDOWS\system32\grpconv.exe"
Wed 4 Aug 2004 614,912 A..H. --- "C:\WINDOWS\system32\h323msp.dll"
Wed 4 Aug 2004 131,968 ...H. --- "C:\WINDOWS\system32\hal.dll"
Wed 4 Aug 2004 7,168 A..H. --- "C:\WINDOWS\system32\hccoin.dll"
Tue 10 Aug 2004 118,784 ...H. --- "C:\WINDOWS\system32\hccutils.dll"
Sat 7 Sep 2002 16,384 A..H. --- "C:\WINDOWS\system32\help.exe"
Wed 4 Aug 2004 38,912 A..H. --- "C:\WINDOWS\system32\hhsetup.dll"
Wed 4 Aug 2004 20,992 A..H. --- "C:\WINDOWS\system32\hid.dll"
Sat 7 Sep 2002 4,912 A..H. --- "C:\WINDOWS\system32\himem.sys"
Tue 10 Aug 2004 126,976 ...H. --- "C:\WINDOWS\system32\hkcmd.exe"
Sat 7 Sep 2002 77,850 A..H. --- "C:\WINDOWS\system32\hlink.dll"
Wed 4 Aug 2004 347,648 A..H. --- "C:\WINDOWS\system32\hnetcfg.dll"
Sat 7 Sep 2002 15,360 A..H. --- "C:\WINDOWS\system32\hnetmon.dll"
Wed 4 Aug 2004 336,384 A..H. --- "C:\WINDOWS\system32\hnetwiz.dll"
Sat 7 Sep 2002 8,704 A..H. --- "C:\WINDOWS\system32\hostname.exe"
Wed 4 Aug 2004 146,944 A..H. --- "C:\WINDOWS\system32\hotplug.dll"
Sat 7 Sep 2002 44,544 ...H. --- "C:\WINDOWS\system32\hticons.dll"
Wed 4 Aug 2004 24,576 A..H. --- "C:\WINDOWS\system32\httpapi.dll"
Wed 4 Aug 2004 43,008 A..H. --- "C:\WINDOWS\system32\htui.dll"
Wed 4 Aug 2004 352,256 ...H. --- "C:\WINDOWS\system32\hypertrm.dll"
Tue 10 Aug 2004 61,440 ...H. --- "C:\WINDOWS\system32\iAlmCoIn_v3929.dll"
Tue 10 Aug 2004 770,107 ...H. --- "C:\WINDOWS\system32\ialmdd5.dll"
Tue 10 Aug 2004 153,275 ...H. --- "C:\WINDOWS\system32\ialmdev5.dll"
Tue 10 Aug 2004 101,436 ...H. --- "C:\WINDOWS\system32\ialmdnt5.dll"
Tue 10 Aug 2004 495,616 ...H. --- "C:\WINDOWS\system32\ialmgdev.dll"
Tue 10 Aug 2004 2,289,664 ...H. --- "C:\WINDOWS\system32\ialmgicd.dll"
Tue 10 Aug 2004 49,152 ...H. --- "C:\WINDOWS\system32\ialmrem.dll"
Tue 10 Aug 2004 38,463 ...H. --- "C:\WINDOWS\system32\ialmrnt5.dll"
Sat 7 Sep 2002 23,552 A..H. --- "C:\WINDOWS\system32\iasacct.dll"
Sat 7 Sep 2002 41,472 A..H. --- "C:\WINDOWS\system32\iasads.dll"
Sat 7 Sep 2002 32,256 A..H. --- "C:\WINDOWS\system32\iashlpr.dll"
Sat 7 Sep 2002 62,464 A..H. --- "C:\WINDOWS\system32\iasnap.dll"
Sat 7 Sep 2002 17,920 A..H. --- "C:\WINDOWS\system32\iaspolcy.dll"
Wed 4 Aug 2004 119,808 A..H. --- "C:\WINDOWS\system32\iasrad.dll"
Sat 7 Sep 2002 141,312 A..H. --- "C:\WINDOWS\system32\iasrecst.dll"
Sat 7 Sep 2002 86,528 A..H. --- "C:\WINDOWS\system32\iassam.dll"
Sat 7 Sep 2002 253,440 A..H. --- "C:\WINDOWS\system32\iassdo.dll"
Sat 7 Sep 2002 62,976 A..H. --- "C:\WINDOWS\system32\iassvcs.dll"
Wed 4 Aug 2004 11,264 A..H. --- "C:\WINDOWS\system32\icaapi.dll"
Wed 4 Aug 2004 80,384 ...H. --- "C:\WINDOWS\system32\iccvid.dll"
Sat 7 Sep 2002 16,384 A..H. --- "C:\WINDOWS\system32\icfgnt5.dll"
Wed 4 Aug 2004 253,952 A..H. --- "C:\WINDOWS\system32\icm32.dll"
Wed 4 Aug 2004 3,584 A..H. --- "C:\WINDOWS\system32\icmp.dll"
Sat 7 Sep 2002 56,320 A..H. --- "C:\WINDOWS\system32\icmui.dll"
Wed 4 Aug 2004 73,728 A..H. --- "C:\WINDOWS\system32\icwdial.dll"
Wed 4 Aug 2004 65,536 A..H. --- "C:\WINDOWS\system32\icwphbk.dll"
Wed 4 Aug 2004 121,856 A..H. --- "C:\WINDOWS\system32\idq.dll"
Wed 4 Aug 2004 34,304 A..H. --- "C:\WINDOWS\system32\ie4uinit.exe"
Wed 4 Aug 2004 139,264 A..H. --- "C:\WINDOWS\system32\ieakeng.dll"
Wed 4 Aug 2004 221,696 A..H. --- "C:\WINDOWS\system32\ieaksie.dll"
Sat 7 Sep 2002 245,760 A..H. --- "C:\WINDOWS\system32\ieakui.dll"
Wed 4 Aug 2004 323,584 A..H. --- "C:\WINDOWS\system32\iedkcs32.dll"
Wed 4 Aug 2004 81,920 A..H. --- "C:\WINDOWS\system32\ieencode.dll"
Wed 4 Aug 2004 249,344 A..H. --- "C:\WINDOWS\system32\iepeers.dll"
Wed 4 Aug 2004 49,152 A..H. --- "C:\WINDOWS\system32\iernonce.dll"
Wed 4 Aug 2004 63,488 A..H. --- "C:\WINDOWS\system32\iesetup.dll"
Wed 4 Aug 2004 114,688 A..H. --- "C:\WINDOWS\system32\iexpress.exe"
Wed 4 Aug 2004 142,848 A..H. --- "C:\WINDOWS\system32\ifmon.dll"
Sat 7 Sep 2002 70,656 A..H. --- "C:\WINDOWS\system32\ifsutil.dll"
Tue 10 Aug 2004 495,616 ...H. --- "C:\WINDOWS\system32\igfxcfg.exe"
Tue 10 Aug 2004 139,264 ...H. --- "C:\WINDOWS\system32\igfxdev.dll"
Tue 10 Aug 2004 45,056 ...H. --- "C:\WINDOWS\system32\igfxdgps.dll"
Tue 10 Aug 2004 151,552 ...H. --- "C:\WINDOWS\system32\igfxdiag.exe"
Tue 10 Aug 2004 86,016 ...H. --- "C:\WINDOWS\system32\igfxdo.dll"
Tue 10 Aug 2004 225,280 ...H. --- "C:\WINDOWS\system32\igfxeud.dll"
Tue 10 Aug 2004 36,864 ...H. --- "C:\WINDOWS\system32\igfxexps.dll"
Tue 10 Aug 2004 106,496 ...H. --- "C:\WINDOWS\system32\igfxext.exe"
Tue 10 Aug 2004 126,976 ...H. --- "C:\WINDOWS\system32\igfxhk.dll"
Tue 10 Aug 2004 225,280 ...H. --- "C:\WINDOWS\system32\igfxpph.dll"
Tue 10 Aug 2004 167,936 ...H. --- "C:\WINDOWS\system32\igfxres.dll"
Tue 10 Aug 2004 1,245,184 ...H. --- "C:\WINDOWS\system32\igfxress.dll"
Tue 10 Aug 2004 344,064 ...H. --- "C:\WINDOWS\system32\igfxsrvc.dll"
Tue 10 Aug 2004 155,648 ...H. --- "C:\WINDOWS\system32\igfxtray.exe"
Tue 10 Aug 2004 114,688 ...H. --- "C:\WINDOWS\system32\igfxzoom.exe"
Wed 4 Aug 2004 8,192 A..H. --- "C:\WINDOWS\system32\igmpagnt.dll"
Sat 7 Sep 2002 9,216 A..H. --- "C:\WINDOWS\system32\iissuba.dll"
Wed 4 Aug 2004 81,920 A..H. --- "C:\WINDOWS\system32\ils.dll"
Wed 4 Aug 2004 144,384 A..H. --- "C:\WINDOWS\system32\imagehlp.dll"
Wed 4 Aug 2004 150,016 A..H. --- "C:\WINDOWS\system32\imapi.exe"
Wed 4 Aug 2004 36,921 A..H. --- "C:\WINDOWS\system32\imeshare.dll"
Wed 4 Aug 2004 35,840 A..H. --- "C:\WINDOWS\system32\imgutil.dll"
Wed 4 Aug 2004 110,080 A..H. --- "C:\WINDOWS\system32\imm32.dll"
Wed 4 Aug 2004 282,624 A..H. --- "C:\WINDOWS\system32\inetcfg.dll"
Wed 4 Aug 2004 678,400 A..H. --- "C:\WINDOWS\system32\inetcomm.dll"
Sat 7 Sep 2002 121,856 A..H. --- "C:\WINDOWS\system32\inetcplc.dll"
Wed 4 Aug 2004 33,280 A..H. --- "C:\WINDOWS\system32\inetmib1.dll"
Wed 4 Aug 2004 75,264 A..H. --- "C:\WINDOWS\system32\inetpp.dll"
Wed 4 Aug 2004 16,384 A..H. --- "C:\WINDOWS\system32\inetppui.dll"
Wed 4 Aug 2004 50,688 A..H. --- "C:\WINDOWS\system32\inetres.dll"
Sat 7 Sep 2002 450,560 A..H. --- "C:\WINDOWS\system32\infosoft.dll"
Wed 4 Aug 2004 147,456 A..H. --- "C:\WINDOWS\system32\initpki.dll"
Wed 21 Aug 2002 204,800 ...H. --- "C:\WINDOWS\system32\INKED.DLL"
Wed 4 Aug 2004 126,464 A..H. --- "C:\WINDOWS\system32\input.dll"
Wed 4 Aug 2004 96,768 A..H. --- "C:\WINDOWS\system32\inseng.dll"
Sat 7 Sep 2002 39,936 A..H. --- "C:\WINDOWS\system32\iologmsg.dll"
Wed 4 Aug 2004 58,368 A..H. --- "C:\WINDOWS\system32\ipconfig.exe"
Wed 4 Aug 2004 95,744 A..H. --- "C:\WINDOWS\system32\iphlpapi.dll"
Sat 7 Sep 2002 167,424 A..H. --- "C:\WINDOWS\system32\ipmontr.dll"
Wed 4 Aug 2004 332,800 A..H. --- "C:\WINDOWS\system32\ipnathlp.dll"
Wed 4 Aug 2004 355,840 A..H. --- "C:\WINDOWS\system32\ippromon.dll"
Sat 7 Sep 2002 3,584 A..H. --- "C:\WINDOWS\system32\iprop.dll"
Sat 7 Sep 2002 4,096 A..H. --- "C:\WINDOWS\system32\iprtprio.dll"
Sat 7 Sep 2002 169,984 A..H. --- "C:\WINDOWS\system32\iprtrmgr.dll"
Sat 7 Sep 2002 46,080 A..H. --- "C:\WINDOWS\system32\ipsec6.exe"
Wed 4 Aug 2004 361,472 A..H. --- "C:\WINDOWS\system32\ipsecsnp.dll"
Wed 4 Aug 2004 184,320 A..H. --- "C:\WINDOWS\system32\ipsecsvc.dll"
Wed 4 Aug 2004 388,096 A..H. --- "C:\WINDOWS\system32\ipsmsnap.dll"
Wed 4 Aug 2004 53,760 A..H. --- "C:\WINDOWS\system32\ipv6.exe"
Wed 4 Aug 2004 59,904 A..H. --- "C:\WINDOWS\system32\ipv6mon.dll"
Sat 7 Sep 2002 91,648 A..H. --- "C:\WINDOWS\system32\ipxmontr.dll"
Sat 7 Sep 2002 74,240 A..H. --- "C:\WINDOWS\system32\ipxpromn.dll"
Sat 7 Sep 2002 21,504 A..H. --- "C:\WINDOWS\system32\ipxrip.dll"
Wed 4 Aug 2004 24,576 A..H. --- "C:\WINDOWS\system32\ipxroute.exe"
Sat 7 Sep 2002 39,936 A..H. --- "C:\WINDOWS\system32\ipxrtmgr.dll"
Sat 7 Sep 2002 66,560 A..H. --- "C:\WINDOWS\system32\ipxsap.dll"
Sat 7 Sep 2002 20,992 A..H. --- "C:\WINDOWS\system32\ipxwan.dll"
Sat 7 Sep 2002 199,168 ...H. --- "C:\WINDOWS\system32\ir32_32.dll"
Wed 4 Aug 2004 120,320 ...H. --- "C:\WINDOWS\system32\ir41_qc.dll"
Wed 4 Aug 2004 338,432 ...H. --- "C:\WINDOWS\system32\ir41_qcx.dll"
Wed 4 Aug 2004 755,200 ...H. --- "C:\WINDOWS\system32\ir50_32.dll"
Wed 4 Aug 2004 200,192 ...H. --- "C:\WINDOWS\system32\ir50_qc.dll"
Wed 4 Aug 2004 183,808 ...H. --- "C:\WINDOWS\system32\ir50_qcx.dll"
Sat 7 Sep 2002 13,312 A..H. --- "C:\WINDOWS\system32\irclass.dll"
Wed 4 Aug 2004 86,016 A..H. --- "C:\WINDOWS\system32\isign32.dll"
Wed 4 Aug 2004 32,768 A..H. --- "C:\WINDOWS\system32\isrdbg32.dll"
Wed 4 Aug 2004 143,872 A..H. --- "C:\WINDOWS\system32\itircl.dll"
Wed 4 Aug 2004 134,144 A..H. --- "C:\WINDOWS\system32\itss.dll"
Wed 4 Aug 2004 192,000 A..H. --- "C:\WINDOWS\system32\iuengine.dll"
Wed 4 Aug 2004 54,784 A..H. --- "C:\WINDOWS\system32\ixsso.dll"
Sat 7 Sep 2002 362,496 A..H. --- "C:\WINDOWS\system32\jet500.dll"
Sat 7 Sep 2002 44,544 ...H. --- "C:\WINDOWS\system32\jgaw400.dll"
Sat 7 Sep 2002 144,896 ...H. --- "C:\WINDOWS\system32\jgdw400.dll"
Sat 7 Sep 2002 35,840 ...H. --- "C:\WINDOWS\system32\jgmd400.dll"
Sat 7 Sep 2002 42,496 ...H. --- "C:\WINDOWS\system32\jgpl400.dll"
Sat 7 Sep 2002 45,568 ...H. --- "C:\WINDOWS\system32\jgsd400.dll"
Sat 7 Sep 2002 65,536 ...H. --- "C:\WINDOWS\system32\jgsh400.dll"
Sat 7 Sep 2002 49,488 A..H. --- "C:\WINDOWS\system32\jobexec.dll"
Wed 4 Aug 2004 450,560 A..H. --- "C:\WINDOWS\system32\jscript.dll"
Sat 7 Sep 2002 28,719 A..H. --- "C:\WINDOWS\system32\jsfr.dll"
Wed 4 Aug 2004 15,872 A..H. --- "C:\WINDOWS\system32\jsproxy.dll"
Sat 7 Sep 2002 14,841 ...H. --- "C:\WINDOWS\system32\kb16.com"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbda1.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbda2.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbda3.dll"
Sat 7 Sep 2002 6,656 A..HR --- "C:\WINDOWS\system32\KBDAL.DLL"
Sat 7 Sep 2002 5,120 A..HR --- "C:\WINDOWS\system32\kbdarme.dll"
Sat 7 Sep 2002 5,120 A..HR --- "C:\WINDOWS\system32\kbdarmw.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbdaze.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbdazel.dll"
Sat 7 Sep 2002 6,144 A..H. --- "C:\WINDOWS\system32\kbdbe.dll"
Sat 7 Sep 2002 6,144 A..H. --- "C:\WINDOWS\system32\kbdbene.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbdblr.dll"
Sat 7 Sep 2002 6,144 A..H. --- "C:\WINDOWS\system32\kbdbr.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbdbu.dll"
Sat 7 Sep 2002 6,144 A..H. --- "C:\WINDOWS\system32\kbdca.dll"
Sat 7 Sep 2002 7,680 A..H. --- "C:\WINDOWS\system32\kbdcan.dll"
Sat 7 Sep 2002 6,656 A..HR --- "C:\WINDOWS\system32\kbdcr.dll"
Sat 7 Sep 2002 7,168 A..HR --- "C:\WINDOWS\system32\kbdcz.dll"
Sat 7 Sep 2002 6,656 A..HR --- "C:\WINDOWS\system32\kbdcz1.dll"
Sat 7 Sep 2002 6,656 A..HR --- "C:\WINDOWS\system32\kbdcz2.dll"
Sat 7 Sep 2002 6,144 A..H. --- "C:\WINDOWS\system32\kbdda.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbddiv1.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbddiv2.dll"
Sat 7 Sep 2002 5,120 A..H. --- "C:\WINDOWS\system32\kbddv.dll"
Sat 7 Sep 2002 6,144 A..H. --- "C:\WINDOWS\system32\kbdes.dll"
Sat 7 Sep 2002 6,144 A..HR --- "C:\WINDOWS\system32\kbdest.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbdfa.dll"
Sat 7 Sep 2002 6,144 A..H. --- "C:\WINDOWS\system32\kbdfc.dll"
Sat 7 Sep 2002 6,144 A..H. --- "C:\WINDOWS\system32\kbdfi.dll"
Wed 4 Aug 2004 7,168 A..H. --- "C:\WINDOWS\system32\kbdfi1.dll"
Sat 7 Sep 2002 6,144 A..H. --- "C:\WINDOWS\system32\kbdfo.dll"
Sat 7 Sep 2002 6,144 A..H. --- "C:\WINDOWS\system32\kbdfr.dll"
Sat 7 Sep 2002 5,632 A..H. --- "C:\WINDOWS\system32\kbdgae.dll"
Sat 7 Sep 2002 5,120 A..HR --- "C:\WINDOWS\system32\kbdgeo.dll"
Sat 7 Sep 2002 6,144 A..HR --- "C:\WINDOWS\system32\kbdgkl.dll"
Sat 7 Sep 2002 6,144 A..H. --- "C:\WINDOWS\system32\kbdgr.dll"
Sat 7 Sep 2002 6,144 A..H. --- "C:\WINDOWS\system32\kbdgr1.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbdhe.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbdhe220.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbdhe319.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbdheb.dll"
Sat 7 Sep 2002 6,144 A..HR --- "C:\WINDOWS\system32\kbdhela2.dll"
Sat 7 Sep 2002 6,656 A..HR --- "C:\WINDOWS\system32\kbdhela3.dll"
Sat 7 Sep 2002 8,192 A..HR --- "C:\WINDOWS\system32\kbdhept.dll"
Sat 7 Sep 2002 6,656 A..HR --- "C:\WINDOWS\system32\kbdhu.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbdhu1.dll"
Sat 7 Sep 2002 6,144 A..H. --- "C:\WINDOWS\system32\kbdic.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdinbe1.dll"
Wed 4 Aug 2004 6,656 A..H. --- "C:\WINDOWS\system32\kbdinben.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbdindev.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbdinguj.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbdinhin.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbdinkan.dll"
Wed 4 Aug 2004 6,656 A..H. --- "C:\WINDOWS\system32\kbdinmal.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbdinmar.dll"
Sat 7 Sep 2002 6,144 A..HR --- "C:\WINDOWS\system32\kbdinpun.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbdintam.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbdintel.dll"
Sat 7 Sep 2002 5,632 A..H. --- "C:\WINDOWS\system32\kbdir.dll"
Sat 7 Sep 2002 5,632 A..H. --- "C:\WINDOWS\system32\kbdit.dll"
Sat 7 Sep 2002 5,632 A..H. --- "C:\WINDOWS\system32\kbdit142.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbdkaz.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbdkyr.dll"
Sat 7 Sep 2002 6,656 A..H. --- "C:\WINDOWS\system32\kbdla.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbdlt.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbdlt1.dll"
Sat 7 Sep 2002 6,144 A..HR --- "C:\WINDOWS\system32\kbdlv.dll"
Sat 7 Sep 2002 6,144 A..HR --- "C:\WINDOWS\system32\kbdlv1.dll"
Sat 7 Sep 2002 6,144 A..H. --- "C:\WINDOWS\system32\kbdmac.dll"
Wed 4 Aug 2004 5,632 A..H. --- "C:\WINDOWS\system32\kbdmaori.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdmlt47.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdmlt48.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbdmon.dll"
Sat 7 Sep 2002 6,144 A..H. --- "C:\WINDOWS\system32\kbdne.dll"
Sat 7 Sep 2002 7,168 A..H. --- "C:\WINDOWS\system32\kbdnec.dll"
Sat 7 Sep 2002 6,144 A..H. --- "C:\WINDOWS\system32\kbdno.dll"
Wed 4 Aug 2004 7,168 A..H. --- "C:\WINDOWS\system32\kbdno1.dll"
Sat 7 Sep 2002 6,656 A..HR --- "C:\WINDOWS\system32\kbdpl.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbdpl1.dll"
Sat 7 Sep 2002 6,144 A..H. --- "C:\WINDOWS\system32\kbdpo.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbdro.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbdru.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbdru1.dll"
Sat 7 Sep 2002 6,144 A..H. --- "C:\WINDOWS\system32\kbdsf.dll"
Sat 7 Sep 2002 6,656 A..H. --- "C:\WINDOWS\system32\kbdsg.dll"
Sat 7 Sep 2002 6,656 A..HR --- "C:\WINDOWS\system32\kbdsl.dll"
Sat 7 Sep 2002 6,656 A..HR --- "C:\WINDOWS\system32\kbdsl1.dll"
Wed 4 Aug 2004 7,680 A..H. --- "C:\WINDOWS\system32\kbdsmsfi.dll"
Wed 4 Aug 2004 7,680 A..H. --- "C:\WINDOWS\system32\kbdsmsno.dll"
Sat 7 Sep 2002 6,144 A..H. --- "C:\WINDOWS\system32\kbdsp.dll"
Sat 7 Sep 2002 6,144 A..H. --- "C:\WINDOWS\system32\kbdsw.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbdsyr1.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbdsyr2.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbdtat.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbdth0.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbdth1.dll"
Sat 7 Sep 2002 6,144 A..HR --- "C:\WINDOWS\system32\kbdth2.dll"
Sat 7 Sep 2002 6,144 A..HR --- "C:\WINDOWS\system32\kbdth3.dll"
Sat 7 Sep 2002 6,144 A..HR --- "C:\WINDOWS\system32\kbdtuf.dll"
Sat 7 Sep 2002 6,144 A..HR --- "C:\WINDOWS\system32\kbdtuq.dll"
Sat 7 Sep 2002 5,632 A..H. --- "C:\WINDOWS\system32\kbduk.dll"
Wed 4 Aug 2004 7,168 A..H. --- "C:\WINDOWS\system32\kbdukx.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbdur.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbdurdu.dll"
Sat 7 Sep 2002 5,632 A..H. --- "C:\WINDOWS\system32\kbdus.dll"
Sat 7 Sep 2002 5,632 A..H. --- "C:\WINDOWS\system32\kbdusa.dll"
Sat 7 Sep 2002 6,144 A..H. --- "C:\WINDOWS\system32\kbdusl.dll"
Sat 7 Sep 2002 6,144 A..H. --- "C:\WINDOWS\system32\kbdusr.dll"
Sat 7 Sep 2002 6,144 A..H. --- "C:\WINDOWS\system32\kbdusx.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbduzb.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbdvntc.dll"
Sat 7 Sep 2002 5,632 A..HR --- "C:\WINDOWS\system32\kbdycc.dll"
Sat 7 Sep 2002 6,656 A..HR --- "C:\WINDOWS\system32\kbdycl.dll"
Wed 4 Aug 2004 7,424 A..H. --- "C:\WINDOWS\system32\kd1394.dll"
Sat 7 Sep 2002 7,040 A..H. --- "C:\WINDOWS\system32\kdcom.dll"
Wed 4 Aug 2004 294,400 A..H. --- "C:\WINDOWS\system32\kerberos.dll"
Wed 4 Aug 2004 1,048,576 A..H. --- "C:\WINDOWS\system32\kernel32.dll"
Sat 7 Sep 2002 42,809 A..H. --- "C:\WINDOWS\system32\key01.sys"
Wed 4 Aug 2004 42,537 A..H. --- "C:\WINDOWS\system32\keyboard.sys"
Wed 4 Aug 2004 157,184 A..H. --- "C:\WINDOWS\system32\keymgr.dll"
Wed 4 Aug 2004 92,608 A..H. --- "C:\WINDOWS\system32\krnl386.exe"
Sat 7 Sep 2002 9,728 A..H. --- "C:\WINDOWS\system32\label.exe"
Sat 7 Sep 2002 89,600 A..H. --- "C:\WINDOWS\system32\langwrbk.dll"
Wed 4 Aug 2004 424,960 A..H. --- "C:\WINDOWS\system32\licdll.dll"
Wed 4 Aug 2004 22,528 A..H. --- "C:\WINDOWS\system32\licmgr10.dll"
Wed 4 Aug 2004 58,880 A..H. --- "C:\WINDOWS\system32\licwmi.dll"
Sat 7 Sep 2002 30,208 A..H. --- "C:\WINDOWS\system32\lights.exe"
Wed 4 Aug 2004 18,944 A..H. --- "C:\WINDOWS\system32\linkinfo.dll"
Wed 4 Aug 2004 13,824 A..H. --- "C:\WINDOWS\system32\lmhsvc.dll"
Wed 4 Aug 2004 399,872 A..H. --- "C:\WINDOWS\system32\lmrt.dll"
Sat 7 Sep 2002 26,624 A..H. --- "C:\WINDOWS\system32\lnkstub.exe"
Sat 7 Sep 2002 1,187 ...H. --- "C:\WINDOWS\system32\loadfix.com"
Wed 4 Aug 2004 100,352 A..H. --- "C:\WINDOWS\system32\loadperf.dll"
Wed 4 Aug 2004 228,352 A..H. --- "C:\WINDOWS\system32\localsec.dll"
Wed 4 Aug 2004 344,576 A..H. --- "C:\WINDOWS\system32\localspl.dll"
Wed 4 Aug 2004 11,776 A..H. --- "C:\WINDOWS\system32\localui.dll"
Wed 4 Aug 2004 75,264 A..H. --- "C:\WINDOWS\system32\locator.exe"
Sat 7 Sep 2002 5,120 A..H. --- "C:\WINDOWS\system32\lodctr.exe"
Sat 7 Sep 2002 50,688 A..H. --- "C:\WINDOWS\system32\loghours.dll"
Wed 4 Aug 2004 61,952 A..H. --- "C:\WINDOWS\system32\logman.exe"
Sat 7 Sep 2002 15,872 A..H. --- "C:\WINDOWS\system32\logoff.exe"
Wed 4 Aug 2004 515,584 A..H. --- "C:\WINDOWS\system32\logonui.exe"
Wed 4 Aug 2004 22,016 A..H. --- "C:\WINDOWS\system32\lpk.dll"
Sat 7 Sep 2002 6,144 A..H. --- "C:\WINDOWS\system32\lpq.exe"
Sat 7 Sep 2002 9,216 A..H. --- "C:\WINDOWS\system32\lpr.exe"
Wed 4 Aug 2004 10,240 A..H. --- "C:\WINDOWS\system32\lprhelp.dll"
Sat 7 Sep 2002 9,216 A..H. --- "C:\WINDOWS\system32\lprmonui.dll"
Wed 4 Aug 2004 728,576 A..H. --- "C:\WINDOWS\system32\lsasrv.dll"
Wed 4 Aug 2004 13,312 A..H. --- "C:\WINDOWS\system32\lsass.exe"
Sat 7 Sep 2002 2,560 A..H. --- "C:\WINDOWS\system32\lz32.dll"
Sat 7 Sep 2002 9,936 A..H. --- "C:\WINDOWS\system32\lzexpand.dll"
Wed 4 Aug 2004 73,216 A..H. --- "C:\WINDOWS\system32\magnify.exe"
Sat 7 Sep 2002 8,192 A..H. --- "C:\WINDOWS\system32\mag_hook.dll"
Wed 4 Aug 2004 85,504 A..H. --- "C:\WINDOWS\system32\makecab.exe"
Sat 7 Sep 2002 112,128 ...H. --- "C:\WINDOWS\system32\mapi32.dll"
Sat 7 Sep 2002 112,128 ...H. --- "C:\WINDOWS\system32\mapistub.dll"
Wed 4 Aug 2004 14,848 A..H. --- "C:\WINDOWS\system32\mcastmib.dll"
Sat 7 Sep 2002 10,240 A..H. --- "C:\WINDOWS\system32\mcd32.dll"
Sat 7 Sep 2002 10,496 A..H. --- "C:\WINDOWS\system32\mcdsrv32.dll"
Sat 7 Sep 2002 4,608 A..H. --- "C:\WINDOWS\system32\mchgrcoi.dll"
Wed 4 Aug 2004 85,504 A..H. --- "C:\WINDOWS\system32\mciavi32.dll"
Sat 7 Sep 2002 17,408 A..H. --- "C:\WINDOWS\system32\mcicda.dll"
Sat 7 Sep 2002 8,192 A..H. --- "C:\WINDOWS\system32\mciole16.dll"
Sat 7 Sep 2002 7,680 A..H. --- "C:\WINDOWS\system32\mciole32.dll"
Wed 4 Aug 2004 35,328 A..H. --- "C:\WINDOWS\system32\mciqtz32.dll"
Wed 4 Aug 2004 23,040 A..H. --- "C:\WINDOWS\system32\mciseq.dll"
Wed 4 Aug 2004 23,552 A..H. --- "C:\WINDOWS\system32\mciwave.dll"
Sat 7 Sep 2002 50,176 A..H. --- "C:\WINDOWS\system32\mdhcp.dll"
Thu 19 Jun 2003 1

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 20

spaghetti Messages postés 205 Date d'inscription Statut Membre Dernière intervention 24

suite..........

Wed 4 Aug 2004 319,517 A..H. --- "C:\WINDOWS\system32\msexcl40.dll"
Wed 4 Aug 2004 537,088 A..H. --- "C:\WINDOWS\system32\msftedit.dll"
Sat 7 Sep 2002 22,528 A..H. --- "C:\WINDOWS\system32\msg.exe"
Wed 4 Aug 2004 1,004,032 A..H. --- "C:\WINDOWS\system32\msgina.dll"
Wed 4 Aug 2004 33,792 A..H. --- "C:\WINDOWS\system32\msgsvc.dll"
Sat 7 Sep 2002 128,000 A..H. --- "C:\WINDOWS\system32\mshearts.exe"
Wed 4 Aug 2004 29,184 A..H. --- "C:\WINDOWS\system32\mshta.exe"
Wed 4 Aug 2004 3,003,392 A..H. --- "C:\WINDOWS\system32\mshtml.dll"
Wed 4 Aug 2004 448,512 A..H. --- "C:\WINDOWS\system32\mshtmled.dll"
Wed 4 Aug 2004 57,344 A..H. --- "C:\WINDOWS\system32\mshtmler.dll"
Wed 4 May 2005 2,890,240 A..H. --- "C:\WINDOWS\system32\msi.dll"
Wed 4 Aug 2004 51,712 A..H. --- "C:\WINDOWS\system32\msident.dll"
Thu 20 Dec 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 5 Mar 2008 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv15.bak"
Sun 23 Mar 2008 26,112 ...H. --- "C:\Documents and Settings\K@mo\Mes documents\~WRL0211.tmp"
Wed 4 Aug 2004 352,256 ...H. --- "C:\WINDOWS\BricoPacks\SysFiles\10_cmdial32.dll"
Sat 7 Sep 2002 67,072 ...H. --- "C:\WINDOWS\BricoPacks\SysFiles\11_console.dll"
Wed 4 Aug 2004 165,888 ...H. --- "C:\WINDOWS\BricoPacks\SysFiles\12_credui.dll"
Wed 4 Aug 2004 386,560 ...H. --- "C:\WINDOWS\BricoPacks\SysFiles\15_fontext.dll"
Wed 4 Aug 2004 146,944 ...H. --- "C:\WINDOWS\BricoPacks\SysFiles\18_hotplug.dll"
Sat 7 Sep 2002 121,856 ...H. --- "C:\WINDOWS\BricoPacks\SysFiles\20_inetcplc.dll"
Wed 4 Aug 2004 157,184 ...H. --- "C:\WINDOWS\BricoPacks\SysFiles\23_keymgr.dll"
Wed 4 Aug 2004 216,064 ...H. --- "C:\WINDOWS\BricoPacks\SysFiles\28_moricons.dll"
Wed 4 Aug 2004 1,004,032 ...H. --- "C:\WINDOWS\BricoPacks\SysFiles\29_msgina.dll"
Wed 4 Aug 2004 98,304 ...H. --- "C:\WINDOWS\BricoPacks\SysFiles\2_ahui.exe"
Wed 4 Aug 2004 3,003,392 ...H. --- "C:\WINDOWS\BricoPacks\SysFiles\30_mshtml.dll"
Wed 4 Aug 2004 28,672 ...H. --- "C:\WINDOWS\BricoPacks\SysFiles\4_batmeter.dll"
Wed 4 Aug 2004 1,017,344 ...H. --- "C:\WINDOWS\BricoPacks\SysFiles\5_browseui.dll"
Wed 4 Aug 2004 85,504 ...H. --- "C:\WINDOWS\BricoPacks\SysFiles\6_cabview.dll"
Wed 4 Aug 2004 515,584 ...H. --- "C:\WINDOWS\BricoPacks\SysFiles\78_logonui.exe"
Sat 7 Sep 2002 115,200 ...H. --- "C:\WINDOWS\BricoPacks\SysFiles\7_calc.exe"
Wed 4 Aug 2004 65,536 ...H. --- "C:\WINDOWS\BricoPacks\SysFiles\8_cleanmgr.exe"
Wed 4 Aug 2004 400,896 ...H. --- "C:\WINDOWS\BricoPacks\SysFiles\9_cmd.exe"
Wed 4 Aug 2004 159,232 A..H. --- "C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\cewmdm.dll"
Wed 4 Aug 2004 6,656 A..H. --- "C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\laprxy.dll"
Wed 4 Aug 2004 103,936 A..H. --- "C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\logagent.exe"
Wed 4 Aug 2004 286,208 A..H. --- "C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\blackbox.dll"
Wed 4 Aug 2004 299,520 A..H. --- "C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmclien.dll"
Wed 4 Aug 2004 87,040 A..H. --- "C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmstor.dll"
Wed 4 Aug 2004 695,296 A..H. --- "C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmv2clt.dll"
Tue 15 Jan 2008 184,832 ...H. --- "C:\Documents and Settings\K@mo\Application Data\Microsoft\ModŠles\~WRL0006.tmp"
Wed 19 Mar 2008 184,832 ...H. --- "C:\Documents and Settings\K@mo\Application Data\Microsoft\ModŠles\~WRL0082.tmp"
Sat 16 Jun 2007 184,320 ...H. --- "C:\Documents and Settings\K@mo\Application Data\Microsoft\ModŠles\~WRL0262.tmp"
Sun 23 Mar 2008 182,784 ...H. --- "C:\Documents and Settings\K@mo\Application Data\Microsoft\ModŠles\~WRL0863.tmp"
Wed 7 May 2008 180,736 ...H. --- "C:\Documents and Settings\K@mo\Application Data\Microsoft\ModŠles\~WRL1544.tmp"
Fri 29 Jun 2007 182,272 ...H. --- "C:\Documents and Settings\K@mo\Application Data\Microsoft\ModŠles\~WRL1904.tmp"
Mon 11 Jun 2007 182,272 ...H. --- "C:\Documents and Settings\K@mo\Application Data\Microsoft\ModŠles\~WRL2151.tmp"
Sat 8 Mar 2008 184,832 ...H. --- "C:\Documents and Settings\K@mo\Application Data\Microsoft\ModŠles\~WRL3017.tmp"
Tue 15 Jan 2008 184,832 ...H. --- "C:\Documents and Settings\K@mo\Application Data\Microsoft\ModŠles\~WRL3024.tmp"
Fri 11 Apr 2008 183,296 ...H. --- "C:\Documents and Settings\K@mo\Application Data\Microsoft\ModŠles\~WRL3842.tmp"
Sun 23 Mar 2008 183,296 ...H. --- "C:\Documents and Settings\K@mo\Application Data\Microsoft\Word\~WRL0145.tmp"
Tue 15 Jan 2008 37,888 ...H. --- "C:\Documents and Settings\K@mo\Application Data\Microsoft\Word\~WRL0430.tmp"
Wed 19 Mar 2008 183,296 ...H. --- "C:\Documents and Settings\K@mo\Application Data\Microsoft\Word\~WRL1384.tmp"
Sat 19 Apr 2008 240,128 A..H. --- "C:\Documents and Settings\K@mo\Mes documents\m‚moire_\m‚moire\~WRL1814.tmp"

Finished!

Réponse 6 / 20

geoffrey5 Messages postés 13732 Date d'inscription Statut Contributeur sécurité Dernière intervention 10

mais de rien ;-)

Fais un rapport hijackthis pour que je puisses vérifier les infections de ton pc stp

Télécharge hijackthis à cette adresse, tout est expliqué pour bien l installer et pour savoir s'en servir :

https://www.androidworld.fr/

Réponse 7 / 20

spaghetti Messages postés 205 Date d'inscription Statut Membre Dernière intervention 24

Voila

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:34:14, on 03/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: D - {11E9CD6F-CD21-3DBF-93C3-AD6D3E42C1DE} - C:\WINDOWS\system32\mmx78221.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: (no name) - {26027218-80B3-40FA-9FA1-70FD56AA5328} - (no file)
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: AL2Spy Class - {DC200356-0864-4F66-8964-5D43A19300F5} - C:\WINDOWS\AUTOLO~1\AL2DLL.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://m.boonty.com/webgames/_popcap/popcaploader_v10_fr.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: OracleOracle9iTNSListenerLISTENER_ORACLEBD - Unknown owner - C:\oracle\ora92\BIN\TNSLSNR.exe (file missing)
O23 - Service: OracleOracle9iTNSListenerLISTENER_ORACLEDB - Unknown owner - C:\oracle\ora92\BIN\TNSLSNR.exe (file missing)
O23 - Service: OracleOracleTNSListener - Unknown owner - D:\oracle\ora92\BIN\TNSLSNR.exe (file missing)
O23 - Service: OracleServiceORADB - Unknown owner - d:\oracle\ora92\bin\ORACLE.EXE (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: wampapache - Apache Software Foundation - D:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - D:\wamp\mysql\bin\mysqld-nt.exe

Réponse 8 / 20

geoffrey5 Messages postés 13732 Date d'inscription Statut Contributeur sécurité Dernière intervention 10

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau à cette adresse :

(c est le numéro 6 en bas de la page) : https://www.androidworld.fr/

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)

Réponse 9 / 20

spaghetti Messages postés 205 Date d'inscription Statut Membre Dernière intervention 24

....et voila

-----------\\ ToolBar S&D 1.1.6 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.60GHz )
BIOS : Default System BIOS
USER : K@mo ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Internet Security 7.0.1.325 (Activated)
Firewall : Kaspersky Internet Security 7.0.1.325 (Activated)

"C:\ToolBar SD" ( MAJ : 30-08-2008|00:19 )
Option : [1] ( 03/09/2008|13:51 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\AskPBar
C:\Program Files\AskPBar\bar
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.js
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.xul
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.dtd
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.properties
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\SearchSettingsFF.dll
C:\DOCUME~1\K@mo\APPLIC~1\Search Settings
C:\DOCUME~1\K@mo\APPLIC~1\Search Settings\kb127
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb127
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\iun6002.exe

-----------\\ Extensions

(K@mo) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(K@mo) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"

--------------------\\ Recherche d'autres infections

C:\WINDOWS\Pack.epk
C:\WINDOWS\System32\nvs2.inf

C:\WINDOWS\System32\ebcwsg.dat
C:\WINDOWS\System32\ebcwsg_nav.dat
C:\WINDOWS\System32\ebcwsg_navps.dat
[b]==> EGDACCESS <==/b

--------------------\\ ROOTKIT !!

[HKLM\..\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV] -- ROOTKIT Tibs !
[HKLM\..\CurrentControlSet\Enum\Root\tdssserv] -- ROOTKIT Tibs !
[HKLM\..\ControlSet001\Enum\Root\LEGACY_TDSSSERV] -- ROOTKIT Tibs !
[HKLM\..\ControlSet001\Enum\Root\tdssserv] -- ROOTKIT Tibs !

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\K@mo\Mes documents\PFE\ella\ella\Cours divers\TheBasicElementsOfCracking.doc

1 - "C:\ToolBar SD\TB_1.txt" - 03/09/2008|13:54 - Option : [1]

-----------\\ Fin du rapport a 13:54:53,92

Réponse 10 / 20

spaghetti Messages postés 205 Date d'inscription Statut Membre Dernière intervention 24

-----------\\ ToolBar S&D 1.1.6 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.60GHz )
BIOS : Default System BIOS
USER : K@mo ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Internet Security 7.0.1.325 (Activated)
Firewall : Kaspersky Internet Security 7.0.1.325 (Activated)

"C:\ToolBar SD" ( MAJ : 30-08-2008|00:19 )
Option : [2] ( 03/09/2008|14:10 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\AskPBar\bar
Supprime! - C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
Supprime! - C:\DOCUME~1\K@mo\APPLIC~1\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\WINDOWS\iun6002.exe
Supprime! - C:\Program Files\AskPBar
Supprime! - C:\DOCUME~1\K@mo\APPLIC~1\Search Settings
Supprime! - C:\Program Files\Search Settings

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ Extensions

(K@mo) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(K@mo) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"

--------------------\\ Recherche d'autres infections

C:\WINDOWS\Pack.epk
C:\WINDOWS\System32\nvs2.inf

C:\WINDOWS\System32\ebcwsg.dat
C:\WINDOWS\System32\ebcwsg_nav.dat
C:\WINDOWS\System32\ebcwsg_navps.dat
[b]==> EGDACCESS <==/b

--------------------\\ ROOTKIT !!

[HKLM\..\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV] -- ROOTKIT Tibs !
[HKLM\..\CurrentControlSet\Enum\Root\tdssserv] -- ROOTKIT Tibs !
[HKLM\..\ControlSet001\Enum\Root\LEGACY_TDSSSERV] -- ROOTKIT Tibs !
[HKLM\..\ControlSet001\Enum\Root\tdssserv] -- ROOTKIT Tibs !

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\K@mo\Mes documents\PFE\ella\ella\Cours divers\TheBasicElementsOfCracking.doc

1 - "C:\ToolBar SD\TB_1.txt" - 03/09/2008|13:54 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 03/09/2008|14:14 - Option : [2]

-----------\\ Fin du rapport a 14:14:45,14

j'analyse en ce moment avec malwarebytes...

Réponse 11 / 20

geoffrey5 Messages postés 13732 Date d'inscription Statut Contributeur sécurité Dernière intervention 10

ok...j attends ton rapport ;-)

aide toi bien du tuto pour supprimer correctement ce qu il aura trouvé

Réponse 12 / 20

spaghetti Messages postés 205 Date d'inscription Statut Membre Dernière intervention 24

Malwarebytes' Anti-Malware 1.26
Version de la base de données: 1106
Windows 5.1.2600 Service Pack 2

03/09/2008 14:47:45
mbam-log-2008-09-03 (14-47-45).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 102307
Temps écoulé: 25 minute(s), 45 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 15
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 16

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\mmx78221.dll (Trojan.FakeAlert) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{82a83d8d-454b-3e03-83d7-3469c516bef9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c334781c-a39b-3489-af25-bb3120373106} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{11e9cd6f-cd21-3dbf-93c3-ad6d3e42c1de} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11e9cd6f-cd21-3dbf-93c3-ad6d3e42c1de} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\WINDOWS\eaxf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mmx78221.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\mx78221.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\rvoelbxt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ebcwsg_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ebcwsg_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.

Là c'est bon après le redemarrage du pc la fenêtre à disparu; Merci BCP
je vais refaire le rapport hijakthis

Réponse 13 / 20

spaghetti Messages postés 205 Date d'inscription Statut Membre Dernière intervention 24

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:57:55, on 03/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: (no name) - {26027218-80B3-40FA-9FA1-70FD56AA5328} - (no file)
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: AL2Spy Class - {DC200356-0864-4F66-8964-5D43A19300F5} - C:\WINDOWS\AUTOLO~1\AL2DLL.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: OracleOracle9iTNSListenerLISTENER_ORACLEBD - Unknown owner - C:\oracle\ora92\BIN\TNSLSNR.exe (file missing)
O23 - Service: OracleOracle9iTNSListenerLISTENER_ORACLEDB - Unknown owner - C:\oracle\ora92\BIN\TNSLSNR.exe (file missing)
O23 - Service: OracleOracleTNSListener - Unknown owner - D:\oracle\ora92\BIN\TNSLSNR.exe (file missing)
O23 - Service: OracleServiceORADB - Unknown owner - d:\oracle\ora92\bin\ORACLE.EXE (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: wampapache - Apache Software Foundation - D:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - D:\wamp\mysql\bin\mysqld-nt.exe

Réponse 14 / 20

geoffrey5 Messages postés 13732 Date d'inscription Statut Contributeur sécurité Dernière intervention 10

relance hijackthis en cliquant sur scan only et coches ces lignes stp :

O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: (no name) - {26027218-80B3-40FA-9FA1-70FD56AA5328} - (no file)
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

puis tu cliques sur fix checked.

télécharges IE7 : https://www.androidworld.fr/

est ce que tu as encore des problemes ??

Réponse 15 / 20

spaghetti Messages postés 205 Date d'inscription Statut Membre Dernière intervention 24

Merci infiniment pour ton aide et surtout pour ta patience chef ;-)
c'est ton site là où je suis entrain de télécharger non?
j'aime bien comprendre ces rapports et s'avoir quels logiciels installer pour eliminer les virus et tous; t'as pas fais un tuto sur ce sujet?
en tout cas je vais fouiller dans ton site;-p

Réponse 16 / 20

geoffrey5 Messages postés 13732 Date d'inscription Statut Contributeur sécurité Dernière intervention 10

Mais de rien, c est avec plaisir que je t aide ;-)

oui c est bien mon site celui ci : https://www.androidworld.fr/

il est mis à jour régulièrement quand j ai le temps bien sure

est ce que tu as encore des problemes ??

Réponse 17 / 20

spaghetti Messages postés 205 Date d'inscription Statut Membre Dernière intervention 24

NON ça y est merci;
une dernière question; pour tous ces logiciels que j'ai installé je les désinstalle ou quoi?

Réponse 18 / 20

geoffrey5 Messages postés 13732 Date d'inscription Statut Contributeur sécurité Dernière intervention 10

ok...fais ceci stp :

Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :

Télécharge toolscleaner sur ton Bureau :

(c est le numéro 15 en bas de la page) : https://www.androidworld.fr/

* Double-clique sur ToolsCleaner2.exe et laisse le travailler
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse

Désactive et réactive la Restauration du système :

1 Dans la barre des tâches de Windows, clique sur Démarrer.

2 Clique avec le bouton droit de la souris sur Poste de travail puis clique sur Propriétés.

3 Dans l'onglet Restauration du système, coche "Désactiver la Restauration du système"

4 Clique sur Appliquer.

5 Ensuite décoche "Désactiver la restauration du systeme"

6 clique sur appliquer puis ok

7 vas créer un point de restauration dans accessoires----outils systeme----restauration du systeme.

Réponse 19 / 20

spaghetti Messages postés 205 Date d'inscription Statut Membre Dernière intervention 24

Le rapport TCleaner
-->- Recherche:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\K@mo\Bureau\SdFix.exe: trouvé !
C:\Documents and Settings\K@mo\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\K@mo\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\K@mo\Bureau\SmitFraudFix.exe: trouvé !
C:\Documents and Settings\K@mo\Bureau\SmitFraudfix: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\K@mo\Bureau\SdFix.exe: supprimé !
C:\Documents and Settings\K@mo\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\K@mo\Bureau\HJTInstall.exe: supprimé !
C:\Documents and Settings\K@mo\Bureau\SmitFraudFix.exe: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\K@mo\Bureau\SmitFraudfix: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

PS:désolé pour se retard j'avais pas de connexion

Merci et Bonne nuit

Réponse 20 / 20

geoffrey5 Messages postés 13732 Date d'inscription Statut Contributeur sécurité Dernière intervention 10

C est ok...

Fais bien la suite car c est tres important

Bonne nuit

Forum Virus

Trouvez des solutions pour détecter et éliminer les menaces, des astuces pour prévenir les infections, et discutez des dernières menaces en ligne