Log HijackThis à traiter!

Question

Bonjour, J'arrive plus à accéder à mes dossier cachés, et le PC est étrangement lent.
Voici c'que j'ai eu comme log:

Logfile of HijackThis v1.99.1
Scan saved at 20:32:41, on 10/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hiajckthis\HijackThis.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O3 - Toolbar: peltodgx - {59B4236E-2A39-4942-8278-980630D6D26F} - C:\WINDOWS\peltodgx.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 
O4 - HKLM\..\Run: [Sccs] C:\Documents and Settings\Famille\sccs.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C5C8C59-8000-4E3D-BF05-EE63CE04BAD5}: NameServer = 41.221.20.4 193.251.169.165
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: onfwbsak - {97E88470-32F5-4C76-9639-A1B6C7541ED9} - C:\WINDOWS\onfwbsak.dll (file missing)
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Remote Procedure Call (HPM) (RPCH) - Unknown owner - C:\Program Files\NetMeeting
mwb.exe (file missing)


Toute aide est appréciée, merci.

Peffy

g!rly · Answer

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe     

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

@+

Peffect · Answer

ComboFix 08-08-13.01 - Famille 2008-10-24 16:29:01.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.135 [GMT 1:00]
Endroit: C:\DOCUME~1\Famille\LOCALS~1\Temp\Rar$EX00.691\ComboFix-www.PcHurricane.com-.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
- FONCTIONNALITES REDUITES -
.

((((((((((((((((((((((((((((( Fichiers créés 2008-09-24 to 2008-10-24 ))))))))))))))))))))))))))))))))))))
.

2008-10-23 00:40 . 2008-10-23 00:41 <REP> d-------- C:\Program Files\Ontrack
2008-10-22 16:53 . 2008-10-22 16:53 379 --a------ C:\WINDOWS\ODBC.INI
2008-10-22 16:49 . 2008-10-22 16:49 <REP> d-------- C:\Program Files\Microsoft ActiveSync
2008-10-22 16:47 . 2008-10-22 16:49 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-10-22 16:46 . 2008-10-22 16:46 <REP> d-------- C:\Program Files\Microsoft.NET
2008-10-22 11:11 . 2008-10-22 11:11 <REP> d-------- C:\Documents and Settings\Famille\Application Data\Avira
2008-10-21 17:36 . 2008-10-22 10:37 79,360 --a------ C:\WINDOWS\system32\ckvo0.VIR
2008-10-17 20:18 . 2008-10-17 20:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\2DBoy
2008-10-17 17:37 . 2008-10-17 17:37 <REP> d-------- C:\Program Files\Avira
2008-10-17 17:37 . 2008-10-17 17:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-10-14 23:44 . 2008-10-15 01:14 75,786 --a------ C:\Documents and Settings\Famille\css.exe
2008-10-10 19:10 . 2008-10-10 19:13 <REP> d-------- C:\MPEGAV
2008-10-09 09:10 . 2008-10-24 09:35 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-10-07 14:30 . 2008-10-07 14:30 <REP> dr-h----- C:\Documents and Settings\Famille\Application Data\SecuROM
2008-10-07 14:29 . 2008-10-07 14:29 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-10-05 22:04 . 2008-10-05 22:04 <REP> d-------- C:\Documents and Settings\Famille\Application Data\dvdcss
2008-10-02 00:26 . 2008-10-02 00:26 <REP> d-------- C:\Documents and Settings\Famille\Application Data\Microsoft Games
2008-09-29 17:12 . 2008-09-30 10:38 <REP> d-------- C:\Documents and Settings\Famille\Application Data\IDM
2008-09-29 17:12 . 2008-10-24 16:27 <REP> d-------- C:\Documents and Settings\Famille\Application Data\DMCache
2008-09-29 17:11 . 2008-09-30 23:16 <REP> d-------- C:\Program Files\Internet Download Manager
2008-09-29 09:15 . 2008-09-29 05:15 204,800 --------- C:\WINDOWS\peltodgx.dll
2008-09-29 09:15 . 2008-09-29 05:15 86,016 --a------ C:\WINDOWS\fbxrqtwn.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 15:27 --------- d-----w C:\Documents and Settings\Famille\Application Data\uTorrent
2008-10-23 00:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-22 23:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-13 20:44 --------- d-----w C:\Program Files\Creative
2008-10-13 05:12 --------- d-----w C:\Documents and Settings\Famille\Application Data\Skype
2008-09-29 08:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-27 16:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-25 20:08 --------- d-----w C:\Documents and Settings\Famille\Application Data\Media Player Classic
2008-09-20 22:46 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-15 09:33 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-09-12 13:43 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-09-11 22:39 95,744 ----a-w C:\WINDOWS\system32\eejgmmvn.dll
2008-08-31 13:50 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys
2008-07-25 08:34 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-07-25 08:34 683,520 ----a-w C:\WINDOWS\system32\divx.dll
2008-02-07 10:23 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot@2008-05-22_12.53.37.89 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB926239$\spuninst\updspapi.dll
+ 2006-09-25 15:58:48 221,488 -c----w C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe
+ 2006-09-25 15:58:48 379,184 -c----w C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\updspapi.dll
+ 2004-08-04 04:54:22 286,208 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\blackbox.dll
+ 2004-08-04 04:54:24 159,232 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\cewmdm.dll
+ 2004-08-04 04:55:08 695,296 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\drmv2clt.dll
+ 2004-08-04 04:54:30 6,656 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\laprxy.dll
+ 2004-08-04 04:54:54 103,936 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\logagent.exe
+ 2004-08-04 04:54:32 310,272 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mp43dmod.dll
+ 2004-08-04 04:54:32 384,512 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mp4sdmod.dll
+ 2004-08-04 04:54:32 240,640 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mpg4dmod.dll
+ 2004-08-04 04:55:06 259,072 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\msnetobj.dll
+ 2004-08-04 04:54:36 52,736 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mspmsnsv.dll
+ 2004-08-04 04:54:36 201,728 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mspmsp.dll
+ 2004-08-04 04:55:06 356,352 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\msscp.dll
+ 2004-08-04 04:54:36 246,272 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mswmdm.dll
+ 2004-08-04 04:54:38 237,568 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\qasf.dll
+ 2006-05-16 16:11:54 213,216 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe
+ 2006-05-16 16:11:54 371,424 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\updspapi.dll
+ 2006-11-02 09:46:52 13,312 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\wpdinstallutil.dll
+ 2004-08-04 04:54:48 408,064 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmadmod.dll
+ 2004-08-04 04:54:48 670,720 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmadmoe.dll
+ 2007-10-25 09:00:50 230,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmasf.dll
+ 2004-08-04 04:54:48 27,136 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdmlog.dll
+ 2004-08-04 04:54:48 23,552 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdmps.dll
+ 2004-08-04 04:54:48 151,552 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmidx.dll
+ 2004-08-04 04:54:48 1,050,624 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmnetmgr.dll
+ 2004-08-04 04:54:48 759,296 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmod.dll
+ 2004-08-04 04:54:48 1,119,744 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmoe2.dll
+ 2004-08-04 04:54:48 484,864 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmod.dll
+ 2004-08-04 04:54:48 896,512 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmoe.dll
+ 2007-10-25 09:01:10 2,109,440 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvcore.dll
+ 2004-08-04 04:54:48 809,984 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmod.dll
+ 2004-08-04 04:54:48 1,001,472 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmoe2.dll
+ 2006-11-03 07:56:54 7,680 -c----w C:\WINDOWS\$NtUninstallwmp11$\asferror.dll
+ 2006-11-03 07:57:06 244,224 -c----w C:\WINDOWS\$NtUninstallwmp11$\mpvis.dll
+ 2006-11-03 08:02:28 1,680,384 -c----w C:\WINDOWS\$NtUninstallwmp11$\setup_wm.exe
+ 2006-05-16 16:11:54 213,216 -c----w C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe
+ 2006-05-16 16:11:54 371,424 -c----w C:\WINDOWS\$NtUninstallwmp11$\spuninst\updspapi.dll
+ 2006-11-03 07:58:34 317,440 -c----w C:\WINDOWS\$NtUninstallwmp11$\unregmp2.exe
+ 2006-11-03 07:58:42 272,384 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmerror.dll
+ 2007-04-30 01:22:16 4,734,976 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmp.dll
+ 2004-08-04 04:54:48 98,304 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpband.dll
+ 2006-11-03 07:59:00 64,000 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmplayer.exe
+ 2004-08-04 04:54:14 2,985,984 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmploc.dll
+ 2006-11-03 07:59:14 918,016 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpnetwk.exe
+ 2006-11-03 07:59:20 204,288 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpnscfg.exe
+ 2006-11-03 07:59:26 198,144 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpnssci.dll
+ 2006-11-03 07:59:06 99,840 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpshell.dll
+ 2006-09-15 23:05:22 221,488 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe
+ 2006-09-15 23:05:22 379,184 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\updspapi.dll
+ 2006-09-28 17:01:52 58,368 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\WudfCustom.dll
+ 2006-10-04 14:05:26 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
+ 2008-10-22 15:49:20 110,592 ----a-w C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2008-10-22 15:49:19 64,088 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2008-10-22 15:49:19 229,376 ----a-w C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
+ 2008-10-22 15:49:21 4,096 ----a-w C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
+ 2008-10-22 15:49:18 223,800 ----a-w C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2008-10-22 15:49:21 16,384 ----a-w C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
+ 2007-02-22 22:41:12 304,544 ----a-w C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
+ 2007-02-28 13:21:04 130,472 ----a-w C:\WINDOWS\Downloaded Program Files\MineSweeper.dll
- 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 19:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-31 06:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 07:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe
- 2000-08-31 06:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
+ 2000-08-31 07:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
- 2004-08-04 04:55:02 208,896 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2006-11-01 16:31:34 315,904 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2008-10-22 15:52:25 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-10-22 15:52:25 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-10-22 15:52:25 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-10-22 15:52:24 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-10-22 15:52:25 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-10-22 15:52:25 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-10-22 15:52:26 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-10-22 15:52:26 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-10-22 15:52:25 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-10-22 15:52:24 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-10-22 15:52:26 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-10-22 15:52:24 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-10-22 15:52:24 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 1998-10-07 12:08:12 327,168 ----a-w C:\WINDOWS\IsUn040c.exe
+ 1998-10-07 11:08:12 327,168 ----a-w C:\WINDOWS\IsUn040c.exe
+ 1998-10-29 15:45:06 306,688 ----a-w C:\WINDOWS\IsUninst.exe
- 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 07:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe
- 2000-08-31 06:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2000-08-31 07:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
- 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 07:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
- 2000-08-31 06:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 07:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
- 2000-08-31 06:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
+ 2000-08-31 07:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
- 2004-08-04 04:52:50 8,704 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2006-10-18 19:47:08 7,168 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2001-03-02 19:52:40 15,360 ----a-w C:\WINDOWS\system32\asfsipc.dll
+ 2003-03-18 18:05:50 89,088 ----a-w C:\WINDOWS\system32\atl71.dll
+ 2006-10-18 19:47:08 276,992 ------w C:\WINDOWS\system32\audiodev.dll
+ 2008-03-12 11:29:14 94,465 ----a-w C:\WINDOWS\system32\avsda.dll
- 2004-08-04 04:54:22 286,208 ----a-w C:\WINDOWS\system32\blackbox.dll
+ 2006-10-18 19:47:10 542,720 ----a-w C:\WINDOWS\system32\blackbox.dll
+ 2003-05-02 12:14:44 466,944 ----a-w C:\WINDOWS\system32\capicom.dll
- 2004-08-04 04:54:24 159,232 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2006-10-18 19:47:10 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2007-09-20 09:43:40 331,184 ------w C:\WINDOWS\system32\difxapi.dll
+ 2008-08-31 13:50:26 4,224 -c--a-w C:\WINDOWS\system32\dllcache\beep.sys
+ 2004-08-03 21:10:18 17,024 -c--a-w C:\WINDOWS\system32\dllcache\ccdecode.sys
+ 2004-08-03 22:08:00 60,288 -c--a-w C:\WINDOWS\system32\dllcache\drmk.sys
+ 2004-08-03 22:15:22 140,928 -c--a-w C:\WINDOWS\system32\dllcache\ks.sys
+ 2004-08-03 20:58:40 5,504 -c--a-w C:\WINDOWS\system32\dllcache\mstee.sys
+ 2004-08-03 21:10:30 85,376 -c--a-w C:\WINDOWS\system32\dllcache\nabtsfec.sys
+ 2004-08-03 21:10:14 10,880 -c--a-w C:\WINDOWS\system32\dllcache\ndisip.sys
+ 2004-08-03 22:15:50 145,792 -c--a-w C:\WINDOWS\system32\dllcache\portcls.sys
+ 2004-08-03 21:10:18 11,136 -c--a-w C:\WINDOWS\system32\dllcache\slip.sys
+ 2004-08-03 22:08:04 48,640 -c--a-w C:\WINDOWS\system32\dllcache\stream.sys
+ 2004-08-03 21:10:14 15,360 -c--a-w C:\WINDOWS\system32\dllcache\streamip.sys
+ 2004-08-03 21:07:56 59,264 -c--a-w C:\WINDOWS\system32\dllcache\usbaudio.sys
+ 2004-08-03 22:54:44 54,784 -c--a-w C:\WINDOWS\system32\dllcache\vfwwdm32.dll
+ 2006-10-18 19:47:20 96,256 -c--a-w C:\WINDOWS\system32\dllcache\wmpband.dll
+ 2006-10-18 19:47:20 99,840 -c--a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
+ 2006-10-18 19:47:22 2,450,944 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2004-08-03 21:10:22 19,328 -c--a-w C:\WINDOWS\system32\dllcache\wstcodec.sys
+ 2008-01-21 17:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 17:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-10-22 07:15:53 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2004-08-03 21:10:18 17,024 ----a-w C:\WINDOWS\system32\drivers\CCDECODE.sys
- 2004-08-03 21:08:00 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
+ 2004-08-03 22:08:00 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
- 2004-08-03 21:15:22 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys
+ 2004-08-03 22:15:22 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys
+ 2004-08-03 20:58:40 5,504 ----a-w C:\WINDOWS\system32\drivers\MSTEE.sys
+ 2004-08-03 21:10:30 85,376 ----a-w C:\WINDOWS\system32\drivers\NABTSFEC.sys
+ 2004-08-03 21:10:14 10,880 ----a-w C:\WINDOWS\system32\drivers\NdisIP.sys
- 2004-08-03 21:15:50 145,792 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
+ 2004-08-03 22:15:50 145,792 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
+ 2004-08-03 21:10:18 11,136 ----a-w C:\WINDOWS\system32\drivers\SLIP.sys
+ 2007-03-01 09:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
- 2004-08-03 21:08:04 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys
+ 2004-08-03 22:08:04 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys
+ 2004-08-03 21:10:14 15,360 ----a-w C:\WINDOWS\system32\drivers\StreamIP.sys
+ 2006-10-18 19:47:22 671,232 ------w C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll
+ 2004-08-03 21:07:56 59,264 ----a-w C:\WINDOWS\system32\drivers\USBAUDIO.sys
+ 2007-11-20 16:56:54 9,216 ----a-w C:\WINDOWS\system32\drivers\videX32.sys
+ 2006-10-18 18:00:00 38,528 ------w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2004-08-03 21:10:22 19,328 ----a-w C:\WINDOWS\system32\drivers\WSTCODEC.SYS
+ 2006-09-28 16:55:50 77,568 ------w C:\WINDOWS\system32\drivers\WudfPf.sys
+ 2006-09-28 17:00:34 82,944 ------w C:\WINDOWS\system32\drivers\WudfRd.sys
+ 2006-10-18 18:00:46 249,856 ------w C:\WINDOWS\system32\drmupgds.exe
- 2004-08-04 04:55:08 695,296 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2006-10-18 19:47:10 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
- 2008-03-04 10:33:18 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
+ 2008-06-12 18:36:38 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
- 1997-07-10 23:00:00 1,109,264 ----a-w C:\WINDOWS\system32\FM20.DLL
+ 2005-03-17 14:39:58 1,146,320 ----a-w C:\WINDOWS\system32\FM20.DLL
+ 2003-07-14 22:57:04 32,584 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
- 2008-04-11 08:57:05 1,563,504 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-10-23 10:06:28 1,581,688 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-07-09 14:34:12 206,256 ----a-w C:\WINDOWS\system32\idmmbc.dll
+ 2002-08-21 05:10:16 204,800 ----a-w C:\WINDOWS\system32\INKED.DLL
- 2004-08-04 04:54:30 6,656 ----a-w C:\WINDOWS\system32\laprxy.dll
+ 2006-10-18 19:47:14 11,264 ----a-w C:\WINDOWS\system32\LAPRXY.dll
- 2004-08-04 04:54:54 103,936 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2006-10-18 18:03:58 100,864 ----a-w C:\WINDOWS\system32\logagent.exe
- 2007-11-20 15:52:00 2,884,992 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
- 2007-11-20 15:52:00 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-08-06 11:59:48 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
- 2002-09-07 00:00:00 924,432 ----a-w C:\WINDOWS\system32\mfc40.dll
+ 2001-08-23 03:00:00 924,432 ----a-w C:\WINDOWS\system32\mfc40.dll
+ 1998-06-17 19:08:32 53,248 ----a-w C:\WINDOWS\system32\MFC42ENU.DLL
- 2003-03-19 05:19:58 1,060,864 ----a-w C:\WINDOWS\system32\MFC71.dll
+ 2003-03-18 20:20:00 1,060,864 ----a-w C:\WINDOWS\system32\MFC71.dll
+ 2003-03-18 19:44:36 40,960 ----a-w C:\WINDOWS\system32\MFC71CHS.DLL
+ 2003-03-18 19:44:36 45,056 ----a-w C:\WINDOWS\system32\MFC71CHT.DLL
+ 2003-03-18 19:44:34 65,536 ----a-w C:\WINDOWS\system32\MFC71DEU.DLL
+ 2003-03-18 19:44:38 57,344 ----a-w C:\WINDOWS\system32\MFC71ENU.DLL
+ 2003-03-18 19:44:36 61,440 ----a-w C:\WINDOWS\system32\MFC71ESP.DLL
+ 2003-03-18 19:44:36 61,440 ----a-w C:\WINDOWS\system32\MFC71ITA.DLL
+ 2003-03-18 19:44:34 49,152 ----a-w C:\WINDOWS\system32\MFC71JPN.DLL
+ 2003-03-18 19:44:38 49,152 ----a-w C:\WINDOWS\system32\MFC71KOR.DLL
+ 2003-03-18 20:12:12 1,047,552 ----a-w C:\WINDOWS\system32\MFC71u.dll
+ 2006-10-18 19:47:14 212,992 ------w C:\WINDOWS\system32\MFPLAT.dll
+ 2006-10-18 19:47:14 259,072 ------w C:\WINDOWS\system32\MP43DECD.dll
- 2004-08-04 04:54:32 310,272 ----a-w C:\WINDOWS\system32\mp43dmod.dll
+ 2006-10-18 19:47:14 4,096 ----a-w C:\WINDOWS\system32\MP43DMOD.dll
+ 2006-10-18 19:47:14 317,440 ------w C:\WINDOWS\system32\MP4SDECD.dll
- 2004-08-04 04:54:32 384,512 ----a-w C:\WINDOWS\system32\mp4sdmod.dll
+ 2006-10-18 19:47:14 4,096 ----a-w C:\WINDOWS\system32\MP4SDMOD.dll
+ 2006-10-18 19:47:14 259,072 ------w C:\WINDOWS\system32\MPG4DECD.dll
- 2004-08-04 04:54:32 240,640 ----a-w C:\WINDOWS\system32\mpg4dmod.dll
+ 2006-10-18 19:47:14 4,096 ----a-w C:\WINDOWS\system32\MPG4DMOD.dll
+ 2006-10-02 13:28:42 312,128 ------w C:\WINDOWS\system32\msdelta.dll
- 2004-08-04 04:55:06 259,072 ----a-w C:\WINDOWS\system32\msnetobj.dll
+ 2006-10-18 19:47:16 179,712 ----a-w C:\WINDOWS\system32\msnetobj.dll
- 2004-08-04 04:54:36 52,736 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
+ 2006-10-18 19:47:16 27,136 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
- 2004-08-04 04:54:36 201,728 ----a-w C:\WINDOWS\system32\mspmsp.dll
+ 2006-10-18 19:47:16 175,616 ----a-w C:\WINDOWS\system32\mspmsp.dll
+ 2000-05-11 13:06:20 397,312 ----a-w C:\WINDOWS\system32\MSRDO20.DLL
- 2004-08-04 04:55:06 356,352 ----a-w C:\WINDOWS\system32\msscp.dll
+ 2006-10-18 19:47:16 414,208 ----a-w C:\WINDOWS\system32\msscp.dll
+ 2000-05-23 22:45:58 118,784 ----a-w C:\WINDOWS\system32\MSSTDFMT.DLL
+ 1998-08-09 11:07:34 94,208 ----a-w C:\WINDOWS\system32\MSSTKPRP.DLL
- 2003-03-18 20:14:50 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
+ 2003-03-18 19:14:52 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
- 2006-02-03 07:00:00 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
+ 2003-02-21 03:42:22 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
- 2004-08-04 04:54:36 246,272 ----a-w C:\WINDOWS\system32\mswmdm.dll
+ 2006-10-18 19:47:16 321,536 ----a-w C:\WINDOWS\system32\mswmdm.dll
+ 2002-02-04 01:52:54 1,230,336 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 2002-02-04 01:43:00 82,432 ----a-w C:\WINDOWS\system32\msxml4r.dll
+ 2001-03-02 19:52:42 8,704 ----a-w C:\WINDOWS\system32\npwmsdrm.dll
- 2008-05-19 22:02:57 67,696 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-08-09 12:34:22 67,696 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-19 22:02:57 81,040 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-08-09 12:34:22 81,040 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-05-19 22:02:57 432,992 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-08-09 12:34:22 432,992 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-05-19 22:02:57 501,312 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-08-09 12:34:22 501,312 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2006-10-18 19:47:18 284,160 ------w C:\WINDOWS\system32\PortableDeviceApi.dll
+ 2006-10-18 19:47:18 101,888 ------w C:\WINDOWS\system32\PortableDeviceClassExtension.dll
+ 2006-10-18 19:47:18 166,912 ------w C:\WINDOWS\system32\PortableDeviceTypes.dll
+ 2006-10-18 19:47:18 132,096 ------w C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
+ 2006-10-18 19:47:18 199,168 ------w C:\WINDOWS\system32\PortableDeviceWMDRM.dll
- 2004-08-04 04:54:38 237,568 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2006-10-18 19:47:18 211,456 ----a-w C:\WINDOWS\system32\qasf.dll
- 2007-11-29 21:30:28 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
+ 2008-07-23 16:50:52 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
+ 2000-04-03 17:52:54 151,552 ----a-w C:\WINDOWS\system32\RDOCURS.DLL
+ 2004-08-03 22:32:32 84,480 ----a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\ac97via.sys
+ 2004-08-03 21:08:00 60,288 ----a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\drmk.sys
+ 2004-08-03 21:15:22 140,928 ----a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\ks.sys
+ 2004-08-04 00:54:30 4,096 ----a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\ksuser.dll
+ 2004-08-03 21:15:50 145,792 ----a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\portcls.sys
+ 2004-08-03 21:08:04 48,640 ----a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\stream.sys
+ 2004-08-04 05:05:42 23,552 ----a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\wdmaud.drv
+ 2004-08-04 02:59:44 95,360 ----a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]002\DriverFiles\i386\atapi.sys
+ 2004-08-04 02:59:42 25,088 ----a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]002\DriverFiles\i386\pciidex.sys
+ 2004-08-04 02:59:44 5,376 ----a-w C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]002\DriverFiles\i386\viaide.sys
+ 1998-03-24 21:54:08 15,872 ----a-w C:\WINDOWS\system32\SCP32.DLL
- 2006-10-16 15:10:58 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2006-09-25 15:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2005-01-05 14:21:12 36,864 ----a-w C:\WINDOWS\system32\UnAudioNT.dll
- 2007-09-04 15:56:10 164,352 ----a-w C:\WINDOWS\system32\unrar.dll
+ 2007-09-04 16:56:10 164,352 ----a-w C:\WINDOWS\system32\unrar.dll
+ 2006-10-18 19:58:00 8,704 ------w C:\WINDOWS\system32\uwdf.exe
+ 1999-11-24 18:40:50 40,960 ----a-w C:\WINDOWS\system32\VBAME.DLL
+ 2004-08-03 22:54:44 54,784 ----a-w C:\WINDOWS\system32\vfwwdm32.dll
+ 2006-10-18 19:47:18 4,096 ------w C:\WINDOWS\system32\wdfapi.dll
+ 2006-10-18 19:58:00 8,704 ------w C:\WINDOWS\system32\wdfmgr.exe
+ 2002-08-21 05:13:12 189,952 ----a-w C:\WINDOWS\system32\WISPTIS.EXE
- 2004-08-04 04:54:48 408,064 ----a-w C:\WINDOWS\system32\wmadmod.dll
+ 2006-10-18 19:47:18 757,248 ----a-w C:\WINDOWS\system32\wmadmod.dll
- 2004-08-04 04:54:48 670,720 ----a-w C:\WINDOWS\system32\wmadmoe.dll
+ 2006-10-18 19:47:18 1,117,696 ----a-w C:\WINDOWS\system32\WMADMOE.dll
- 2007-10-25 09:00:50 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2006-10-18 19:47:18 222,208 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2004-08-04 04:54:48 27,136 ----a-w C:\WINDOWS\system32\wmdmlog.dll
+ 2006-10-18 19:47:18 33,792 ----a-w C:\WINDOWS\system32\wmdmlog.dll
- 2004-08-04 04:54:48 23,552 ----a-w C:\WINDOWS\system32\wmdmps.dll
+ 2006-10-18 19:47:18 37,376 ----a-w C:\WINDOWS\system32\wmdmps.dll
+ 2006-10-18 19:47:18 429,056 ------w C:\WINDOWS\system32\wmdrmdev.dll
+ 2006-10-18 19:47:20 348,672 ------w C:\WINDOWS\system32\wmdrmnet.dll
+ 2006-10-18 19:47:20 535,040 ------w C:\WINDOWS\system32\wmdrmsdk.dll
- 2004-08-04 04:54:10 200,704 ----a-w C:\WINDOWS\system32\wmerror.dll
+ 2006-10-18 19:47:20 227,328 ----a-w C:\WINDOWS\system32\wmerror.dll
- 2004-08-04 04:54:48 151,552 ----a-w C:\WINDOWS\system32\wmidx.dll
+ 2006-10-18 19:47:20 157,184 ----a-w C:\WINDOWS\system32\wmidx.dll
- 2004-08-04 04:54:48 1,050,624 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
+ 2006-10-18 19:47:20 937,984 ----a-w C:\WINDOWS\system32\WMNetMgr.dll
- 2007-04-30 01:22:16 4,734,976 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2006-10-18 19:47:20 10,834,432 ------w C:\WINDOWS\system32\wmp.dll
- 2004-08-04 04:54:48 114,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
+ 2006-10-18 19:47:20 242,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
- 2004-08-04 04:54:48 233,472 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-18 19:47:20 314,880 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-18 19:47:20 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
+ 2006-10-18 19:47:20 1,661,440 ------w C:\WINDOWS\system32\wmpencen.dll
- 2004-08-04 04:54:14 2,985,984 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-18 19:47:20 8,231,936 ------w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-18 19:47:20 613,376 ------w C:\WINDOWS\system32\wmpmde.dll
+ 2006-10-18 19:47:20 130,048 ------w C:\WINDOWS\system32\wmpps.dll
- 2004-08-04 04:54:48 102,400 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-10-18 19:47:20 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-10-18 19:47:20 204,288 ------w C:\WINDOWS\system32\wmpsrcwp.dll
- 2004-08-04 04:54:48 759,296 ----a-w C:\WINDOWS\system32\wmsdmod.dll
+ 2006-10-18 19:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmod.dll
- 2004-08-04 04:54:48 1,119,744 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
+ 2006-10-18 19:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
- 2004-08-04 04:54:48 484,864 ----a-w C:\WINDOWS\system32\wmspdmod.dll
+ 2006-10-18 19:47:22 603,648 ----a-w C:\WINDOWS\system32\WMSPDMOD.dll
- 2004-08-04 04:54:48 896,512 ----a-w C:\WINDOWS\system32\wmspdmoe.dll
+ 2006-10-18 19:47:22 1,329,152 ----a-w C:\WINDOWS\system32\WMSPDMOE.dll
+ 2001-05-09 16:40:50 309,584 ----a-w C:\WINDOWS\system32\wmv8dmod.dll
+ 2001-05-09 15:47:10 466,944 ----a-w C:\WINDOWS\system32\wmv8dmoe.dll
+ 2006-10-18 19:47:22 4,096 ------w C:\WINDOWS\system32\WMVADVD.dll
+ 2006-10-18 19:47:22 4,096 ------w C:\WINDOWS\system32\WMVADVE.DLL
- 2007-10-25 09:01:10 2,109,440 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-18 19:47:22 2,450,944 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-18 19:47:22 1,543,680 ------w C:\WINDOWS\system32\WMVDECOD.dll
- 2004-08-04 04:54:48 809,984 ----a-w C:\WINDOWS\system32\wmvdmod.dll
+ 2006-10-18 19:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll
+ 2001-05-09 15:50:40 446,464 ----a-w C:\WINDOWS\system32\wmvdmoe.dll
- 2004-08-04 04:54:48 1,001,472 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-18 19:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-18 19:47:22 1,574,912 ------w C:\WINDOWS\system32\WMVENCOD.dll
+ 2006-10-18 19:47:22 1,382,912 ------w C:\WINDOWS\system32\WMVSDECD.dll
+ 2006-10-18 19:47:22 767,488 ------w C:\WINDOWS\system32\WMVSENCD.dll
+ 2006-10-18 19:47:22 656,896 ------w C:\WINDOWS\system32\WMVXENCD.dll
+ 2006-10-18 19:47:22 629,760 ------w C:\WINDOWS\system32\wpd_ci.dll
+ 2006-10-18 19:47:22 35,840 ------w C:\WINDOWS\system32\wpdconns.dll
+ 2006-10-18 19:47:22 154,624 ------w C:\WINDOWS\system32\wpdmtp.dll
+ 2006-10-18 19:47:22 63,488 ------w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-18 19:47:22 2,603,008 ------w C:\WINDOWS\system32\WpdShext.dll
+ 2006-10-18 18:00:14 17,408 ------w C:\WINDOWS\system32\wpdshextautoplay.exe
+ 2006-11-02 09:52:12 44,032 ------w C:\WINDOWS\system32\wpdshextres.dll
+ 2006-10-18 19:47:22 133,632 ------w C:\WINDOWS\system32\WPDShServiceObj.dll
+ 2006-10-18 19:47:22 356,352 ------w C:\WINDOWS\system32\wpdsp.dll
+ 2006-09-28 18:13:26 95,344 ------w C:\WINDOWS\system32\WUDFCoinstaller.dll
+ 2006-09-28 16:56:38 146,432 ------w C:\WINDOWS\system32\WudfHost.exe
+ 2006-09-28 16:56:16 165,376 ------w C:\WINDOWS\system32\WudfPlatform.dll
+ 2006-09-28 16:56:14 55,808 ------w C:\WINDOWS\system32\WudfSvc.dll
+ 2006-09-28 16:56:38 316,416 ------w C:\WINDOWS\system32\WUDFx.dll
- 2008-01-10 11:15:30 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
+ 2008-01-10 12:15:30 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
- 2008-01-10 11:16:20 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll
+ 2008-01-10 12:16:20 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll
- 2004-01-25 15:18:44 217,088 ----a-w C:\WINDOWS\system32\yv12vfw.dll
+ 2004-01-25 16:18:44 217,088 ----a-w C:\WINDOWS\system32\yv12vfw.dll
- 1999-06-25 08:55:30 149,504 ----a-w C:\WINDOWS\UNWISE.EXE
+ 1999-06-25 09:55:30 149,504 ----a-w C:\WINDOWS\UNWISE.EXE
- 2000-08-31 06:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
+ 2000-08-31 07:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
+ 2008-10-01 23:14:58 1,230,336 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll
+ 2008-10-01 23:15:02 82,432 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
- 2000-08-31 06:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
+ 2000-08-31 07:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{59B4236E-2A39-4942-8278-980630D6D26F}"= "C:\WINDOWS\peltodgx.dll" [2008-09-29 05:15 204800]

[HKEY_CLASSES_ROOT\clsid\{59b4236e-2a39-4942-8278-980630d6d26f}]
[HKEY_CLASSES_ROOT\peltodgx.1]
[HKEY_CLASSES_ROOT\TypeLib\{B3336375-6D34-4704-A5F4-6775ADCF0424}]
[HKEY_CLASSES_ROOT\peltodgx]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 10:34 5724184]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-06-10 15:18 785520]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-06-05 16:27 219952]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-07-30 11:33 932272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 21:49 7286784]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2005-01-05 15:24 495616]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-10-22 08:15 266497]
"nwiz"="nwiz.exe" [2005-10-10 21:49 1519616 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:54 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"D:\\Program Files\\BearShare\\BearShare.exe"=
"D:\\Program Files\\Garena\\Garena.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-11-20 17:56]
R2 AntiVirMailService;Avira AntiVir Premium MailGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-10-22 08:15]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE [2008-10-22 08:15]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-10-22 08:15]
S2 RPCH;Remote Procedure Call (HPM);C:\Program Files\NetMeeting\nmwb.exe []
S3 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 07:05]
S3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-02-22 14:34]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2cc07a50-9edb-11dd-9aef-4d6564696130}]
\Shell\autoplay\cOMmAND - F:\okdsn.cmd
\Shell\AutoRun\command - F:\okdsn.cmd
\Shell\ExPlOrE\CommAnD - F:\okdsn.cmd
\Shell\open\COMmAnD - F:\okdsn.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39000953-dbd4-11dc-8bd7-00730442be5d}]
\Shell\AutoRun\command - F:\1rfw8hjr.com
\Shell\explore\Command - F:\1rfw8hjr.com
\Shell\open\Command - F:\1rfw8hjr.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5941ab71-d883-11dc-8bc8-00730442be5d}]
\Shell\AutoRun\command - wscript.exe .\`.vbs
\Shell\open\command - wscript.exe .\`.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b2b49e0-7c12-11dd-95de-4d6564696130}]
\Shell\AutoRun\command - E:\t1ypkh.exe
\Shell\explore\Command - E:\t1ypkh.exe
\Shell\open\Command - E:\t1ypkh.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c947ffa0-fb52-11dc-8c6f-b6445e109c7a}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0628f10-9d23-11dd-9ae8-806d6172696f}]
\Shell\AutoRun\command - 1rfw8hjr.com
\Shell\explore\Command - 1rfw8hjr.com
\Shell\open\Command - 1rfw8hjr.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{def11aa5-abe3-11dc-88a7-00730442be5d}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-Sccs - C:\Documents and Settings\Famille\sccs.exe
SSODL-onfwbsak-{97E88470-32F5-4C76-9639-A1B6C7541ED9} - C:\WINDOWS\onfwbsak.dll

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\n3yzcj9m.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.fr

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-24 16:30:17
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Sccs = C:\Documents and Settings\Famille\sccs.exe???????

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
Temps d'accomplissement: 2008-10-24 16:38:03
ComboFix-quarantined-files.txt 2008-10-24 15:36:59
ComboFix2.txt 2008-05-22 10:56:38

Pre-Run: 3,572,293,632 octets libres
Post-Run: 3,594,592,256 octets libres

507 --- E O F --- 2008-06-04 16:26:06

g!rly · Answer

salut, 

la suite :

Copie le texte ci-dessous :

File::
C:\WINDOWS\system32\eejgmmvn.dll
C:\WINDOWS\peltodgx.dll
C:\WINDOWS\fbxrqtwn.exe
C:\WINDOWS\system32\ckvo0.VIR
C:\Documents and Settings\Famille\css.exe
C:\WINDOWS\peltodgx.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{59B4236E-2A39-4942-8278-980630D6D26F}"=-
[-HKEY_CLASSES_ROOT\clsid\{59b4236e-2a39-4942-8278-980630d6d26f}]
[-HKEY_CLASSES_ROOT\peltodgx.1]
[-HKEY_CLASSES_ROOT\TypeLib\{B3336375-6D34-4704-A5F4-6775ADCF0424}]
[-HKEY_CLASSES_ROOT\peltodgx]

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+

Log HijackThis à traiter!

3 réponses

Votre réponse

Discussions similaires

Newsletters