Infections, pubs intempestives (virtumonde)

Résolu
sebcbien49 Messages postés 28 Date d'inscription   Statut Membre Dernière intervention   -  
duflox Messages postés 1987 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour,
après avoir visité différents forums à propos du trojan Virtumonde et testé diverses solutions pour l'éliminer (mais sans succès), je commence à désespérer.

Voici mon problème ou plutôt mes problèmes :
1-Lorsque j'allume mon ordi, avast détecte parfois (pas toujours) 2 virus Win32...
2-Lorsque j'ouvre une fenêtre internet (firefox ou IE) pour la première fois après le démarrage de mon ordi, une autre fenêtre s'ouvre (toujous Internet Explorer). C'est un genre de pub proposant des analyses antivirus (le non du site varie). D'où le lien présumé avec Virtumonde que j'ai par ailleurs détecté grâce à spybot mais qui revient tout le temps.
3-Parfois, lorsque je lance une analyse spybot ou ad-aware, le logiciel se ferme tout seul et ensuite, impossible de le relancer sans redémarrer mon ordi (fenêtre du rapport d'erreur).
4-Mon PC met plus de temps que d'habitude à démarrer.

Voici ce que j'ai essayé :
- spybot
- ad-aware 2007
- AVG Anti-Spyware
- vundofix
- VirtumondeBeGone
- SDFix
- HijackThis
- et sans doute d'autres choses que j'ai oublié...

SVP aidez-moi je ne sais plus quoi faire !!!

49 réponses

Précédent
Réponse 21 / 49
duflox Messages postés 1987 Date d'inscription   Statut Membre Dernière intervention   43
 
salut

Télécharge http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double-clic sur combofix il vas te demander une question répond oui touche y puis attends que combofix soit fini il vas générer un rapport

Poste le sur le forum dans ta réponse
0
Réponse 22 / 49
sebcbien49 Messages postés 28 Date d'inscription   Statut Membre Dernière intervention  
 
Slt duflox, merci de ne pas m'avoir oublié.
Voilà le rapport demandé :

ComboFix 07-10-09.3 - S‚bastien 2007-10-10 19:58:45.4 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.1413 [GMT 2:00]
Running from: C:\Documents and Settings\S‚bastien\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ahbjivpo.dll
C:\WINDOWS\system32\aomfkabe.dll
C:\WINDOWS\system32\bfwkuovi.ini
C:\WINDOWS\system32\bidgxkun.ini
C:\WINDOWS\system32\ebakfmoa.ini
C:\WINDOWS\system32\gnpvskbo.ini
C:\WINDOWS\system32\ivoukwfb.dll
C:\WINDOWS\system32\nukxgdib.dll
C:\WINDOWS\system32\obksvpng.dll
C:\WINDOWS\system32\opvijbha.ini
C:\WINDOWS\system32\rqtss.bak2
C:\WINDOWS\system32\rqtss.ini
C:\WINDOWS\system32\rqtss.ini2
C:\WINDOWS\system32\rqtss.tmp
C:\WINDOWS\system32\tynculrj.dll
C:\WINDOWS\system32\vlntklov.dll
C:\WINDOWS\system32\volktnlv.ini

.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-10 to 2007-10-10 ))))))))))))))))))))))))))))))))))))
.

2007-10-10 20:03 6,465 ---hs---- C:\WINDOWS\system32\rqtss.bak1
2007-10-09 19:09 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-09 19:09 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-09 19:09 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-09 19:09 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-09 19:09 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-09 19:09 4,066 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-09 18:13 <REP> d-------- C:\Program Files\Navilog1
2007-10-09 14:21 <REP> d-------- C:\WINDOWS\ERUNT
2007-10-09 14:04 <REP> d-------- C:\VundoFix Backups
2007-10-08 20:12 <REP> d-------- C:\Program Files\Lavasoft
2007-10-08 20:11 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-08 17:47 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-08 17:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-08 13:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sony Ericsson
2007-10-07 22:48 <REP> d-------- C:\WINDOWS\system32\VirtualExpander
2007-10-05 20:58 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-05 19:53 <REP> d-------- C:\WINDOWS\AU_Temp
2007-10-05 17:04 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-10-04 18:27 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2007-10-04 18:27 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-10-04 18:27 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2007-10-04 18:27 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2007-10-04 18:27 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2007-10-04 18:27 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2007-10-04 18:27 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-10-04 17:33 <REP> d-------- C:\WINDOWS\report
2007-10-04 17:33 <REP> d-------- C:\WINDOWS\AU_Backup
2007-10-04 17:33 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-10-04 17:33 267,845 --a------ C:\WINDOWS\tsc.exe
2007-10-04 17:33 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-10-04 17:33 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-10-04 17:30 <REP> d-------- C:\WINDOWS\AU_Log
2007-10-04 17:30 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-10-04 17:30 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-10-04 17:30 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-10-03 18:19 <REP> d-------- C:\Program Files\MSECache
2007-10-03 17:56 <REP> d-------- C:\Program Files\Temporary
2007-10-03 17:44 307,808 --a------ C:\WINDOWS\system32\sstqr.dll
2007-10-03 17:37 35,328 --a------ C:\WINDOWS\system32\opnkijg.dll
2007-10-03 11:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-10-02 21:22 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-10-02 13:55 1,017,801 --a------ C:\WINDOWS\system32\LOST.scr
2007-10-02 13:55 998,873 --a------ C:\WINDOWS\system32\Desperate Housewives.scr
2007-09-29 17:48 <REP> d-------- C:\Program Files\SystemRequirementsLab
2007-09-28 17:54 <REP> d-------- C:\download
2007-09-26 10:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-09-25 11:21 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2007-09-22 11:43 <REP> d-------- C:\Program Files\uTorrent
2007-09-21 14:42 <REP> C:\Documents and Settings\Sébastien\Incomplete
2007-09-20 14:54 149,504 --a------ C:\WINDOWS\system32\Mpegdll.dll
2007-09-20 14:53 283,648 --a------ C:\WINDOWS\system32\uninstall.exe
2007-09-17 17:40 524,288 --a------ C:\WINDOWS\opuc.dll
2007-09-17 15:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Real
2007-09-15 18:39 <REP> d-------- C:\Program Files\Microsoft Money
2007-09-15 15:13 83,336 -ra------ C:\WINDOWS\system32\drivers\s116bus.sys
2007-09-15 15:13 12,424 -ra------ C:\WINDOWS\system32\drivers\s116whnt.sys
2007-09-15 15:13 12,424 -ra------ C:\WINDOWS\system32\drivers\s116wh.sys
2007-09-15 15:09 <REP> d-------- C:\Program Files\Sony Ericsson
2007-09-15 15:09 <REP> d-------- C:\Program Files\Fichiers communs\Teleca Shared
2007-09-15 15:09 <REP> d-------- C:\Program Files\Fichiers communs\Sony Ericsson Shared
2007-09-15 15:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2007-09-15 15:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2007-09-14 16:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-09-14 16:56 <REP> d-------- C:\Program Files\Nero
2007-09-14 16:56 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2007-09-14 16:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-09-14 12:12 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2007-09-14 12:12 19,424 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys
2007-09-13 17:39 <REP> d-------- C:\Program Files\RegistrySmart
2007-09-13 15:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-09-13 15:45 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-09-13 15:43 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-09-13 15:43 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-09-13 15:42 79,622 --a------ C:\WINDOWS\system32\E_FLM9CE.DLL
2007-09-13 15:42 64,000 --a------ C:\WINDOWS\system32\E_FBCB9CE.DLL
2007-09-13 15:42 34,304 --a------ C:\WINDOWS\system32\E_FBCH9CE.DLL
2007-09-13 15:42 31,744 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2007-09-13 15:42 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-09-13 15:42 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-09-13 15:41 <REP> d-------- C:\Program Files\epson
2007-09-13 15:41 46,080 --a------ C:\WINDOWS\system32\escimgd.dll
2007-09-13 15:41 29,696 --a------ C:\WINDOWS\system32\escwiad.dll
2007-09-13 15:41 22,016 --a------ C:\WINDOWS\system32\esccmd.dll
2007-09-12 21:16 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-09-12 21:16 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-09-12 20:57 <REP> d-------- C:\Program Files\Microsoft Works
2007-09-12 20:56 <REP> d-------- C:\Program Files\Microsoft.NET
2007-09-12 20:54 <REP> d-------- C:\WINDOWS\SHELLNEW
2007-09-12 20:54 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-09-12 20:53 <REP> dr-h----- C:\MSOCache
2007-09-12 20:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-12 20:01 1,712,128 --a------ C:\WINDOWS\system32\GDIPLUS.DLL
2007-09-12 20:01 401,408 --a------ C:\WINDOWS\system32\pvmjpg30.dll
2007-09-12 20:01 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-09-12 19:58 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2007-09-12 19:58 14,165 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys
2007-09-12 19:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2007-09-12 19:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-09-12 18:57 <REP> d-------- C:\Program Files\Bonjour

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-10 18:01 5,242,880 ----a-w C:\Documents and Settings\Sébastien\NTUSER.DAT
2007-10-08 18:19 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-10-08 18:19 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-09-20 19:45 --------- d-----w C:\Program Files\NVIDIA Corporation
2007-09-16 23:07 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-09-16 23:07 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-09-16 23:07 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-09-16 23:07 6,853,088 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-09-16 23:07 6,746,112 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-09-16 23:07 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-09-16 23:07 5,783,040 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-09-16 23:07 5,509,120 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-09-16 23:07 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-09-16 23:07 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-09-16 23:07 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-09-16 23:07 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-09-16 23:07 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-09-16 23:07 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-09-16 23:07 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-09-16 23:07 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-09-16 23:07 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-09-16 23:07 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-09-16 23:07 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-09-16 23:07 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-09-16 23:07 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-09-16 23:07 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-09-16 23:07 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-09-16 23:07 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-09-16 23:07 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-09-16 23:07 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-09-16 23:07 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-09-16 23:07 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-09-16 23:07 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-09-16 23:07 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-09-16 23:07 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-09-16 23:07 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-09-16 23:07 3,629,056 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-09-16 23:07 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-09-16 23:07 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-09-16 23:07 3,166,208 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-09-16 23:07 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-09-16 23:07 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-09-16 23:07 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-09-16 23:07 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-09-16 23:07 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-09-16 23:07 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
2007-09-16 23:07 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-09-16 23:07 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-09-16 23:07 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-09-16 23:07 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-09-16 23:07 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-09-16 23:07 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-09-16 23:07 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-09-16 23:07 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-09-16 23:07 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-09-16 23:07 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-09-16 23:07 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-09-16 23:07 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-09-16 23:07 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-09-16 23:07 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-09-16 23:07 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-09-16 23:07 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-09-16 23:07 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-09-16 23:07 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-09-16 23:07 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-09-16 23:07 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-09-16 23:07 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-09-16 23:07 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll
2007-09-16 23:07 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-09-16 23:07 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-09-16 23:07 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-09-16 23:07 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-09-16 23:07 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-09-16 23:07 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-09-16 23:07 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-09-16 23:07 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-09-16 23:07 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2007-09-16 23:07 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-09-16 23:07 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
2007-09-16 23:07 2,441,216 ----a-w C:\WINDOWS\system32\nvwssr.dll
2007-09-16 23:07 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-09-16 23:07 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll
2007-09-16 23:07 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-09-16 23:07 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll
2007-09-16 23:07 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll
2007-09-16 23:07 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-09-16 23:07 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-09-16 23:07 126,976 ----a-w C:\WINDOWS\system32\nvrszht.dll
2007-09-16 23:07 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-09-16 23:07 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-09-16 23:07 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll
2007-09-16 23:07 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-09-16 23:07 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-09-16 23:07 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-09-14 10:15 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-09-14 10:15 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2007-09-12 18:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
2007-09-12 18:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-12 15:26 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-09-11 20:59 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
.

((((((((((((((((((((((((((((( snapshot@2007-10-07_ 0.52.25.71 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 15,072 2005-10-12 23:15:23 C:\WINDOWS\$hf_mig$\KB933729\spmsg.dll
----a-w 216,800 2005-10-12 23:15:24 C:\WINDOWS\$hf_mig$\KB933729\spuninst.exe
----a-w 582,656 2007-07-09 13:19:28 C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\rpcrt4.dll
----a-w 369,152 2007-06-18 22:24:36 C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\spru040c.dll
----a-w 22,752 2005-10-12 23:15:23 C:\WINDOWS\$hf_mig$\KB933729\update\spcustom.dll
----a-w 727,776 2005-10-12 23:15:26 C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
----a-w 394,976 2005-10-12 23:15:43 C:\WINDOWS\$hf_mig$\KB933729\update\updspapi.dll
----a-w 15,072 2007-03-06 01:34:33 C:\WINDOWS\$hf_mig$\KB939653-IE7\spmsg.dll
----a-w 216,800 2007-03-06 01:34:38 C:\WINDOWS\$hf_mig$\KB939653-IE7\spuninst.exe
----a-w 124,928 2007-08-20 09:49:19 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\advpack.dll
----a-w 214,528 2007-08-20 09:49:28 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\dxtrans.dll
----a-w 132,608 2007-08-20 09:49:19 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\extmgr.dll
----a-w 63,488 2007-08-20 09:49:19 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\icardie.dll
----a-w 70,656 2007-08-17 10:13:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ie4uinit.exe
----a-w 153,088 2007-08-20 09:49:20 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakeng.dll
----a-w 230,400 2007-08-20 09:49:20 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakui.dll
----a-w 2,455,488 2007-04-17 09:32:38 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dat
----a-w 383,488 2007-08-20 09:49:20 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dll
----a-w 387,584 2007-08-20 09:49:20 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iedkcs32.dll
----a-w 6,066,176 2007-08-20 09:49:23 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieframe.dll
----a-w 44,544 2007-08-20 09:49:23 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iernonce.dll
----a-w 267,776 2007-08-20 09:49:23 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iertutil.dll
----a-w 13,824 2007-08-17 10:13:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieudinit.exe
----a-w 625,152 2007-08-17 10:13:39 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
----a-w 27,648 2007-08-20 09:49:23 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\jsproxy.dll
----a-w 459,264 2007-08-20 09:49:24 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeeds.dll
----a-w 52,224 2007-08-20 09:49:24 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 09:49:26 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
----a-w 478,208 2007-08-20 09:49:26 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtmled.dll
----a-w 193,024 2007-08-20 09:49:26 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msrating.dll
----a-w 671,232 2007-08-20 09:49:27 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mstime.dll
----a-w 102,400 2007-08-20 09:49:27 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\occache.dll
----a-w 105,984 2007-08-20 09:49:27 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\url.dll
----a-w 1,161,728 2007-08-20 09:49:28 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\urlmon.dll
----a-w 232,960 2007-08-20 09:49:28 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\webcheck.dll
----a-w 825,344 2007-08-20 09:49:28 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
----a-w 22,752 2007-03-06 01:34:31 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\spcustom.dll
----a-w 727,776 2007-03-06 01:34:56 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe
----a-w 394,976 2007-03-06 01:35:48 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\updspapi.dll
----a-w 15,072 2007-03-06 01:34:33 C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
----a-w 216,800 2007-03-06 01:34:38 C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
----a-w 683,520 2007-08-21 06:25:34 C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
----a-w 22,752 2007-03-06 01:34:31 C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
----a-w 727,776 2007-03-06 01:34:56 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
----a-w 394,976 2007-03-06 01:35:48 C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
-c----w 581,120 2004-08-05 12:00:00 C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
-c----w 216,800 2005-10-12 23:15:24 C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
-c----w 394,976 2005-10-12 23:15:43 C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll
-c----w 683,520 2007-05-16 15:13:53 C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
-c----w 216,800 2007-03-06 01:34:38 C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
-c----w 394,976 2007-03-06 01:35:48 C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll
----a-w 163,328 2007-09-27 20:03:23 C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
----a-w 815,104 2007-10-09 12:21:44 C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
----a-w 8,192 2007-10-09 12:21:44 C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
----a-w 163,328 2007-09-27 20:03:23 C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
----a-w 815,104 2007-10-09 12:21:43 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
----a-w 8,192 2007-10-09 12:21:43 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
-c----w 124,928 2007-06-27 13:22:39 C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll
-c----w 214,528 2006-10-17 09:57:50 C:\WINDOWS\ie7updates\KB939653-IE7\dxtrans.dll
-c----w 132,608 2007-06-27 13:22:40 C:\WINDOWS\ie7updates\KB939653-IE7\extmgr.dll
-c----w 61,952 2006-10-17 09:58:20 C:\WINDOWS\ie7updates\KB939653-IE7\icardie.dll
-c----w 63,488 2007-06-27 08:27:04 C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe
-c----w 153,088 2007-06-27 13:22:40 C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll
-c----w 230,400 2007-06-27 13:22:42 C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll
-c----w 161,792 2007-06-27 07:00:33 C:\WINDOWS\ie7updates\KB939653-IE7\ieakui.dll
-c----w 383,488 2007-06-27 13:22:45 C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dll
-c----w 384,512 2007-06-27 13:22:48 C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll
-c----w 6,058,496 2007-06-27 13:23:23 C:\WINDOWS\ie7updates\KB939653-IE7\ieframe.dll
-c----w 44,544 2007-06-27 13:23:23 C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll
-c----w 267,776 2007-06-27 13:23:25 C:\WINDOWS\ie7updates\KB939653-IE7\iertutil.dll
-c----w 13,824 2007-06-27 08:27:05 C:\WINDOWS\ie7updates\KB939653-IE7\ieudinit.exe
-c----w 625,152 2007-06-27 08:28:24 C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
-c----w 27,648 2007-06-27 13:23:31 C:\WINDOWS\ie7updates\KB939653-IE7\jsproxy.dll
-c----w 459,264 2007-06-27 13:23:32 C:\WINDOWS\ie7updates\KB939653-IE7\msfeeds.dll
-c----w 52,224 2007-06-27 13:23:32 C:\WINDOWS\ie7updates\KB939653-IE7\msfeedsbs.dll
-c----w 3,856,384 2007-07-19 06:58:09 C:\WINDOWS\ie7updates\KB939653-IE7\mshtml.dll
-c----w 477,696 2007-06-27 13:24:06 C:\WINDOWS\ie7updates\KB939653-IE7\mshtmled.dll
-c----w 193,024 2007-06-27 13:24:07 C:\WINDOWS\ie7updates\KB939653-IE7\msrating.dll
-c----w 671,232 2007-06-27 13:24:09 C:\WINDOWS\ie7updates\KB939653-IE7\mstime.dll
-c----w 163,840 2007-06-27 13:24:09 C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll
-c----w 62,464 2007-06-27 13:24:10 C:\WINDOWS\ie7updates\KB939653-IE7\url.dll
-c----w 1,225,728 2007-06-27 13:24:14 C:\WINDOWS\ie7updates\KB939653-IE7\urlmon.dll
-c----w 393,728 2007-06-27 13:24:15 C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll
-c----w 814,592 2007-06-27 13:24:19 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
-c----w 216,800 2007-03-06 01:34:38 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe
-c----w 394,976 2007-03-06 01:35:48 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\updspapi.dll
----a-r 1,165,584 2007-10-10 10:22:05 C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
----a-r 20,240 2007-10-10 10:22:05 C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
----a-r 159,504 2007-10-10 10:22:05 C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
----a-r 217,864 2007-10-10 10:22:05 C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
----a-r 18,704 2007-10-10 10:22:05 C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
----a-r 35,088 2007-10-10 10:22:05 C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
----a-r 845,584 2007-10-10 10:22:05 C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
----a-r 922,384 2007-10-10 10:22:05 C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
----a-r 272,648 2007-10-10 10:22:05 C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
----a-r 888,080 2007-10-10 10:22:05 C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
----a-r 1,172,240 2007-10-10 10:22:05 C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
----a-r 1,038,336 2007-10-08 18:12:09 C:\WINDOWS\Installer\{E31C348B-63A9-4CBF-8D7F-D932ABB63244}\Icon0E6AB9FC.exe
----a-r 178,688 2007-10-08 18:12:09 C:\WINDOWS\Installer\{E31C348B-63A9-4CBF-8D7F-D932ABB63244}\Icon0E6AB9FC1.exe
----a-w 15,072 2007-03-06 01:34:33 C:\WINDOWS\SoftwareDistribution\Download\597d86b79933edac6fa897d33c53f918\spmsg.dll
----a-w 216,800 2007-03-06 01:34:38 C:\WINDOWS\SoftwareDistribution\Download\597d86b79933edac6fa897d33c53f918\spuninst.exe
----a-w 683,520 2007-08-21 06:17:23 C:\WINDOWS\SoftwareDistribution\Download\597d86b79933edac6fa897d33c53f918\sp2gdr\inetcomm.dll
----a-w 683,520 2007-08-21 06:25:34 C:\WINDOWS\SoftwareDistribution\Download\597d86b79933edac6fa897d33c53f918\sp2qfe\inetcomm.dll
----a-w 22,752 2007-03-06 01:34:31 C:\WINDOWS\SoftwareDistribution\Download\597d86b79933edac6fa897d33c53f918\update\spcustom.dll
----a-w 727,776 2007-03-06 01:34:56 C:\WINDOWS\SoftwareDistribution\Download\597d86b79933edac6fa897d33c53f918\update\update.exe
----a-w 394,976 2007-03-06 01:35:48 C:\WINDOWS\SoftwareDistribution\Download\597d86b79933edac6fa897d33c53f918\update\updspapi.dll
----a-w 15,072 2007-03-06 01:34:33 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\spmsg.dll
----a-w 216,800 2007-03-06 01:34:38 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\spuninst.exe
----a-w 124,928 2007-08-20 09:59:29 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\advpack.dll
----a-w 214,528 2007-08-20 09:59:29 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\dxtrans.dll
----a-w 132,608 2007-08-20 09:59:29 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\extmgr.dll
----a-w 63,488 2007-08-20 09:59:29 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\icardie.dll
----a-w 63,488 2007-08-17 10:22:11 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\ie4uinit.exe
----a-w 153,088 2007-08-20 09:59:29 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\ieakeng.dll
----a-w 230,400 2007-08-20 09:59:29 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\ieakui.dll
----a-w 383,488 2007-08-20 09:59:29 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\ieapfltr.dll
----a-w 384,512 2007-08-20 09:59:29 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\iedkcs32.dll
----a-w 6,058,496 2007-08-20 09:59:29 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\ieframe.dll
----a-w 44,544 2007-08-20 09:59:29 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\iernonce.dll
----a-w 267,776 2007-08-20 09:59:30 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\iertutil.dll
----a-w 13,824 2007-08-17 10:22:11 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\ieudinit.exe
----a-w 625,152 2007-08-17 10:22:32 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\iexplore.exe
----a-w 27,648 2007-08-20 09:59:30 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\jsproxy.dll
----a-w 459,264 2007-08-20 09:59:30 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\msfeeds.dll
----a-w 52,224 2007-08-20 09:59:30 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\msfeedsbs.dll
----a-w 3,584,512 2007-08-20 09:59:30 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\mshtml.dll
----a-w 477,696 2007-08-20 09:59:30 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\mshtmled.dll
----a-w 193,024 2007-08-20 09:59:30 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\msrating.dll
----a-w 671,232 2007-08-20 09:59:30 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\mstime.dll
----a-w 102,400 2007-08-20 09:59:31 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\occache.dll
----a-w 105,984 2007-08-20 09:59:31 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\url.dll
----a-w 1,152,000 2007-08-20 09:59:31 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\urlmon.dll
----a-w 232,960 2007-08-20 09:59:31 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\webcheck.dll
----a-w 824,832 2007-08-20 09:59:31 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\wininet.dll
----a-w 124,928 2007-08-20 09:49:19 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\advpack.dll
----a-w 214,528 2007-08-20 09:49:28 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\dxtrans.dll
----a-w 132,608 2007-08-20 09:49:19 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\extmgr.dll
----a-w 63,488 2007-08-20 09:49:19 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\icardie.dll
----a-w 70,656 2007-08-17 10:13:10 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\ie4uinit.exe
----a-w 153,088 2007-08-20 09:49:20 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\ieakeng.dll
----a-w 230,400 2007-08-20 09:49:20 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\ieakui.dll
----a-w 2,455,488 2007-04-17 09:32:38 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\ieapfltr.dat
----a-w 383,488 2007-08-20 09:49:20 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\ieapfltr.dll
----a-w 387,584 2007-08-20 09:49:20 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\iedkcs32.dll
----a-w 6,066,176 2007-08-20 09:49:23 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\ieframe.dll
----a-w 44,544 2007-08-20 09:49:23 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\iernonce.dll
----a-w 267,776 2007-08-20 09:49:23 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\iertutil.dll
----a-w 13,824 2007-08-17 10:13:10 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\ieudinit.exe
----a-w 625,152 2007-08-17 10:13:39 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\iexplore.exe
----a-w 27,648 2007-08-20 09:49:23 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\jsproxy.dll
----a-w 459,264 2007-08-20 09:49:24 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\msfeeds.dll
----a-w 52,224 2007-08-20 09:49:24 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 09:49:26 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\mshtml.dll
----a-w 478,208 2007-08-20 09:49:26 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\mshtmled.dll
----a-w 193,024 2007-08-20 09:49:26 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\msrating.dll
----a-w 671,232 2007-08-20 09:49:27 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\mstime.dll
----a-w 102,400 2007-08-20 09:49:27 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\occache.dll
----a-w 105,984 2007-08-20 09:49:27 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\url.dll
----a-w 1,161,728 2007-08-20 09:49:28 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\urlmon.dll
----a-w 232,960 2007-08-20 09:49:28 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\webcheck.dll
----a-w 825,344 2007-08-20 09:49:28 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\wininet.dll
----a-w 22,752 2007-03-06 01:34:31 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\update\spcustom.dll
----a-w 727,776 2007-03-06 01:34:56 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\update\update.exe
----a-w 394,976 2007-03-06 01:35:48 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\update\updspapi.dll
----a-w 15,072 2005-10-12 23:15:23 C:\WINDOWS\SoftwareDistribution\Download\f481ea94a34c702b77bda577798d89f0\spmsg.dll
----a-w 216,800 2005-10-12 23:15:24 C:\WINDOWS\SoftwareDistribution\Download\f481ea94a34c702b77bda577798d89f0\spuninst.exe
----a-w 584,192 2007-07-09 13:11:46 C:\WINDOWS\SoftwareDistribution\Download\f481ea94a34c702b77bda577798d89f0\SP2GDR\rpcrt4.dll
----a-w 121,856 2007-06-12 21:53:14 C:\WINDOWS\SoftwareDistribution\Download\f481ea94a34c702b77bda577798d89f0\SP2GDR\spru040c.dll
----a-w 582,656 2007-07-09 13:19:28 C:\WINDOWS\SoftwareDistribution\Download\f481ea94a34c702b77bda577798d89f0\SP2QFE\rpcrt4.dll
----a-w 369,152 2007-06-18 22:24:36 C:\WINDOWS\SoftwareDistribution\Download\f481ea94a34c702b77bda577798d89f0\SP2QFE\spru040c.dll
----a-w 22,752 2005-10-12 23:15:23 C:\WINDOWS\SoftwareDistribution\Download\f481ea94a34c702b77bda577798d89f0\update\spcustom.dll
----a-w 727,776 2005-10-12 23:15:26 C:\WINDOWS\SoftwareDistribution\Download\f481ea94a34c702b77bda577798d89f0\update\update.exe
----a-w 394,976 2005-10-12 23:15:43 C:\WINDOWS\SoftwareDistribution\Download\f481ea94a34c702b77bda577798d89f0\update\updspapi.dll
----a-w 124,928 2007-08-20 09:59:29 C:\WINDOWS\system32\advpack.dll
----a-w 214,528 2007-08-20 09:59:29 C:\WINDOWS\system32\dxtrans.dll
----a-w 132,608 2007-08-20 09:59:29 C:\WINDOWS\system32\extmgr.dll
----a-w 63,488 2007-08-20 09:59:29 C:\WINDOWS\system32\icardie.dll
----a-w 63,488 2007-08-17 10:22:11 C:\WINDOWS\system32\ie4uinit.exe
----a-w 153,088 2007-08-20 09:59:29 C:\WINDOWS\system32\ieakeng.dll
----a-w 230,400 2007-08-20 09:59:29 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\ieakui.dll
----a-w 383,488 2007-08-20 09:59:29 C:\WINDOWS\system32\ieapfltr.dll
----a-w 384,512 2007-08-20 09:59:29 C:\WINDOWS\system32\iedkcs32.dll
----a-w 6,058,496 2007-08-20 09:59:29 C:\WINDOWS\system32\ieframe.dll
----a-w 44,544 2007-08-20 09:59:29 C:\WINDOWS\system32\iernonce.dll
----a-w 267,776 2007-08-20 09:59:30 C:\WINDOWS\system32\iertutil.dll
----a-w 13,824 2007-08-17 10:22:11 C:\WINDOWS\system32\ieudinit.exe
----a-w 683,520 2007-08-21 06:17:23 C:\WINDOWS\system32\inetcomm.dll
----a-w 27,648 2007-08-20 09:59:30 C:\WINDOWS\system32\jsproxy.dll
----a-w 7,680 2007-04-13 13:19:52 C:\WINDOWS\system32\lsdelete.exe
----a-w 18,089,592 2007-09-28 05:19:39 C:\WINDOWS\system32\MRT.exe
----a-w 459,264 2007-08-20 09:59:30 C:\WINDOWS\system32\msfeeds.dll
----a-w 52,224 2007-08-20 09:59:30 C:\WINDOWS\system32\msfeedsbs.dll
----a-w 3,584,512 2007-08-20 09:59:30 C:\WINDOWS\system32\mshtml.dll
----a-w 477,696 2007-08-20 09:59:30 C:\WINDOWS\system32\mshtmled.dll
----a-w 193,024 2007-08-20 09:59:30 C:\WINDOWS\system32\msrating.dll
----a-w 671,232 2007-08-20 09:59:30 C:\WINDOWS\system32\mstime.dll
----a-w 102,400 2007-08-20 09:59:31 C:\WINDOWS\system32\occache.dll
----a-w 584,192 2007-07-09 13:11:46 C:\WINDOWS\system32\rpcrt4.dll
----a-w 105,984 2007-08-20 09:59:31 C:\WINDOWS\system32\url.dll
----a-w 1,152,000 2007-08-20 09:59:31 C:\WINDOWS\system32\urlmon.dll
----a-w 232,960 2007-08-20 09:59:31 C:\WINDOWS\system32\webcheck.dll
----a-w 824,832 2007-08-20 09:59:31 C:\WINDOWS\system32\wininet.dll
-c--a-w 124,928 2007-08-20 09:59:29 C:\WINDOWS\system32\dllcache\advpack.dll
-c--a-w 214,528 2007-08-20 09:59:29 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c--a-w 132,608 2007-08-20 09:59:29 C:\WINDOWS\system32\dllcache\extmgr.dll
-c----w 63,488 2007-08-20 09:59:29 C:\WINDOWS\system32\dllcache\icardie.dll
-c--a-w 63,488 2007-08-17 10:22:11 C:\WINDOWS\system32\dllcache\ie4uinit.exe
-c--a-w 153,088 2007-08-20 09:59:29 C:\WINDOWS\system32\dllcache\ieakeng.dll
-c--a-w 230,400 2007-08-20 09:59:29 C:\WINDOWS\system32\dllcache\ieaksie.dll
-c--a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\dllcache\ieakui.dll
-c----w 383,488 2007-08-20 09:59:29 C:\WINDOWS\system32\dllcache\ieapfltr.dll
-c--a-w 384,512 2007-08-20 09:59:29 C:\WINDOWS\system32\dllcache\iedkcs32.dll
-c----w 6,058,496 2007-08-20 09:59:29 C:\WINDOWS\system32\dllcache\ieframe.dll
-c--a-w 44,544 2007-08-20 09:59:29 C:\WINDOWS\system32\dllcache\iernonce.dll
-c----w 267,776 2007-08-20 09:59:30 C:\WINDOWS\system32\dllcache\iertutil.dll
-c----w 13,824 2007-08-17 10:22:11 C:\WINDOWS\system32\dllcache\ieudinit.exe
-c--a-w 625,152 2007-08-17 10:22:32 C:\WINDOWS\system32\dllcache\iexplore.exe
-c--a-w 683,520 2007-08-21 06:17:23 C:\WINDOWS\system32\dllcache\inetcomm.dll
-c--a-w 27,648 2007-08-20 09:59:30 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c----w 459,264 2007-08-20 09:59:30 C:\WINDOWS\system32\dllcache\msfeeds.dll
-c----w 52,224 2007-08-20 09:59:30 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
-c--a-w 3,584,512 2007-08-20 09:59:30 C:\WINDOWS\system32\dllcache\mshtml.dll
-c--a-w 477,696 2007-08-20 09:59:30 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c--a-w 193,024 2007-08-20 09:59:30 C:\WINDOWS\system32\dllcache\msrating.dll
-c--a-w 671,232 2007-08-20 09:59:30 C:\WINDOWS\system32\dllcache\mstime.dll
-c--a-w 102,400 2007-08-20 09:59:31 C:\WINDOWS\system32\dllcache\occache.dll
-c--a-w 584,192 2007-07-09 13:11:46 C:\WINDOWS\system32\dllcache\rpcrt4.dll
-c--a-w 105,984 2007-08-20 09:59:31 C:\WINDOWS\system32\dllcache\url.dll
-c--a-w 1,152,000 2007-08-20 09:59:31 C:\WINDOWS\system32\dllcache\urlmon.dll
-c--a-w 232,960 2007-08-20 09:59:31 C:\WINDOWS\system32\dllcache\webcheck.dll
-c--a-w 824,832 2007-08-20 09:59:31 C:\WINDOWS\system32\dllcache\wininet.dll
----a-w 6,272 2007-06-04 13:14:56 C:\WINDOWS\system32\drivers\AWRTPD.sys
----a-w 73,728 2007-10-07 20:48:46 C:\WINDOWS\system32\VirtualExpander\VEShellExt.dll
----a-w 430,080 2005-03-31 12:32:22 C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
----atw 16,384 2007-10-10 18:02:44 C:\WINDOWS\Temp\Perflib_Perfdata_2f4.dat
----atw 16,384 2007-10-10 18:02:27 C:\WINDOWS\Temp\Perflib_Perfdata_73c.dat
.
----a-r 1,165,584 2007-09-19 12:03:15 C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
----a-r 20,240 2007-09-19 12:03:16 C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
----a-r 159,504 2007-09-19 12:03:15 C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
----a-r 217,864 2007-09-19 12:03:16 C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
----a-r 18,704 2007-09-19 12:03:16 C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
----a-r 35,088 2007-09-19 12:03:16 C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
----a-r 845,584 2007-09-19 12:03:16 C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
----a-r 922,384 2007-09-19 12:03:16 C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
----a-r 272,648 2007-09-19 12:03:16 C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
----a-r 888,080 2007-09-19 12:03:16 C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
----a-r 1,172,240 2007-09-19 12:03:15 C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
----a-w 124,928 2007-06-27 13:22:39 C:\WINDOWS\system32\advpack.dll
----a-w 214,528 2006-10-17 09:57:50 C:\WINDOWS\system32\dxtrans.dll
----a-w 132,608 2007-06-27 13:22:40 C:\WINDOWS\system32\extmgr.dll
------w 61,952 2006-10-17 09:58:20 C:\WINDOWS\system32\icardie.dll
----a-w 63,488 2007-06-27 08:27:04 C:\WINDOWS\system32\ie4uinit.exe
----a-w 153,088 2007-06-27 13:22:40 C:\WINDOWS\system32\ieakeng.dll
----a-w 230,400 2007-06-27 13:22:42 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2007-06-27 07:00:33 C:\WINDOWS\system32\ieakui.dll
----a-w 383,488 2007-06-27 13:22:45 C:\WINDOWS\system32\ieapfltr.dll
----a-w 384,512 2007-06-27 13:22:48 C:\WINDOWS\system32\iedkcs32.dll
----a-w 6,058,496 2007-06-27 13:23:23 C:\WINDOWS\system32\ieframe.dll
----a-w 44,544 2007-06-27 13:23:23 C:\WINDOWS\system32\iernonce.dll
----a-w 267,776 2007-06-27 13:23:25 C:\WINDOWS\system32\iertutil.dll
----a-w 13,824 2007-06-27 08:27:05 C:\WINDOWS\system32\ieudinit.exe
----a-w 683,520 2007-05-16 15:13:53 C:\WINDOWS\system32\inetcomm.dll
----a-w 27,648 2007-06-27 13:23:31 C:\WINDOWS\system32\jsproxy.dll
----a-w 17,474,680 2007-09-05 17:50:44 C:\WINDOWS\system32\MRT.exe
----a-w 459,264 2007-06-27 13:23:32 C:\WINDOWS\system32\msfeeds.dll
----a-w 52,224 2007-06-27 13:23:32 C:\WINDOWS\system32\msfeedsbs.dll
----a-w 3,856,384 2007-07-19 06:58:09 C:\WINDOWS\system32\mshtml.dll
----a-w 477,696 2007-06-27 13:24:06 C:\WINDOWS\system32\mshtmled.dll
----a-w 193,024 2007-06-27 13:24:07 C:\WINDOWS\system32\msrating.dll
----a-w 671,232 2007-06-27 13:24:09 C:\WINDOWS\system32\mstime.dll
----a-w 163,840 2007-06-27 13:24:09 C:\WINDOWS\system32\occache.dll
----a-w 581,120 2004-08-05 12:00:00 C:\WINDOWS\system32\rpcrt4.dll
----a-w 62,464 2007-06-27 13:24:10 C:\WINDOWS\system32\url.dll
----a-w 1,225,728 2007-06-27 13:24:14 C:\WINDOWS\system32\urlmon.dll
----a-w 393,728 2007-06-27 13:24:15 C:\WINDOWS\system32\webcheck.dll
----a-w 814,592 2007-06-27 13:24:19 C:\WINDOWS\system32\wininet.dll
-c--a-w 124,928 2007-06-27 13:22:39 C:\WINDOWS\system32\dllcache\advpack.dll
-c--a-w 214,528 2006-10-17 09:57:50 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c--a-w 132,608 2007-06-27 13:22:40 C:\WINDOWS\system32\dllcache\extmgr.dll
-c--a-w 63,488 2007-06-27 08:27:04 C:\WINDOWS\system32\dllcache\ie4uinit.exe
-c--a-w 153,088 2007-06-27 13:22:40 C:\WINDOWS\system32\dllcache\ieakeng.dll
-c--a-w 230,400 2007-06-27 13:22:42 C:\WINDOWS\system32\dllcache\ieaksie.dll
-c--a-w 161,792 2007-06-27 07:00:33 C:\WINDOWS\system32\dllcache\ieakui.dll
-c----w 383,488 2007-06-27 13:22:45 C:\WINDOWS\system32\dllcache\ieapfltr.dll
-c--a-w 384,512 2007-06-27 13:22:48 C:\WINDOWS\system32\dllcache\iedkcs32.dll
-c----w 6,058,496 2007-06-27 13:23:23 C:\WINDOWS\system32\dllcache\ieframe.dll
-c--a-w 44,544 2007-06-27 13:23:23 C:\WINDOWS\system32\dllcache\iernonce.dll
-c----w 267,776 2007-06-27 13:23:25 C:\WINDOWS\system32\dllcache\iertutil.dll
-c----w 13,824 2007-06-27 08:27:05 C:\WINDOWS\system32\dllcache\ieudinit.exe
-c--a-w 625,152 2007-06-27 08:28:24 C:\WINDOWS\system32\dllcache\iexplore.exe
-c--a-w 683,520 2007-05-16 15:13:53 C:\WINDOWS\system32\dllcache\inetcomm.dll
-c--a-w 27,648 2007-06-27 13:23:31 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c----w 459,264 2007-06-27 13:23:32 C:\WINDOWS\system32\dllcache\msfeeds.dll
-c----w 52,224 2007-06-27 13:23:32 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
-c--a-w 3,856,384 2007-07-19 06:58:09 C:\WINDOWS\system32\dllcache\mshtml.dll
-c--a-w 477,696 2007-06-27 13:24:06 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c--a-w 193,024 2007-06-27 13:24:07 C:\WINDOWS\system32\dllcache\msrating.dll
-c--a-w 671,232 2007-06-27 13:24:09 C:\WINDOWS\system32\dllcache\mstime.dll
-c--a-w 163,840 2007-06-27 13:24:09 C:\WINDOWS\system32\dllcache\occache.dll
-c--a-w 581,120 2004-08-05 12:00:00 C:\WINDOWS\system32\dllcache\rpcrt4.dll
-c--a-w 62,464 2007-06-27 13:24:10 C:\WINDOWS\system32\dllcache\url.dll
-c--a-w 1,225,728 2007-06-27 13:24:14 C:\WINDOWS\system32\dllcache\urlmon.dll
-c--a-w 393,728 2007-06-27 13:24:15 C:\WINDOWS\system32\dllcache\webcheck.dll
-c--a-w 814,592 2007-06-27 13:24:19 C:\WINDOWS\system32\dllcache\wininet.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0EC5F82D-19B9-4CB9-BBAF-27274469300E}]
2007-10-03 17:44 307808 --a------ C:\WINDOWS\system32\sstqr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07]
"nwiz"="nwiz.exe" [2007-09-17 01:07 C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 C:\WINDOWS\KHALMNPR.Exe]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 17:06]
"PMCS"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" [2006-04-27 15:47]
"Pinnacle WebUpdater"="C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" [2006-03-26 12:10]
"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2006-04-27 15:45]
"EPSON Stylus Photo RX420 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.exe" [2004-04-09 03:00]
"Auto EPSON Stylus Photo RX420 Series sur PC-DE-CARO"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.exe" [2004-04-09 03:00]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 10:14]
"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 10:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07]
"!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
"PMCS"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" [2006-04-27 15:47]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 13:24]
"LaunchList"="D:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 15:41]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 14:20]
"Free Uploader Oe Integration"="D:\Program Files\Free Download Manager\FUM\fumoei.exe" [2007-06-10 19:02]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\sstqr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys
R0 SiWinAcc;SiWinAcc;C:\WINDOWS\system32\drivers\SiWinAcc.sys
R3 3xHybrid;Pinnacle PCTV 310i Stereo DVB-T;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S0 si3112;si3112;C:\WINDOWS\system32\drivers\si3112.sys
S3 s116bus;Sony Ericsson Device 116 driver (WDM);C:\WINDOWS\system32\DRIVERS\s116bus.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-09-13 15:39:38 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-10 20:03:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-10 20:06:28 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-10 20:06
C:\ComboFix2.txt ... 2007-10-07 00:52
.
--- E O F ---
0
Réponse 23 / 49
duflox Messages postés 1987 Date d'inscription   Statut Membre Dernière intervention   43
 
ok tres bien

refais moi un rapport hijackthis

merci
0
Réponse 24 / 49
sebcbien49 Messages postés 28 Date d'inscription   Statut Membre Dernière intervention  
 
Voilà :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:16:19, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\Free Download Manager\FUM\fumoei.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\Hercules\WiFi Station\WifiStation.exe
D:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
D:\Program Files\Trend Micro\HijackThis\Scanner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {0EC5F82D-19B9-4CB9-BBAF-27274469300E} - C:\WINDOWS\system32\sstqr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo RX420 Series sur PC-DE-CARO] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P51 "Auto EPSON Stylus Photo RX420 Series sur PC-DE-CARO" /O24 "\\PC-DE-CARO\Imprimante3" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [LaunchList] D:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Free Uploader Oe Integration] D:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Rainmeter.lnk = D:\Program Files\Rainmeter\Rainmeter.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\WINDOWS\system32\shdocvw.dll
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 49
duflox Messages postés 1987 Date d'inscription   Statut Membre Dernière intervention   43
 
Télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.


double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.


Citation :

C:\WINDOWS\system32\sstqr.dll
C:\WINDOWS\system32\rqtss.dll

clique sur MoveIt! pour lancer la suppression.
le résultat apparaîtra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

puis refais moi un rapport hijackthis
0
Réponse 26 / 49
sebcbien49 Messages postés 28 Date d'inscription   Statut Membre Dernière intervention  
 
Voici le rapport OTMoveIt (sstqr.dll est vraiment corriace...) :

LoadLibrary failed for C:\WINDOWS\system32\sstqr.dll
C:\WINDOWS\system32\sstqr.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\sstqr.dll scheduled to be moved on reboot.
File/Folder C:\WINDOWS\system32\rqtss.dll not found.

Created on 10/10/2007 20:28:16


Et le HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:34:27, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
D:\Program Files\Rainmeter\Rainmeter.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
D:\Program Files\Trend Micro\HijackThis\Scanner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {C619D00C-ED7F-40C4-80E5-DD2A163CE0DC} - C:\WINDOWS\system32\sstqr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo RX420 Series sur PC-DE-CARO] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P51 "Auto EPSON Stylus Photo RX420 Series sur PC-DE-CARO" /O24 "\\PC-DE-CARO\Imprimante3" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [LaunchList] D:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Free Uploader Oe Integration] D:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Rainmeter.lnk = D:\Program Files\Rainmeter\Rainmeter.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\WINDOWS\system32\shdocvw.dll
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
0
Réponse 27 / 49
duflox Messages postés 1987 Date d'inscription   Statut Membre Dernière intervention   43
 
relance hijackthis puis clic sur "do a system scan only"

apres le scan coche ces lignes et seulement celles ci !!

C:\WINDOWS\system32\sstqr.dll

referme ton navigateur (internet explorer ) puis clic sur " fix check"

puis

Télécharge et installe CCleaner (n'installe pas la barre d'outil Yahoo)
---> http://www.infos-du-net.com/telecharger/CCleaner,0301-1039.html

- Dans la colonne de gauche clic sur "registre" coches toutes les cases, puis clic en bas sur "chercher des erreurs" une fois terminé, clic sur "réparer les erreurs" et tu auras un message pour sauvegarder ta base de registre tu clic "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs.
Les sauvegardes que tu aura faites, tu pourras les supprimer si ton ordinateur n'a plus de problèmes.

- Relance Ccleaner, vas dans l'onglet "nettoyeur" présent sur la gauche, décoches la dernière case (Avancé si elle est cochée) puis clic sur "lancer le nettoyage"

Si tu as besoin d'aide avec Ccleaner, regarde ce tutorial :
https://www.malekal.com/tutoriel-ccleaner/

Et suis les instructions donnée dans ce lien :
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm
0
Réponse 28 / 49
sebcbien49 Messages postés 28 Date d'inscription   Statut Membre Dernière intervention  
 
Ca y est tout est fait. Je joins un rapport HijackThis (sstqr.dll toujours présent...) :-(

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:03:42, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
D:\Program Files\Rainmeter\Rainmeter.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
D:\Program Files\Trend Micro\HijackThis\Scanner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {C619D00C-ED7F-40C4-80E5-DD2A163CE0DC} - C:\WINDOWS\system32\sstqr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo RX420 Series sur PC-DE-CARO] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P51 "Auto EPSON Stylus Photo RX420 Series sur PC-DE-CARO" /O24 "\\PC-DE-CARO\Imprimante3" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [LaunchList] D:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Free Uploader Oe Integration] D:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Rainmeter.lnk = D:\Program Files\Rainmeter\Rainmeter.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\WINDOWS\system32\shdocvw.dll
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
0
Réponse 29 / 49
sebcbien49 Messages postés 28 Date d'inscription   Statut Membre Dernière intervention  
 
Bonne nouvelle ce matin.
Au démarrage de windows, pas d'alerte Avast et au démarrage de Firefox, pas de fenêtres publicitaires IE.
Je vais refaire quelques scan et je posterais les résultats.
A+
0
Réponse 30 / 49
sebcbien49 Messages postés 28 Date d'inscription   Statut Membre Dernière intervention  
 
Encore une bonne nouvelle !
Après un scan Spybot, Virtumonde semble avoir disparu.

Moins bonne nouvelle, voilà tout ce qu'il a trouvé : AdRevolver, DoubleClick, FastClick, HitBox, MediaPlex, Tradedoubler, WebTrends live.

Je continue avec un scan ad-aware...
0
Réponse 31 / 49
sebcbien49 Messages postés 28 Date d'inscription   Statut Membre Dernière intervention  
 
Voilà le log du scan ad-aware (je t'épargne la liste du déroulement du scan fichier par fichier)

Je n'avais pas mis de pare-feu car je pensais que celui de windows suffisait. J'ai fait quelques recherches et en effet c'est apparemment une vraie passoire. J'ai donc choisi et installé ZoneAlarm qui me paraissait pas mal (Bon choix ?).

Je vais faire un test AVG AS et retenter un Spybot pour voir si Virtumonde est revenu.

Je joins le résultat de mon scan ad-aware :
Ad-Aware 2007 Build
Log File Created on: 2007-10-11 14:48:31
Using Definitions File: C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef
Computer name: PC-DE-SEB
Name of user performing scan: SYSTEM

System information
===========================
Number of processors: 1
Processor type: AMD Athlon(tm) XP 3200+
Memory Available: 57%
Total Physical Memory: 2146942976 Bytes
Available Physical Memory: 1208881152 Bytes
Total Page File Size: 4134813696 Bytes
Available On Page File: 3350364160 Bytes
Total Virtual Memory: 2147352576 Bytes
Available Virtual Memory: 1989279744 Bytes
OS: Microsoft Windows XP Service Pack 2 (Build 2600)

Ad-Aware 2007 Settings
===========================
Skipping files larger than 1048576 kB
Ignoring infections with lower TAI than: 3


Extended Ad-Aware 2007 Settings
===========================
Unloading known modules during scan
Ignoring spanned files when scanning cab archives
Scanning registry for all users
Using permanent archive caching
Reanalyzing results after scanning before displaying results
Trying to unload modules prior to removal
Let Windows remove files currently in use at next reboot
Removing quarantined objects after restore
Logging Ad-Aware events
Blocking Pop-Ups aggressively
Deactivating Ad-Watch during scans
Writeprotecting system files after repairs
Including Ad-aware command line parameters in log file
Include info about ignored objects in log file
Including basic settings in log file
Including advanced settings in log file
Including user and computer name in log file
Include reference summary in log file
Creating log file for removal operations
Including module info in log file
Include Alternate Data Stream details in log file
Create and save WebUpdate log file

Databaseinfo
===========================
Version number: 25
Build Number: 0
Build Date and Time: 2007/10/08 08:52:24

Scan Statistics
===========================
Method: Full
Scan tracking cookies.............................: On
Scan ADS filestreams..............................: Off

Item Scanned: 314298
Infections Detected: 15
Infections Ignored: 0

Scan detailed statistics
===========================
Type Critical Total
Process Scan....: 0 0
Registry Scan...: 0 0
Registry PE Scan: 0 0
Hosts File Scan.: 0 0
File Scan.......: 0 0
Folder Scan.....: 0 0
LSP Scan........: 0 0
ADS Scan........: 0 0
Cookie Scan.....: 14 14
File Hash Scan..: 0 0

Infections Found
===========================
Family Id: 725 Name: Tracking Cookie Category: DataMiner TAI:3
Item Id: 600000449 Value: Browser: Firefox Cookie: C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles/l978jts6.default\cookies.txt adultfriendfinder.com HISTORY /
Item Id: 600000449 Value: Browser: Firefox Cookie: C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles/l978jts6.default\cookies.txt adultfriendfinder.com ffadult_tr /
Item Id: 600000225 Value: Browser: Firefox Cookie: C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles/l978jts6.default\cookies.txt weborama.fr AFFICHE_W /
Item Id: 600000001 Value: Browser: Firefox Cookie: C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles/l978jts6.default\cookies.txt smartadserver.com TestIfCookieP /
Item Id: 600000001 Value: Browser: Firefox Cookie: C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles/l978jts6.default\cookies.txt smartadserver.com pid /
Item Id: 600000001 Value: Browser: Firefox Cookie: C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles/l978jts6.default\cookies.txt smartadserver.com pbwmaj /
Item Id: 600000001 Value: Browser: Firefox Cookie: C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles/l978jts6.default\cookies.txt smartadserver.com pbw /
Item Id: 600000201 Value: Browser: Firefox Cookie: C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles/l978jts6.default\cookies.txt media.adrevolver.com BIGipServerar-slave /
Item Id: 600000201 Value: Browser: Firefox Cookie: C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles/l978jts6.default\cookies.txt media.adrevolver.com uid /adrevolver/
Item Id: 600000201 Value: Browser: Firefox Cookie: C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles/l978jts6.default\cookies.txt media.adrevolver.com freq /adrevolver/
Item Id: 600000201 Value: Browser: Firefox Cookie: C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles/l978jts6.default\cookies.txt media.adrevolver.com adrevid /
Item Id: 600000201 Value: Browser: Firefox Cookie: C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles/l978jts6.default\cookies.txt adrevolver.com adrev_adpath /
Item Id: 600000144 Value: Browser: Firefox Cookie: C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles/l978jts6.default\cookies.txt doubleclick.net id /
Item Id: 600000201 Value: Browser: Firefox Cookie: C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles/l978jts6.default\cookies.txt adrevolver.com prefs /
Family Id: 9999 Name: MRU Object Category: MRU Object TAI:0
Item Id: 1 Value: MRU Path: C:\Documents and Settings\Sébastien\Recent Count: 3
0
Réponse 32 / 49
sebcbien49 Messages postés 28 Date d'inscription   Statut Membre Dernière intervention  
 
Voilà mon rapport AVG AS :


---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 16:05:24 11/10/2007

+ Résultat de l'analyse:



:mozilla.21:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\l978jts6.default\cookies.txt -> TrackingCookie.Connextra : Nettoyé.
:mozilla.22:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\l978jts6.default\cookies.txt -> TrackingCookie.Connextra : Nettoyé.
:mozilla.36:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\l978jts6.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.37:C:\Documents and Settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\l978jts6.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.


Fin du rapport
0
Réponse 33 / 49
duflox Messages postés 1987 Date d'inscription   Statut Membre Dernière intervention   43
 
tres tres bien

as tu encore des problemes?
0
Réponse 34 / 49
sebcbien49 Messages postés 28 Date d'inscription   Statut Membre Dernière intervention  
 
Ca a l'air beaucoup mieux, en tout cas jusqu'à maintenant.
Je viens de faire un spybot et il ne m'a rien trouvé, même chose avec le scan bittorent en ligne.
Le problème à l'air d'être résolu mais apparemment il faut être prudent car Virtumonde peut réapparaître après 2 ou 3 jours, non ?
La seule chose qui m'embête un peu c'est de ne pas avoir réussi à supprimer le fichier sstqr.dll (cf HijackThis) mais bon si je n'ai plus de problèmes c'est pas grave.
En tout cas je te remercie beaucoup !!!!!! OTMoveIt a été efficace pour moi.

Je vais attendre 2 ou 3 jours pour vérifier si tout fonctionne correctement et si c'est le cas, je re-posterais un message pour indiquer que le problème est résolu.

En tout cas merci beaucoup duflox tu as été génial.
A+

PS : S'il te plaît, jette un oeuil dans 2 ou 3 jours au cas ou le problème serait revenu.
0
Réponse 35 / 49
duflox Messages postés 1987 Date d'inscription   Statut Membre Dernière intervention   43
 
pas de probleme tiens moi au courant

a+++
0
Réponse 36 / 49
sebcbien49 Messages postés 28 Date d'inscription   Statut Membre Dernière intervention  
 
NNNNnnnnooooooooooonnnnnnnnnnn !!!!!!!!!!
J'ai crié victoire trop tôt !
Je vais encore t'embêter.

Tout avait l'air d'être normal et il y a 10 mn, j'ouvre une page internet et à ce moment là, la barre du menu démarrer disparaît, les îcones du bureau aussi et une fenêtre IE s'ouvre avec la publicité pour antivirus ou je ne sais quoi apparaît. Ca recommence...

Alors je redémarre mon ordi, j'ouvre Firefox et... une fenêtre IE s'ouvre avec la pub.
Je mettrais ma main à couper que si j'effectue un Spybot je trouve Virtumonde. C'est vraiment une saleté ce truc !!!

Que faire ???
0
Réponse 37 / 49
sebcbien49 Messages postés 28 Date d'inscription   Statut Membre Dernière intervention  
 
Malheureusement j'ai gagné !
Voilà ce que spybot m'a trouvé : Virtumonde, Tradedoubler, Statcounter, Clickbank
0
Réponse 38 / 49
duflox Messages postés 1987 Date d'inscription   Statut Membre Dernière intervention   43
 
fais un scan avec ceci:

http://support.f-secure.fr/fra/home/ols.shtml

puis colle le rapport.

a+
0
Réponse 39 / 49
sebcbien49 Messages postés 28 Date d'inscription   Statut Membre Dernière intervention  
 
En fait hier je suis allé sur ce site : https://virusscan.jotti.org/
Il permet d'analyser un fichier avec plein d'antivirus différents.
J'ai analysé sstqr.dll et seulement 2 antivirus l'ont identifié comme vundo dont Antivir. Je ne connaissais pas Antivir donc je me suis renseigné et c'est un antivirus gratuit qui a l'air d'être assez puissant (ms pas en français).
J'ai donc désinstallé Avast pour mettre Antivir. Après MAJ je réalise un scan et il me trouve de nombreux fichiers infectés (vundo et autres) que Avast et scan Bitdefender en ligne n'avaient pas trouvé.
Il a même réussi à éliminé sstqr.dll qui paraissait presque impossible à enlever (diverses méthodes essayées).
Ce logiciel a donc l'air assez puissant.

Voici mon rapport HijackThis après le scan Antivir et un petit ccleaner :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:19, on 13/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Free Download Manager\FUM\fumoei.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\Hercules\WiFi Station\WifiStation.exe
D:\Program Files\Rainmeter\Rainmeter.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {731632DB-C4E3-4B11-9138-64A5973CF6CE} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo RX420 Series sur PC-DE-CARO] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P51 "Auto EPSON Stylus Photo RX420 Series sur PC-DE-CARO" /O24 "\\PC-DE-CARO\Imprimante3" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\cmd.exe /c cd /d C:\ComboFix\ & Combobatch.bat
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [LaunchList] D:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Free Uploader Oe Integration] D:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Rainmeter.lnk = D:\Program Files\Rainmeter\Rainmeter.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WiFi Station.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\WINDOWS\system32\shdocvw.dll
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase2895.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 40 / 49
sebcbien49 Messages postés 28 Date d'inscription   Statut Membre Dernière intervention  
 
Voila le rapport F-Secure :

Scanning Report
Saturday, October 13, 2007 11:19:36 - 12:12:49

Computer name: PC-DE-SEB
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
Result: 10 malware found
LdPinch.EMR (virus)

* D:\PROGRAM FILES\RAINMETER\UNINST.EXE (Submitted)

Tracking Cookie (spyware)

* System (Disinfected)
* System
* System

Vundo.gen39 (virus)

* C:\WINDOWS\SYSTEM32\EUVEVSIT.INI (Submitted)
* C:\WINDOWS\SYSTEM32\LKJGDTGU.INI (Submitted)
* C:\WINDOWS\SYSTEM32\NPVIYMOQ.INI (Submitted)
* C:\WINDOWS\SYSTEM32\OTUVJHQH.INI (Submitted)
* C:\WINDOWS\SYSTEM32\TFTUUKKA.INI (Submitted)
* C:\WINDOWS\SYSTEM32\YHVLEADX.INI (Submitted)

Statistics
Scanned:

* Files: 50832
* System: 4614
* Not scanned: 4

Actions:

* Disinfected: 1
* Renamed: 0
* Deleted: 0
* None: 9
* Submitted: 7

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{5FBBBBC3-9072-4F99-8D79-4E631CAAA278}.BIN

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2007-10-12
* F-Secure AVP: 7.0.171, 2007-10-12
* F-Secure Orion: 1.2.37, 2007-10-12
* F-Secure Blacklight: 1.0.64
* F-Secure Draco: 1.0.35, 0597-150-72
* F-Secure Pegasus: 1.19.0, 2007-09-11

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
* Use Advanced heuristics
0

Discussions similaires

apparation intempestives de pub type site de rencontre et photo dans le même ton
Crokino -
Crokino -

6 réponses
Publicités : même son coupé, elles sont à fond
Leboss104 -
loisou17 -

5 réponses
Problème de son dans les pubs
SoleneH -
fanou10 -

3 réponses
Pubs sites de rencontre intempestives
ant44 -
Malekal_morte- -

11 réponses
Publicité s'ouvre toute seule ! ?
RRD91 -
Vinz -

52 réponses