PC infecté? [résolu]

je-rom · le 22 mai 2008

Salut oGu!

T'inquiète pas je te comprends, le travail passe avant tout. Tu regarderas mes rapports quand t'aura moins de taf, je peux attendre, mon pc va beaucoup mieux grâce à tes précédents tuyaux que tu m'a filé.

Je t'envois les rapports suivants comme tu m'a demandé:

1) Rapport Combofix n°7

2) Rapport MBAM n°3 puis n°4 car j'ai du le relancer une fois de plus, c'est ce que MBAM m'a demandé telement il avait du mal à se débarasser de pas mal d'éléments enfectés!

[MBAM m'a vraiment aidé sur ce coup là, mon ordinateur allé déjà beaucoup mieux après! Puis, pour fluidifier un peu plus j'ai lancé un CCleaner, et mon pc sourié .]

3) Rapport Antivir n°2

4) Rapport de HijackThis n°6

NB: Je pense que les rapport les + intéressants à comprendre sont ceux de MBAM. J'avais dans un premier temps, une cinquantaine d'éléments infectés. Puis dans un second, une vingtaine ; le tout supprimé si j'ai bien compris.

BON COURAGE, BONNE LECTURE ET MERDE POUR TON INSPECTION!!

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

1) Rapport Combofix n°7:

ComboFix 08-05-12.1 - lagarde 2008-05-22 12:03:45.11 - NTFSx86

Endroit: C:\Documents and Settings\lagarde\Bureau\ComboFix.exe

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\SuuuFfhk.ini

C:\WINDOWS\system32\SuuuFfhk.ini2

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-22 to 2008-05-22 ))))))))))))))))))))))))))))))))))))

.

2008-05-22 12:09 . 2008-05-22 12:09 268 --ah-c--- C:\sqmdata02.sqm

2008-05-22 12:09 . 2008-05-22 12:09 244 --ah-c--- C:\sqmnoopt02.sqm

2008-05-21 23:32 . 2008-05-21 23:32 <REP> d----c--- C:\Documents and Settings\lagarde\Application Data\TmpRecentIcons

2008-05-21 21:46 . 2008-05-21 21:46 90,112 --a--c--- C:\WINDOWS\system32\noyibkgx.dll

2008-05-21 21:42 . 2008-05-21 21:42 107,392 --a--c--- C:\WINDOWS\system32\oolklarj.dll

2008-05-21 21:37 . 2008-05-21 21:37 2,560 --a--c--- C:\WINDOWS\system32\lwwjcewi.exe

2008-05-21 21:36 . 2008-05-22 12:25 109,807 --a--c--- C:\WINDOWS\BM7f644ff9.xml

2008-05-21 21:36 . 2008-05-21 21:36 95,488 --a--c--- C:\WINDOWS\system32\pdjatriy.dll

2008-05-21 21:34 . 2008-05-21 21:34 318,848 --a--c--- C:\WINDOWS\system32\khfFuuuS.dll

2008-05-21 21:29 . 2008-05-21 17:43 217,088 --a--c--- C:\WINDOWS\pxgdslro.dll

2008-05-21 21:29 . 2008-05-21 17:43 217,088 --a--c--- C:\WINDOWS\nldfmtapnvb.dll

2008-05-21 21:29 . 2008-05-21 17:43 176,128 --a--c--- C:\WINDOWS\gnowmebk.dll

2008-05-21 21:29 . 2008-05-21 17:43 151,552 --a--c--- C:\WINDOWS\gktxaspm.dll

2008-05-21 21:29 . 2008-05-21 17:43 94,208 --a--c--- C:\WINDOWS\elsq.exe

2008-05-21 21:29 . 2008-05-21 17:44 81,920 --a--c--- C:\WINDOWS\mdtgkswr.exe

2008-05-21 21:29 . 2008-05-21 21:29 29,312 --a--c--- C:\WINDOWS\system32\geBqQJBu.dll

2008-05-21 14:48 . 2008-05-21 14:55 1,374 --a--c--- C:\WINDOWS\imsins.BAK

2008-05-21 14:43 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-05-21 14:43 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-05-21 14:43 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-05-21 14:43 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-05-21 14:43 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-05-21 14:43 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-05-21 14:43 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-05-21 14:43 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-05-21 14:43 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-05-21 12:37 . 2008-05-21 12:38 <REP> d----c--- C:\Program Files\hpHosts

2008-05-21 12:37 . 2008-05-21 12:37 530,128 --a--c--- C:\hpHosts-Setup-Win32.exe

2008-05-20 22:15 . 2008-05-20 22:16 153,144 --a--c--- C:\ewido_micro.exe

2008-05-18 01:28 . 2008-05-18 01:28 <REP> d----c--- C:\Program Files\Malwarebytes' Anti-Malware

2008-05-18 01:28 . 2008-05-18 01:28 <REP> d----c--- C:\Documents and Settings\lagarde\Application Data\Malwarebytes

2008-05-18 01:28 . 2008-05-18 01:28 <REP> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes

2008-05-18 01:28 . 2008-05-05 20:46 27,048 --a--c--- C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-05-18 01:28 . 2008-05-05 20:46 15,864 --a--c--- C:\WINDOWS\system32\drivers\mbam.sys

2008-05-17 17:30 . 2008-05-21 19:49 <REP> d----c--- C:\Program Files\Mozilla Thunderbird

2008-05-17 17:14 . 2004-08-05 14:00 3,440 --a--c--- C:\sysoc.inf

2008-05-17 15:50 . 2008-05-17 16:24 <REP> d----c--- C:\Documents and Settings\Administrateur.LAGARDE-F08F9D5

2008-05-17 15:47 . 2008-05-17 15:47 <REP> d----c--- C:\Program Files\CCleaner

2008-05-17 14:59 . 2008-05-17 14:59 <REP> d----c--- C:\WINDOWS\ERUNT

2008-05-17 14:09 . 2008-05-17 15:24 <REP> d----c--- C:\SDFix

2008-05-17 14:03 . 2008-05-20 21:52 2,958 --a--c--- C:\WINDOWS\system32\tmp.reg

2008-05-17 14:02 . 2007-09-06 00:22 289,144 --a--c--- C:\WINDOWS\system32\VCCLSID.exe

2008-05-17 14:02 . 2006-04-27 17:49 288,417 --a--c--- C:\WINDOWS\system32\SrchSTS.exe

2008-05-17 14:02 . 2008-05-15 23:22 86,528 --a--c--- C:\WINDOWS\system32\VACFix.exe

2008-05-17 14:02 . 2008-04-28 08:03 82,944 --a--c--- C:\WINDOWS\system32\IEDFix.exe

2008-05-17 14:02 . 2008-04-28 08:03 82,944 --a--c--- C:\WINDOWS\system32\404Fix.exe

2008-05-17 14:02 . 2003-06-05 21:13 53,248 --a--c--- C:\WINDOWS\system32\Process.exe

2008-05-17 14:02 . 2004-07-31 18:50 51,200 --a--c--- C:\WINDOWS\system32\dumphive.exe

2008-05-17 14:02 . 2007-10-04 00:36 25,600 --a--c--- C:\WINDOWS\system32\WS2Fix.exe

2008-05-14 19:59 . 2008-05-14 19:59 <REP> d----c--- C:\Documents and Settings\Propriétaire

2008-05-14 19:59 . <REP> C:\Documents and Settings\PropriÚtaire\Local Settings

2008-05-14 13:48 . 2008-05-14 13:48 <REP> d----c--- C:\Program Files\Trend Micro

2008-05-09 17:57 . 2008-05-09 17:57 <REP> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab

2008-05-08 18:55 . 2008-05-08 18:55 <REP> d----c--- C:\backups

2008-05-07 20:44 . 2008-05-07 20:44 <REP> d----c--- C:\Documents and Settings\LocalService.AUTORITE NT\Mes documents

2008-04-23 22:15 . 2008-04-23 22:15 268 --ah-c--- C:\sqmdata01.sqm

2008-04-23 22:15 . 2008-04-23 22:15 244 --ah-c--- C:\sqmnoopt01.sqm

2008-04-23 21:51 . 2008-04-23 21:51 268 --ah-c--- C:\sqmdata00.sqm

2008-04-23 21:51 . 2008-04-23 21:51 244 --ah-c--- C:\sqmnoopt00.sqm

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-21 15:04 --------- dc----w C:\Program Files\Java

2008-05-21 09:23 --------- dc----w C:\Program Files\Google

2008-05-20 23:59 --------- dc----w C:\Program Files\Fichiers communs\Adobe

2008-05-17 23:27 --------- dc----w C:\Program Files\Common files

2008-05-17 15:34 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy

2008-03-25 04:51 621,344 -c--a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:51 194,144 -c--a-w C:\WINDOWS\system32\msjint40.dll

2008-03-23 11:27 --------- dc----w C:\Documents and Settings\lagarde\Application Data\ItsLabel

2008-03-22 17:32 --------- dc----w C:\Program Files\FreebieSMS

2008-03-20 08:09 1,845,376 -c--a-w C:\WINDOWS\system32\win32k.sys

2008-03-01 12:58 826,368 -c--a-w C:\WINDOWS\system32\wininet.dll

2007-10-20 07:38 108 -c--a-w C:\Program Files\output54.png

2007-10-20 07:37 2,118 -c--a-w C:\Program Files\photoshop.bmp

2007-10-20 07:33 2,118 -c--a-w C:\Program Files\Sans titre.bmp

.

((((((((((((((((((((((((((((( snapshot_2008-05-17_13.56.33.18 )))))))))))))))))))))))))))))))))))))))))

.

+ 2006-03-24 04:49:05 49,152 -c--a-w C:\WINDOWS\$hf_mig$\KB904942\SP2QFE\wdigest.dll

+ 2005-10-12 23:15:25 15,072 -c--a-w C:\WINDOWS\$hf_mig$\KB904942\spmsg.dll

+ 2005-10-12 23:15:26 216,800 -c--a-w C:\WINDOWS\$hf_mig$\KB904942\spuninst.exe

+ 2005-10-12 23:15:25 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB904942\update\spcustom.dll

+ 2005-10-12 23:15:28 727,776 -c--a-w C:\WINDOWS\$hf_mig$\KB904942\update\update.exe

+ 2005-10-12 23:15:45 394,976 -c--a-w C:\WINDOWS\$hf_mig$\KB904942\update\updspapi.dll

+ 2006-07-14 15:52:22 121,856 -c--a-w C:\WINDOWS\$hf_mig$\KB915865\SP2QFE\xmllite.dll

+ 2005-10-12 23:12:25 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB915865\spmsg.dll

+ 2005-10-12 23:12:26 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB915865\spuninst.exe

+ 2005-10-12 23:12:25 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB915865\update\spcustom.dll

+ 2005-10-12 23:12:28 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB915865\update\update.exe

+ 2005-10-12 23:12:33 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB915865\update\updspapi.dll

+ 2006-05-25 08:29:04 213,216 -c----w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe

+ 2006-05-25 08:29:04 371,424 -c----w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\updspapi.dll

+ 2006-05-24 10:32:48 213,216 -c----w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe

+ 2006-05-24 10:32:48 371,424 -c----w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\updspapi.dll

+ 2005-10-12 23:15:26 216,800 -c----w C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe

+ 2005-10-12 23:15:45 394,976 -c----w C:\WINDOWS\$NtUninstallKB904942$\spuninst\updspapi.dll

+ 2004-08-05 12:00:00 49,152 -c----w C:\WINDOWS\$NtUninstallKB904942$\wdigest.dll

+ 2004-12-21 10:14:24 28,672 -c----w C:\WINDOWS\$NtUninstallKB914440$\custsat.dll

+ 2005-10-12 23:15:24 216,800 -c----w C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe

+ 2005-10-12 23:15:43 394,976 -c----w C:\WINDOWS\$NtUninstallKB914440$\spuninst\updspapi.dll

+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe

+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB915865$\spuninst\updspapi.dll

- 2008-05-17 11:50:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-22 10:10:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-17 00:22:37 163,328 -c--a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE

+ 2008-05-17 13:00:13 4,780,032 -c--a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT

+ 2008-05-17 13:00:13 163,840 -c--a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat

+ 2008-05-17 00:22:37 163,328 -c--a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE

+ 2008-05-17 12:59:57 4,780,032 -c--a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT

+ 2008-05-17 12:59:57 163,840 -c--a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat

- 2008-05-17 10:06:21 29,371 -c--a-w C:\WINDOWS\hpoins03.dat

+ 2008-05-22 09:55:41 29,371 -c--a-w C:\WINDOWS\hpoins03.dat

+ 2004-08-05 12:00:00 61,440 -c----w C:\WINDOWS\ie7\admparse.dll

+ 2004-08-05 12:00:00 101,888 -c----w C:\WINDOWS\ie7\advpack.dll

+ 2004-08-05 12:00:00 35,328 -c----w C:\WINDOWS\ie7\corpol.dll

+ 2006-06-02 19:32:20 33,792 -c----w C:\WINDOWS\ie7\custsat.dll

+ 2008-02-16 09:02:34 357,888 -c----w C:\WINDOWS\ie7\dxtmsft.dll

+ 2008-02-16 09:02:35 205,312 -c----w C:\WINDOWS\ie7\dxtrans.dll

+ 2008-02-16 09:02:35 55,808 -c----w C:\WINDOWS\ie7\extmgr.dll

+ 2004-08-05 12:00:00 38,912 -c----w C:\WINDOWS\ie7\hmmapi.dll

+ 2004-08-05 12:00:00 34,304 -c----w C:\WINDOWS\ie7\ie4uinit.exe

+ 2004-08-05 12:00:00 139,264 -c----w C:\WINDOWS\ie7\ieakeng.dll

+ 2004-08-05 12:00:00 221,696 -c----w C:\WINDOWS\ie7\ieaksie.dll

+ 2004-08-05 12:00:00 245,760 -c----w C:\WINDOWS\ie7\ieakui.dll

+ 2004-08-05 12:00:00 323,584 -c----w C:\WINDOWS\ie7\iedkcs32.dll

+ 2008-02-15 09:23:37 18,432 -c----w C:\WINDOWS\ie7\iedw.exe

+ 2004-08-05 12:00:00 81,920 -c----w C:\WINDOWS\ie7\ieencode.dll

+ 2008-02-16 09:02:35 251,392 -c----w C:\WINDOWS\ie7\iepeers.dll

+ 2004-08-05 12:00:00 49,152 -c----w C:\WINDOWS\ie7\iernonce.dll

+ 2004-08-05 12:00:00 63,488 -c----w C:\WINDOWS\ie7\iesetup.dll

+ 2004-08-05 12:00:00 93,184 -c----w C:\WINDOWS\ie7\iexplore.exe

+ 2004-08-05 12:00:00 35,840 -c----w C:\WINDOWS\ie7\imgutil.dll

+ 2008-02-16 09:02:35 96,768 -c----w C:\WINDOWS\ie7\inseng.dll

+ 2007-12-18 14:41:58 450,560 -c----w C:\WINDOWS\ie7\jscript.dll

+ 2008-02-16 09:02:35 16,384 -c----w C:\WINDOWS\ie7\jsproxy.dll

+ 2004-08-05 12:00:00 22,528 -c----w C:\WINDOWS\ie7\licmgr10.dll

+ 2004-08-05 12:00:00 29,184 -c----w C:\WINDOWS\ie7\mshta.exe

+ 2008-02-16 22:32:38 3,080,704 -c----w C:\WINDOWS\ie7\mshtml.dll

+ 2008-02-16 09:02:36 449,024 -c----w C:\WINDOWS\ie7\mshtmled.dll

+ 2004-08-05 12:00:00 57,344 -c----w C:\WINDOWS\ie7\mshtmler.dll

+ 2004-08-05 12:00:00 146,432 -c----w C:\WINDOWS\ie7\msls31.dll

+ 2008-02-16 09:02:37 146,432 -c----w C:\WINDOWS\ie7\msrating.dll

+ 2008-02-16 09:02:37 532,480 -c----w C:\WINDOWS\ie7\mstime.dll

+ 2004-08-05 12:00:00 97,280 -c----w C:\WINDOWS\ie7\occache.dll

+ 2008-02-16 09:02:37 39,424 -c----w C:\WINDOWS\ie7\pngfilt.dll

+ 2007-09-26 16:34:42 33,472 -c----w C:\WINDOWS\ie7\spuninst\iecustom.dll

+ 2007-09-26 16:32:30 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe

+ 2006-09-06 15:43:28 216,800 -c----w C:\WINDOWS\ie7\spuninst\spuninst.exe

+ 2006-09-06 15:43:30 394,976 -c----w C:\WINDOWS\ie7\spuninst\updspapi.dll

+ 2004-08-05 12:00:00 37,888 -c----w C:\WINDOWS\ie7\url.dll

+ 2008-02-16 09:02:39 617,984 -c----w C:\WINDOWS\ie7\urlmon.dll

+ 2007-12-18 14:41:59 417,792 -c----w C:\WINDOWS\ie7\vbscript.dll

+ 2007-06-26 13:56:54 851,968 -c----w C:\WINDOWS\ie7\vgx.dll

+ 2004-08-05 12:00:00 281,600 -c----w C:\WINDOWS\ie7\webcheck.dll

+ 2008-02-16 09:02:39 663,552 -c----w C:\WINDOWS\ie7\wininet.dll

+ 2007-08-13 16:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\advpack.dll

+ 2007-08-13 16:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtmsft.dll

+ 2007-08-13 16:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtrans.dll

+ 2007-08-13 16:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\extmgr.dll

+ 2007-08-13 16:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\icardie.dll

+ 2007-08-13 16:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ie4uinit.exe

+ 2007-08-13 16:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakeng.dll

+ 2007-08-13 16:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieaksie.dll

+ 2007-08-13 15:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakui.dll

+ 2007-02-12 14:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dat

+ 2007-07-11 10:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dll

+ 2007-08-13 16:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iedkcs32.dll

+ 2007-08-13 16:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieframe.dll

+ 2007-08-13 16:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iernonce.dll

+ 2007-08-13 16:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iertutil.dll

+ 2007-08-13 16:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieudinit.exe

+ 2007-08-13 16:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe

+ 2007-08-13 16:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\jsproxy.dll

+ 2007-08-13 16:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeeds.dll

+ 2007-08-13 16:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeedsbs.dll

+ 2007-08-13 16:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtml.dll

+ 2007-08-13 16:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtmled.dll

+ 2007-08-13 16:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msrating.dll

+ 2007-08-13 16:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mstime.dll

+ 2007-08-13 16:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\occache.dll

+ 2007-08-13 16:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\pngfilt.dll

+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe

+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\updspapi.dll

+ 2007-08-13 16:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\url.dll

+ 2007-08-13 16:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\urlmon.dll

+ 2007-08-13 16:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\webcheck.dll

+ 2007-08-13 16:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll

+ 2007-12-07 02:08:32 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll

+ 2007-12-07 02:08:32 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll.000

+ 2007-12-19 22:53:23 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll

+ 2007-12-07 02:08:32 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll

+ 2007-12-07 02:08:32 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll

+ 2007-12-07 02:08:32 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll

+ 2007-12-07 02:08:32 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll.000

+ 2007-12-06 11:02:31 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe

+ 2007-12-07 02:08:32 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll

+ 2007-12-07 02:08:32 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll

+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll

+ 2007-04-17 09:32:38 2,455,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dat

+ 2007-12-07 02:08:32 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll

+ 2007-12-07 02:08:32 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll.000

+ 2007-12-07 02:08:32 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll

+ 2007-12-07 02:08:33 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll

+ 2007-12-07 02:08:33 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll.000

+ 2007-12-07 02:08:33 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll

+ 2007-12-07 02:08:33 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll

+ 2007-12-07 02:08:33 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll.000

+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe

+ 2007-12-06 11:03:16 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe

+ 2007-12-07 02:08:33 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll

+ 2007-12-07 02:08:33 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll

+ 2007-12-07 02:08:33 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll.000

+ 2007-12-07 02:08:33 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll

+ 2007-12-07 02:08:33 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll.000

+ 2007-12-08 08:38:36 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll

+ 2007-12-08 08:38:36 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll.000

+ 2007-12-07 02:08:34 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll

+ 2007-12-07 02:08:34 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll

+ 2007-12-07 02:08:34 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll

+ 2007-12-07 02:08:34 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll

+ 2008-01-11 05:36:55 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll

+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe

+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll

+ 2007-12-07 02:08:34 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll

+ 2007-12-07 02:08:34 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll.000

+ 2007-12-07 02:08:34 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll

+ 2007-12-07 02:08:34 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll.000

+ 2007-12-07 02:08:34 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll

+ 2007-12-07 02:08:34 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll.000

+ 2007-12-07 02:08:34 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll

+ 2007-12-07 02:08:34 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll.000

- 2007-07-26 15:08:03 3,572 -c--a-w C:\WINDOWS\mozver.dat

+ 2008-05-21 17:52:51 4,188 -c--a-w C:\WINDOWS\mozver.dat

+ 2006-06-02 19:32:20 33,792 -c----w C:\WINDOWS\network diagnostic\custsat.dll

+ 2006-10-10 12:44:50 557,568 -c----w C:\WINDOWS\network diagnostic\xpnetdiag.exe

- 2004-08-05 12:00:00 61,440 -c--a-w C:\WINDOWS\system32\admparse.dll

+ 2007-08-13 16:39:20 71,680 -c--a-w C:\WINDOWS\system32\admparse.dll

- 2004-08-05 12:00:00 101,888 -c--a-w C:\WINDOWS\system32\advpack.dll

+ 2008-03-01 12:58:06 124,928 -c--a-w C:\WINDOWS\system32\advpack.dll

- 2004-08-05 12:00:00 61,440 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll

+ 2007-08-13 16:39:20 71,680 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll

- 2004-08-05 12:00:00 101,888 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll

+ 2008-03-01 12:58:06 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll

- 2004-12-21 10:14:24 28,672 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll

+ 2007-08-13 16:54:10 33,792 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll

- 2008-02-16 09:02:34 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

+ 2008-03-01 12:58:06 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll

- 2008-02-16 09:02:35 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

+ 2008-03-01 12:58:06 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll

- 2008-02-16 09:02:35 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll

+ 2008-03-01 12:58:06 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll

- 2004-08-05 12:00:00 38,912 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll

+ 2007-08-13 16:18:02 60,416 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll

- 2004-08-05 12:00:00 34,304 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

+ 2008-02-29 08:56:41 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe

- 2004-08-05 12:00:00 139,264 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll

+ 2008-03-01 12:58:06 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll

- 2004-08-05 12:00:00 221,696 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll

+ 2008-03-01 12:58:06 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll

- 2004-08-05 12:00:00 245,760 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll

+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll

- 2004-08-05 12:00:00 323,584 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll

+ 2008-03-01 12:58:07 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll

- 2008-02-15 09:23:37 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe

+ 2007-08-13 16:44:02 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe

- 2004-08-05 12:00:00 81,920 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll

+ 2007-08-13 16:45:18 78,336 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll

- 2008-02-16 09:02:35 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll

+ 2007-08-13 16:54:10 191,488 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll

- 2004-08-05 12:00:00 49,152 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll

+ 2008-03-01 12:58:08 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll

- 2004-08-05 12:00:00 63,488 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll

+ 2007-08-13 16:39:12 55,296 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll

- 2004-08-05 12:00:00 93,184 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe

+ 2008-02-29 08:57:05 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe

- 2004-08-05 12:00:00 35,840 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll

+ 2007-08-13 16:36:06 36,352 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll

- 2008-02-16 09:02:35 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll

+ 2007-08-13 16:39:02 92,672 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll

- 2007-12-18 14:41:58 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll

+ 2007-08-13 16:38:04 491,520 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll

- 2008-02-16 09:02:35 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

+ 2008-03-01 12:58:08 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll

- 2004-08-05 12:00:00 22,528 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll

+ 2007-08-13 16:44:18 40,960 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll

- 2004-08-05 12:00:00 29,184 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe

+ 2007-08-13 16:32:30 45,568 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe

- 2008-02-16 22:32:38 3,080,704 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll

+ 2008-03-01 16:28:10 3,591,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll

- 2008-02-16 09:02:36 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

+ 2008-03-01 12:58:09 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll

- 2004-08-05 12:00:00 57,344 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll

+ 2007-08-13 16:01:12 48,128 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll

- 2004-08-05 12:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll

+ 2007-08-13 16:54:10 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll

- 2008-02-16 09:02:37 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll

+ 2008-03-01 12:58:10 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll

- 2008-02-16 09:02:37 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll

+ 2008-03-01 12:58:10 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll

- 2004-08-05 12:00:00 97,280 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll

+ 2008-03-01 12:58:10 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll

- 2008-02-16 09:02:37 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

+ 2008-03-01 12:58:10 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll

- 2004-08-05 12:00:00 37,888 -c--a-w C:\WINDOWS\system32\dllcache\url.dll

+ 2008-03-01 12:58:10 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll

- 2008-02-16 09:02:39 617,984 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll

+ 2008-03-01 12:58:10 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll

- 2007-12-18 14:41:59 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll

+ 2007-08-13 16:54:10 413,696 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll

- 2007-06-26 13:56:54 851,968 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll

+ 2007-08-13 16:54:10 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll

- 2004-08-05 12:00:00 49,152 -c--a-w C:\WINDOWS\system32\dllcache\wdigest.dll

+ 2006-03-24 04:37:52 49,152 -c--a-w C:\WINDOWS\system32\dllcache\wdigest.dll

- 2004-08-05 12:00:00 281,600 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll

+ 2008-03-01 12:58:11 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll

- 2008-02-16 09:02:39 663,552 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll

+ 2008-03-01 12:58:11 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll

- 2008-02-16 09:02:34 357,888 -c--a-w C:\WINDOWS\system32\dxtmsft.dll

+ 2008-03-01 12:58:06 347,136 -c----w C:\WINDOWS\system32\dxtmsft.dll

- 2008-02-16 09:02:35 205,312 -c--a-w C:\WINDOWS\system32\dxtrans.dll

+ 2008-03-01 12:58:06 214,528 -c----w C:\WINDOWS\system32\dxtrans.dll

- 2008-02-16 09:02:35 55,808 -c--a-w C:\WINDOWS\system32\extmgr.dll

+ 2008-03-01 12:58:06 133,120 -c----w C:\WINDOWS\system32\extmgr.dll

- 2008-04-09 19:27:58 1,405,648 -c--a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2008-05-21 09:07:38 1,401,128 -c--a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2008-03-01 12:58:06 63,488 -c--a-w C:\WINDOWS\system32\icardie.dll

+ 2006-06-29 06:05:44 26,112 -c----w C:\WINDOWS\system32\idndl.dll

- 2004-08-05 12:00:00 34,304 -c--a-w C:\WINDOWS\system32\ie4uinit.exe

+ 2008-02-29 08:56:41 70,656 -c----w C:\WINDOWS\system32\ie4uinit.exe

- 2004-08-05 12:00:00 139,264 -c--a-w C:\WINDOWS\system32\ieakeng.dll

+ 2008-03-01 12:58:06 153,088 -c----w C:\WINDOWS\system32\ieakeng.dll

- 2004-08-05 12:00:00 221,696 -c--a-w C:\WINDOWS\system32\ieaksie.dll

+ 2008-03-01 12:58:06 230,400 -c----w C:\WINDOWS\system32\ieaksie.dll

- 2004-08-05 12:00:00 245,760 -c--a-w C:\WINDOWS\system32\ieakui.dll

+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\system32\ieakui.dll

+ 2007-04-17 09:32:38 2,455,488 -c--a-w C:\WINDOWS\system32\ieapfltr.dat

+ 2008-03-01 12:58:07 383,488 -c--a-w C:\WINDOWS\system32\ieapfltr.dll

- 2004-08-05 12:00:00 323,584 -c--a-w C:\WINDOWS\system32\iedkcs32.dll

+ 2008-03-01 12:58:07 384,512 -c----w C:\WINDOWS\system32\iedkcs32.dll

- 2004-08-05 12:00:00 81,920 -c--a-w C:\WINDOWS\system32\ieencode.dll

+ 2007-08-13 16:45:18 78,336 -c--a-w C:\WINDOWS\system32\ieencode.dll

+ 2008-03-01 12:58:08 6,066,176 -c--a-w C:\WINDOWS\system32\ieframe.dll

- 2008-02-16 09:02:35 251,392 -c--a-w C:\WINDOWS\system32\iepeers.dll

+ 2007-08-13 16:54:10 191,488 -c--a-w C:\WINDOWS\system32\iepeers.dll

- 2004-08-05 12:00:00 49,152 -c--a-w C:\WINDOWS\system32\iernonce.dll

+ 2008-03-01 12:58:08 44,544 -c----w C:\WINDOWS\system32\iernonce.dll

+ 2008-03-01 12:58:08 267,776 -c--a-w C:\WINDOWS\system32\iertutil.dll

- 2004-08-05 12:00:00 63,488 -c--a-w C:\WINDOWS\system32\iesetup.dll

+ 2007-08-13 16:39:12 55,296 -c--a-w C:\WINDOWS\system32\iesetup.dll

+ 2008-02-22 10:00:51 13,824 -c--a-w C:\WINDOWS\system32\ieudinit.exe

+ 2007-08-13 16:54:10 180,736 -c----w C:\WINDOWS\system32\ieui.dll

- 2004-08-05 12:00:00 35,840 -c--a-w C:\WINDOWS\system32\imgutil.dll

+ 2007-08-13 16:36:06 36,352 -c--a-w C:\WINDOWS\system32\imgutil.dll

- 2008-02-16 09:02:35 96,768 -c--a-w C:\WINDOWS\system32\inseng.dll

+ 2007-08-13 16:39:02 92,672 -c--a-w C:\WINDOWS\system32\inseng.dll

- 2007-09-24 21:30:28 135,168 -c--a-w C:\WINDOWS\system32\java.exe

+ 2008-03-24 23:28:39 135,168 -c--a-w C:\WINDOWS\system32\java.exe

- 2007-09-24 21:30:30 135,168 -c--a-w C:\WINDOWS\system32\javaw.exe

+ 2008-03-24 23:28:43 135,168 -c--a-w C:\WINDOWS\system32\javaw.exe

- 2007-09-24 22:31:42 139,264 -c--a-w C:\WINDOWS\system32\javaws.exe

+ 2008-03-25 00:37:01 139,264 -c--a-w C:\WINDOWS\system32\javaws.exe

- 2007-12-18 14:41:58 450,560 -c--a-w C:\WINDOWS\system32\jscript.dll

+ 2007-08-13 16:38:04 491,520 -c--a-w C:\WINDOWS\system32\jscript.dll

- 2008-02-16 09:02:35 16,384 -c--a-w C:\WINDOWS\system32\jsproxy.dll

+ 2008-03-01 12:58:08 27,648 -c----w C:\WINDOWS\system32\jsproxy.dll

- 2004-08-05 12:00:00 22,528 -c--a-w C:\WINDOWS\system32\licmgr10.dll

+ 2007-08-13 16:44:18 40,960 -c--a-w C:\WINDOWS\system32\licmgr10.dll

+ 2008-03-24 18:21:00 2,889,088 -c--a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

+ 2008-03-24 18:21:00 218,496 -c--a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2008-03-01 12:58:08 459,264 -c--a-w C:\WINDOWS\system32\msfeeds.dll

+ 2008-03-01 12:58:08 52,224 -c--a-w C:\WINDOWS\system32\msfeedsbs.dll

+ 2007-08-13 16:36:40 12,288 -c----w C:\WINDOWS\system32\msfeedssync.exe

- 2004-08-05 12:00:00 29,184 -c--a-w C:\WINDOWS\system32\mshta.exe

+ 2007-08-13 16:32:30 45,568 -c--a-w C:\WINDOWS\system32\mshta.exe

- 2008-02-16 22:32:38 3,080,704 -c--a-w C:\WINDOWS\system32\mshtml.dll

+ 2008-03-01 16:28:10 3,591,680 -c--a-w C:\WINDOWS\system32\mshtml.dll

- 2008-02-16 09:02:36 449,024 -c--a-w C:\WINDOWS\system32\mshtmled.dll

+ 2008-03-01 12:58:09 478,208 -c----w C:\WINDOWS\system32\mshtmled.dll

- 2004-08-05 12:00:00 57,344 -c--a-w C:\WINDOWS\system32\mshtmler.dll

+ 2007-08-13 16:01:12 48,128 -c--a-w C:\WINDOWS\system32\mshtmler.dll

- 2004-08-05 12:00:00 146,432 -c--a-w C:\WINDOWS\system32\msls31.dll

+ 2007-08-13 16:54:10 156,160 -c--a-w C:\WINDOWS\system32\msls31.dll

- 2008-02-16 09:02:37 146,432 -c--a-w C:\WINDOWS\system32\msrating.dll

+ 2008-03-01 12:58:10 193,024 -c----w C:\WINDOWS\system32\msrating.dll

- 2008-02-16 09:02:37 532,480 -c--a-w C:\WINDOWS\system32\mstime.dll

+ 2008-03-01 12:58:10 671,232 -c----w C:\WINDOWS\system32\mstime.dll

+ 2006-06-28 15:59:26 24,576 -c----w C:\WINDOWS\system32\nlsdl.dll

+ 2006-06-29 06:05:44 23,552 -c----w C:\WINDOWS\system32\normaliz.dll

- 2004-08-05 12:00:00 97,280 -c--a-w C:\WINDOWS\system32\occache.dll

+ 2008-03-01 12:58:10 102,912 -c----w C:\WINDOWS\system32\occache.dll

- 2008-02-16 09:02:37 39,424 -c--a-w C:\WINDOWS\system32\pngfilt.dll

+ 2008-03-01 12:58:10 44,544 -c----w C:\WINDOWS\system32\pngfilt.dll

- 2004-08-05 12:00:00 37,888 -c--a-w C:\WINDOWS\system32\url.dll

+ 2008-03-01 12:58:10 105,984 -c--a-w C:\WINDOWS\system32\url.dll

- 2008-02-16 09:02:39 617,984 -c--a-w C:\WINDOWS\system32\urlmon.dll

+ 2008-03-01 12:58:10 1,159,680 -c--a-w C:\WINDOWS\system32\urlmon.dll

- 2007-12-18 14:41:59 417,792 -c--a-w C:\WINDOWS\system32\vbscript.dll

+ 2007-08-13 16:54:10 413,696 -c--a-w C:\WINDOWS\system32\vbscript.dll

- 2004-08-05 12:00:00 49,152 -c--a-w C:\WINDOWS\system32\wdigest.dll

+ 2006-03-24 04:37:52 49,152 -c--a-w C:\WINDOWS\system32\wdigest.dll

- 2004-08-05 12:00:00 281,600 -c--a-w C:\WINDOWS\system32\webcheck.dll

+ 2008-03-01 12:58:11 233,472 -c--a-w C:\WINDOWS\system32\webcheck.dll

+ 2007-08-13 16:45:16 206,336 -c----w C:\WINDOWS\system32\WinFXDocObj.exe

+ 2006-07-14 15:51:51 121,856 -c----w C:\WINDOWS\system32\xmllite.dll

+ 2008-05-22 10:10:55 16,384 -c--atw C:\WINDOWS\TEMP\Perflib_Perfdata_49c.dat

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08d87000-1359-47b7-bdac-94aaab6ac353}]

2008-05-21 21:42 107392 --a--c--- C:\WINDOWS\system32\oolklarj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09A78B33-C7F6-465D-9CCA-98D5B98B78CB}]

2008-05-21 21:29 29312 --a--c--- C:\WINDOWS\system32\geBqQJBu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2731AFA8-5455-490D-9525-509CEA608CC8}]

2008-05-21 21:34 318848 --a--c--- C:\WINDOWS\system32\khfFuuuS.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2AB0CA27-95E4-437A-8093-FADF3A2FAC42}]

2008-05-21 17:43 217088 --a--c--- C:\WINDOWS\nldfmtapnvb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64CC964B-770D-4168-A36F-3C9B6EF0A454}]

2008-05-22 12:29 318336 --a--c--- C:\WINDOWS\system32\yayaXPig.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{AE7C2D7A-58B4-4DDD-904F-E089A9514E0F}"= "C:\WINDOWS\gktxaspm.dll" [2008-05-21 17:43 151552]

[HKEY_CLASSES_ROOT\clsid\{ae7c2d7a-58b4-4ddd-904f-e089a9514e0f}]

[HKEY_CLASSES_ROOT\gktxaspm.1]

[HKEY_CLASSES_ROOT\TypeLib\{6A219592-3D06-46A5-B3FF-CBC8EB6FFF2B}]

[HKEY_CLASSES_ROOT\gktxaspm]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 19:19 57344]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

"LVCOMSX"=":C:\WINDOWS\system32\LVCOMSX.EXE" [ ]

"LogitechVideoRepair"=":C:\Program Files\Logitech\Video\ISStart.exe" [ ]

"LogitechVideoTray"=":C:\Program Files\Logitech\Video\LogiTray.exe" [ ]

"SynTPLpr"=":C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [ ]

"SynTPEnh"=":C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]

"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-27 22:35 262401]

"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 19:19 40960]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"AtiPTA"="atiptaxx.exe" [2006-02-22 03:05 344064 C:\WINDOWS\system32\atiptaxx.exe]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 18:28 49152]

"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"BM7f644ff9"="C:\WINDOWS\system32\pdjatriy.dll" [2008-05-21 21:36 95488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

"DWQueuedReporting"="c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{09A78B33-C7F6-465D-9CCA-98D5B98B78CB}"= C:\WINDOWS\system32\geBqQJBu.dll [2008-05-21 21:29 29312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"pxgdslro"= {E8233276-14FB-43D4-A0FC-12E5BEA58779} - C:\WINDOWS\pxgdslro.dll [2008-05-21 17:43 217088]

"gnowmebk"= {0DDE9F1D-FEAE-4D41-8461-B4FBAD4FB66C} - C:\WINDOWS\gnowmebk.dll [2008-05-21 17:43 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBqQJBu]

geBqQJBu.dll 2008-05-21 21:29 29312 C:\WINDOWS\system32\geBqQJBu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.X264"= x264vfw.dll

"VIDC.MJPG"= pvmjpg21.dll

"VIDC.3iv2"= 3ivxVfWCodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\yayaXPig

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\WINDOWS\\system32\\mshta.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 atiide;atiide;C:\WINDOWS\system32\DRIVERS\atiide.sys [2004-06-23 08:04]

R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v3.8.291\ATI Tray Tools\atitray.sys [2006-09-27 12:47]

R2 R54G Wireless Service;R54G Wireless Service;C:\Program Files\Wireless 802.11g Monitor\WLService.exe [2004-03-29 16:08]

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-10-06 13:04]

R3 rt2571;Wireless 802.11g USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\rt2571.sys [2004-05-07 13:47]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfe09f87-c44c-11dc-9c4f-00c09f737e07}]

\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - GTNDIS5

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-22 12:25:34

Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

**************************************************************************

.

--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\geBqQJBu.dll

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe

C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\rundll32.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-05-22 12:31:45 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-22 10:31:29

ComboFix2.txt 2008-05-21 10:23:39

ComboFix3.txt 2008-05-17 11:56:59

ComboFix4.txt 2008-05-15 17:30:50

ComboFix5.txt 2008-05-15 17:06:40

Pre-Run: 23,628,754,944 octets libres

Post-Run: 23,619,321,856 octets libres

536 --- E O F --- 2008-05-16 09:38:10

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

2) Rapport MBAM n°3:

Malwarebytes' Anti-Malware 1.12

Version de la base de données: 775

Type de recherche: Examen complet (C:\|D:\|)

Eléments examinés: 103098

Temps écoulé: 26 minute(s), 58 second(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 5

Clé(s) du Registre infectée(s): 24

Valeur(s) du Registre infectée(s): 7

Elément(s) de données du Registre infecté(s): 2

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 19

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

C:\WINDOWS\system32\yayaXPig.dll (Trojan.Vundo) -> Unloaded module successfully.

C:\WINDOWS\system32\geBqQJBu.dll (Trojan.Vundo) -> Unloaded module successfully.

C:\WINDOWS\system32\khfFuuuS.dll (Trojan.Vundo) -> Unloaded module successfully.

C:\WINDOWS\pxgdslro.dll (Trojan.FakeAlert) -> Unloaded module successfully.

C:\WINDOWS\gnowmebk.dll (Trojan.FakeAlert) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91cdf3b5-e9be-4c4a-ac96-f5c0a1995b04} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{91cdf3b5-e9be-4c4a-ac96-f5c0a1995b04} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3f8febf0-4a50-4420-904c-52b90054223e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a825b3f7-6d09-4e4b-89a3-0dc05c0121fe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{46633232-ceae-4e9d-a0b7-37dcecbb97c6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{9b19a112-5f7e-4549-bdc1-9462ddc7d0b9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{6a219592-3d06-46a5-b3ff-cbc8eb6fff2b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{09a78b33-c7f6-465d-9cca-98d5b98b78cb} (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09a78b33-c7f6-465d-9cca-98d5b98b78cb} (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebqqjbu (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e8233276-14fb-43d4-a0fc-12e5bea58779} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{2ab0ca27-95e4-437a-8093-fadf3a2fac42} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2ab0ca27-95e4-437a-8093-fadf3a2fac42} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0dde9f1d-feae-4d41-8461-b4fbad4fb66c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ae7c2d7a-58b4-4ddd-904f-e089a9514e0f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\gktxaspm.bpew (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\gktxaspm.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{09a78b33-c7f6-465d-9cca-98d5b98b78cb} (Trojan.Vundo) -> Delete on reboot.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7c577c65 (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM7f644ff9 (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\pxgdslro (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\gnowmebk (Trojan.FakeAlert) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae7c2d7a-58b4-4ddd-904f-e089a9514e0f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayaxpig -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayaxpig -> Quarantined and deleted successfully.

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

Fichier(s) infecté(s):

C:\WINDOWS\system32\yayaXPig.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\system32\giPXayay.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\giPXayay.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\geBqQJBu.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\elsq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tbabjykk.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\system32\qxvnogvr.dll (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\khfFuuuS.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\pxgdslro.dll (Trojan.FakeAlert) -> Delete on reboot.

C:\WINDOWS\nldfmtapnvb.dll (Trojan.FakeAlert) -> Delete on reboot.

C:\WINDOWS\mdtgkswr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\gnowmebk.dll (Trojan.FakeAlert) -> Delete on reboot.

C:\WINDOWS\gktxaspm.dll (Trojan.FakeAlert) -> Delete on reboot.

C:\Documents and Settings\lagarde\Bureau\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Documents and Settings\lagarde\Bureau\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Documents and Settings\lagarde\Bureau\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Documents and Settings\lagarde\Favoris\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Documents and Settings\lagarde\Favoris\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Documents and Settings\lagarde\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

3) Rapport MBAM n°4:

Malwarebytes' Anti-Malware 1.12

Version de la base de données: 775

Type de recherche: Examen complet (C:\|D:\|)

Eléments examinés: 103167

Temps écoulé: 24 minute(s), 3 second(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 4

Valeur(s) du Registre infectée(s): 1

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 3

Fichier(s) infecté(s): 13

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9b84a87-ef1a-4540-8421-432261cb6852} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e9b84a87-ef1a-4540-8421-432261cb6852} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\KvmSecure (Rogue.KVMSecure) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\KvmSecure.exe (Rogue.KVMSecure) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

Dossier(s) infecté(s):

C:\Program Files\KvmSecure (Rogue.KVMSecure) -> Quarantined and deleted successfully.

C:\Program Files\KvmSecure\Infected (Rogue.KVMSecure) -> Quarantined and deleted successfully.

C:\Program Files\KvmSecure\Suspicious (Rogue.KVMSecure) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):

C:\WINDOWS\system32\khfFuuuS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\SuuuFfhk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\SuuuFfhk.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tbabjykk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\kkyjbabt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{BB616C19-9308-4AEE-AE53-7E9CBAFF6409}\RP14\A0004412.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{BB616C19-9308-4AEE-AE53-7E9CBAFF6409}\RP14\A0004422.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Program Files\KvmSecure\vscan.tsi (Rogue.KVMSecure) -> Quarantined and deleted successfully.

C:\Program Files\KvmSecure\zlib.dll (Rogue.KVMSecure) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\yayaXPig.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\pxgdslro.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\lagarde\Application Data\Microsoft\Internet Explorer\Quick Launch\KvmSecure.lnk (Rogue.KVMSecure) -> Quarantined and deleted successfully.

C:\Documents and Settings\lagarde\Local Settings\Tempboome20.exe (Trojan.Agent) -> Quarantined and deleted successfully.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

4) Rapport Antivir n°2:

Avira AntiVir Personal

Report file date: jeudi 22 mai 2008 15:46

Scanning for 1282124 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Boot mode: Save mode

Username: lagarde

Computer name: LAGARDE-F08F9D5

Version information:

BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00

AVSCAN.EXE : 8.1.2.12 311553 Bytes 27/04/2008 20:35:00

AVSCAN.DLL : 8.1.1.0 53505 Bytes 27/04/2008 20:35:00

LUKE.DLL : 8.1.2.9 151809 Bytes 27/04/2008 20:35:01

LUKERES.DLL : 8.1.2.1 12033 Bytes 27/04/2008 20:35:01

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 08:26:36

ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 17:19:02

ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 21:35:00

ANTIVIR3.VDF : 7.0.4.76 102400 Bytes 21/05/2008 16:48:42

Engineversion : 8.1.0.46

AEVDF.DLL : 8.1.0.5 102772 Bytes 27/04/2008 20:35:03

AESCRIPT.DLL : 8.1.0.33 266618 Bytes 15/05/2008 20:41:20

AESCN.DLL : 8.1.0.18 119156 Bytes 15/05/2008 20:41:12

AERDL.DLL : 8.1.0.20 418165 Bytes 27/04/2008 20:35:03

AEPACK.DLL : 8.1.1.5 364918 Bytes 15/05/2008 20:41:07

AEOFFICE.DLL : 8.1.0.18 192890 Bytes 27/04/2008 20:35:03

AEHEUR.DLL : 8.1.0.29 1253750 Bytes 15/05/2008 20:41:01

AEHELP.DLL : 8.1.0.14 115063 Bytes 27/04/2008 20:35:03

AEGEN.DLL : 8.1.0.21 303477 Bytes 15/05/2008 20:40:37

AEEMU.DLL : 8.1.0.6 430451 Bytes 07/05/2008 20:29:22

AECORE.DLL : 8.1.0.29 168311 Bytes 15/05/2008 20:40:27

AVWINLL.DLL : 1.0.0.7 14593 Bytes 27/04/2008 20:35:00

AVPREF.DLL : 8.0.0.1 25857 Bytes 27/04/2008 20:35:00

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24

AVREG.DLL : 8.0.0.0 30977 Bytes 27/04/2008 20:35:00

AVARKT.DLL : 1.0.0.23 307457 Bytes 27/04/2008 20:35:00

AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 27/04/2008 20:35:00

SQLITE3.DLL : 3.3.17.1 339968 Bytes 27/04/2008 20:35:02

SMTPLIB.DLL : 1.2.0.19 28929 Bytes 27/04/2008 20:35:01

NETNT.DLL : 8.0.0.1 7937 Bytes 27/04/2008 20:35:01

RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 27/04/2008 20:34:48

RCTEXT.DLL : 8.0.32.0 86273 Bytes 27/04/2008 20:34:49

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: on

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,

Macro heuristic..................: on

File heuristic...................: medium

Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: jeudi 22 mai 2008 15:46

Starting search for hidden objects.

The driver could not be initialized.

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

11 processes with 11 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Starting to scan the registry.

The registry was scanned ( '28' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\All Users.WINDOWS\Documents\Mes vidéos\ZENSOFT_300 (D)\Adobe Acrobat\Reader\Japanese\ar405jpn.exe

[WARNING] No further files can be extracted from this archive. The archive will be closed

C:\Documents and Settings\lagarde\Bureau\ComboFix.exe

[DETECTION] Contains detection pattern of the application APPL/Tool.NirCmd.D

[DETECTION] Contains detection pattern of the application APPL/Rmadmin.131072

[DETECTION] Contains detection pattern of the SPR/Tool.PV program

[WARNING] The file was ignored!

C:\Documents and Settings\lagarde\Bureau\Flash_Disinfector.exe

[DETECTION] Contains detection pattern of the application APPL/NirCmd.2

[WARNING] The file was ignored!

C:\Documents and Settings\lagarde\Bureau\SmitfraudFix.exe

[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.92

C:\Documents and Settings\lagarde\Bureau\SmitfraudFix.exe

[0] Archive type: RAR SFX (self extracting)

--> SmitfraudFix\Reboot.exe

[DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program

--> SmitfraudFix\restart.exe

[DETECTION] Contains detection pattern of the SPR/Tool.Hardoff.A program

[WARNING] The file was ignored!

C:\Documents and Settings\lagarde\Local Settings\Temp\nircmd.exe

[DETECTION] Contains detection pattern of the application APPL/NirCmd.2

[NOTE] The file was moved to '48a78480.qua'!

End of the scan: jeudi 22 mai 2008 19:49

Used time: 4:02:51 min

The scan has been done completely.

7366 Scanning directories

260091 Files were scanned

8 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

1 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

260083 Files not concerned

1783 Archives were scanned

5 Warnings

1 Notes

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

5) Rapport de HijackThis n°6:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:03:29, on 22/05/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\HP\HP Software Update\HPWuSchd.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe

C:\Program Files\Wireless 802.11g Monitor\WLService.exe

C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: {28538e90-63a6-37fb-a334-e6f7b2abcf3b} - {b3fcba2b-7f6e-433a-bf73-6a3609e83582} - C:\WINDOWS\system32\juewnenf.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [LVCOMSX] :C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] :C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] :C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [synTPLpr] :C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] :C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: R54G Wireless Service - Unknown owner - C:\Program Files\Wireless 802.11g Monitor\WLService.exe

--

End of file - 7084 bytes

oGu · le 22 mai 2008

Tu as à nouveau chopé un Vundo qui te colle un rogue...je dois à tout prix savoir ce que tu as fait pour le choper à nouveau, pour ne pas désinfecter dans le vide...Tu as sans doute soit installé un crack, soit visité un site web douteux, isn't it??

Modifié le 22 mai 2008 par oGu

je-rom · le 22 mai 2008

Yes surement oGu, je ne crack rien, je sais même pas comment on fait, par contre j'ai visité YOU TUBE, ainsi que des tchats ensuite il est apparu la publicité pour le pocker puis 15 minutes après ait apparu le faux antivirus avec la tête de cafard comme logo de "MalWarrior 2008".

Désolé, j'avais oublié de répondre à cette question dans mon précédent post. Je compte changer mes habitudes pour surfer à moins que je puisse arriver à me désinfecter tout seul comme aujourd'hui. Qu'en penses-tu?

Je voudrais savoir déjà si j'ai vraiment réussi en totalité ou en partie si tu sais?

Ce dont je suis sur, c'est que je n'ai rien fais de mal à part la visite de sites web douteux. Au pire je tiens à changer mes habitudes comme je t'ai confié.

Cordialement Jérôme

oGu · le 23 mai 2008

Yes surement oGu, je ne crack rien, je sais même pas comment on fait, par contre j'ai visité YOU TUBE, ainsi que des tchats ensuite il est apparu la publicité pour le pocker puis 15 minutes après ait apparu le faux antivirus avec la tête de cafard comme logo de "MalWarrior 2008".Ce dont je suis sur, c'est que je n'ai rien fais de mal à part la visite de sites web douteux

Youtube n'est pas un site douteux; pas plus dangereux que de tchatter d'ailleurs...L'infection ne doit pas venir de ces sites-là. As-tu cliqué sur des pubs, ou bien as-tu répondu positivement à un téléchargement ou à une alerte factice?

VirtuMonde ne s'installe pas tout seul sans intervention de l'utilisateur, à ma conniassance !

Je compte changer mes habitudes pour surfer à moins que je puisse arriver à me désinfecter tout seul comme aujourd'hui. Qu'en penses-tu?

Mais tu es encore infecté! MBAM a fait du bon travail, Combofix a fait une part de nettoyage, mais il en reste encore! D'ailleurs, il ne faut jamais passer ComboFix sans l'avis d'un intervenant sécurité, cet outil est surpuissant et peut faire des dégâts s'il est manipulé sans connaissance.

Il est impératif que tu prennes de nouvelles habitudes: on a passé plusieurs heures à te désinfecter, et deux jours après tu reviens avec la même infection! Quand bien même tu apprendrais à te désinfecter seul -ça prend des mois d'apprentissage-, l'essentiel est tout de même de ne pas s'infecter plus que de réparer!

Je pars au bahut, on y regardera plus sereinement ce week-end.

A+.

Modifié le 23 mai 2008 par oGu

je-rom · le 23 mai 2008

Salut oGu!

A ce que tu me racontes j'ai surement dû cliquer sur la publicité qui était en double fenêtre avec mon site et forcément ça la pris en compte et actionner VirtuMonde .

D'accord je me réfèreré à l'avenir toujours à un intervenant sécurité. Je vais changer mes habitudes pour surfer le mieux que je peux. D'ailleurs je tiens à ne plus surfer à part sur Zébulon afin que tu ne me désinfecte pas dans le vide.

oGu · le 24 mai 2008

Bon, on y retourne.

DESINFECTION

SUPPRESSION DES LOGICIELS DE DESINFECTION

Efface SDFix et désinstalle SmitFraudFix

CCLEANER SLIM

Lance CCleaner
Clique sur l'onglet : "Registre"
Clique sur "Rechercher des erreurs" puis "Corriger les erreurs"
Répond "oui" à la demande de sauvegarde proposée et enregistre-la dans tes documents
Clique sur l'onglet "nettoyeur" puis "lancer le nettoyage"

HIJACKTHIS

Relance HijackThis
Sélectionne "Do a scan only"
Coche les lignes suivantes si elles existent:

O2 - BHO: {28538e90-63a6-37fb-a334-e6f7b2abcf3b} - {b3fcba2b-7f6e-433a-bf73-6a3609e83582} - C:\WINDOWS\system32\juewnenf.dll

CREATION/EXECUTION D'UN CFSCRIPT

Ouvre un nouveau fichier du Bloc-notes
"Copie/Colle" tout le contenu de la boîte Code ci-dessous (mais n'inclus pas le mot "Code") dans le fichier texte du bloc-note :
```
KillAll::

File::
C:\WINDOWS\system32\juewnenf.dll
```
Sauvegarde ce fichier sur ton Bureau en l'appelant IMPERATIVEMENT CFScript.txt

ATTENTION: ce script a été conçu spécifiquement pour le cas de Je-Rom, ne pas l'utiliser pour votre propre machine!!
Désactive ton antivirus et ton antispyware
Te référant à l'image ci-dessous, déplace CFScript.txt sur ComboFix.exe
ComboFix sera lancé.
Une fenêtre bleue va apparaitre: patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
ComboFix peut exiger un redémarrage pour compléter son travail. Accepte.
Lorsque l'outil aura terminé, un rapport ComboFix.log apparaîtra à l'écran.
Soumet le fichier en cliquant "OK"
Enfin, poste le rapport suivant dans ta prochaine réponse :

- Combofix.txt (il est stocké ici: > C:\ComboFix.txt)

SECURISATION

UTILISER ET SECURISER FIREFOX

Utilise exclusivement FIREFOX
Sécurise-le avec les extensions suivantes:
- extension AdBlock Plus contre les publicités.
- avec AdBlock Plus, installe les filtres antipub FR + EASY LIST en cliquant, au milieu de cette page, sur cette image
- extension Customize Google: disparation des pubs Google et anonymisation des cookies Google[/b]

StripMyRights

Télécharge StripMyRights en cliquant sur cette image:

Dézippe l'archive et copie l'éxecutable StripMyRights.exe (64ko) dans:
C:\Windows\System32.
Télécharge sur ton Bureau ce *.reg que je t'ai préparé:

http://dl.free.fr/mprS6Ngq8/stripmyrights_firefox_je-rom.reg
Clique droit dessus et sélectionne "Fusionner".
Clique "oui" au message d'alerte
Redémarre

Modifié le 24 mai 2008 par oGu

je-rom · le 24 mai 2008

Salut oGu!

J'ai eu un message en lançant Combofix en anglais me disant comme quoi il a expiré et donc le logo est parti. Je pense qu'il faut que tu m'en envoie en autre...

Au fait, voici le rapport HJT 7:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:18:57, on 24/05/2008