Sujet Précédent Sujet Suivant

VIRUS IEXPLORE.EXE....HELP !!!

novice69 Messages postés 106 Statut Membre -  
totobetourne Messages postés 5677 Statut Membre -
Bonjour,
Voilà je suis contaminé par iexplore.exe et cela utilise enormement mon processeur !
COmment le fixer svp ?
Merci
A voir également:

18 réponses

Réponse 1 / 18
totobetourne Messages postés 5677 Statut Membre 65
 
bonsoir.

1)Telecharges malwares bytes anti malwares :

Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
fais comme indique,mise a jour , scan complet en mode sans echec et les rapports.

garde le et lance un scan tout les mois comme indique.

si tu as ad aware tu peux desinstalle car il ne reconnait plus grand chose.

2)telecharge cela:util pour voir ce que peut etre l infection et agir ensuite.

http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

installe le normallement comme tout autre programme dans c/programme/...............
clique sur do a scan and save a logfile, tu obtiens un rapport que tu colles.
parfois alerte comme quoi, sans la fonction administrateur le rapport ne peut pas etre complet .
a ce moment relance hijack avec un clique droit sur le raccourci et executer en tant qu administrateur.
0
Réponse 2 / 18
novice69 Messages postés 106 Statut Membre
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:14:01, on 14/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Movie Maker\moviemk.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\on0B3N5y.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: solution Class - {99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - C:\WINDOWS\system32\ONi6y7uY.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Barsaka] explorer.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
0
Réponse 3 / 18
totobetourne Messages postés 5677 Statut Membre 65
 
tu es infecte. on va commencer par cela.

Telecharges malwares bytes anti malwares :

Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
fais comme indique,mise a jour , scan complet en mode sans echec et les rapports.

garde le et lance un scan tout les mois comme indique.

si tu as ad aware tu peux desinstalle car il ne reconnait plus grand chose.
0
Réponse 4 / 18
novice69 Messages postés 106 Statut Membre
 
Ca fait a peine 50 secondes qu'elle scan et dejà 10 objets infectés !!
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 18
totobetourne Messages postés 5677 Statut Membre 65
 
colle el rapport. un meilleur scan est possible mais a faire en mode sans echec, a ce moment malware est meilleur.
0
Réponse 6 / 18
novice69 Messages postés 106 Statut Membre
 
voilà !! 70 objets detectés !!

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1270
Windows 5.1.2600 Service Pack 3

15/10/2008 02:31:16
mbam-log-2008-10-15 (02-31-16).txt

Type de recherche: Examen complet (C:\|D:\|G:\|)
Eléments examinés: 142341
Temps écoulé: 2 hour(s), 37 minute(s), 34 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 62

Processus mémoire infecté(s):
C:\WINDOWS\system32\on0B3N5y.exe (Trojan.Agent) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\ONi6y7uY.dll (Trojan.BHO) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\TypeLib\{00476c87-a276-49bf-86bc-ff005732430b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{892b2785-b0d0-4aa2-ae6a-0ed60b00a979} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{99c6d1bb-7555-474c-91da-d8fb62a9cc75} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99c6d1bb-7555-474c-91da-d8fb62a9cc75} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\solution.solution (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\solution.solution.1 (Trojan.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\on0B3N5y.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\ONi6y7uY.dll (Trojan.BHO) -> Delete on reboot.
C:\QooBox\Quarantine\C\WINDOWS\system32\on0B3N5y.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\on0B3N5y.exe_.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP865\A0143118.exe (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP848\A0142601.exe (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP849\A0142628.exe (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP851\A0142639.exe (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP851\A0142679.exe (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP854\A0142744.exe (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP856\A0142766.exe (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP857\A0142815.exe (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP858\A0142860.exe (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP859\A0142924.exe (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP860\A0142954.exe (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP860\A0142985.exe (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP861\A0143001.exe (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP862\A0143020.exe (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP863\A0143086.exe (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP866\A0143156.exe (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP868\A0143165.exe (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP870\A0143205.exe (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP872\A0143225.exe (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP873\A0143255.exe (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP875\A0143276.exe (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP877\A0143292.exe (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP879\A0143390.exe (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP880\A0143457.exe (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP881\A0143540.exe (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP882\A0143573.exe (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP883\A0143699.exe (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP892\A0143918.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP893\A0143960.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP894\A0143987.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP895\A0144007.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP897\A0144014.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP898\A0144026.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP899\A0144035.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP900\A0144050.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP901\A0144052.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP903\A0144075.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP904\A0144104.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP905\A0144139.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP909\A0144172.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP910\A0144208.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP911\A0144218.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP912\A0144227.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP913\A0144238.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP914\A0144251.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP915\A0144274.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP917\A0144286.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP918\A0144312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP918\A0144392.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP918\A0144429.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP920\A0144443.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP921\A0144511.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP923\A0145137.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP925\A0145695.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP926\A0145709.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP927\A0145757.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP927\A0145831.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\on0B3N5y.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
0
Réponse 7 / 18
totobetourne Messages postés 5677 Statut Membre 65
 
relance un rapport hijack
0
Réponse 8 / 18
novice69 Messages postés 106 Statut Membre
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:21:25, on 16/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Barsaka] explorer.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
0
Réponse 9 / 18
novice69 Messages postés 106 Statut Membre
 
Voilà mon rapport Hijack
0
Réponse 10 / 18
totobetourne Messages postés 5677 Statut Membre 65
 
il te reste a priori quelquechose mais tu dois deja sentir une grande difference sur ton ordi.
fait cela

pour voir télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 11 / 18
novice69 Messages postés 106 Statut Membre
 
En effet je sens une nette amelioration et je t'en remercie d'avance l'ami !

Voilà le rapport de combofix :

ComboFix 08-10-16.08 - Compaq_Propriétaire 2008-10-17 14:21:19.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1441 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-17 au 2008-10-17 ))))))))))))))))))))))))))))))))))))
.

2008-10-16 16:37 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-16 16:36 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 16:36 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 16:36 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 16:36 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-16 16:36 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 23:39 . 2008-10-15 23:39 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-10-15 23:36 . 2008-03-16 14:30 216,064 -r-hs---- C:\WINDOWS\system32\nbDX.dll
2008-10-15 23:36 . 2006-03-10 22:48 169,472 -r-hs---- C:\WINDOWS\system32\MatroskaDX.ax
2008-10-15 23:36 . 2006-05-03 11:06 163,328 -r-hs---- C:\WINDOWS\system32\flvDX.dll
2008-10-15 23:36 . 2005-11-25 21:46 161,792 -r-hs---- C:\WINDOWS\system32\RealMediaDX.ax
2008-10-15 23:36 . 2003-11-21 00:00 54,784 -r-hs---- C:\WINDOWS\system32\RLAPEDec.ax
2008-10-15 23:36 . 2004-04-27 00:00 37,888 -r-hs---- C:\WINDOWS\system32\RLMPCDec.ax
2008-10-15 23:36 . 2007-02-21 12:47 31,232 -r-hs---- C:\WINDOWS\system32\msfDX.dll
2008-10-15 23:35 . 2008-10-15 23:35 <REP> d-------- C:\Program Files\eRightSoft
2008-10-15 23:35 . 2006-09-12 12:46 227,328 -r-hs---- C:\WINDOWS\system32\ac3DX.ax
2008-10-15 23:35 . 2006-01-13 00:23 123,904 -r-hs---- C:\WINDOWS\system32\AVCDX.ax
2008-10-15 22:59 . 2008-10-15 23:00 <REP> d----c--- C:\LITEONIT
2008-10-15 22:59 . 2008-10-15 23:00 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\vlc
2008-10-15 22:57 . 2008-10-15 22:58 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-10-15 22:30 . 2008-10-15 22:30 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Ahead
2008-10-15 19:07 . 2008-10-15 19:39 <REP> d--h-c--- C:\$AVG8.VAULT$
2008-10-15 18:40 . 2008-10-17 14:15 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
2008-10-15 18:40 . 2008-10-15 18:40 <REP> d-------- C:\Program Files\AVG
2008-10-15 18:40 . 2008-10-16 06:48 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\AVGTOOLBAR
2008-10-15 18:40 . 2008-10-15 18:40 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-15 18:40 . 2008-10-15 18:40 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-15 18:40 . 2008-10-15 18:40 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-15 18:40 . 2008-10-15 18:40 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-10-14 22:13 . 2008-10-14 22:13 <REP> d-------- C:\Program Files\Trend Micro
2008-10-14 15:37 . 2008-10-14 15:37 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-10-14 15:35 . 2008-10-14 20:53 <REP> d-------- C:\Program Files\Google
2008-10-14 05:32 . 2008-10-16 05:54 <REP> d-------- C:\Program Files\AVS4YOU
2008-10-14 05:32 . 2008-10-14 05:32 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\AVS4YOU
2008-10-14 05:32 . 2008-10-14 05:32 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-10-14 05:25 . 2008-10-16 05:54 <REP> d-------- C:\Program Files\Micro Application
2008-10-11 03:05 . 2008-10-11 03:05 <REP> d-------- C:\WINDOWS\PaltalkScene
2008-10-11 03:05 . 2008-10-13 21:17 <REP> d-------- C:\Program Files\Paltalk Messenger
2008-10-11 03:05 . 2008-10-13 21:17 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Paltalk
2008-10-09 05:12 . 2008-10-09 05:12 <REP> d-------- C:\Program Files\VDOWNLOADER
2008-10-09 05:12 . 2008-10-09 05:12 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Desktopicon
2008-09-23 02:28 . 2008-09-23 02:28 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-09-23 01:02 . 2008-10-12 22:46 4,018,639 --a------ C:\WINDOWS\pfirewall.log.old
2008-09-23 00:19 . 2008-10-06 01:04 <REP> d-------- C:\Program Files\eMule
2008-09-22 22:44 . 2008-09-22 22:44 <REP> d-------- C:\Program Files\Antadis
2008-09-22 22:20 . 2008-09-23 03:28 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\CVitae
2008-09-22 22:18 . 2008-09-22 22:21 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
2008-09-22 08:05 . 2008-09-22 08:05 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-22 08:05 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-22 08:05 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-21 17:01 . 2008-09-21 17:01 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
2008-09-19 03:00 . 2008-09-19 03:00 <REP> d-------- C:\Program Files\MSXML 4.0
2008-09-18 17:48 . 2008-09-18 17:48 850 --a------ C:\WINDOWS\system32\ProductTweaks.xml
2008-09-18 17:48 . 2008-09-18 17:48 385 --a------ C:\WINDOWS\system32\user_gensett.xml
2008-09-18 06:14 . 2008-09-18 06:14 <REP> d-------- C:\WINDOWS\system32\logs
2008-09-18 06:12 . 2008-09-18 18:17 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 19:06 40,286 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\wklnhst.dat
2008-10-16 04:00 --------- d-----w C:\Program Files\DivX
2008-10-16 03:54 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
2008-10-15 20:56 --------- d-----w C:\Program Files\VideoLAN
2008-10-14 13:36 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-10-14 13:36 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-10-14 13:36 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-10-06 23:23 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-10-03 17:12 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-25 19:29 --------- d-----w C:\Program Files\MSN Messenger
2008-09-22 04:50 --------- d-----w C:\Program Files\Yahoo!
2008-09-22 04:49 --------- d-----w C:\Program Files\Loop12 V2
2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-27 09:11 3,593,216 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 08:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-25 08:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-23 05:56 635,848 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-14 13:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 10:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-07-27 02:46 98,304 ----a-w C:\WINDOWS\DUMP87dd.tmp
2008-07-27 02:44 98,304 ----a-w C:\WINDOWS\DUMP707c.tmp
2008-07-27 02:40 98,304 ----a-w C:\WINDOWS\DUMP64c4.tmp
2008-07-27 02:34 98,304 ----a-w C:\WINDOWS\DUMP5f76.tmp
2008-07-27 02:33 98,304 ----a-w C:\WINDOWS\DUMP5f75.tmp
2008-07-27 02:30 98,304 ----a-w C:\WINDOWS\DUMP6ee6.tmp
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 -c--a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 -c--a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r C:\WINDOWS\system32\nbDX.dll
.

((((((((((((((((((((((((((((( snapshot@2008-09-26_18.52.50.85 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-14 13:23:44 2,147,328 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 13:23:49 2,068,096 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 13:23:44 2,025,984 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 13:23:49 2,191,232 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2008-06-23 16:28:17 124,928 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\advpack.dll
+ 2008-06-23 16:28:17 347,136 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2008-06-23 16:28:17 214,528 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtrans.dll
+ 2008-06-23 16:28:17 133,120 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\extmgr.dll
+ 2008-06-23 16:28:17 63,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\icardie.dll
+ 2008-06-23 09:21:30 70,656 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2008-06-23 16:28:18 153,088 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakeng.dll
+ 2008-06-23 16:28:18 230,400 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieaksie.dll
+ 2008-06-21 05:23:54 161,792 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakui.dll
+ 2008-06-23 16:28:18 383,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2008-06-23 16:28:18 384,512 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2008-06-23 16:28:19 6,066,176 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieframe.dll
+ 2008-06-23 16:28:19 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iernonce.dll
+ 2008-06-23 16:28:20 267,776 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iertutil.dll
+ 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieudinit.exe
+ 2008-06-23 09:21:49 625,664 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe
+ 2008-06-23 16:28:20 27,648 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\jsproxy.dll
+ 2008-06-23 16:28:20 459,264 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeeds.dll
+ 2008-06-23 16:28:20 52,224 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2008-06-24 08:28:24 3,592,192 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtml.dll
+ 2008-06-23 16:28:22 477,696 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtmled.dll
+ 2008-06-23 16:28:22 193,024 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msrating.dll
+ 2008-06-23 16:28:22 671,232 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mstime.dll
+ 2008-06-23 16:28:22 102,912 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\occache.dll
+ 2008-06-23 16:28:22 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2008-06-23 16:28:22 105,984 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\url.dll
+ 2008-06-23 16:28:23 1,159,680 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\urlmon.dll
+ 2008-06-23 16:28:23 233,472 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\webcheck.dll
+ 2008-06-23 16:28:23 826,368 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\wininet.dll
+ 2007-12-12 13:06:42 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A90000000001}\SC_Reader.exe
+ 2008-10-11 01:05:46 473,600 ----a-w C:\WINDOWS\PaltalkScene\uninstall.exe
- 2008-06-23 16:28:17 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-08-26 08:11:45 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2008-06-23 16:28:17 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-08-26 08:11:45 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-06-23 16:28:17 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-08-26 08:11:45 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-06-23 16:28:17 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-08-26 08:11:45 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-06-23 16:28:17 133,120 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-08-26 08:11:45 133,120 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-06-23 16:28:17 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-08-26 08:11:45 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-06-23 16:28:18 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-08-26 08:11:45 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-06-23 16:28:18 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-08-26 08:11:45 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-06-23 16:28:18 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-08-26 08:11:46 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-06-23 16:28:18 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-08-26 08:11:46 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-06-23 16:28:19 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-08-26 08:11:48 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-06-23 16:28:20 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-08-26 08:11:48 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-06-23 16:28:20 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-08-26 08:11:49 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-06-23 16:28:20 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-08-26 08:11:49 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-06-23 16:28:20 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-08-26 08:11:49 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-06-23 16:28:22 477,696 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-08-26 08:11:52 477,696 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-06-23 16:28:22 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-08-26 08:11:52 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-06-23 16:28:22 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-08-26 08:11:52 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-06-23 16:28:22 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-08-26 08:11:52 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-06-23 16:28:22 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-08-26 08:11:52 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2008-06-23 16:28:22 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-08-26 08:11:52 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
- 2008-06-23 16:28:23 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-08-26 08:11:53 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-06-23 16:28:23 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-08-26 08:11:53 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-06-23 16:28:23 826,368 ------w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-08-26 08:11:54 826,368 ------w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
+ 2008-08-14 10:04:36 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
+ 2008-10-15 16:40:16 26,824 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
- 2008-06-23 16:28:17 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-08-26 08:11:45 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-06-23 16:28:17 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-08-26 08:11:45 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-06-23 16:28:17 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-08-26 08:11:45 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-07-30 13:15:16 387,416 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-10-17 12:13:24 387,416 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-06-23 16:28:17 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-08-26 08:11:45 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-06-23 09:21:30 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-08-25 08:39:40 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-06-23 16:28:18 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-08-26 08:11:45 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-06-23 16:28:18 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-08-26 08:11:45 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-06-21 05:23:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-08-23 05:54:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2008-06-23 16:28:18 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-08-26 08:11:46 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-06-23 16:28:18 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-08-26 08:11:46 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2008-06-23 16:28:19 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-10-03 17:12:27 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-06-23 16:28:19 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-08-26 08:11:48 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2008-06-23 16:28:20 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-08-26 08:11:48 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2008-06-23 16:28:20 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-08-26 08:11:49 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-08-26 20:28:12 16,208,504 -c--a-w C:\WINDOWS\system32\MRT.exe
+ 2008-10-07 19:19:40 16,721,856 -c--a-w C:\WINDOWS\system32\MRT.exe
- 2008-06-23 16:28:20 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-08-26 08:11:49 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-06-23 16:28:20 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-08-26 08:11:49 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-06-24 08:28:24 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-08-27 09:11:52 3,593,216 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-06-23 16:28:22 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-08-26 08:11:52 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-06-23 16:28:22 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-08-26 08:11:52 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-06-23 16:28:22 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-08-26 08:11:52 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-06-23 16:28:22 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-08-26 08:11:52 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-07-30 22:38:54 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
+ 2008-10-14 13:36:47 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
- 2008-07-30 22:38:58 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
+ 2008-10-14 13:36:48 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
- 2008-07-30 22:38:58 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
+ 2008-10-14 13:36:48 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
- 2008-06-23 16:28:22 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-08-26 08:11:52 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2008-07-30 22:40:04 185,944 ----a-w C:\WINDOWS\system32\rmoc3260.dll
+ 2008-10-14 13:36:56 185,920 ----a-w C:\WINDOWS\system32\rmoc3260.dll
- 2007-11-30 12:39:29 18,296 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-06-23 16:28:22 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-08-26 08:11:52 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-06-23 16:28:23 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-08-26 08:11:53 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-06-23 16:28:23 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-08-26 08:11:53 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2008-06-23 16:28:23 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-08-26 08:11:54 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2006-12-01 20:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-01 20:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 20:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 20:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-01 22:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-01 22:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-01 22:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-01 22:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-01 22:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-01 22:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-01 22:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-01 22:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-01 22:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"POINTER"="C:\Program Files\Microsoft Hardware\Mouse\point32.exe" [2000-05-19 73728]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-31 7634944]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-31 86016]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-07 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-26 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-10-14 185872]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-15 1234712]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-06-15 C:\WINDOWS\SkyTel.exe]
"Barsaka"="explorer.exe" [2008-04-13 C:\WINDOWS\explorer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2006-04-20 421888]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-10-14 171448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.i420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\WINDOWS\\system32\\svchost.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"17358:TCP"= 17358:TCP:BitComet 17358 TCP
"17358:UDP"= 17358:UDP:BitComet 17358 UDP
"4662:TCP"= 4662:TCP:echamblard
"4662:UDP"= 4662:UDP:echamblard
"12742:TCP"= 12742:TCP:BitComet 12742 TCP
"12742:UDP"= 12742:UDP:BitComet 12742 UDP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-15 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-15 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-15 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-15 76040]
R2 musm3gld;musm3gld;C:\WINDOWS\system32\drivers\musm3gld.sys [2006-02-24 5513]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2006-09-05 71808]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2004-07-14 31547]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{394db857-3ad9-11dd-a082-001e90c697ee}]
\Shell\AutoRun\command - fooool.exe
\Shell\explore\Command - fooool.exe
\Shell\open\Command - fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{486937bc-0658-11dd-a826-0013d32bdfe2}]
\Shell\AutoRun\command - J:\fooool.exe
\Shell\explore\Command - J:\fooool.exe
\Shell\open\Command - J:\fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56094539-2f35-11db-a607-0013d32bdfe2}]
\Shell\AutoRun\command - K:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{660aef46-079e-11db-a602-0013d32bdfe2}]
\Shell\AutoRun\command - K:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f9fb470-5b0e-11db-a612-0013d32bdfe2}]
\Shell\AutoRun\command - L:\AutoRun.exe TMM50ARA

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9bd6e0ca-330d-11dd-a04b-001e90c697ee}]
\Shell\AutoRun\command - E:\fooool.exe
\Shell\explore\Command - E:\fooool.exe
\Shell\open\Command - E:\fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f14a26c0-366f-11db-a608-0013d32bdfe2}]
\Shell\AutoRun\command - welcome.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f14a26cc-366f-11db-a608-0013d32bdfe2}]
\Shell\AutoRun\command - welcome.exe
.
Contenu du dossier 'Tâches planifiées'

2008-10-15 C:\WINDOWS\Tasks\At1.job
- C:\WINDOWS\system32\N1uL6D0r.exe []

2008-10-02 C:\WINDOWS\Tasks\At10.job
- C:\WINDOWS\system32\N1uL6D0r.exe []

2008-09-21 C:\WINDOWS\Tasks\At11.job
- C:\WINDOWS\system32\N1uL6D0r.exe []

2008-10-02 C:\WINDOWS\Tasks\At12.job
- C:\WINDOWS\system32\N1uL6D0r.exe []

2008-09-21 C:\WINDOWS\Tasks\At13.job
- C:\WINDOWS\system32\N1uL6D0r.exe []

2008-09-21 C:\WINDOWS\Tasks\At14.job
- C:\WINDOWS\system32\N1uL6D0r.exe []

2008-10-14 C:\WINDOWS\Tasks\At15.job
- C:\WINDOWS\system32\N1uL6D0r.exe []

2008-10-14 C:\WINDOWS\Tasks\At16.job
- C:\WINDOWS\system32\N1uL6D0r.exe []

2008-10-15 C:\WINDOWS\Tasks\At17.job
- C:\WINDOWS\system32\N1uL6D0r.exe []

2008-10-16 C:\WINDOWS\Tasks\At18.job
- C:\WINDOWS\system32\N1uL6D0r.exe []

2008-10-16 C:\WINDOWS\Tasks\At19.job
- C:\WINDOWS\system32\N1uL6D0r.exe []

2008-10-15 C:\WINDOWS\Tasks\At2.job
- C:\WINDOWS\system32\N1uL6D0r.exe []

2008-10-16 C:\WINDOWS\Tasks\At20.job
- C:\WINDOWS\system32\N1uL6D0r.exe []

2008-10-16 C:\WINDOWS\Tasks\At21.job
- C:\WINDOWS\system32\N1uL6D0r.exe []

2008-10-16 C:\WINDOWS\Tasks\At22.job
- C:\WINDOWS\system32\N1uL6D0r.exe []

2008-10-16 C:\WINDOWS\Tasks\At23.job
- C:\WINDOWS\system32\N1uL6D0r.exe []

2008-10-15 C:\WINDOWS\Tasks\At24.job
- C:\WINDOWS\system32\N1uL6D0r.exe []

2008-10-15 C:\WINDOWS\Tasks\At25.job
- C:\WINDOWS\system32\on0B3N5y.exe []

2008-10-15 C:\WINDOWS\Tasks\At26.job
- C:\WINDOWS\system32\on0B3N5y.exe []

2008-10-15 C:\WINDOWS\Tasks\At27.job
- C:\WINDOWS\system32\on0B3N5y.exe []

2008-10-15 C:\WINDOWS\Tasks\At28.job
- C:\WINDOWS\system32\on0B3N5y.exe []

2008-10-15 C:\WINDOWS\Tasks\At29.job
- C:\WINDOWS\system32\on0B3N5y.exe []

2008-10-15 C:\WINDOWS\Tasks\At3.job
- C:\WINDOWS\system32\N1uL6D0r.exe []

2008-10-15 C:\WINDOWS\Tasks\At30.job
- C:\WINDOWS\system32\on0B3N5y.exe []

2008-10-16 C:\WINDOWS\Tasks\At31.job
- C:\WINDOWS\system32\on0B3N5y.exe []

2008-10-16 C:\WINDOWS\Tasks\At32.job
- C:\WINDOWS\system32\on0B3N5y.exe []

2008-10-13 C:\WINDOWS\Tasks\At33.job
- C:\WINDOWS\system32\on0B3N5y.exe []

2008-10-02 C:\WINDOWS\Tasks\At34.job
- C:\WINDOWS\system32\on0B3N5y.exe []

2008-09-21 C:\WINDOWS\Tasks\At35.job
- C:\WINDOWS\system32\on0B3N5y.exe []

2008-10-02 C:\WINDOWS\Tasks\At36.job
- C:\WINDOWS\system32\on0B3N5y.exe []

2008-09-21 C:\WINDOWS\Tasks\At37.job
- C:\WINDOWS\system32\on0B3N5y.exe []

2008-09-21 C:\WINDOWS\Tasks\At38.job
- C:\WINDOWS\system32\on0B3N5y.exe []

2008-10-14 C:\WINDOWS\Tasks\At39.job
- C:\WINDOWS\system32\on0B3N5y.exe []

2008-10-15 C:\WINDOWS\Tasks\At4.job
- C:\WINDOWS\system32\N1uL6D0r.exe []

2008-10-14 C:\WINDOWS\Tasks\At40.job
- C:\WINDOWS\system32\on0B3N5y.exe []

2008-10-15 C:\WINDOWS\Tasks\At41.job
- C:\WINDOWS\system32\on0B3N5y.exe []

2008-10-16 C:\WINDOWS\Tasks\At42.job
- C:\WINDOWS\system32\on0B3N5y.exe []

2008-10-16 C:\WINDOWS\Tasks\At43.job
- C:\WINDOWS\system32\on0B3N5y.exe []

2008-10-16 C:\WINDOWS\Tasks\At44.job
- C:\WINDOWS\system32\on0B3N5y.exe []

2008-10-16 C:\WINDOWS\Tasks\At45.job
- C:\WINDOWS\system32\on0B3N5y.exe []

2008-10-16 C:\WINDOWS\Tasks\At46.job
- C:\WINDOWS\system32\on0B3N5y.exe []

2008-10-16 C:\WINDOWS\Tasks\At47.job
- C:\WINDOWS\system32\on0B3N5y.exe []

2008-10-15 C:\WINDOWS\Tasks\At48.job
- C:\WINDOWS\system32\on0B3N5y.exe []

2008-10-15 C:\WINDOWS\Tasks\At5.job
- C:\WINDOWS\system32\N1uL6D0r.exe []

2008-10-15 C:\WINDOWS\Tasks\At6.job
- C:\WINDOWS\system32\N1uL6D0r.exe []

2008-10-16 C:\WINDOWS\Tasks\At7.job
- C:\WINDOWS\system32\N1uL6D0r.exe []

2008-10-16 C:\WINDOWS\Tasks\At8.job
- C:\WINDOWS\system32\N1uL6D0r.exe []

2008-10-13 C:\WINDOWS\Tasks\At9.job
- C:\WINDOWS\system32\N1uL6D0r.exe []
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\i29ts1qp.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=3&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.fr
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-17 14:23:18
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-10-17 14:24:46
ComboFix-quarantined-files.txt 2008-10-17 12:24:42
ComboFix2.txt 2008-10-13 19:35:12
ComboFix3.txt 2008-09-26 16:53:21

Avant-CF: 126 207 213 568 octets libres
Après-CF: 126,461,136,896 octets libres

507 --- E O F --- 2008-10-16 20:31:18
0
Réponse 12 / 18
totobetourne Messages postés 5677 Statut Membre 65
 
1)Ensuite,
*Rends toi sur ce site :

https://www.virustotal.com/gui/

*Clique sur "Parcourir" et cherche ce fichier : C:\WINDOWS\system32\N1uL6D0r.exe
*Un rapport va s'élaborer ligne à ligne.
*Attends la fin. Il doit comprendre la taille du fichier envoyé.
*Sauvegarde le rapport avec le bloc-note.
*Copie le dans ta réponse.
*Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton "Reanalyse" le fichier maintenant
colle le rapport.

2)Bonjour,

*Télécharge SDFix (créé par AndyManchesta)
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
*Double-clique sur SDFix.exe
*Choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
*Redémarre en mode sans échec
*Ouvre le dossier SDFix qui vient d'être créé à la racine de ton disque dur C:\
*Double clique sur RunThis.bat pour lancer le script. (Le .bat peut ne pas apparaître)
*Appuie sur Y pour commencer le processus de nettoyage.
*Appuie sur une touche pour redémarrer quand SDFix te demander d'appuyer sur une touche pour redémarrer.
*Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
*Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
*Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
*Les icônes du Bureau affichées, le rapport SDFix s'ouvrira. Il porte le nom de Report.txt.
*Copie/colle le contenu

*Si Sdfix ne se lance pas
* Clique sur Démarrer > Exécuter
*Copie/colle ceci: %systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe
*Clique sur Ok.
*Redémarre et essaie de relance SDFix.
0
Réponse 13 / 18
novice69 Messages postés 106 Statut Membre
 
Bonjour,

je n'arrive pas a trouver C:\WINDOWS\system32\N1uL6D0r.exe !!!
0
Réponse 14 / 18
totobetourne Messages postés 5677 Statut Membre 65
 
ouvre un dossier n importe lequel.

va dans outil puis option des dossiers puis affichage et coche affiche les dossiers caches.
ensuite refais la recherche sur virus total.

(il faudra decocher la case a la fin de ta recherche)
0
Réponse 15 / 18
novice69 Messages postés 106 Statut Membre
 
Toujours rien mon ami !!
meme en cochant sur "affiche les dossiers cahe", je n'arrive toujours pas a le trouver ce "C:\WINDOWS\system32\N1uL6D0r.exe" !
0
Réponse 16 / 18
totobetourne Messages postés 5677 Statut Membre 65
 
fait le 2)
0
Réponse 17 / 18
novice69 Messages postés 106 Statut Membre
 
Bonjour,

Qd je double clik sur SDFix, ca ne marche pas : ca me met que "Windows ne trouve pas, ect..."

Et qd je colle sur executer une page bleue me dit : " le chemin d'acces specifié est introuvable !
0
Réponse 18 / 18
totobetourne Messages postés 5677 Statut Membre 65
 
1)as tu fait cela?
etape a faire en mode sans echec
*Si Sdfix ne se lance pas
* Clique sur Démarrer > Exécuter
*Copie/colle ceci: %systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe
*Clique sur Ok.
*Redémarre et essaie de relance SDFix.

2)relance malwarebyte mais cette fois ci en mode sans echec.
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
a quoi sert softonic ?
durup1928 -
jacklyn -

25 réponses