Trojan.virtumonde

emiliano -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,
j'ai donc été infecté par un trojan le trojan.virtumonde

voici le scan de Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 21:03:50, on 4/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\LSUpdateManager.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {DD87866A-34C6-431E-85F1-BC621B81286C} - C:\WINDOWS\system32\vtsqn.dll
O2 - BHO: {b7c9ee7f-c431-ad6a-70c4-c2d1c59fd1ee} - {ee1df95c-1d2c-4c07-a6da-134cf7ee9c7b} - C:\WINDOWS\system32\oactpsju.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [e0b9feae] rundll32.exe "C:\WINDOWS\system32\sgjimuun.dll",b
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00A0D4C.dat
O20 - Winlogon Notify: lekonqib - lekonqib.dll (file missing)
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: printers - {69AAB65A-5A4B-4CCB-B8A1-943CCF771BFD} - libcintles3.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\uemmgaym.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Configuration: Windows XP
Firefox 2.0.0.11

56 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Infection par un trojan nommé Virtumonde est évoquée avec un log HijackThis détaillant de multiples processus système et des modules potentiellement malveillants, ainsi que des entrées et services suspects dans le registre. Des mesures proposées incluent démarrer en mode sans échec, exécuter SDFix et procéder à des mises à jour de Java, afin de neutraliser les composants tenaces et préparer le nettoyage. D'autres observations soulignent l'installation d'outils anti-malware comme Spyware Doctor, Ad-Aware et McAfee, et l'ajustement des démarrages pour supprimer des éléments suspects et sécuriser la machine. En complément, il est recommandé de nettoyer les entrées O20 et O23 et de vérifier les services tiers, afin d'éviter des réinfections et d'assurer une détection plus fiable.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut emiliano,

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    0
  2. g!rly Messages postés 18462 Statut Contributeur 407
     
    merci david de ne pas polluer les topiks...
    0
  3. emiliendiego Messages postés 45 Statut Membre 4
     
    ComboFix 07-12-02.6 - myriam 2007-12-04 22:07:36.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.332 [GMT 1:00]
    Running from: C:\Documents and Settings\myriam\Bureau\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\d.exe
    C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
    C:\Documents and Settings\myriam\new.txt
    C:\Program Files\Fichiers communs\microsoft shared\web folders\ibm00001.dll
    C:\Program Files\Fichiers communs\microsoft shared\web folders\ibm00002.dll
    C:\WINDOWS\system32\__c00F4678.dat
    C:\WINDOWS\system32\4_exception.nls
    C:\WINDOWS\system32\drivers\Afxd63.sys
    C:\WINDOWS\system32\drivers\ctl_w32.sys
    C:\WINDOWS\system32\drivers\Cuxn86.sys
    C:\WINDOWS\system32\drivers\ip6fw.sys
    C:\WINDOWS\system32\drivers\Itvk74.sys
    C:\WINDOWS\system32\drivers\Qqka42.sys
    C:\WINDOWS\system32\drivers\Rar32.sys
    C:\WINDOWS\system32\drivers\Rcay41.sys
    C:\WINDOWS\system32\drivers\symavc32.sys
    C:\WINDOWS\system32\drivers\Ttxy79.sys
    C:\WINDOWS\system32\drivers\Xsl38.sys
    C:\WINDOWS\system32\hgagupat.exe
    C:\WINDOWS\system32\lekonqib.dllbox
    C:\WINDOWS\system32\mgabqtqr.dll
    C:\WINDOWS\system32\nnruoplt.ini
    C:\WINDOWS\system32\nqstv.ini
    C:\WINDOWS\system32\nqstv.ini2
    C:\WINDOWS\system32\rnrequdm.dll
    C:\WINDOWS\system32\tlpournn.dll
    C:\WINDOWS\system32\xpdx.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_CTL_W32
    -------\LEGACY_DOMAINSERVICE
    -------\LEGACY_NTMLSVC
    -------\LEGACY_RUNTIME
    -------\DomainService
    -------\NtmlSvc
    -------\runtime
    -------\symavc32

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-04 to 2007-12-04 ))))))))))))))))))))))))))))))))))))
    .

    2007-12-04 22:02 . 2007-12-04 22:02 145,984 --a------ C:\WINDOWS\system32\nnxojtfn.dll
    2007-12-04 20:59 . 2007-12-04 21:03 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
    2007-12-04 20:29 . 2007-12-04 20:29 <REP> d-------- C:\Program Files\Lavasoft
    2007-12-04 20:28 . 2007-12-04 20:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-12-04 19:06 . 2007-12-04 19:06 <REP> d-------- C:\Documents and Settings\myriam\Application Data\Grisoft
    2007-12-04 19:05 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-12-04 17:05 . 2007-12-04 17:06 <REP> d-------- C:\Program Files\Spyware Doctor
    2007-12-04 17:05 . 2007-12-04 17:05 <REP> d-------- C:\Documents and Settings\myriam\Application Data\PC Tools
    2007-12-04 17:05 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-12-04 17:05 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-12-04 17:05 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-12-04 17:05 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-12-04 17:05 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2007-12-04 16:51 . 2007-12-04 18:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2007-12-03 21:15 . 2007-12-03 21:15 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2007-12-03 20:30 . 2007-12-03 20:30 4,672 --a------ C:\WINDOWS\system32\vnuopmnc.exe
    2007-12-03 20:27 . 2007-12-03 20:27 85,056 --a------ C:\WINDOWS\system32\sgjimuun.dll
    2007-12-03 20:27 . 2007-12-03 20:27 294 ---hs---- C:\WINDOWS\system32\nuumijgs.ini
    2007-12-03 20:24 . 2007-12-03 20:24 77,376 --a------ C:\WINDOWS\system32\oactpsju.dll
    2007-12-03 20:23 . 2007-12-03 20:46 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2007-12-03 20:21 . 2007-12-03 20:21 145,984 --a------ C:\WINDOWS\system32\imrljdbq.dll
    2007-12-03 20:18 . 2007-12-04 20:20 143 --a------ C:\WINDOWS\system32\mcrh.tmp
    2007-12-03 20:17 . 2007-12-03 20:17 10,816 --a------ C:\WINDOWS\system32\efxnbuwu.dll
    2007-12-01 22:01 . 2007-12-01 22:01 324,192 --a------ C:\WINDOWS\system32\vtsqn.dll
    2007-12-01 21:57 . 2007-12-01 21:57 2 --a------ C:\-524681727
    2007-12-01 21:56 . 2007-12-01 21:56 57,856 --a------ C:\pgdxf.exe
    2007-12-01 21:56 . 2007-12-01 21:56 40,448 --a------ C:\WINDOWS\system32\yayxvvu.dll
    2007-12-01 21:56 . 2007-12-01 21:56 20,480 --a------ C:\lhavtq.exe
    2007-11-28 16:11 . 2007-11-28 16:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Firefly Studios
    2007-11-28 13:46 . 2007-11-28 13:46 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2007-11-28 13:45 . 2007-11-28 13:45 <REP> d-------- C:\Program Files\GameShadow
    2007-11-28 13:44 . 2007-11-28 13:44 <REP> d-------- C:\WINDOWS\Downloaded Installations
    2007-11-28 13:33 . 2007-11-28 13:33 <REP> d-------- C:\Program Files\Firefly Studios
    2007-11-15 21:12 . 2007-11-15 21:15 <REP> d-------- C:\Program Files\CDRWIN 6
    2007-11-15 21:11 . 2007-12-04 20:27 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-11-09 11:56 . 2007-11-09 11:56 <REP> d-------- C:\WINDOWS\Profiles
    2007-11-09 11:55 . 2007-11-09 11:55 <REP> d-------- C:\WINDOWS\system32\Adobe
    2007-11-09 11:55 . 2007-11-09 11:55 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2007-11-09 11:55 . 2007-11-09 11:55 <REP> d-------- C:\Program Files\directx
    2007-11-09 11:55 . 1998-10-07 13:54 327,168 --a------ C:\WINDOWS\IsUn0415.exe
    2007-11-09 11:51 . 2007-11-09 11:51 <REP> d-------- C:\Program Files\Enlight Software

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-04 20:03 --------- d-----w C:\Program Files\Hijackthis Version Française
    2007-12-04 19:35 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2007-12-04 19:35 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
    2007-12-04 15:51 --------- d-----w C:\Program Files\Google
    2007-12-03 20:08 --------- d-----w C:\Program Files\Windows Live
    2007-12-03 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-11-28 12:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-10-26 14:01 --------- d-----w C:\Documents and Settings\maxime\Application Data\Apple Computer
    2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
    2007-10-16 18:55 --------- d-----w C:\Program Files\Azureus
    2007-10-10 08:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bags Plus Online Chin
    2007-10-09 14:11 --------- d-----w C:\Documents and Settings\maurice\Application Data\Sports Interactive
    2007-10-08 20:05 --------- d-----w C:\Program Files\LimeWire
    2005-05-10 18:49 37,376 ----a-w C:\WINDOWS\inf\hpz3l3xu.dll
    2005-05-10 18:49 1,055,232 ----a-w C:\WINDOWS\inf\hpz3r3xu.dll
    2005-05-10 18:48 72,192 ----a-w C:\WINDOWS\inf\hpzpr3xu.dll
    2005-05-10 18:48 67,072 ----a-w C:\WINDOWS\inf\hpzpp3xu.dll
    2005-05-10 18:48 515,584 ----a-w C:\WINDOWS\inf\hpzev3xu.dll
    2005-05-10 18:48 1,963,008 ----a-w C:\WINDOWS\inf\hpzui3xu.dll
    2005-05-10 18:48 1,264,640 ----a-w C:\WINDOWS\inf\hpz3a3xu.dll
    2005-05-10 18:20 557,056 ----a-w C:\WINDOWS\inf\hpzss3xu.dll
    2005-05-10 17:22 2,954,752 ----a-w C:\WINDOWS\inf\hpzst3xu.dll
    2005-04-27 18:37 77,824 ----a-w C:\WINDOWS\inf\hpzids01.dll
    2005-03-22 13:31 1,323,008 ----a-w C:\WINDOWS\inf\hpbcfgre.dll
    2005-03-08 11:52 21,744 ----a-w C:\WINDOWS\inf\HPZius12.sys
    2005-03-08 11:52 16,800 ----a-w C:\WINDOWS\inf\hppaufd0.sys
    2005-02-21 15:58 7,718,400 ----a-w C:\WINDOWS\inf\hpfig3xu.dll
    2005-02-21 15:58 177,152 ----a-w C:\WINDOWS\inf\hpfie3xu.dll
    2005-02-04 17:09 16,384 ----a-w C:\WINDOWS\inf\hpfrs3xu.dll
    2004-09-30 08:49 274,432 ----a-w C:\WINDOWS\inf\HPZc3212.dll
    2004-09-29 23:27 16,880 ----a-w C:\WINDOWS\inf\ctpdusb.sys
    2004-09-29 11:38 18,336 ----a-w C:\WINDOWS\inf\hpzuci12.dll
    2004-09-28 12:18 200,704 ----a-w C:\WINDOWS\inf\CTPdeSrv.exe
    2004-09-28 12:09 28,672 ----a-w C:\WINDOWS\inf\PdeSrvps.dll
    2004-09-28 12:09 233,472 ----a-w C:\WINDOWS\inf\CTPmsMan.dll
    2004-09-15 14:27 385,109 ----a-w C:\WINDOWS\inf\ctjb2sp.dll
    2004-08-15 23:02 28,672 ----a-w C:\WINDOWS\inf\Jb4Inst.dll
    2004-08-04 10:24 620,544 ----a-w C:\WINDOWS\inf\UNIRES.DLL
    2004-06-29 13:06 659,456 ----a-w C:\WINDOWS\inf\hpcdmc32.dll
    2003-11-04 23:00 49,152 ----a-w C:\WINDOWS\inf\ctpde.dll
    2003-10-17 03:52 754,560 ----a-w C:\WINDOWS\inf\cmuda.sys
    2003-10-15 10:37 114,688 ----a-w C:\WINDOWS\inf\cmuda.dll
    2003-10-15 08:26 1,454,080 ----a-w C:\WINDOWS\inf\SMWIZARD.EXE
    2003-08-20 10:46 233,472 ----a-w C:\WINDOWS\inf\cmirmdrv.exe
    2003-07-31 12:15 143,360 ----a-w C:\WINDOWS\inf\CTPmsWma.dll
    2003-04-24 05:29 32,768 ----a-w C:\WINDOWS\inf\udaprop.dll
    2003-02-18 10:26 28,672 ----a-w C:\WINDOWS\inf\cmirmdrv.dll
    2002-11-19 11:17 65,536 ----a-w C:\WINDOWS\inf\carpdll.dll
    2002-11-19 11:17 4,608 ----a-w C:\WINDOWS\inf\carpserv.exe
    2002-11-19 11:17 22,400 ----a-w C:\WINDOWS\inf\strmdisp.sys
    2002-11-19 11:13 166,144 ----a-w C:\WINDOWS\inf\HSFHWBS2.sys
    2002-11-19 11:11 585,472 ----a-w C:\WINDOWS\inf\HSF_CNXT.sys
    2002-11-19 11:09 1,067,008 ----a-w C:\WINDOWS\inf\HSF_DP.sys
    2002-11-12 02:59 479,232 ----a-w C:\WINDOWS\inf\HXFSetup.exe
    2002-11-07 06:56 11,011 ----a-w C:\WINDOWS\inf\mdmxsdk.sys
    2002-11-07 05:47 69,632 ----a-w C:\WINDOWS\inf\mdmxsdk.dll
    2002-10-29 09:33 27,786 ----a-w C:\WINDOWS\inf\HSFCI005.dll
    2002-08-29 09:45 252,416 ----a-w C:\WINDOWS\inf\unidrv.dll
    2002-08-29 09:45 199,168 ----a-w C:\WINDOWS\inf\unidrvui.dll
    2002-07-10 15:39 32,256 ----a-w C:\WINDOWS\inf\sisnic.sys
    2002-04-29 07:04 917,504 ----a-w C:\WINDOWS\inf\CMIDS3D.DLL
    2002-02-18 23:00 32,768 ----a-w C:\WINDOWS\inf\PdePgHlp.dll
    2001-12-31 16:04 5,099,520 ----a-w C:\WINDOWS\inf\nvoglnt.dll
    2001-12-31 16:04 46,080 ----a-w C:\WINDOWS\inf\nvmctray.dll
    2001-12-31 16:04 4,130,560 ----a-w C:\WINDOWS\inf\nv4_disp.dll
    2001-12-31 16:04 38,400 ----a-w C:\WINDOWS\inf\nvwddi.dll
    2001-12-31 16:04 32,256 ----a-w C:\WINDOWS\inf\nvcodins.dll
    2001-12-31 16:04 32,256 ----a-w C:\WINDOWS\inf\nvcod.dll
    2001-12-31 16:04 3,756,032 ----a-w C:\WINDOWS\inf\nvcpl.dll
    2001-12-31 16:04 241,664 ----a-w C:\WINDOWS\inf\nvnt4cpl.dll
    2001-12-31 16:04 2,167,552 ----a-w C:\WINDOWS\inf\nv4_mini.sys
    2001-12-31 16:04 114,755 ----a-w C:\WINDOWS\inf\nvsvc32.exe
    2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
    2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\Audio3D.dll
    2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\a3d.dll
    2001-08-23 03:00 4,608 ----a-w C:\WINDOWS\inf\mspqm.sys
    2001-08-07 02:53 37,376 ----a-w C:\WINDOWS\inf\uninst.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90DB76A7-2FB2-49B2-84B6-34269BD76DF6}]
    2007-12-01 22:01 324192 --a------ C:\WINDOWS\system32\vtsqn.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-04 16:51]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18]
    "VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49]
    "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02]
    "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29]
    "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 12:05]
    "Zone Labs Client"="C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe" [2003-11-18 09:08]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 15:55]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-08-06 21:35]
    "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36]
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lekonqib]
    lekonqib.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\vtsqn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
    RunDll32 cmicnfg.cpl,CMICtrlWnd

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    2004-08-19 15:09 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2005-05-11 23:12 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2007-09-07 15:55 267064 --a------ C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Online chin internet bolt]
    C:\Documents and Settings\All Users\Application Data\Bags Plus Online Chin\Soap 16.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
    2006-01-07 02:36 81920 --a------ C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2007-07-12 03:00 132496 --a------ C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot

    S1 ctl_w32;ctl_w32;C:\WINDOWS\system32\drivers\ctl_w32.sys

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-12-04 20:00:00 C:\WINDOWS\Tasks\AEB80FFA9167810E.job"
    - c:\docume~1\emilien\applic~1\knobci~1\StupidPingDraw.exe
    "2007-11-27 20:43:46 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-04 22:25:38
    Windows 5.1.2600 Service Pack 2 NTFS

    detected NTDLL code modification:
    ZwClose

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-04 22:30:13 - machine was rebooted
    .
    --- E O F ---
    0
  4. emiliendiego Messages postés 45 Statut Membre 4
     
    que dois je faire maintenant ?
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. g!rly Messages postés 18462 Statut Contributeur 407
     
    bon on continue:

    Copie le texte ci-dessous :

    File::
    C:\WINDOWS\system32\nnxojtfn.dll
    C:\WINDOWS\system32\vnuopmnc.exe
    C:\WINDOWS\system32\sgjimuun.dll
    C:\WINDOWS\system32\nuumijgs.ini
    C:\WINDOWS\system32\oactpsju.dll
    C:\WINDOWS\system32\imrljdbq.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\efxnbuwu.dll
    C:\WINDOWS\system32\vtsqn.dll
    C:\-524681727
    C:\pgdxf.exe
    C:\WINDOWS\system32\yayxvvu.dll
    C:\lhavtq.exe
    c:\docume~1\emilien\applic~1\knobci~1\StupidPingDraw.exe
    C:\WINDOWS\Tasks\AEB80FFA9167810E.job

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90DB76A7-2FB2-49B2-84B6-34269BD76DF6}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lekonqib]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    Télécharge HijackThis ici :

    -> https://www.zebulon.fr/telechargements/securite/systeme/hijackthis.html

    Tutoriel d´installation (images) :

    -> http://pchelpbordeaux.free.fr/tuto.html

    Tutoriel d´utilisation (video) :

    -> http://pageperso.aol.fr/balltrap34/demohijack.htm

    Post le rapport généré ici stp...

    @+
    0
  7. emiliendiego Messages postés 45 Statut Membre 4
     
    ComboFix 07-12-02.6 - myriam 2007-12-05 12:36:11.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.346 [GMT 1:00]
    Running from: C:\Documents and Settings\myriam\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\myriam\Mes documents\CFScript.txt..txt
    * Created a new restore point

    FILE
    C:\-524681727
    c:\docume~1\emilien\applic~1\knobci~1\StupidPingDraw.exe
    C:\lhavtq.exe
    C:\pgdxf.exe
    C:\WINDOWS\system32\efxnbuwu.dll
    C:\WINDOWS\system32\imrljdbq.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\nnxojtfn.dll
    C:\WINDOWS\system32\nuumijgs.ini
    C:\WINDOWS\system32\oactpsju.dll
    C:\WINDOWS\system32\sgjimuun.dll
    C:\WINDOWS\system32\vnuopmnc.exe
    C:\WINDOWS\system32\vtsqn.dll
    C:\WINDOWS\system32\yayxvvu.dll
    C:\WINDOWS\Tasks\AEB80FFA9167810E.job
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\-524681727
    C:\lhavtq.exe
    C:\pgdxf.exe
    C:\WINDOWS\system32\efxnbuwu.dll
    C:\WINDOWS\system32\imrljdbq.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\nuumijgs.ini
    C:\WINDOWS\system32\oactpsju.dll
    C:\WINDOWS\system32\sgjimuun.dll
    C:\WINDOWS\system32\vnuopmnc.exe
    C:\WINDOWS\system32\vtsqn.dll
    C:\WINDOWS\system32\yayxvvu.dll
    C:\WINDOWS\Tasks\AEB80FFA9167810E.job

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\ctl_w32

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-05 to 2007-12-05 ))))))))))))))))))))))))))))))))))))
    .

    2007-12-04 22:27 . 2007-12-05 12:43 6,495 --ahs---- C:\WINDOWS\system32\nqstv.ini2
    2007-12-04 22:27 . 2007-12-05 12:43 6,495 --ahs---- C:\WINDOWS\system32\nqstv.ini
    2007-12-04 20:59 . 2007-12-04 21:03 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
    2007-12-04 20:29 . 2007-12-04 20:29 <REP> d-------- C:\Program Files\Lavasoft
    2007-12-04 20:28 . 2007-12-04 20:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-12-04 19:06 . 2007-12-04 19:06 <REP> d-------- C:\Documents and Settings\myriam\Application Data\Grisoft
    2007-12-04 19:05 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-12-04 17:05 . 2007-12-05 12:47 <REP> d-------- C:\Program Files\Spyware Doctor
    2007-12-04 17:05 . 2007-12-04 17:05 <REP> d-------- C:\Documents and Settings\myriam\Application Data\PC Tools
    2007-12-04 17:05 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-12-04 17:05 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-12-04 17:05 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-12-04 17:05 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-12-04 17:05 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2007-12-04 16:51 . 2007-12-04 18:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2007-12-03 21:15 . 2007-12-03 21:15 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2007-12-03 20:23 . 2007-12-03 20:46 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2007-11-28 16:11 . 2007-11-28 16:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Firefly Studios
    2007-11-28 13:46 . 2007-11-28 13:46 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2007-11-28 13:45 . 2007-11-28 13:45 <REP> d-------- C:\Program Files\GameShadow
    2007-11-28 13:44 . 2007-11-28 13:44 <REP> d-------- C:\WINDOWS\Downloaded Installations
    2007-11-28 13:33 . 2007-11-28 13:33 <REP> d-------- C:\Program Files\Firefly Studios
    2007-11-15 21:12 . 2007-11-15 21:15 <REP> d-------- C:\Program Files\CDRWIN 6
    2007-11-15 21:11 . 2007-12-04 20:27 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-11-09 11:56 . 2007-11-09 11:56 <REP> d-------- C:\WINDOWS\Profiles
    2007-11-09 11:55 . 2007-11-09 11:55 <REP> d-------- C:\WINDOWS\system32\Adobe
    2007-11-09 11:55 . 2007-11-09 11:55 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2007-11-09 11:55 . 2007-11-09 11:55 <REP> d-------- C:\Program Files\directx
    2007-11-09 11:55 . 1998-10-07 13:54 327,168 --a------ C:\WINDOWS\IsUn0415.exe
    2007-11-09 11:51 . 2007-11-09 11:51 <REP> d-------- C:\Program Files\Enlight Software

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-04 20:03 --------- d-----w C:\Program Files\Hijackthis Version Française
    2007-12-04 19:35 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2007-12-04 19:35 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
    2007-12-04 15:51 --------- d-----w C:\Program Files\Google
    2007-12-03 20:08 --------- d-----w C:\Program Files\Windows Live
    2007-12-03 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-11-28 12:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-10-26 14:01 --------- d-----w C:\Documents and Settings\maxime\Application Data\Apple Computer
    2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
    2007-10-16 18:55 --------- d-----w C:\Program Files\Azureus
    2007-10-10 08:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bags Plus Online Chin
    2007-10-09 14:11 --------- d-----w C:\Documents and Settings\maurice\Application Data\Sports Interactive
    2007-10-08 20:05 --------- d-----w C:\Program Files\LimeWire
    2005-05-10 18:49 37,376 ----a-w C:\WINDOWS\inf\hpz3l3xu.dll
    2005-05-10 18:49 1,055,232 ----a-w C:\WINDOWS\inf\hpz3r3xu.dll
    2005-05-10 18:48 72,192 ----a-w C:\WINDOWS\inf\hpzpr3xu.dll
    2005-05-10 18:48 67,072 ----a-w C:\WINDOWS\inf\hpzpp3xu.dll
    2005-05-10 18:48 515,584 ----a-w C:\WINDOWS\inf\hpzev3xu.dll
    2005-05-10 18:48 1,963,008 ----a-w C:\WINDOWS\inf\hpzui3xu.dll
    2005-05-10 18:48 1,264,640 ----a-w C:\WINDOWS\inf\hpz3a3xu.dll
    2005-05-10 18:20 557,056 ----a-w C:\WINDOWS\inf\hpzss3xu.dll
    2005-05-10 17:22 2,954,752 ----a-w C:\WINDOWS\inf\hpzst3xu.dll
    2005-04-27 18:37 77,824 ----a-w C:\WINDOWS\inf\hpzids01.dll
    2005-03-22 13:31 1,323,008 ----a-w C:\WINDOWS\inf\hpbcfgre.dll
    2005-03-08 11:52 21,744 ----a-w C:\WINDOWS\inf\HPZius12.sys
    2005-03-08 11:52 16,800 ----a-w C:\WINDOWS\inf\hppaufd0.sys
    2005-02-21 15:58 7,718,400 ----a-w C:\WINDOWS\inf\hpfig3xu.dll
    2005-02-21 15:58 177,152 ----a-w C:\WINDOWS\inf\hpfie3xu.dll
    2005-02-04 17:09 16,384 ----a-w C:\WINDOWS\inf\hpfrs3xu.dll
    2004-09-30 08:49 274,432 ----a-w C:\WINDOWS\inf\HPZc3212.dll
    2004-09-29 23:27 16,880 ----a-w C:\WINDOWS\inf\ctpdusb.sys
    2004-09-29 11:38 18,336 ----a-w C:\WINDOWS\inf\hpzuci12.dll
    2004-09-28 12:18 200,704 ----a-w C:\WINDOWS\inf\CTPdeSrv.exe
    2004-09-28 12:09 28,672 ----a-w C:\WINDOWS\inf\PdeSrvps.dll
    2004-09-28 12:09 233,472 ----a-w C:\WINDOWS\inf\CTPmsMan.dll
    2004-09-15 14:27 385,109 ----a-w C:\WINDOWS\inf\ctjb2sp.dll
    2004-08-15 23:02 28,672 ----a-w C:\WINDOWS\inf\Jb4Inst.dll
    2004-08-04 10:24 620,544 ----a-w C:\WINDOWS\inf\UNIRES.DLL
    2004-06-29 13:06 659,456 ----a-w C:\WINDOWS\inf\hpcdmc32.dll
    2003-11-04 23:00 49,152 ----a-w C:\WINDOWS\inf\ctpde.dll
    2003-10-17 03:52 754,560 ----a-w C:\WINDOWS\inf\cmuda.sys
    2003-10-15 10:37 114,688 ----a-w C:\WINDOWS\inf\cmuda.dll
    2003-10-15 08:26 1,454,080 ----a-w C:\WINDOWS\inf\SMWIZARD.EXE
    2003-08-20 10:46 233,472 ----a-w C:\WINDOWS\inf\cmirmdrv.exe
    2003-07-31 12:15 143,360 ----a-w C:\WINDOWS\inf\CTPmsWma.dll
    2003-04-24 05:29 32,768 ----a-w C:\WINDOWS\inf\udaprop.dll
    2003-02-18 10:26 28,672 ----a-w C:\WINDOWS\inf\cmirmdrv.dll
    2002-11-19 11:17 65,536 ----a-w C:\WINDOWS\inf\carpdll.dll
    2002-11-19 11:17 4,608 ----a-w C:\WINDOWS\inf\carpserv.exe
    2002-11-19 11:17 22,400 ----a-w C:\WINDOWS\inf\strmdisp.sys
    2002-11-19 11:13 166,144 ----a-w C:\WINDOWS\inf\HSFHWBS2.sys
    2002-11-19 11:11 585,472 ----a-w C:\WINDOWS\inf\HSF_CNXT.sys
    2002-11-19 11:09 1,067,008 ----a-w C:\WINDOWS\inf\HSF_DP.sys
    2002-11-12 02:59 479,232 ----a-w C:\WINDOWS\inf\HXFSetup.exe
    2002-11-07 06:56 11,011 ----a-w C:\WINDOWS\inf\mdmxsdk.sys
    2002-11-07 05:47 69,632 ----a-w C:\WINDOWS\inf\mdmxsdk.dll
    2002-10-29 09:33 27,786 ----a-w C:\WINDOWS\inf\HSFCI005.dll
    2002-08-29 09:45 252,416 ----a-w C:\WINDOWS\inf\unidrv.dll
    2002-08-29 09:45 199,168 ----a-w C:\WINDOWS\inf\unidrvui.dll
    2002-07-10 15:39 32,256 ----a-w C:\WINDOWS\inf\sisnic.sys
    2002-04-29 07:04 917,504 ----a-w C:\WINDOWS\inf\CMIDS3D.DLL
    2002-02-18 23:00 32,768 ----a-w C:\WINDOWS\inf\PdePgHlp.dll
    2001-12-31 16:04 5,099,520 ----a-w C:\WINDOWS\inf\nvoglnt.dll
    2001-12-31 16:04 46,080 ----a-w C:\WINDOWS\inf\nvmctray.dll
    2001-12-31 16:04 4,130,560 ----a-w C:\WINDOWS\inf\nv4_disp.dll
    2001-12-31 16:04 38,400 ----a-w C:\WINDOWS\inf\nvwddi.dll
    2001-12-31 16:04 32,256 ----a-w C:\WINDOWS\inf\nvcodins.dll
    2001-12-31 16:04 32,256 ----a-w C:\WINDOWS\inf\nvcod.dll
    2001-12-31 16:04 3,756,032 ----a-w C:\WINDOWS\inf\nvcpl.dll
    2001-12-31 16:04 241,664 ----a-w C:\WINDOWS\inf\nvnt4cpl.dll
    2001-12-31 16:04 2,167,552 ----a-w C:\WINDOWS\inf\nv4_mini.sys
    2001-12-31 16:04 114,755 ----a-w C:\WINDOWS\inf\nvsvc32.exe
    2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
    2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\Audio3D.dll
    2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\a3d.dll
    2001-08-23 03:00 4,608 ----a-w C:\WINDOWS\inf\mspqm.sys
    2001-08-07 02:53 37,376 ----a-w C:\WINDOWS\inf\uninst.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2007-12-04_22.27.57.76 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2004-08-03 21:00:08 29,056 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-04 16:51]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18]
    "VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49]
    "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02]
    "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29]
    "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 12:05]
    "Zone Labs Client"="C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe" [2003-11-18 09:08]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 15:55]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-08-06 21:35]
    "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36]
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
    RunDll32 cmicnfg.cpl,CMICtrlWnd

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    2004-08-19 15:09 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2005-05-11 23:12 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2007-09-07 15:55 267064 --a------ C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Online chin internet bolt]
    C:\Documents and Settings\All Users\Application Data\Bags Plus Online Chin\Soap 16.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
    2006-01-07 02:36 81920 --a------ C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2007-07-12 03:00 132496 --a------ C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-11-27 20:43:46 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************
    .
    Completion time: 2007-12-05 12:54:54 - machine was rebooted
    C:\ComboFix2.txt ... 2007-12-04 22:30
    .
    --- E O F ---

    Logfile of HijackThis v1.99.1
    Scan saved at 12:59:45, on 5/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
    O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    0
  8. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut emiliendiego,

    Télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
    double-click sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\WINDOWS\system32\__c00A0D4C.dat
    C:\WINDOWS\system32\nqstv.ini2
    C:\WINDOWS\system32\nqstv.ini

    Click sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    click sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
    Ps : il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
    http://img137.imageshack.us/img137/3558/refaitjk8.th.jpg

    puis fais un scan en ligne bitdefender et post le contenue du rapport ici stp

    Scan en ligne bitdefender :

    https://www.bitdefender.com/toolbox/

    Clicker sur " I agree " et suivre les indications

    A faire imperativement sous internet explorer, en acceptant l´activ x

    tutoriel en image en image

    http://pageperso.aol.fr/rginformatique/mapage/defender.htm

    @+
    0
  9. emiliendiego Messages postés 45 Statut Membre 4
     
    File/Folder C:\WINDOWS\system32\__c00A0D4C.dat not found.
    C:\WINDOWS\system32\nqstv.ini2 moved successfully.
    C:\WINDOWS\system32\nqstv.ini moved successfully.

    Created on 12/05/2007 15:13:59
    0
  10. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    ok pour ot_move it

    tu as passé le rapport de bit defender ou il est en cours?

    @+
    0
  11. emiliendiego Messages postés 45 Statut Membre 4
     
    je dois installer internet explorer mais il n'y parvien pas j'ai telecharger l'internet explorer 7 dois je en prendre un autre ?
    0
  12. g!rly Messages postés 18462 Statut Contributeur 407
     
    tu as deja internet explorer sur ta machine...
    0
  13. emiliendiego Messages postés 45 Statut Membre 4
     
    j'ai reussi a l'installer mais il ne trouve pas de connexion :(
    0
  14. g!rly Messages postés 18462 Statut Contributeur 407
     
    tu as accepté l´ active x?
    0
  15. emiliendiego Messages postés 45 Statut Membre 4
     
    mais il ne trouve meme pas la page de google
    0
  16. g!rly Messages postés 18462 Statut Contributeur 407
     
    bon laisse tomber bitdefender...

    fais un scan avec ton antivirus Mc Afee en mode sans echec.

    Comment redémarrer en mode sans echec?

    Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
    Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    capture d´ecran : http://www.coupdepoucepc.com/images_cdppc4/fichespratiques/windowsxp/modese/modese2.jpg
    Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
    Ps : si F8 ne marche pas utilise la touche F5.

    reporte les resulats

    @+
    0
  17. emiliendiego Messages postés 45 Statut Membre 4
     
    ok a tout de suite...
    0
  18. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok
    0
  19. emiliendiego Messages postés 45 Statut Membre 4
     
    je suis vraiment désolé mais j'ai encore un soucis lorsque j'ai l'ecran pour me mettre en mode sans echec les fleches de mon clavier de fonctionne plus !!

    je sais pas ce que je peux bien faire
    0
  20. g!rly Messages postés 18462 Statut Contributeur 407
     
    passe mc afee en mode normal...
    0
  21. emiliendiego Messages postés 45 Statut Membre 4
     
    je dois tout analyser ?
    0
  • 1
  • 2
  • 3