Aller au contenu

zouille

Membres
  • Compteur de contenus

    9
  • Inscription

  • Dernière visite

zouille's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. La page qui s'affiche comporte le message suivant : (j'ai volontairement laissé les fautes d'orthographe...) "Police nationale francaise Attention!!! Activité illégale est révélée!!! Votre système d'exploitation a été bloqué suite à la violation de la législation française! On a découvert les violations suivantes : votre adresse IP a été détectée sur les sites illégales du contenus pronographiques aixés à la distribution de la pornographie enfantine, de la zoophilie et des scènes violentes avec les enfants! (...) Pour débloquer votre ordinateur il vous fat payer une amende à la hauteru de 100euros! EN cas de non payement de l'amende toutes vos donnes sur votre ordinatur seront fait disparaitre! (...)" On me propose ensuite de payer soit par Payesafe ou Ukash en donnant mon num de carte bleue... Inutile de préciser que je n'ai évidemment jamais fréquenté de tels sites !
  2. Bonsoir, Mon PC est toujours bloqué ! Il démarre normalement mais avant que j'ai le temps de faire quoi que ce soit, la fenêtre "Police nationale" vient bloquer mon écran. Le nouveau rapport ZHPfix : Lien CJoint.com AKqrytfjH7T
  3. Bonsoir, Je crois que j'ai réussi à finalement me débarasser des logiciels de P2P avec ZHPfix. Voici un nouveau scan de ZHPdiag : Lien CJoint.com AKpsJA08agr J'ai désinstallé Spybot mais je n'ai pas osé installer les mises à jours. J'ai voulu télécharger la mise à jour java mais au momoent de l'installer la fenetre suivante s'est affichée : "l'administrateur systeme a configué votre systeme pour interdire cette installation". J'ai voulu supprimer les programmes inutiles qui encombraient mon disque dur C mais comme je suis en mode sans échec (je ne peux pas me servir de mon PC autrement), la fonction ajouter/supprimer des programmes ne fonctionne pas. Je ne sais pas comment alléger mon disque dur tant que le ransomware bloque le bon fonctionnement du PC !
  4. Merci de répondre aussi vite ! Le diagnostique de ZHPdiag : Lien CJoint.com AKlabNiKhT5 Le lien que tu m'as donné pour télécharger ZHPDiag ne fonctionne pas, du coup je me suis servie de la version que j'avais téléchargé le mois dernier.
  5. Bonsoir, Me voici de retour après un long moment. Mon problème n'est toujours pas résolu et si j'ai autant tardé c'est parce-que je n'ai pas eu accès à internet ces dernieres semaines (je suis en plein déménagement), or une connection m'était nécessaire pour télécharger la console de récupération windows. J'ai suivi les indications que tu m'as donné : j'ai installé et exécuté Combofix. A la fin de l'opération, Combofix a automatiquement redémarré l'ordinateur et aussitôt le ransomware a de nouveau bloqué mon écran. Du coup, je ne sais pas si Combofix a pu s'exécuter jusqu'au bout. Que faire ? Ci dessous, le rapport de Combofix : ComboFix 11-10-20.08 - Administrateur 21/10/2011 10:20:13.2.1 - x86 NETWORK Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1022.775 [GMT 2:00] Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe Commutateurs utilisés :: C:\Documents and Settings\Administrateur\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) C:\Documents and Settings\LocalService\UserData\3FXJ7XWW C:\Documents and Settings\Rebecca\WINDOWS C:\WINDOWS\Fonts\acrsec.fon C:\WINDOWS\system32\Thumbs.db C:\WINDOWS\Uninstall.ini ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_USNJSVC -------\Service_usnjsvc ((((((((((((((((((((((((((((( Fichiers créés du 2011-09-21 au 2011-10-21 )))))))))))))))))))))))))))))))))))) 2011-10-11 13:19:33 . 2011-10-11 17:43:21 512 ----a-w- C:\PhysicalDisk0_MBR.bin 2011-10-11 13:15:24 . 2011-10-11 18:47:27 -------- d-----w- C:\ZHP 2011-10-11 13:15:11 . 2011-10-11 17:43:19 -------- d-----w- C:\Program Files\ZHPDiag 2011-10-10 19:52:55 . 2011-10-10 19:53:10 -------- d-----w- C:\Program Files\CCleaner 2011-10-10 18:18:47 . 2011-10-21 07:47:27 -------- d-----w- C:\Documents and Settings\Administrateur 2011-10-09 20:41:59 . 2011-10-09 20:41:59 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2011-10-09 20:41:54 . 2011-10-09 20:42:04 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware 2011-10-09 20:41:54 . 2011-08-31 15:00:50 22216 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. [-] 2008-04-14 02:33:28 . 3AC8886DFA5AB641417DF4D3B7F5512E . 1054720 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\kernel32.dll [7] 2007-04-16 16:11:08 . 62E3F0E9ABFCBCEE62C51546F622C455 . 1051136 . . [5.1.2600.3119 (xpsp_sp2_qfe.070416-1259)] . . C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll [7] 2007-04-16 15:53:11 . 6F1FE2AE7B22EB9CED1BFF533C9455EA . 1049600 . . [5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)] . . C:\WINDOWS\system32\kernel32.dll [7] 2007-04-16 15:53:11 . 6F1FE2AE7B22EB9CED1BFF533C9455EA . 1049600 . . [5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)] . . C:\WINDOWS\system32\dllcache\kernel32.dll [7] 2006-07-05 10:58:13 . FB85EF2A6713E3A58A497E093626B93C . 1050112 . . [5.1.2600.2945 (xpsp.060704-2357)] . . C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\kernel32.dll [7] 2006-07-05 10:56:38 . CE4AF1FA47A29ADF97CB107775CE395C . 1049088 . . [5.1.2600.2945 (xpsp_sp2_gdr.060704-2349)] . . C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll [7] 2004-08-05 12:00:00 . 7830E20C74611281B1BDAE5888CD50F5 . 1048576 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB917422$\kernel32.dll [-] 2008-04-14 02:33:28 . 5C64008E661307C4A3C3C25D9086CDE7 . 19968 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\linkinfo.dll [7] 2005-09-01 01:46:30 . D9BD4CCA0533401B6609E47FF74F40DC . 19968 . . [5.1.2600.2751 (xpsp.050831-1531)] . . C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\linkinfo.dll [7] 2005-09-01 01:43:37 . 8D9A075C065DFE1228688D10155D6624 . 19968 . . [5.1.2600.2751 (xpsp_sp2_gdr.050831-1520)] . . C:\WINDOWS\system32\linkinfo.dll [7] 2004-08-05 12:00:00 . 9D21BC0235494F2B403026A1D3619E00 . 18944 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB900725$\linkinfo.dll [-] 2008-04-14 02:33:28 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\lpk.dll [7] 2004-08-05 12:00:00 . 8C97E0E3DAA99659D4F4B44CC1F282A6 . 22016 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\lpk.dll [7] 2008-06-25 04:26:28 . 8758CE41A129C23B1A1BD7C9FEE2CCCB . 3088896 . . [6.00.2900.5626 (xpsp_sp3_qfe.080623-1331)] . . C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\mshtml.dll [7] 2008-06-23 16:15:39 . A9D7198AAAC327D413D7941B2C0046A4 . 3088384 . . [6.00.2900.3395 (xpsp_sp2_qfe.080623-1318)] . . C:\WINDOWS\system32\mshtml.dll [7] 2008-06-23 16:15:39 . A9D7198AAAC327D413D7941B2C0046A4 . 3088384 . . [6.00.2900.3395 (xpsp_sp2_qfe.080623-1318)] . . C:\WINDOWS\system32\dllcache\mshtml.dll [7] 2008-06-23 15:10:27 . DB0D7FB7B08ED1A861ACDD3A684049DD . 3088384 . . [6.00.2900.5626 (xpsp_sp3_gdr.080623-1315)] . . C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\mshtml.dll [7] 2008-04-21 06:57:22 . 57BC3BE475F34AE089878A016C2CA46E . 3087872 . . [6.00.2900.3354 (xpsp_sp2_qfe.080417-1416)] . . C:\WINDOWS\$NtUninstallKB953838$\mshtml.dll [7] 2008-04-21 06:43:36 . 840E79E91BCCD80B2FC3CCAD2C60B35A . 3087872 . . [6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)] . . C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\mshtml.dll [7] 2008-04-21 06:30:24 . B3CD09A5DBD2A569ADFA8654E3C8879D . 3088384 . . [6.00.2900.5583 (xpsp_sp3_qfe.080417-1431)] . . C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\mshtml.dll [-] 2008-04-14 02:33:31 . C4153F037157C7BE7C54FD88887F027D . 3066880 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\mshtml.dll [7] 2008-02-16 09:31:59 . 7A78A2B4118A5F18B4CC93A83F157FD3 . 3087872 . . [6.00.2900.3314 (xpsp_sp2_qfe.080215-1242)] . . C:\WINDOWS\$NtUninstallKB950759$\mshtml.dll [7] 2007-12-07 00:47:18 . 538016006E65697948DC04305FC60212 . 3087360 . . [6.00.2900.3268 (xpsp_sp2_qfe.071206-1251)] . . C:\WINDOWS\$NtUninstallKB947864$\mshtml.dll [7] 2007-10-30 09:57:54 . 1B0CD3D5B664C7786698FBB8C381A4D3 . 3086848 . . [6.00.2900.3243 (xpsp_sp2_qfe.071029-1244)] . . C:\WINDOWS\$NtUninstallKB944533$\mshtml.dll [7] 2007-08-22 12:57:28 . 6B815842B4A9CDED3D7E9846639E69FA . 3085824 . . [6.00.2900.3199 (xpsp_sp2_qfe.070821-1250)] . . C:\WINDOWS\$NtUninstallKB942615$\mshtml.dll [7] 2007-06-15 08:12:44 . CA8215FF55022B47D6948C4BB09E8D52 . 3085312 . . [6.00.2900.3157 (xpsp_sp2_qfe.070614-1244)] . . C:\WINDOWS\$NtUninstallKB939653$\mshtml.dll [7] 2007-05-04 12:59:57 . BE930AD339B283D83030BD7E67D1CCFD . 3085312 . . [6.00.2900.3132 (xpsp_sp2_qfe.070504-1301)] . . C:\WINDOWS\$NtUninstallKB937143$\mshtml.dll [7] 2007-01-04 14:02:10 . 1703F708C9D604CDD3D8C199861DC2E4 . 3083264 . . [6.00.2900.3059 (xpsp_sp2_qfe.070104-0040)] . . C:\WINDOWS\$NtUninstallKB933566$\mshtml.dll [7] 2006-10-23 15:34:38 . EE542871960ACFD459F4113B1BCC6C10 . 3082240 . . [6.00.2900.3020 (xpsp.061023-0222)] . . C:\WINDOWS\$NtUninstallKB928090$\mshtml.dll [-] 2006-07-28 11:30:59 . DC9A660A7E39F90903B79E893B121FC9 . 3079168 . . [6.00.2900.2963 (xpsp.060728-0003)] . . C:\WINDOWS\$NtUninstallKB925454$\mshtml.dll [7] 2006-05-19 15:07:57 . D8952C9B9C9A9C6B480A4DFC506313D4 . 3076096 . . [6.00.2900.2912 (xpsp.060519-0021)] . . C:\WINDOWS\$NtUninstallKB918899$\mshtml.dll [7] 2006-03-23 20:32:00 . AC77AAD0D3F9D6490F7B5F697DDAD483 . 3076608 . . [6.00.2900.2873 (xpsp.060322-1626)] . . C:\WINDOWS\$NtUninstallKB916281$\mshtml.dll [7] 2005-11-24 00:08:35 . 2976260E57E506A162D8BBA87B520961 . 3013632 . . [6.00.2900.2802 (xpsp_sp2_gdr.051123-1230)] . . C:\WINDOWS\$NtUninstallKB912812$\mshtml.dll [7] 2005-11-23 23:52:32 . 6D215267660530629AE04032B7FFC610 . 3016192 . . [6.00.2900.2802 (xpsp.051123-1236)] . . C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\mshtml.dll [7] 2005-10-05 00:51:10 . 172E3CF0EF82C9A5B54621E536F0121B . 3015680 . . [6.00.2900.2769 (xpsp.051004-1419)] . . C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\mshtml.dll [7] 2005-10-04 16:26:06 . 0DF7AE0A8A3F52934FF026F7E1C28183 . 3013120 . . [6.00.2900.2769 (xpsp_sp2_gdr.051004-1415)] . . C:\WINDOWS\$NtUninstallKB905915$\mshtml.dll [7] 2005-05-02 20:58:35 . D73E130276025BA9839FAB4B1A3137CA . 3012608 . . [6.00.2900.2668 (xpsp.050430-1553)] . . C:\WINDOWS\$hf_mig$\KB883939\SP2QFE\mshtml.dll [7] 2005-05-02 11:57:12 . 2F0CE851CF44801A80BBCDB9F2FBCC38 . 3011072 . . [6.00.2900.2668 (xpsp_sp2_gdr.050430-1553)] . . C:\WINDOWS\$NtUninstallKB896688$\mshtml.dll [7] 2004-08-05 12:00:00 . 3FE8D0C4C2F3B928192BD06DCEE34B32 . 3003392 . . [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB883939$\mshtml.dll [-] 2008-04-14 02:33:33 . 3891413139EAABFEFE9B0CA49B5CD395 . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\msvcrt.dll [-] 2008-04-14 02:30:54 . D33CD21D476C3A07DD88F83850A17432 . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\asms\70\msft\windows\mswincrt\msvcrt.dll [7] 2004-08-05 12:00:00 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0 (xpclient.010817-1148)] . . C:\WINDOWS\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL [7] 2004-08-05 12:00:00 . 351B1AD22FD0EC70D889766E0B4F72ED . 343040 . . [7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\msvcrt.dll [7] 2004-08-05 12:00:00 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0 (xpclient.010817-1148)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll [7] 2004-08-05 12:00:00 . 5C53FCABF891ECDC7156544E5B03FE71 . 343040 . . [7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll [-] 2008-04-14 02:33:33 . 196CCC3FDD21665DCAA9F83FFC03B41A . 247808 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\mswsock.dll [7] 2004-08-05 12:00:00 . CCDD3433F3C3BD0D8502B38FD155B2F0 . 247808 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\mswsock.dll [-] 2008-04-14 02:33:34 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\netlogon.dll [7] 2004-08-05 12:00:00 . FAF07FDCDE76000621A28D19F8E2E8EB . 407040 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\netlogon.dll [-] 2008-04-14 02:33:38 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\powrprof.dll [7] 2004-08-05 12:00:00 . B02E4DDBE0E98F42F3B61292DDB3A104 . 17408 . . [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\powrprof.dll [-] 2008-04-14 02:33:40 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\scecli.dll [7] 2004-08-05 12:00:00 . DEC0397F35D027874804EC72979D03CC . 186368 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\scecli.dll [-] 2008-04-14 02:33:41 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\sfc.dll [7] 2004-08-05 12:00:00 . 94559DE281DADCB58E6A3919C7EAC0B4 . 5120 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\sfc.dll [-] 2008-04-14 02:34:23 . E4BDF223CD75478BF44567B4D5C2634D . 14336 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\svchost.exe [7] 2004-08-05 12:00:00 . 1BD6C2F707A275CB7C16FD99FE0F31CA . 14336 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\svchost.exe [-] 2008-04-14 02:33:46 . 8E5231171AD6595FF002E848CC54FCD7 . 249856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\tapisrv.dll [7] 2005-07-08 16:30:34 . C9FA05D271A0066764FE75BE38E24D69 . 249344 . . [5.1.2600.2716 (xpsp.050707-1657)] . . C:\WINDOWS\$hf_mig$\KB893756\SP2QFE\tapisrv.dll [7] 2005-07-08 16:28:58 . 720DA0C9DB8996AD9B7F5164B2242DAA . 249344 . . [5.1.2600.2716 (xpsp_sp2_gdr.050707-1657)] . . C:\WINDOWS\system32\tapisrv.dll [7] 2004-08-05 12:00:00 . 2490CAE37DB8B6EC55E7A9415473D0AB . 246272 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB893756$\tapisrv.dll [-] 2008-04-14 02:33:48 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\user32.dll [7] 2007-03-08 15:50:30 . 4D88AAF39ADABFE45958EA1384E2C4FF . 579072 . . [5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)] . . C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [7] 2007-03-08 15:37:50 . 753354F594809A9B96F73999B435A533 . 578560 . . [5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)] . . C:\WINDOWS\system32\user32.dll [7] 2007-03-08 15:37:50 . 753354F594809A9B96F73999B435A533 . 578560 . . [5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)] . . C:\WINDOWS\system32\dllcache\user32.dll [7] 2005-03-02 18:20:32 . C34920EB988CE98910BD6B0417F334EB . 578048 . . [5.1.2600.2622 (xpsp.050301-1521)] . . C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [7] 2005-03-02 18:10:36 . 0DF75FB73F705B011630159A43D7C354 . 578048 . . [5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)] . . C:\WINDOWS\$NtUninstallKB925902$\user32.dll [7] 2004-08-05 12:00:00 . E46FB493E3B33704F0715020CF52106B . 578048 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB890859$\user32.dll [-] 2008-04-14 02:34:26 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\userinit.exe [7] 2004-08-05 12:00:00 . D6D65EA32B190401B57EDB6706F29669 . 25088 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\userinit.exe [7] 2008-06-23 16:15:44 . 8CA18FD7CCCABFF7E84702BC1BBF5DCB . 671232 . . [6.00.2900.3395 (xpsp_sp2_qfe.080623-1318)] . . C:\WINDOWS\system32\wininet.dll [7] 2008-06-23 16:15:44 . 8CA18FD7CCCABFF7E84702BC1BBF5DCB . 671232 . . [6.00.2900.3395 (xpsp_sp2_qfe.080623-1318)] . . C:\WINDOWS\system32\dllcache\wininet.dll [7] 2008-06-23 15:10:27 . D2177655BC338A07B99913F6A4BED52D . 670208 . . [6.00.2900.5626 (xpsp_sp3_gdr.080623-1315)] . . C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\wininet.dll [7] 2008-06-23 14:56:26 . 4E00327DA458BEFFEA8F4B222F466B20 . 670720 . . [6.00.2900.5626 (xpsp_sp3_qfe.080623-1331)] . . C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\wininet.dll [7] 2008-04-21 06:57:27 . F2F343D7ED0223645BA773B840EB4993 . 670720 . . [6.00.2900.3354 (xpsp_sp2_qfe.080417-1416)] . . C:\WINDOWS\$NtUninstallKB953838$\wininet.dll [7] 2008-04-21 06:43:36 . 7AF7D7D178F2863E7E7C880B55C88B76 . 670208 . . [6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)] . . C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll [7] 2008-04-21 06:30:24 . 82B3264706B9921C67B196319FDA51DE . 670720 . . [6.00.2900.5583 (xpsp_sp3_qfe.080417-1431)] . . C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll [-] 2008-04-14 02:33:48 . 4A6E04EA20F48D750D9BFED8600D516B . 670208 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\wininet.dll [7] 2008-02-16 09:32:00 . DCB8A9F102663D962BE60CDE38A6C1D7 . 670208 . . [6.00.2900.3314 (xpsp_sp2_qfe.080215-1242)] . . C:\WINDOWS\$NtUninstallKB950759$\wininet.dll [7] 2007-12-07 00:47:21 . C057D734B1951393FD07E2607513D4D9 . 670208 . . [6.00.2900.3268 (xpsp_sp2_qfe.071206-1251)] . . C:\WINDOWS\$NtUninstallKB947864$\wininet.dll [7] 2007-10-11 05:59:29 . 0465CDE31ADD22F6233FFB4FE4AF01CF . 670208 . . [6.00.2900.3231 (xpsp_sp2_qfe.071010-1316)] . . C:\WINDOWS\$NtUninstallKB944533$\wininet.dll [7] 2007-08-22 12:57:30 . 4F6A45B54D26708E2C2BF2C43D83EDEA . 669696 . . [6.00.2900.3199 (xpsp_sp2_qfe.070821-1250)] . . C:\WINDOWS\$NtUninstallKB942615$\wininet.dll [7] 2007-06-26 14:36:02 . 19058FBDC72F7BAE085369C6D0A7D074 . 669696 . . [6.00.2900.3164 (xpsp_sp2_qfe.070626-1258)] . . C:\WINDOWS\$NtUninstallKB939653$\wininet.dll [7] 2007-04-18 12:44:43 . A3BF56A786B277E881FD9137F55F0B4B . 669696 . . [6.00.2900.3121 (xpsp_sp2_qfe.070418-1302)] . . C:\WINDOWS\$NtUninstallKB937143$\wininet.dll [7] 2007-01-04 14:02:18 . 114342601AC7EA73B0D2A0ED8505B8B9 . 669184 . . [6.00.2900.3059 (xpsp_sp2_qfe.070104-0040)] . . C:\WINDOWS\$NtUninstallKB933566$\wininet.dll [7] 2006-10-23 15:34:38 . EFA0C2870CBA1747809A13E09F35BF82 . 668672 . . [6.00.2900.3020 (xpsp.061023-0222)] . . C:\WINDOWS\$NtUninstallKB928090$\wininet.dll [7] 2006-06-23 11:25:42 . 582953780721AC5D38F98CAB229EC7B9 . 668672 . . [6.00.2900.2937 (xpsp.060623-0011)] . . C:\WINDOWS\$NtUninstallKB925454$\wininet.dll [7] 2006-05-10 05:26:50 . 44FCC339191ADB8892520DFA473C455F . 667648 . . [6.00.2900.2904 (xpsp.060509-0230)] . . C:\WINDOWS\$NtUninstallKB918899$\wininet.dll [7] 2006-03-04 04:00:31 . 241DBC4C2714B2F39AFDED49459ED420 . 667648 . . [6.00.2900.2861 (xpsp.060303-1528)] . . C:\WINDOWS\$NtUninstallKB916281$\wininet.dll [7] 2005-10-21 03:41:05 . E41E8FDF62CF20F2E2B16D800D96EB51 . 662528 . . [6.00.2900.2781 (xpsp_sp2_gdr.051020-1730)] . . C:\WINDOWS\$NtUninstallKB912812$\wininet.dll [7] 2005-10-21 03:39:19 . D327378CEEF9A141C7352691FC30A0DA . 665600 . . [6.00.2900.2781 (xpsp.051020-1728)] . . C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\wininet.dll [7] 2005-09-03 00:08:21 . 031CA1310E4CB23E5A4F747D763D0B49 . 664576 . . [6.00.2900.2753 (xpsp.050902-1331)] . . C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\wininet.dll [7] 2005-09-03 00:06:12 . A2DD7EC3AC1EAD13F65E2898FCABBD1A . 662528 . . [6.00.2900.2753 (xpsp_sp2_gdr.050902-1326)] . . C:\WINDOWS\$NtUninstallKB905915$\wininet.dll [7] 2005-05-02 20:58:35 . 0996B57CC2ABCB271872296E98A18DB2 . 663040 . . [6.00.2900.2668 (xpsp.050430-1553)] . . C:\WINDOWS\$hf_mig$\KB883939\SP2QFE\wininet.dll [7] 2005-05-02 20:57:12 . FFE3E6FB8D52955A2DE4C6CC765B02BC . 662016 . . [6.00.2900.2668 (xpsp_sp2_gdr.050430-1553)] . . C:\WINDOWS\$NtUninstallKB896688$\wininet.dll [7] 2004-08-05 12:00:00 . 58FE94EF42E074F4CAD8BF02E70E6478 . 660480 . . [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB883939$\wininet.dll [-] 2008-04-14 02:33:49 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ws2_32.dll [7] 2004-08-05 12:00:00 . BC41F51A39D3B255805FDB759B7814AE . 82944 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\ws2_32.dll [-] 2008-04-14 02:33:49 . 36A608BF354FCC64AD6C0F2B5E2B8806 . 19968 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ws2help.dll [7] 2004-08-05 12:00:00 . CB99D66483437E06286D4401A151D4E4 . 19968 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\ws2help.dll [-] 2008-04-14 02:34:03 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\explorer.exe [7] 2007-06-13 13:22:28 . D0288319660EDCFED07C7E74C4EA38A5 . 1037312 . . [6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] . . C:\WINDOWS\explorer.exe [7] 2007-06-13 13:22:28 . D0288319660EDCFED07C7E74C4EA38A5 . 1037312 . . [6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] . . C:\WINDOWS\system32\dllcache\explorer.exe [7] 2007-06-13 13:10:53 . B795475444D6D57A572C14B9E1A29839 . 1037312 . . [6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)] . . C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [7] 2004-08-05 12:00:00 . 4C33E5B9A6197B6ED215F6CFBA0A2DAA . 1036288 . . [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB938828$\explorer.exe [-] 2008-04-14 02:34:19 . ADF88D0996A634B5B13EE8FB9595647D . 153088 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\regedit.exe [7] 2004-08-05 12:00:00 . 47D9746DB5064D95DFB0E4D88A10C540 . 153088 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\regedit.exe [7] 2004-08-05 12:00:00 . 47D9746DB5064D95DFB0E4D88A10C540 . 153088 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\I386\REGEDIT.EXE [-] 2008-04-14 02:33:38 . 9245FAF86A8235D5290A23C010DABD43 . 1287168 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ole32.dll [7] 2005-07-26 04:40:00 . 1C43C758C54C768250107F4C5D7CA054 . 1284608 . . [5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)] . . C:\WINDOWS\system32\ole32.dll [7] 2005-07-26 04:29:37 . EED987351DDEB1B8AE7892A9AAEFF453 . 1285632 . . [5.1.2600.2726 (xpsp.050725-1531)] . . C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\ole32.dll [7] 2005-04-28 19:32:30 . 7DB31F7A40BDC4DFA9EF416676168403 . 1284608 . . [5.1.2600.2665 (xpsp_sp2_gdr.050427-1553)] . . C:\WINDOWS\$NtUninstallKB902400$\ole32.dll [7] 2005-04-28 10:36:10 . A3063BE774D14B14ECC358D468821015 . 1286144 . . [5.1.2600.2665 (xpsp.050427-1553)] . . C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\ole32.dll [7] 2005-01-14 05:08:27 . 19E13AD50259E7178D912F7519ADD5ED . 1284608 . . [5.1.2600.2595 (xpsp.041130-1728)] . . C:\WINDOWS\$hf_mig$\KB873333\SP2QFE\ole32.dll [7] 2005-01-13 22:56:44 . 69F06E45377430C3C002AE3655A24D28 . 1284608 . . [5.1.2600.2595 (xpsp_sp2_gdr.041130-1729)] . . C:\WINDOWS\$NtUninstallKB894391$\ole32.dll [7] 2004-08-05 12:00:00 . A2AD7FCB806A2035F506664883F45B32 . 1281024 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB873333$\ole32.dll [-] 2008-04-14 02:33:48 . 8B9167A0A9E18E22F31FB4EE2563019A . 406016 . . [1.0420.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\usp10.dll [7] 2004-08-05 12:00:00 . A879230B5B7CC091EAA3680EBBA262CE . 406528 . . [1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\usp10.dll [-] 2008-04-14 02:33:28 . C8B7941F9824E9F4D3D7B9B9BAE14FEE . 4096 . . [5.3.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ksuser.dll [7] 2004-08-03 22:54:30 . 30648B4925A6797C05B364F64C3FB86A . 4096 . . [5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\ksuser.dll [-] 2008-04-14 02:33:46 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\srsvc.dll [7] 2004-08-05 12:00:00 . 6469C53F4D16FA6055CCA265BC03DB66 . 171008 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\srsvc.dll [-] 2008-04-14 02:34:29 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\wscntfy.exe [7] 2004-08-05 12:00:00 . 54CDDAD404557ED98433D6ECBFC92691 . 13824 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\wscntfy.exe [-] 2008-04-14 02:33:52 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\xmlprov.dll [7] 2004-08-05 12:00:00 . 21056AEF44322C3E2DD5391B6AEFA75A . 129536 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\xmlprov.dll [-] 2008-04-14 02:33:24 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\eventlog.dll [7] 2004-08-05 12:00:00 . 21E83876A6287F15538EF187D286FE11 . 55808 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\eventlog.dll [-] 2008-04-14 02:33:41 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\sfcfiles.dll [7] 2004-08-05 12:00:00 . ACF04FB3448D2C2CD3A851C138EC8AB6 . 1548288 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\sfcfiles.dll [-] 2008-04-14 02:33:59 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ctfmon.exe [7] 2004-08-05 12:00:00 . 5584247B568C2E53934873F4B655FE6A . 15360 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\ctfmon.exe [-] 2008-04-14 02:33:41 . B9F20D71E5B6CE89A7A94B38351FDBDC . 135680 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\shsvcs.dll [7] 2006-12-19 21:49:47 . D7DFBD1EFA149EC158363B974DAE0C6B . 135168 . . [6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)] . . C:\WINDOWS\system32\shsvcs.dll [7] 2006-12-19 21:49:47 . D7DFBD1EFA149EC158363B974DAE0C6B . 135168 . . [6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)] . . C:\WINDOWS\system32\dllcache\shsvcs.dll [7] 2006-12-19 21:48:29 . 1839CDF416A5AA8BF2EFE377F57452CC . 135680 . . [6.00.2900.3051 (xpsp_sp2_qfe.061219-0311)] . . C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shsvcs.dll [7] 2004-08-05 12:00:00 . B590E69A45AE8FCBF7DDADE89CCE3588 . 135168 . . [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB928255$\shsvcs.dll [-] 2008-04-14 02:33:39 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\regsvc.dll [7] 2004-08-05 12:00:00 . 345D02087F5696749C6120359B1E2988 . 59904 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\regsvc.dll [-] 2008-04-14 02:33:40 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\schedsvc.dll [7] 2004-08-05 12:00:00 . 4612EC6DAF695B87A2529FCBB95B75DE . 193024 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\schedsvc.dll [-] 2008-04-14 02:33:46 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ssdpsrv.dll [7] 2004-08-05 12:00:00 . B636478A2569AE69CAF003254022A742 . 71680 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\ssdpsrv.dll [-] 2008-04-14 02:33:46 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\termsrv.dll [7] 2004-08-05 12:00:00 . 7D521B8CF926459E270D18C559323815 . 297984 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\termsrv.dll [-] 2008-04-14 02:33:26 . E62B0BE3FC855066C872F5B50A6BCD1B . 347136 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\hnetcfg.dll [7] 2004-08-05 12:00:00 . 9D39911675347318C17C68B2EA30CF2F . 347648 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\hnetcfg.dll [7] 2004-08-05 12:00:00 . E4ABC1212B70BB03D35E60681C447210 . 12032 . . [5.1.2600.0 (xpclient.010817-1148)] . . C:\WINDOWS\system32\drivers\acpiec.sys [-] 2008-04-13 16:39:23 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\aec.sys [7] 2006-02-15 00:30:07 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . C:\WINDOWS\$hf_mig$\KB900485\SP2QFE\aec.sys [7] 2006-02-15 00:22:26 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . C:\WINDOWS\Driver Cache\i386\aec.sys [7] 2006-02-15 00:22:26 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . C:\WINDOWS\system32\drivers\aec.sys [7] 2004-08-03 20:39:38 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . C:\WINDOWS\$NtUninstallKB900485$\aec.sys [-] 2008-04-13 18:53:34 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ip6fw.sys [7] 2004-08-05 12:00:00 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\drivers\ip6fw.sys [-] 2008-04-14 02:33:28 . CE21FE79AD3B913A79E0C742BED6BF85 . 927504 . . [4.1.0.61] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\mfc40u.dll [7] 2006-11-01 19:18:42 . FCD58951B3B2392007E0EE34D2CF944F . 927504 . . [4.1.0.61] . . C:\WINDOWS\system32\mfc40u.dll [7] 2006-11-01 19:18:42 . FCD58951B3B2392007E0EE34D2CF944F . 927504 . . [4.1.0.61] . . C:\WINDOWS\system32\dllcache\mfc40u.dll [7] 2004-08-05 12:00:00 . E1A34560BF6CE7C703BB67EC4FA70F43 . 924432 . . [4.1.6140] . . C:\WINDOWS\$NtUninstallKB924667$\mfc40u.dll [-] 2008-04-14 02:33:31 . E67A66A3781C1A483F0F8992664CBE0D . 33792 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\msgsvc.dll [7] 2004-08-05 12:00:00 . 97939358ED4487CBB4A0D743CE958266 . 33792 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\msgsvc.dll [7] 2004-08-10 23:45:16 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll [7] 2004-08-10 23:45:16 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . C:\WINDOWS\system32\MsPMSNSv.dll [7] 2004-08-10 23:45:16 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . C:\WINDOWS\system32\dllcache\mspmsnsv.dll [7] 2004-08-05 12:00:00 . 762B2A5F0E8B0164A5DB6741959DFB0C . 52736 . . [9.0.1.56] . . C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll [-] 2008-04-14 02:07:26 . B71A8F101CEFAF82FC5EC16130A54A3F . 2067968 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ntkrnlpa.exe [7] 2007-02-28 16:08:25 . 7A56A64EB50399613587E90292DD2AAB . 2061440 . . [5.1.2600.3093 (xpsp_sp2_qfe.070227-2300)] . . C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe [7] 2007-02-28 16:02:36 . A1D5231403329478AE4FE2778C55C77F . 2059648 . . [5.1.2600.3093 (xpsp_sp2_gdr.070227-2254)] . . C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe [7] 2007-02-28 16:02:36 . A1D5231403329478AE4FE2778C55C77F . 2059648 . . [5.1.2600.3093 (xpsp_sp2_gdr.070227-2254)] . . C:\WINDOWS\system32\ntkrnlpa.exe [7] 2007-02-28 16:02:36 . A1D5231403329478AE4FE2778C55C77F . 2059648 . . [5.1.2600.3093 (xpsp_sp2_gdr.070227-2254)] . . C:\WINDOWS\system32\dllcache\ntkrnlpa.exe [7] 2006-12-19 18:45:35 . 8B039EFBE4C9AA23F152FFA0E238B8FA . 2061440 . . [5.1.2600.3051 (xpsp_sp2_qfe.061219-0311)] . . C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe [7] 2006-12-19 18:22:38 . 06015D137B02542F07D5CD7B144DF942 . 2059648 . . [5.1.2600.3051 (xpsp_sp2_gdr.061219-0316)] . . C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe [7] 2005-03-02 18:07:56 . 73FA9C95D235844A36968C7852C7DBDD . 2058880 . . [5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)] . . C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe [7] 2005-03-02 08:13:14 . 5311776074B6C13F983DC75BAEAC9C0C . 2059008 . . [5.1.2600.2622 (xpsp.050301-1521)] . . C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe [7] 2004-08-05 12:00:00 . F252FAE094C54572ECE38A039F2103C4 . 2058880 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe [-] 2008-04-14 02:33:36 . 037D92B3A7853A183FCAB77FB1D13D6C . 438272 . . [5.1.2400.5512] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ntmssvc.dll [7] 2004-08-05 12:00:00 . 3F82A4226289510DF300813B9B87F0E5 . 438272 . . [5.1.2400.2180] . . C:\WINDOWS\system32\ntmssvc.dll [-] 2008-04-14 02:33:48 . BD8166A495B02308F364B36249475F22 . 186368 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\upnphost.dll [7] 2007-02-05 20:20:56 . 385DB2591BF11955F26E0A97728B1B31 . 185344 . . [5.1.2600.3077 (xpsp_sp2_qfe.070205-0007)] . . C:\WINDOWS\$hf_mig$\KB931261\SP2QFE\upnphost.dll [7] 2007-02-05 20:19:06 . 96B3C690ED82E36E04C130F916E3AE91 . 185344 . . [5.1.2600.3077 (xpsp_sp2_gdr.070204-2255)] . . C:\WINDOWS\system32\upnphost.dll [7] 2007-02-05 20:19:06 . 96B3C690ED82E36E04C130F916E3AE91 . 185344 . . [5.1.2600.3077 (xpsp_sp2_gdr.070204-2255)] . . C:\WINDOWS\system32\dllcache\upnphost.dll [7] 2004-08-05 12:00:00 . 168AE9938F6BE31D198AF92496CCFA33 . 185344 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB931261$\upnphost.dll [-] 2008-04-14 02:33:23 . 4BB396EA6CAA50F2208078602549F2F2 . 367616 . . [5.3.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\dsound.dll [7] 2004-08-05 12:00:00 . 0AE00CA307264649EE2F5FC1CB1B0F1F . 367616 . . [5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\dsound.dll [-] 2008-04-14 02:33:22 . 7EAEC24B85DD04EDAA04A51CB07DF870 . 1689088 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\d3d9.dll [7] 2004-08-05 12:00:00 . EA9F86E5892D85E282311C53083903DC . 1689088 . . [5.03.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\d3d9.dll [-] 2008-04-14 02:33:22 . 75BD925DAB6E5323EDB6D5CFCDEB16D1 . 279552 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ddraw.dll [7] 2004-08-05 12:00:00 . 20A4E9DA85A1FF521AC5325FC3BADDF9 . 266240 . . [5.03.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\ddraw.dll [-] 2008-04-14 02:33:38 . 3BA21BD333A1B8B222006E5464D44F49 . 84992 . . [5.1.2600.5512] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\olepro32.dll [7] 2004-08-05 12:00:00 . 5860F5A42B67EC8BBB5AA3CE7ABC9976 . 83456 . . [5.1.2600.2180] . . C:\WINDOWS\system32\olepro32.dll [-] 2008-04-14 02:33:38 . 08592889A219F7A60F9865B0EE7CAFF8 . 42496 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\perfctrs.dll [7] 2004-08-05 12:00:00 . 719682744477D57B30248F4479EE8D0D . 42496 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\perfctrs.dll [-] 2008-04-14 02:33:48 . A71A42AD584FAD1A8D1EC5D807C6E528 . 18944 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\version.dll [7] 2004-08-05 12:00:00 . 8B142E6DAC3BD370637E8AF6E87C2321 . 18944 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\version.dll [-] 2008-04-14 02:34:06 . 3D3C316BD1E112F3B9C532D8B9939BDC . 93184 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\iexplore.exe [-] 2008-04-14 02:08:03 . 099D639DA1EF6968D4E41795BB507E6B . 2191104 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ntoskrnl.exe [7] 2007-02-28 16:08:21 . 8E244108562E0E452EB68DFF64CB08A9 . 2184192 . . [5.1.2600.3093 (xpsp_sp2_qfe.070227-2300)] . . C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe [7] 2007-02-28 16:02:36 . 7D6D19AAC51A4325F6039F083C22303C . 2182400 . . [5.1.2600.3093 (xpsp_sp2_gdr.070227-2254)] . . C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe [7] 2007-02-28 16:02:36 . 7D6D19AAC51A4325F6039F083C22303C . 2182400 . . [5.1.2600.3093 (xpsp_sp2_gdr.070227-2254)] . . C:\WINDOWS\system32\ntoskrnl.exe [7] 2007-02-28 16:02:36 . 7D6D19AAC51A4325F6039F083C22303C . 2182400 . . [5.1.2600.3093 (xpsp_sp2_gdr.070227-2254)] . . C:\WINDOWS\system32\dllcache\ntoskrnl.exe [7] 2006-12-19 18:45:29 . 1F3FA2065E6E043A1D82A487B5DA309C . 2184064 . . [5.1.2600.3051 (xpsp_sp2_qfe.061219-0311)] . . C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe [7] 2006-12-19 18:22:38 . D27929DB7B7F92F9D0F8EC9BA01C601C . 2182400 . . [5.1.2600.3051 (xpsp_sp2_gdr.061219-0316)] . . C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe [7] 2005-03-02 18:13:23 . 3E2A0A4A0C0B19FC113618A9562A3B2A . 2181632 . . [5.1.2600.2622 (xpsp.050301-1521)] . . C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe [7] 2005-03-02 18:08:06 . 63729DD0F2AAE36CC52B89C05505146C . 2181376 . . [5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)] . . C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe [7] 2004-08-05 12:00:00 . 7D38CE4398E6AA6339B4644FEADCC0D8 . 2183040 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe [-] 2008-04-14 02:33:46 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\srsvc.dll [7] 2004-08-05 12:00:00 . 6469C53F4D16FA6055CCA265BC03DB66 . 171008 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\srsvc.dll [-] 2008-04-14 02:33:48 . C1F726EE0B043B074A68992BC4AEF8FD . 178176 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\w32time.dll [7] 2004-08-05 12:00:00 . FB89C8B1D6A3C260A39669320C5D5827 . 177664 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\w32time.dll [-] 2008-04-14 02:33:48 . D76B0E8A4ECAD1ADCC75FD14A7ACC54C . 334336 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\wiaservc.dll [7] 2006-12-19 18:48:57 . A3FFA6A33BAAB25849FBE10392B3D9AD . 334336 . . [5.1.2600.3051 (xpsp_sp2_qfe.061219-0311)] . . C:\WINDOWS\$hf_mig$\KB927802\SP2QFE\wiaservc.dll [7] 2006-12-19 18:17:50 . FE705FAE1E50436B06D7558D6A4E247E . 334336 . . [5.1.2600.3051 (xpsp_sp2_gdr.061219-0316)] . . C:\WINDOWS\system32\wiaservc.dll [7] 2006-12-19 18:17:50 . FE705FAE1E50436B06D7558D6A4E247E . 334336 . . [5.1.2600.3051 (xpsp_sp2_gdr.061219-0316)] . . C:\WINDOWS\system32\dllcache\wiaservc.dll [7] 2004-08-05 12:00:00 . 52B7EC594152429DABA1261B2B68CA01 . 333824 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB927802$\wiaservc.dll [-] 2008-04-14 02:33:29 . 5D469FE7D63CF5215AF80CFA37BE6897 . 18944 . . [5.1.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\midimap.dll [7] 2004-08-05 12:00:00 . 5A9D6D36574FD4BBA06973B772DD7C7D . 18944 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\midimap.dll [-] 2008-04-14 02:33:39 . E17BBF14DBE41CAB571BBD244F97C25F . 7680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\rasadhlp.dll [7] 2006-06-26 17:47:08 . 38E8C06699352BD2EE9C3FA188650B68 . 7680 . . [5.1.2600.2938 (xpsp.060626-0041)] . . C:\WINDOWS\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll [7] 2006-06-26 17:41:32 . 8371B4298101DA53BBE7AA3759299F49 . 8192 . . [5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)] . . C:\WINDOWS\system32\rasadhlp.dll [7] 2006-06-26 17:41:32 . 8371B4298101DA53BBE7AA3759299F49 . 8192 . . [5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)] . . C:\WINDOWS\system32\dllcache\rasadhlp.dll [7] 2004-08-05 12:00:00 . DE86B64A569ECB73891BCE6B7D4D078B . 8192 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB920683$\rasadhlp.dll ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-07-04 11:43:46 122512 ----a-w- C:\Program Files\Alwil Software\Avast5\ashShell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 11:16:08 1833296] "vasja"="C:\Program Files\SeaMonkey\0.6878730270425663.exe" [2011-10-09 18:43:48 280322] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-07 08:21:28 114688] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-09 07:56:00 6746112] "RTHDCPL"="RTHDCPL.EXE" [2005-06-29 04:25:30 14720000] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 05:56:44 45056] "Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 14:46:58 45056] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-29 05:33:42 114688] "SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-05-15 03:51:24 184320] "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 12:12:34 32768] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-29 05:33:46 94208] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-29 05:33:40 77824] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50:42 155648] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 08:05:20 919016] "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-09-28 20:18:23 149280] "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 11:45:42 36040] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-11-10 22:08:18 417792] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2010-02-15 17:07:02 141608] "DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 18:56:16 1230704] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00:00 15360] C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\ VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe [2005-8-24 778240]
  6. Bonjour, J'ai donc fait le scan en live CD. J'ai ensuite redémarré, toujours le même problême, cette fois l'ordinateur est resté un peu plus longtemps utilisable et puis de nouveau l'écran du ransomware.
  7. Bonsoir, J'ai finalement réussi à supprimer les lignes: [HKLM\Software\Classes\need2findbar.settingsplugin] [HKLM\Software\Classes\need2findbar.settingsplugin.1] [HKLM\Software\Classes\need2findbar.toolbarplugin] [HKLM\Software\Classes\need2findbar.toolbarplugin.1] [HKLM\Software\Classes\rxresult.rxresulttracker] [HKLM\Software\Classes\rxresult.rxresulttracker.1] [HKLM\Software\Classes\signingmodule.signingmodule] [HKLM\Software\Classes\signingmodule.signingmodule.1] Quand je démarre normalement le ransomware revient à la charge et m'empêche de faire quoi que ce soit. Je suis obligé de déconnecter l'alim pour l'éteindre et redémarrer en mode sans échec.
  8. Ok merci, j'ai fait l'analyse avec le live CD. Par contre je n'ai pas trouvé toutes les lignes dans le rapport de ZHP, de plus celui ci était constamment interrompu par une fenêtre "violation de ZHPfix.exe". J'ai supprimé ce que j'ai pu. Quand à Kazaa, limewire et emule et bitorrent cela fait longtemps que je n'ai plus besoin d'updates d'ubuntu et que je ne m'en sert plus. J'avais d'ailleurs essayé de les désinstaller complétement sans succés (véridique). Rapport de ZHPFix 1.12.3363 par Nicolas Coolman, Update du 05/10/2011 Fichier d'export Registre : Run by Administrateur at 11/10/2011 19:05:45 Windows XP Home Edition Service Pack 2 (Build 2600) Web site : ZHPFix Fix de rapport Err :510 SUPPRIME O42 - Logiciel: Bureau Médias de Kazaa 2.6.7 - (.Pas de propriétaire.) [HKLM] -- {78903C42-CB0C-4B35-91A1-D4DEDD91F8CB} SUPPRIME O42 - Logiciel: Need2Find Bar - (.Need2Find Bar.) [HKLM] -- Need2FindBar Uninstall Err :510 SUPPRIME [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{78903C42-CB0C-4B35-91A1-D4DEDD91F8CB}] SUPPRIME [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall] SUPPRIME Key: HKLM\Software\BitTorrent SUPPRIME Key: HKLM\Software\Kazaa SUPPRIME Key: HKLM\Software\Need2Find SUPPRIME Key: HKLM\Software\P2P Networking SUPPRIME Key: HKLM\Software\Titan Poker Err :510 ERREUR CLSID PAPP: {2AB289AE-4B90-4281-B2AE-1F4BB034B647} Err :510 7 : Clé(s) du Registre 1 : Elément(s) de donnée du Registre 2 : Logiciel(s) End of clean in 00mn 24s Err :510 C:\ZHP\ZHPFix[R1].txt - 11/10/2011 19:05:45 [1291]
  9. Bonjour, Comme d'autres j'ai été infecté, un message bloque mon ordinateur dés l'allumage. Sous pretexte de connexion à des sites pédophiles, la "police nationale" me demande de payer une somme en ligne. J'ai effectué un nettoyage Ccleaner, un scan MBAM qui a détecté plusieurs problémes et les a supprimés avec succés. Pourtant le probléme n'est pas reglé. J'ai donc lancé une analyse avec ZHPdiag. Pouvez-vous m'aider? J'ai mis le rapport sur rapport zhp Merci.
×
×
  • Créer...