trojan.virtumonde Fermé

Question

Bonjour,
j'ai donc été infecté par un trojan le trojan.virtumonde

voici le scan de Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 21:03:50, on 4/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\LSUpdateManager.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {DD87866A-34C6-431E-85F1-BC621B81286C} - C:\WINDOWS\system32\vtsqn.dll
O2 - BHO: {b7c9ee7f-c431-ad6a-70c4-c2d1c59fd1ee} - {ee1df95c-1d2c-4c07-a6da-134cf7ee9c7b} - C:\WINDOWS\system32\oactpsju.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [e0b9feae] rundll32.exe "C:\WINDOWS\system32\sgjimuun.dll",b
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00A0D4C.dat
O20 - Winlogon Notify: lekonqib - lekonqib.dll (file missing)
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: printers - {69AAB65A-5A4B-4CCB-B8A1-943CCF771BFD} - libcintles3.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\uemmgaym.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

g!rly · Answer

salut emiliano,

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe      

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

david1970 · Answer

desole j'aime pas ce trojan.virtumonde

g!rly · Answer

merci david de ne pas polluer les topiks...

emiliendiego · Answer

ComboFix 07-12-02.6 - myriam 2007-12-04 22:07:36.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.332 [GMT 1:00] Running from: C:\Documents and Settings\myriam\Bureau\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\d.exe C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk C:\Documents and Settings\myriam ew.txt C:\Program Files\Fichiers communs\microsoft shared\web folders\ibm00001.dll C:\Program Files\Fichiers communs\microsoft shared\web folders\ibm00002.dll C:\WINDOWS\system32\__c00F4678.dat C:\WINDOWS\system32\4_exception.nls C:\WINDOWS\system32\drivers\Afxd63.sys C:\WINDOWS\system32\drivers\ctl_w32.sys C:\WINDOWS\system32\drivers\Cuxn86.sys C:\WINDOWS\system32\drivers\ip6fw.sys C:\WINDOWS\system32\drivers\Itvk74.sys C:\WINDOWS\system32\drivers\Qqka42.sys C:\WINDOWS\system32\drivers\Rar32.sys C:\WINDOWS\system32\drivers\Rcay41.sys C:\WINDOWS\system32\drivers\symavc32.sys C:\WINDOWS\system32\drivers\Ttxy79.sys C:\WINDOWS\system32\drivers\Xsl38.sys C:\WINDOWS\system32\hgagupat.exe C:\WINDOWS\system32\lekonqib.dllbox C:\WINDOWS\system32\mgabqtqr.dll C:\WINDOWS\system32 nruoplt.ini C:\WINDOWS\system32 qstv.ini C:\WINDOWS\system32 qstv.ini2 C:\WINDOWS\system32 nrequdm.dll C:\WINDOWS\system32 lpournn.dll C:\WINDOWS\system32\xpdx.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_CTL_W32 -------\LEGACY_DOMAINSERVICE -------\LEGACY_NTMLSVC -------\LEGACY_RUNTIME -------\DomainService -------\NtmlSvc ------- untime -------\symavc32 ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-04 to 2007-12-04 )))))))))))))))))))))))))))))))))))) . 2007-12-04 22:02 . 2007-12-04 22:02 145,984 --a------ C:\WINDOWS\system32 nxojtfn.dll 2007-12-04 20:59 . 2007-12-04 21:03 d-------- C:\Program Files\Hijackthis Version Fran‡aise 2007-12-04 20:29 . 2007-12-04 20:29 d-------- C:\Program Files\Lavasoft 2007-12-04 20:28 . 2007-12-04 20:28 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-04 19:06 . 2007-12-04 19:06 d-------- C:\Documents and Settings\myriam\Application Data\Grisoft 2007-12-04 19:05 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-12-04 17:05 . 2007-12-04 17:06 d-------- C:\Program Files\Spyware Doctor 2007-12-04 17:05 . 2007-12-04 17:05 d-------- C:\Documents and Settings\myriam\Application Data\PC Tools 2007-12-04 17:05 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-12-04 17:05 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-12-04 17:05 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-12-04 17:05 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-12-04 17:05 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-12-04 16:51 . 2007-12-04 18:10 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2007-12-03 21:15 . 2007-12-03 21:15 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2007-12-03 20:30 . 2007-12-03 20:30 4,672 --a------ C:\WINDOWS\system32\vnuopmnc.exe 2007-12-03 20:27 . 2007-12-03 20:27 85,056 --a------ C:\WINDOWS\system32\sgjimuun.dll 2007-12-03 20:27 . 2007-12-03 20:27 294 ---hs---- C:\WINDOWS\system32 uumijgs.ini 2007-12-03 20:24 . 2007-12-03 20:24 77,376 --a------ C:\WINDOWS\system32\oactpsju.dll 2007-12-03 20:23 . 2007-12-03 20:46 d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2007-12-03 20:21 . 2007-12-03 20:21 145,984 --a------ C:\WINDOWS\system32\imrljdbq.dll 2007-12-03 20:18 . 2007-12-04 20:20 143 --a------ C:\WINDOWS\system32\mcrh.tmp 2007-12-03 20:17 . 2007-12-03 20:17 10,816 --a------ C:\WINDOWS\system32\efxnbuwu.dll 2007-12-01 22:01 . 2007-12-01 22:01 324,192 --a------ C:\WINDOWS\system32\vtsqn.dll 2007-12-01 21:57 . 2007-12-01 21:57 2 --a------ C:\-524681727 2007-12-01 21:56 . 2007-12-01 21:56 57,856 --a------ C:\pgdxf.exe 2007-12-01 21:56 . 2007-12-01 21:56 40,448 --a------ C:\WINDOWS\system32\yayxvvu.dll 2007-12-01 21:56 . 2007-12-01 21:56 20,480 --a------ C:\lhavtq.exe 2007-11-28 16:11 . 2007-11-28 16:11 d-------- C:\Documents and Settings\All Users\Application Data\Firefly Studios 2007-11-28 13:46 . 2007-11-28 13:46 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-11-28 13:45 . 2007-11-28 13:45 d-------- C:\Program Files\GameShadow 2007-11-28 13:44 . 2007-11-28 13:44 d-------- C:\WINDOWS\Downloaded Installations 2007-11-28 13:33 . 2007-11-28 13:33 d-------- C:\Program Files\Firefly Studios 2007-11-15 21:12 . 2007-11-15 21:15 d-------- C:\Program Files\CDRWIN 6 2007-11-15 21:11 . 2007-12-04 20:27 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-11-09 11:56 . 2007-11-09 11:56 d-------- C:\WINDOWS\Profiles 2007-11-09 11:55 . 2007-11-09 11:55 d-------- C:\WINDOWS\system32\Adobe 2007-11-09 11:55 . 2007-11-09 11:55 d-------- C:\Program Files\Fichiers communs\Adobe 2007-11-09 11:55 . 2007-11-09 11:55 d-------- C:\Program Files\directx 2007-11-09 11:55 . 1998-10-07 13:54 327,168 --a------ C:\WINDOWS\IsUn0415.exe 2007-11-09 11:51 . 2007-11-09 11:51 d-------- C:\Program Files\Enlight Software . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-04 20:03 --------- d-----w C:\Program Files\Hijackthis Version Française 2007-12-04 19:35 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2007-12-04 19:35 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-12-04 15:51 --------- d-----w C:\Program Files\Google 2007-12-03 20:08 --------- d-----w C:\Program Files\Windows Live 2007-12-03 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-11-28 12:33 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-26 14:01 --------- d-----w C:\Documents and Settings\maxime\Application Data\Apple Computer 2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll 2007-10-16 18:55 --------- d-----w C:\Program Files\Azureus 2007-10-10 08:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bags Plus Online Chin 2007-10-09 14:11 --------- d-----w C:\Documents and Settings\maurice\Application Data\Sports Interactive 2007-10-08 20:05 --------- d-----w C:\Program Files\LimeWire 2005-05-10 18:49 37,376 ----a-w C:\WINDOWS\inf\hpz3l3xu.dll 2005-05-10 18:49 1,055,232 ----a-w C:\WINDOWS\inf\hpz3r3xu.dll 2005-05-10 18:48 72,192 ----a-w C:\WINDOWS\inf\hpzpr3xu.dll 2005-05-10 18:48 67,072 ----a-w C:\WINDOWS\inf\hpzpp3xu.dll 2005-05-10 18:48 515,584 ----a-w C:\WINDOWS\inf\hpzev3xu.dll 2005-05-10 18:48 1,963,008 ----a-w C:\WINDOWS\inf\hpzui3xu.dll 2005-05-10 18:48 1,264,640 ----a-w C:\WINDOWS\inf\hpz3a3xu.dll 2005-05-10 18:20 557,056 ----a-w C:\WINDOWS\inf\hpzss3xu.dll 2005-05-10 17:22 2,954,752 ----a-w C:\WINDOWS\inf\hpzst3xu.dll 2005-04-27 18:37 77,824 ----a-w C:\WINDOWS\inf\hpzids01.dll 2005-03-22 13:31 1,323,008 ----a-w C:\WINDOWS\inf\hpbcfgre.dll 2005-03-08 11:52 21,744 ----a-w C:\WINDOWS\inf\HPZius12.sys 2005-03-08 11:52 16,800 ----a-w C:\WINDOWS\inf\hppaufd0.sys 2005-02-21 15:58 7,718,400 ----a-w C:\WINDOWS\inf\hpfig3xu.dll 2005-02-21 15:58 177,152 ----a-w C:\WINDOWS\inf\hpfie3xu.dll 2005-02-04 17:09 16,384 ----a-w C:\WINDOWS\inf\hpfrs3xu.dll 2004-09-30 08:49 274,432 ----a-w C:\WINDOWS\inf\HPZc3212.dll 2004-09-29 23:27 16,880 ----a-w C:\WINDOWS\inf\ctpdusb.sys 2004-09-29 11:38 18,336 ----a-w C:\WINDOWS\inf\hpzuci12.dll 2004-09-28 12:18 200,704 ----a-w C:\WINDOWS\inf\CTPdeSrv.exe 2004-09-28 12:09 28,672 ----a-w C:\WINDOWS\inf\PdeSrvps.dll 2004-09-28 12:09 233,472 ----a-w C:\WINDOWS\inf\CTPmsMan.dll 2004-09-15 14:27 385,109 ----a-w C:\WINDOWS\inf\ctjb2sp.dll 2004-08-15 23:02 28,672 ----a-w C:\WINDOWS\inf\Jb4Inst.dll 2004-08-04 10:24 620,544 ----a-w C:\WINDOWS\inf\UNIRES.DLL 2004-06-29 13:06 659,456 ----a-w C:\WINDOWS\inf\hpcdmc32.dll 2003-11-04 23:00 49,152 ----a-w C:\WINDOWS\inf\ctpde.dll 2003-10-17 03:52 754,560 ----a-w C:\WINDOWS\inf\cmuda.sys 2003-10-15 10:37 114,688 ----a-w C:\WINDOWS\inf\cmuda.dll 2003-10-15 08:26 1,454,080 ----a-w C:\WINDOWS\inf\SMWIZARD.EXE 2003-08-20 10:46 233,472 ----a-w C:\WINDOWS\inf\cmirmdrv.exe 2003-07-31 12:15 143,360 ----a-w C:\WINDOWS\inf\CTPmsWma.dll 2003-04-24 05:29 32,768 ----a-w C:\WINDOWS\inf\udaprop.dll 2003-02-18 10:26 28,672 ----a-w C:\WINDOWS\inf\cmirmdrv.dll 2002-11-19 11:17 65,536 ----a-w C:\WINDOWS\inf\carpdll.dll 2002-11-19 11:17 4,608 ----a-w C:\WINDOWS\inf\carpserv.exe 2002-11-19 11:17 22,400 ----a-w C:\WINDOWS\inf\strmdisp.sys 2002-11-19 11:13 166,144 ----a-w C:\WINDOWS\inf\HSFHWBS2.sys 2002-11-19 11:11 585,472 ----a-w C:\WINDOWS\inf\HSF_CNXT.sys 2002-11-19 11:09 1,067,008 ----a-w C:\WINDOWS\inf\HSF_DP.sys 2002-11-12 02:59 479,232 ----a-w C:\WINDOWS\inf\HXFSetup.exe 2002-11-07 06:56 11,011 ----a-w C:\WINDOWS\inf\mdmxsdk.sys 2002-11-07 05:47 69,632 ----a-w C:\WINDOWS\inf\mdmxsdk.dll 2002-10-29 09:33 27,786 ----a-w C:\WINDOWS\inf\HSFCI005.dll 2002-08-29 09:45 252,416 ----a-w C:\WINDOWS\inf\unidrv.dll 2002-08-29 09:45 199,168 ----a-w C:\WINDOWS\inf\unidrvui.dll 2002-07-10 15:39 32,256 ----a-w C:\WINDOWS\inf\sisnic.sys 2002-04-29 07:04 917,504 ----a-w C:\WINDOWS\inf\CMIDS3D.DLL 2002-02-18 23:00 32,768 ----a-w C:\WINDOWS\inf\PdePgHlp.dll 2001-12-31 16:04 5,099,520 ----a-w C:\WINDOWS\inf voglnt.dll 2001-12-31 16:04 46,080 ----a-w C:\WINDOWS\inf vmctray.dll 2001-12-31 16:04 4,130,560 ----a-w C:\WINDOWS\inf v4_disp.dll 2001-12-31 16:04 38,400 ----a-w C:\WINDOWS\inf vwddi.dll 2001-12-31 16:04 32,256 ----a-w C:\WINDOWS\inf vcodins.dll 2001-12-31 16:04 32,256 ----a-w C:\WINDOWS\inf vcod.dll 2001-12-31 16:04 3,756,032 ----a-w C:\WINDOWS\inf vcpl.dll 2001-12-31 16:04 241,664 ----a-w C:\WINDOWS\inf vnt4cpl.dll 2001-12-31 16:04 2,167,552 ----a-w C:\WINDOWS\inf v4_mini.sys 2001-12-31 16:04 114,755 ----a-w C:\WINDOWS\inf vsvc32.exe 2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL 2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\Audio3D.dll 2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\a3d.dll 2001-08-23 03:00 4,608 ----a-w C:\WINDOWS\inf\mspqm.sys 2001-08-07 02:53 37,376 ----a-w C:\WINDOWS\inf\uninst.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90DB76A7-2FB2-49B2-84B6-34269BD76DF6}] 2007-12-01 22:01 324192 --a------ C:\WINDOWS\system32\vtsqn.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-04 16:51] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18] "VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49] "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29] "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 12:05] "Zone Labs Client"="C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe" [2003-11-18 09:08] "NvCplDaemon"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32 undll32.exe] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 15:55] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2007-08-06 21:35] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\lekonqib] lekonqib.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\vtsqn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2004-08-19 15:09 15360 --a------ C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-05-11 23:12 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2007-09-07 15:55 267064 --a------ C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg wiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Online chin internet bolt] C:\Documents and Settings\All Users\Application Data\Bags Plus Online Chin\Soap 16.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe] 2006-01-07 02:36 81920 --a------ C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-07-12 03:00 132496 --a------ C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe -osboot S1 ctl_w32;ctl_w32;C:\WINDOWS\system32\drivers\ctl_w32.sys . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2007-12-04 20:00:00 C:\WINDOWS\Tasks\AEB80FFA9167810E.job" - c:\docume~1\emilien\applic~1\knobci~1\StupidPingDraw.exe "2007-11-27 20:43:46 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-04 22:25:38 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwClose scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-04 22:30:13 - machine was rebooted . --- E O F ---

emiliendiego · Answer

que dois je faire maintenant ?

g!rly · Answer

bon on continue:

Copie le texte ci-dessous :

File::
C:\WINDOWS\system32
nxojtfn.dll
C:\WINDOWS\system32\vnuopmnc.exe
C:\WINDOWS\system32\sgjimuun.dll
C:\WINDOWS\system32
uumijgs.ini
C:\WINDOWS\system32\oactpsju.dll
C:\WINDOWS\system32\imrljdbq.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\efxnbuwu.dll
C:\WINDOWS\system32\vtsqn.dll
C:\-524681727
C:\pgdxf.exe
C:\WINDOWS\system32\yayxvvu.dll
C:\lhavtq.exe
c:\docume~1\emilien\applic~1\knobci~1\StupidPingDraw.exe
C:\WINDOWS\Tasks\AEB80FFA9167810E.job

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90DB76A7-2FB2-49B2-84B6-34269BD76DF6}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\lekonqib]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix, 


Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

Télécharge HijackThis ici : 

-> https://www.zebulon.fr/telechargements/securite/systeme/hijackthis.html

Tutoriel d´installation (images) :

-> http://pchelpbordeaux.free.fr/tuto.html

Tutoriel d´utilisation (video) :

-> http://pageperso.aol.fr/balltrap34/demohijack.htm

Post le rapport généré ici stp...

@+

emiliendiego · Answer

ComboFix 07-12-02.6 - myriam 2007-12-05 12:36:11.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.346 [GMT 1:00] Running from: C:\Documents and Settings\myriam\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\myriam\Mes documents\CFScript.txt..txt * Created a new restore point FILE C:\-524681727 c:\docume~1\emilien\applic~1\knobci~1\StupidPingDraw.exe C:\lhavtq.exe C:\pgdxf.exe C:\WINDOWS\system32\efxnbuwu.dll C:\WINDOWS\system32\imrljdbq.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32 nxojtfn.dll C:\WINDOWS\system32 uumijgs.ini C:\WINDOWS\system32\oactpsju.dll C:\WINDOWS\system32\sgjimuun.dll C:\WINDOWS\system32\vnuopmnc.exe C:\WINDOWS\system32\vtsqn.dll C:\WINDOWS\system32\yayxvvu.dll C:\WINDOWS\Tasks\AEB80FFA9167810E.job . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\-524681727 C:\lhavtq.exe C:\pgdxf.exe C:\WINDOWS\system32\efxnbuwu.dll C:\WINDOWS\system32\imrljdbq.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32 uumijgs.ini C:\WINDOWS\system32\oactpsju.dll C:\WINDOWS\system32\sgjimuun.dll C:\WINDOWS\system32\vnuopmnc.exe C:\WINDOWS\system32\vtsqn.dll C:\WINDOWS\system32\yayxvvu.dll C:\WINDOWS\Tasks\AEB80FFA9167810E.job . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\ctl_w32 ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-05 to 2007-12-05 )))))))))))))))))))))))))))))))))))) . 2007-12-04 22:27 . 2007-12-05 12:43 6,495 --ahs---- C:\WINDOWS\system32 qstv.ini2 2007-12-04 22:27 . 2007-12-05 12:43 6,495 --ahs---- C:\WINDOWS\system32 qstv.ini 2007-12-04 20:59 . 2007-12-04 21:03 d-------- C:\Program Files\Hijackthis Version Fran‡aise 2007-12-04 20:29 . 2007-12-04 20:29 d-------- C:\Program Files\Lavasoft 2007-12-04 20:28 . 2007-12-04 20:28 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-04 19:06 . 2007-12-04 19:06 d-------- C:\Documents and Settings\myriam\Application Data\Grisoft 2007-12-04 19:05 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-12-04 17:05 . 2007-12-05 12:47 d-------- C:\Program Files\Spyware Doctor 2007-12-04 17:05 . 2007-12-04 17:05 d-------- C:\Documents and Settings\myriam\Application Data\PC Tools 2007-12-04 17:05 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-12-04 17:05 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-12-04 17:05 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-12-04 17:05 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-12-04 17:05 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-12-04 16:51 . 2007-12-04 18:10 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2007-12-03 21:15 . 2007-12-03 21:15 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2007-12-03 20:23 . 2007-12-03 20:46 d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2007-11-28 16:11 . 2007-11-28 16:11 d-------- C:\Documents and Settings\All Users\Application Data\Firefly Studios 2007-11-28 13:46 . 2007-11-28 13:46 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-11-28 13:45 . 2007-11-28 13:45 d-------- C:\Program Files\GameShadow 2007-11-28 13:44 . 2007-11-28 13:44 d-------- C:\WINDOWS\Downloaded Installations 2007-11-28 13:33 . 2007-11-28 13:33 d-------- C:\Program Files\Firefly Studios 2007-11-15 21:12 . 2007-11-15 21:15 d-------- C:\Program Files\CDRWIN 6 2007-11-15 21:11 . 2007-12-04 20:27 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-11-09 11:56 . 2007-11-09 11:56 d-------- C:\WINDOWS\Profiles 2007-11-09 11:55 . 2007-11-09 11:55 d-------- C:\WINDOWS\system32\Adobe 2007-11-09 11:55 . 2007-11-09 11:55 d-------- C:\Program Files\Fichiers communs\Adobe 2007-11-09 11:55 . 2007-11-09 11:55 d-------- C:\Program Files\directx 2007-11-09 11:55 . 1998-10-07 13:54 327,168 --a------ C:\WINDOWS\IsUn0415.exe 2007-11-09 11:51 . 2007-11-09 11:51 d-------- C:\Program Files\Enlight Software . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-04 20:03 --------- d-----w C:\Program Files\Hijackthis Version Française 2007-12-04 19:35 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2007-12-04 19:35 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-12-04 15:51 --------- d-----w C:\Program Files\Google 2007-12-03 20:08 --------- d-----w C:\Program Files\Windows Live 2007-12-03 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-11-28 12:33 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-26 14:01 --------- d-----w C:\Documents and Settings\maxime\Application Data\Apple Computer 2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll 2007-10-16 18:55 --------- d-----w C:\Program Files\Azureus 2007-10-10 08:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bags Plus Online Chin 2007-10-09 14:11 --------- d-----w C:\Documents and Settings\maurice\Application Data\Sports Interactive 2007-10-08 20:05 --------- d-----w C:\Program Files\LimeWire 2005-05-10 18:49 37,376 ----a-w C:\WINDOWS\inf\hpz3l3xu.dll 2005-05-10 18:49 1,055,232 ----a-w C:\WINDOWS\inf\hpz3r3xu.dll 2005-05-10 18:48 72,192 ----a-w C:\WINDOWS\inf\hpzpr3xu.dll 2005-05-10 18:48 67,072 ----a-w C:\WINDOWS\inf\hpzpp3xu.dll 2005-05-10 18:48 515,584 ----a-w C:\WINDOWS\inf\hpzev3xu.dll 2005-05-10 18:48 1,963,008 ----a-w C:\WINDOWS\inf\hpzui3xu.dll 2005-05-10 18:48 1,264,640 ----a-w C:\WINDOWS\inf\hpz3a3xu.dll 2005-05-10 18:20 557,056 ----a-w C:\WINDOWS\inf\hpzss3xu.dll 2005-05-10 17:22 2,954,752 ----a-w C:\WINDOWS\inf\hpzst3xu.dll 2005-04-27 18:37 77,824 ----a-w C:\WINDOWS\inf\hpzids01.dll 2005-03-22 13:31 1,323,008 ----a-w C:\WINDOWS\inf\hpbcfgre.dll 2005-03-08 11:52 21,744 ----a-w C:\WINDOWS\inf\HPZius12.sys 2005-03-08 11:52 16,800 ----a-w C:\WINDOWS\inf\hppaufd0.sys 2005-02-21 15:58 7,718,400 ----a-w C:\WINDOWS\inf\hpfig3xu.dll 2005-02-21 15:58 177,152 ----a-w C:\WINDOWS\inf\hpfie3xu.dll 2005-02-04 17:09 16,384 ----a-w C:\WINDOWS\inf\hpfrs3xu.dll 2004-09-30 08:49 274,432 ----a-w C:\WINDOWS\inf\HPZc3212.dll 2004-09-29 23:27 16,880 ----a-w C:\WINDOWS\inf\ctpdusb.sys 2004-09-29 11:38 18,336 ----a-w C:\WINDOWS\inf\hpzuci12.dll 2004-09-28 12:18 200,704 ----a-w C:\WINDOWS\inf\CTPdeSrv.exe 2004-09-28 12:09 28,672 ----a-w C:\WINDOWS\inf\PdeSrvps.dll 2004-09-28 12:09 233,472 ----a-w C:\WINDOWS\inf\CTPmsMan.dll 2004-09-15 14:27 385,109 ----a-w C:\WINDOWS\inf\ctjb2sp.dll 2004-08-15 23:02 28,672 ----a-w C:\WINDOWS\inf\Jb4Inst.dll 2004-08-04 10:24 620,544 ----a-w C:\WINDOWS\inf\UNIRES.DLL 2004-06-29 13:06 659,456 ----a-w C:\WINDOWS\inf\hpcdmc32.dll 2003-11-04 23:00 49,152 ----a-w C:\WINDOWS\inf\ctpde.dll 2003-10-17 03:52 754,560 ----a-w C:\WINDOWS\inf\cmuda.sys 2003-10-15 10:37 114,688 ----a-w C:\WINDOWS\inf\cmuda.dll 2003-10-15 08:26 1,454,080 ----a-w C:\WINDOWS\inf\SMWIZARD.EXE 2003-08-20 10:46 233,472 ----a-w C:\WINDOWS\inf\cmirmdrv.exe 2003-07-31 12:15 143,360 ----a-w C:\WINDOWS\inf\CTPmsWma.dll 2003-04-24 05:29 32,768 ----a-w C:\WINDOWS\inf\udaprop.dll 2003-02-18 10:26 28,672 ----a-w C:\WINDOWS\inf\cmirmdrv.dll 2002-11-19 11:17 65,536 ----a-w C:\WINDOWS\inf\carpdll.dll 2002-11-19 11:17 4,608 ----a-w C:\WINDOWS\inf\carpserv.exe 2002-11-19 11:17 22,400 ----a-w C:\WINDOWS\inf\strmdisp.sys 2002-11-19 11:13 166,144 ----a-w C:\WINDOWS\inf\HSFHWBS2.sys 2002-11-19 11:11 585,472 ----a-w C:\WINDOWS\inf\HSF_CNXT.sys 2002-11-19 11:09 1,067,008 ----a-w C:\WINDOWS\inf\HSF_DP.sys 2002-11-12 02:59 479,232 ----a-w C:\WINDOWS\inf\HXFSetup.exe 2002-11-07 06:56 11,011 ----a-w C:\WINDOWS\inf\mdmxsdk.sys 2002-11-07 05:47 69,632 ----a-w C:\WINDOWS\inf\mdmxsdk.dll 2002-10-29 09:33 27,786 ----a-w C:\WINDOWS\inf\HSFCI005.dll 2002-08-29 09:45 252,416 ----a-w C:\WINDOWS\inf\unidrv.dll 2002-08-29 09:45 199,168 ----a-w C:\WINDOWS\inf\unidrvui.dll 2002-07-10 15:39 32,256 ----a-w C:\WINDOWS\inf\sisnic.sys 2002-04-29 07:04 917,504 ----a-w C:\WINDOWS\inf\CMIDS3D.DLL 2002-02-18 23:00 32,768 ----a-w C:\WINDOWS\inf\PdePgHlp.dll 2001-12-31 16:04 5,099,520 ----a-w C:\WINDOWS\inf voglnt.dll 2001-12-31 16:04 46,080 ----a-w C:\WINDOWS\inf vmctray.dll 2001-12-31 16:04 4,130,560 ----a-w C:\WINDOWS\inf v4_disp.dll 2001-12-31 16:04 38,400 ----a-w C:\WINDOWS\inf vwddi.dll 2001-12-31 16:04 32,256 ----a-w C:\WINDOWS\inf vcodins.dll 2001-12-31 16:04 32,256 ----a-w C:\WINDOWS\inf vcod.dll 2001-12-31 16:04 3,756,032 ----a-w C:\WINDOWS\inf vcpl.dll 2001-12-31 16:04 241,664 ----a-w C:\WINDOWS\inf vnt4cpl.dll 2001-12-31 16:04 2,167,552 ----a-w C:\WINDOWS\inf v4_mini.sys 2001-12-31 16:04 114,755 ----a-w C:\WINDOWS\inf vsvc32.exe 2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL 2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\Audio3D.dll 2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\a3d.dll 2001-08-23 03:00 4,608 ----a-w C:\WINDOWS\inf\mspqm.sys 2001-08-07 02:53 37,376 ----a-w C:\WINDOWS\inf\uninst.exe . ((((((((((((((((((((((((((((( snapshot@2007-12-04_22.27.57.76 ))))))))))))))))))))))))))))))))))))))))) . + 2004-08-03 21:00:08 29,056 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-04 16:51] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18] "VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49] "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29] "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 12:05] "Zone Labs Client"="C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe" [2003-11-18 09:08] "NvCplDaemon"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32 undll32.exe] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 15:55] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2007-08-06 21:35] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2004-08-19 15:09 15360 --a------ C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-05-11 23:12 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2007-09-07 15:55 267064 --a------ C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg wiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Online chin internet bolt] C:\Documents and Settings\All Users\Application Data\Bags Plus Online Chin\Soap 16.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe] 2006-01-07 02:36 81920 --a------ C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-07-12 03:00 132496 --a------ C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe -osboot . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2007-11-27 20:43:46 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2007-12-05 12:54:54 - machine was rebooted C:\ComboFix2.txt ... 2007-12-04 22:30 . --- E O F --- Logfile of HijackThis v1.99.1 Scan saved at 12:59:45, on 5/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\vso\OasClnt.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\program files\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32 vsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32 otepad.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32 vsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

g!rly · Answer

salut  emiliendiego,

Télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-click sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :
    
C:\WINDOWS\system32\__c00A0D4C.dat
C:\WINDOWS\system32
qstv.ini2
C:\WINDOWS\system32
qstv.ini 

Click sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
click sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
Ps : il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
http://img137.imageshack.us/img137/3558/refaitjk8.th.jpg

puis fais un scan en ligne bitdefender et post le contenue du rapport ici stp

Scan en ligne bitdefender :

https://www.bitdefender.com/toolbox/

Clicker sur " I agree " et suivre les indications 

A faire imperativement sous internet explorer, en acceptant l´activ x

tutoriel en image en image

http://pageperso.aol.fr/rginformatique/mapage/defender.htm

@+

emiliendiego · Answer

File/Folder C:\WINDOWS\system32\__c00A0D4C.dat not found.
C:\WINDOWS\system32
qstv.ini2 moved successfully.
C:\WINDOWS\system32
qstv.ini moved successfully.
 
Created on 12/05/2007 15:13:59

g!rly · Answer

re,

ok pour ot_move it

tu as passé le rapport de bit defender ou il est en cours?

@+

emiliendiego · Answer

je dois installer internet explorer mais il n'y parvien pas j'ai telecharger l'internet explorer 7 dois je en prendre un autre ?

g!rly · Answer

tu as deja internet explorer sur ta machine...

emiliendiego · Answer

j'ai reussi a l'installer mais il ne trouve pas de connexion :(

g!rly · Answer

tu as accepté l´ active x?

emiliendiego · Answer

mais il ne trouve meme pas la page de google

g!rly · Answer

bon laisse tomber bitdefender...

fais un scan avec ton antivirus Mc Afee en mode sans echec.

Comment redémarrer en mode sans echec? 

   Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
   Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
   capture d´ecran : http://www.coupdepoucepc.com/images_cdppc4/fichespratiques/windowsxp/modese/modese2.jpg
   Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
   Ps : si F8 ne marche pas utilise la touche F5.

reporte les resulats

@+

emiliendiego · Answer

ok a tout de suite...

g!rly · Answer

ok

emiliendiego · Answer

je suis vraiment désolé mais j'ai encore un soucis lorsque j'ai l'ecran pour me mettre en mode sans echec les fleches de mon clavier de fonctionne plus !! 

je sais pas ce que je peux bien faire

g!rly · Answer

passe mc afee en mode normal...

emiliendiego · Answer

je dois tout analyser ?

g!rly · Answer

oui

emiliendiego · Answer

voila je le fais je devrais vous donner un rapport?

g!rly · Answer

si possible oui

emiliendiego · Answer

ok pas de probleme mais je pense que ça va prendre du temps et je dois partir donc je vous l'enverrer plus tard

g!rly · Answer

ok pas de probleme'
@+

david1970 · Answer

bonjour girly  dis moi comment on peux suppremer tous les fichiers cacher et les cles et sous cles de norton antivirus merci

g!rly · Answer

salut david,

Desinstalleur Norton:
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924

@+

david1970 · Answer

merci pour le lien mais ils reste toujours des ficher et les cles dans la base de registre

g!rly · Answer

meme en passant l´outil ?

sinon supprime les manuellement

oublie pas les services...

david1970 · Answer

comment supptimer

g!rly · Answer

peux tu creer un nouveau topik sur le forum stp, car j´en ai pas fini avec emiliano, ca va etre le bordel sinon...
merci
http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm
@+

david1970 · Answer

ok

emiliendiego · Answer

rapport de Mcafee virus scan

votre ordinateur contient plusieurs fichiers infectés.

nombre de fichiers analyser: 96492
nombre de fichiers infectés: 6
nombre de programmes potentiellement indésirable: 0
nombre de fichiers détectés nettoyés automatiquement: 5

Certains fichiers n'ont pas été nettoyés. Supprimez-les ou mettez-les en quarantaine.

emiliendiego · Answer

C:/Program Files/Adverts/uninst.exe               supprimer
C:/qoobox/Quarantine/C/d.exe.vir                  supprimer
C:/qoobox/Quarantine/C/WINDOWS/system32/_c00F4678.dat.vir         supprimer
C:/qoobox/Quarantine/C/WINDOWS/system32/hgagupat.exe.vir           supprimer
C:/qoobox/Quarantine/C/WINDOWS/system32/rnrequdm.dll.vir              supprimer
C:/qoobox/Quarantine/catchme2007-12-05_124953.84.zip              mis en quarantaine

g!rly · Answer

re,

ce sont  les fichiers de la quarantaine de combofix que nous avons utiliser sauf le premier

fais ceci :

Télécharge Clean:

-> http://www.malekal.com/download/clean.zip

-> Dézippe tout le contenu dans un dossier que tu auras cré au préalable (sur ton bureau par exemple). Double clic sur clean ou clean.cmd choisie l'option 1.
   
   Un rapport va s'ouvrir, copie et colle le contenu sur le forum.

-> pour ceux ou celles qui auraient un doute sur comment deziper un fichier :

   http://www.tutopat.com/viewtopic.php?t=933&sid=34215b238376bfb22ef9e8eca9995914

@+

emiliano · Answer

j'ai toujours le meme soucis d'internet explorer le rapport ne se met pas sur mozilla mais sur internet explorer et vu que je n'ai pas de connexion je ne reçoit pas le rapport

emiliano · Answer

C:\WINDOWS\System32\vsconfig.xml -->7/12/2007 17:35:51
C:\WINDOWS\System32\PerfStringBackup.INI -->4/12/2007 17:06:37
C:\WINDOWS\System32\perfh00C.dat -->4/12/2007 17:06:37
C:\WINDOWS\System32\perfh009.dat -->4/12/2007 17:06:37
C:\WINDOWS\System32\perfc00C.dat -->4/12/2007 17:06:37
C:\WINDOWS\System32\perfc009.dat -->4/12/2007 17:06:37
C:\WINDOWS\System32\wpa.dbl -->1/12/2007 17:22:31
C:\WINDOWS\System32\CmdLineExt.dll -->28/11/2007 13:46:20
C:\WINDOWS\System32\FNTCACHE.DAT -->11/11/2007 11:39:51
C:\WINDOWS\System32
scompat.tlb -->2/11/2007 11:59:45
C:\WINDOWS\System32\amcompat.tlb -->2/11/2007 11:59:45
C:\WINDOWS\System32\MRT.exe -->2/11/2007 8:12:57
C:\WINDOWS\System32\xpsp3res.dll -->29/10/2007 16:07:16
C:\WINDOWS\System32\shell32.dll -->25/10/2007 17:43:25
C:\WINDOWS\System32\sirenacm.dll -->18/10/2007 11:31:46
C:\WINDOWS\System32\TZLog.log -->12/09/2007 14:43:42
C:\WINDOWS\System32\shlwapi.dll -->22/08/2007 14:13:08
C:\WINDOWS\System32\shdocvw.dll -->22/08/2007 14:13:08
C:\WINDOWS\System32\danim.dll -->22/08/2007 14:13:05
C:\WINDOWS\System32\cdfview.dll -->22/08/2007 14:13:05
C:\WINDOWS\System32\browseui.dll -->22/08/2007 14:13:05
C:\WINDOWS\System32\inetcomm.dll -->21/08/2007 7:17:23
C:\WINDOWS\System32\mshtml.dll -->20/08/2007 15:29:32
C:\WINDOWS\System32\wininet.dll -->20/08/2007 10:59:31
C:\WINDOWS\System32\webcheck.dll -->20/08/2007 10:59:31

C:\WINDOWS\QTFont.qfn -->7/12/2007 17:39:52
C:\WINDOWS\WindowsUpdate.log -->7/12/2007 17:38:21
C:\WINDOWS\0.log -->7/12/2007 17:35:12
C:\WINDOWS\bootstat.dat -->7/12/2007 17:33:46
C:\WINDOWS\SchedLgU.Txt -->7/12/2007 17:32:39
C:\WINDOWS\setupapi.log -->7/12/2007 17:31:33
C:\WINDOWS	soc.log -->5/12/2007 16:47:38
C:\WINDOWS	abletoc.log -->5/12/2007 16:47:38
C:\WINDOWS\ocmsn.log -->5/12/2007 16:47:38
C:\WINDOWS
tdtcsetup.log -->5/12/2007 16:47:38
C:\WINDOWS\KB938127-IE7.log -->5/12/2007 16:47:38
C:\WINDOWS\imsins.log -->5/12/2007 16:47:38
C:\WINDOWS\iis6.log -->5/12/2007 16:47:38
C:\WINDOWS\comsetup.log -->5/12/2007 16:47:38
C:\WINDOWS\ocgen.log -->5/12/2007 16:47:37

g!rly · Answer

salut emiliano

fais ceci :

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

@+

emiliendiego · Answer

SDFix: Version 1.117

Run by Emilien on ven. 07/12/2007 at 22:25

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\Emilien\Bureau\SDFix

Safe Mode:
Checking Services: 


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files: 

Trojan Files Found:

C:\Documents and Settings\Emilien\Favoris\Online Security Guide.lnk - Deleted
C:\Documents and Settings\Emilien
ew.txt  - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found. 

C:\WINDOWS\system32
No streams found. 

C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32
toskrnl.exe
No streams found.
 


                                 Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-07 22:41:05
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e1,16,65,b7,89,4a,06,f8,21,e4,f5,64,9e,46,70,d2,1f,c2,53,ab,e3,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,27,dd,09,a2,3c,f3,63,ee,3b,24,68,3d,79,dc,22,d7,39,..
"khjeh"=hex:20,00,84,c6,8d,e8,7b,b6,02,42,28,e1,96,19,c2,d2,5c,a5,89,39,80,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ef,54,63,d8,95,66,77,22,f0,66,59,b2,46,d2,66,2a,d0,03,39,e2,d8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e1,16,65,b7,89,4a,06,f8,21,e4,f5,64,9e,46,70,d2,1f,c2,53,ab,e3,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,27,dd,09,a2,3c,f3,63,ee,3b,24,68,3d,79,dc,22,d7,39,..
"khjeh"=hex:20,00,84,c6,8d,e8,7b,b6,02,42,28,e1,96,19,c2,d2,5c,a5,89,39,80,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ef,54,63,d8,95,66,77,22,f0,66,59,b2,46,d2,66,2a,d0,03,39,e2,d8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e1,16,65,b7,89,4a,06,f8,21,e4,f5,64,9e,46,70,d2,1f,c2,53,ab,e3,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,27,dd,09,a2,3c,f3,63,ee,3b,24,68,3d,79,dc,22,d7,39,..
"khjeh"=hex:20,00,84,c6,8d,e8,7b,b6,02,42,28,e1,96,19,c2,d2,5c,a5,89,39,80,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ef,54,63,d8,95,66,77,22,f0,66,59,b2,46,d2,66,2a,d0,03,39,e2,d8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e1,16,65,b7,89,4a,06,f8,21,e4,f5,64,9e,46,70,d2,1f,c2,53,ab,e3,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,27,dd,09,a2,3c,f3,63,ee,3b,24,68,3d,79,dc,22,d7,39,..
"khjeh"=hex:20,00,84,c6,8d,e8,7b,b6,02,42,28,e1,96,19,c2,d2,5c,a5,89,39,80,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ef,54,63,d8,95,66,77,22,f0,66,59,b2,46,d2,66,2a,d0,03,39,e2,d8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e1,16,65,b7,89,4a,06,f8,21,e4,f5,64,9e,46,70,d2,1f,c2,53,ab,e3,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,27,dd,09,a2,3c,f3,63,ee,3b,24,68,3d,79,dc,22,d7,39,..
"khjeh"=hex:20,00,84,c6,8d,e8,7b,b6,02,42,28,e1,96,19,c2,d2,5c,a5,89,39,80,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ef,54,63,d8,95,66,77,22,f0,66,59,b2,46,d2,66,2a,d0,03,39,e2,d8,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
"CategoryMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:74,b7,9e,4a,c3,b3,ae,cb,b2,2c,39,ca,44,90,41,5e,5d,44,a2,c4,92,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,27,dd,09,a2,3c,f3,63,ee,3b,24,68,3d,79,dc,22,d7,39,..
"khjeh"=hex:09,66,77,61,b2,b4,34,fb,43,61,f3,b8,82,7b,12,51,c6,a1,1a,1a,f6,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c0,c3,e4,34,11,47,7c,69,46,6d,c4,67,f3,9e,6b,02,62,c8,01,81,10,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:00,64,00,03,94,95,8e,d7,8e,aa,d6,b1,cd,4b,c9,6c,cb,db,84,eb,1c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:74,b7,9e,4a,c3,b3,ae,cb,b2,2c,39,ca,44,90,41,5e,5d,44,a2,c4,92,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,27,dd,09,a2,3c,f3,63,ee,3b,24,68,3d,79,dc,22,d7,39,..
"khjeh"=hex:09,66,77,61,b2,b4,34,fb,43,61,f3,b8,82,7b,12,51,c6,a1,1a,1a,f6,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c0,c3,e4,34,11,47,7c,69,46,6d,c4,67,f3,9e,6b,02,62,c8,01,81,10,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:00,64,00,03,94,95,8e,d7,8e,aa,d6,b1,cd,4b,c9,6c,cb,db,84,eb,1c,..

scanning hidden registry entries ...

scanning hidden files ...

C:\Documents and Settings\Emilien\Local Settings\Application Data\Microsoft\Messenger\bullrot111@hotmail.com\SharingMetadata\didil333@hotmail.com\DFSR\Staging\CS{3CA97CFB-72D5-4569-73C4-D43CC8A8CBBC}\01\15-{3CA97CFB-72D5-4569-73C4-D43CC8A8CBBC}-v1-{41DF30AC-7CAA-44F7-867F-27E2327EB055}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Emilien\Local Settings\Application Data\Microsoft\Messenger\bullrot111@hotmail.com\SharingMetadata\jeanrobertbrogniet@hotmail.com\DFSR\Staging\CS{0BA9F22A-74CA-14AB-8226-CBEEF9DEF4C2}\01\10-{0BA9F22A-74CA-14AB-8226-CBEEF9DEF4C2}-v1-{41DF30AC-7CAA-44F7-867F-27E2327EB055}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 2


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Firefly Studios\CivCity Rome\CivCity Rome.exe"="C:\Program Files\Firefly Studios\CivCity Rome\CivCity Rome.exe:*:Enabled:CivCity Rome"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\Emilien\Bureau\SDFix\backups\backups.zip

Files with Hidden Attributes:

Thu 21 Dec 2006         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu  3 May 2007        45,056 ...H. --- "C:\Documents and Settings\myriam\Mes documents\~WRL0003.tmp"
Sat 30 Jun 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 30 Sep 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Wed 17 Oct 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\388e66e644283db0233c4a98f2fd08a0\BIT146.tmp"
Thu 20 Sep 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT3.tmp"
Wed 28 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\895429730abf1e933cbabe1c3fad3173\BIT3.tmp"

Finished!

g!rly · Answer

re,

bien joué ,-)

peux tu reposter un combofix stp

@+

emiliano · Answer

je n'arrive plus à faire un combofix! soit le site ne fonctionne pas soit mcafee me le supprime parsqu'il y aurai un cheval de troie dedans.

que dois je faire ?

g!rly · Answer

salut 

deconnect toi du net et arrete mc afee et passe combofix

je regarderais ca demain

bonne nuit

@+

emiliano · Answer

maintenant que j'ai pu le telecharger mon ordinateur ne veut plus  le lancer je n'ai pas l'icone du combofix mais l'icone d'un fichiers que tu sais pas vraiment utilser ( rectangle blanc avec une petite barre bleu au dessus)

g!rly · Answer

salut emiliano,

supprime ce que tu as sur ton bueau et reprends le ici :

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe      

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

@+

emiliendiego · Answer

ComboFix 07-12-08.1 - Emilien 2007-12-08 19:53:16.4 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.333 [GMT 1:00] Running from: C:\Documents and Settings\Emilien\Bureau\ComboFix.exe * Created a new restore point . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Emilien\Application Data\macromedia\Flash Player\#SharedObjects\H4XYMQXH\iforex.com C:\Documents and Settings\Emilien\Application Data\macromedia\Flash Player\#SharedObjects\H4XYMQXH\iforex.com\Emerp\Events\flash_object.swf\user_data.sol C:\Documents and Settings\Emilien\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com C:\Documents and Settings\Emilien\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol . ((((((((((((((((((((((((((((( Fichiers créés 2007-11-08 to 2007-12-08 )))))))))))))))))))))))))))))))))))) . 2007-12-07 22:24 . 2007-12-07 22:24 d-------- C:\WINDOWS\ERUNT 2007-12-05 16:17 . 2007-12-05 16:24 1,005 --a------ C:\WINDOWS\Active Setup Log.BAK 2007-12-05 15:52 . 2007-12-05 15:52 d-------- C:\WINDOWS\system32\fr-fr 2007-12-05 15:31 . 2007-08-20 10:59 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-12-05 15:31 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-12-05 15:31 . 2007-03-08 06:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2007-12-05 15:31 . 2007-08-20 10:59 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-12-05 15:31 . 2007-08-20 10:59 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-12-05 15:31 . 2007-08-20 10:59 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-12-05 15:31 . 2007-08-20 10:59 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2007-12-05 15:31 . 2007-08-20 10:59 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-12-05 15:31 . 2007-08-17 11:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-12-05 15:28 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll 2007-12-04 20:59 . 2007-12-05 12:59 d-------- C:\Program Files\Hijackthis Version Française 2007-12-04 20:29 . 2007-12-04 20:29 d-------- C:\Program Files\Lavasoft 2007-12-04 20:28 . 2007-12-04 20:28 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-04 19:06 . 2007-12-04 19:06 d-------- C:\Documents and Settings\myriam\Application Data\Grisoft 2007-12-04 19:05 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-12-04 17:05 . 2007-12-07 18:02 d-------- C:\Program Files\Spyware Doctor 2007-12-04 17:05 . 2007-12-04 17:05 d-------- C:\Documents and Settings\myriam\Application Data\PC Tools 2007-12-04 17:05 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-12-04 17:05 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-12-04 17:05 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-12-04 17:05 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-12-04 17:05 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-12-04 16:51 . 2007-12-07 21:16 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2007-12-03 21:15 . 2007-12-03 21:15 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2007-12-03 20:23 . 2007-12-03 20:46 d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2007-11-28 16:11 . 2007-11-28 16:11 d-------- C:\Documents and Settings\All Users\Application Data\Firefly Studios 2007-11-28 13:46 . 2007-11-28 13:46 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-11-28 13:45 . 2007-11-28 13:45 d-------- C:\Program Files\GameShadow 2007-11-28 13:44 . 2007-11-28 13:44 d-------- C:\WINDOWS\Downloaded Installations 2007-11-28 13:33 . 2007-11-28 13:33 d-------- C:\Program Files\Firefly Studios 2007-11-15 21:12 . 2007-11-15 21:15 d-------- C:\Program Files\CDRWIN 6 2007-11-15 21:11 . 2007-12-04 20:27 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-11-09 11:56 . 2007-11-09 11:56 d-------- C:\WINDOWS\Profiles 2007-11-09 11:55 . 2007-11-09 11:55 d-------- C:\WINDOWS\system32\Adobe 2007-11-09 11:55 . 2007-11-09 11:55 d-------- C:\Program Files\Fichiers communs\Adobe 2007-11-09 11:55 . 2007-11-09 11:55 d-------- C:\Program Files\directx 2007-11-09 11:55 . 2007-11-09 11:55 d-------- C:\Documents and Settings\Emilien\Application Data\InterTrust 2007-11-09 11:55 . 1998-10-07 13:54 327,168 --a------ C:\WINDOWS\IsUn0415.exe 2007-11-09 11:51 . 2007-11-09 11:51 d-------- C:\Program Files\Enlight Software . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-05 17:55 --------- d-----w C:\Program Files\Adverts 2007-12-04 19:35 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2007-12-04 19:35 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-12-04 15:51 --------- d-----w C:\Program Files\Google 2007-12-03 20:08 --------- d-----w C:\Program Files\Windows Live 2007-12-03 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-12-01 20:43 --------- d-----w C:\Documents and Settings\Emilien\Application Data\Azureus 2007-11-28 12:33 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-26 14:01 --------- d-----w C:\Documents and Settings\maxime\Application Data\Apple Computer 2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll 2007-10-16 18:55 --------- d-----w C:\Program Files\Azureus 2007-10-10 08:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bags Plus Online Chin 2007-10-09 14:11 --------- d-----w C:\Documents and Settings\maurice\Application Data\Sports Interactive 2007-10-08 20:05 --------- d-----w C:\Program Files\LimeWire 2005-05-10 18:49 37,376 ----a-w C:\WINDOWS\inf\hpz3l3xu.dll 2005-05-10 18:49 1,055,232 ----a-w C:\WINDOWS\inf\hpz3r3xu.dll 2005-05-10 18:48 72,192 ----a-w C:\WINDOWS\inf\hpzpr3xu.dll 2005-05-10 18:48 67,072 ----a-w C:\WINDOWS\inf\hpzpp3xu.dll 2005-05-10 18:48 515,584 ----a-w C:\WINDOWS\inf\hpzev3xu.dll 2005-05-10 18:48 1,963,008 ----a-w C:\WINDOWS\inf\hpzui3xu.dll 2005-05-10 18:48 1,264,640 ----a-w C:\WINDOWS\inf\hpz3a3xu.dll 2005-05-10 18:20 557,056 ----a-w C:\WINDOWS\inf\hpzss3xu.dll 2005-05-10 17:22 2,954,752 ----a-w C:\WINDOWS\inf\hpzst3xu.dll 2005-04-27 18:37 77,824 ----a-w C:\WINDOWS\inf\hpzids01.dll 2005-03-22 13:31 1,323,008 ----a-w C:\WINDOWS\inf\hpbcfgre.dll 2005-03-08 11:52 21,744 ----a-w C:\WINDOWS\inf\HPZius12.sys 2005-03-08 11:52 16,800 ----a-w C:\WINDOWS\inf\hppaufd0.sys 2005-02-21 15:58 7,718,400 ----a-w C:\WINDOWS\inf\hpfig3xu.dll 2005-02-21 15:58 177,152 ----a-w C:\WINDOWS\inf\hpfie3xu.dll 2005-02-04 17:09 16,384 ----a-w C:\WINDOWS\inf\hpfrs3xu.dll 2004-09-30 08:49 274,432 ----a-w C:\WINDOWS\inf\HPZc3212.dll 2004-09-29 23:27 16,880 ----a-w C:\WINDOWS\inf\ctpdusb.sys 2004-09-29 11:38 18,336 ----a-w C:\WINDOWS\inf\hpzuci12.dll 2004-09-28 12:18 200,704 ----a-w C:\WINDOWS\inf\CTPdeSrv.exe 2004-09-28 12:09 28,672 ----a-w C:\WINDOWS\inf\PdeSrvps.dll 2004-09-28 12:09 233,472 ----a-w C:\WINDOWS\inf\CTPmsMan.dll 2004-09-15 14:27 385,109 ----a-w C:\WINDOWS\inf\ctjb2sp.dll 2004-08-15 23:02 28,672 ----a-w C:\WINDOWS\inf\Jb4Inst.dll 2004-08-04 10:24 620,544 ----a-w C:\WINDOWS\inf\UNIRES.DLL 2004-06-29 13:06 659,456 ----a-w C:\WINDOWS\inf\hpcdmc32.dll 2003-11-04 23:00 49,152 ----a-w C:\WINDOWS\inf\ctpde.dll 2003-10-17 03:52 754,560 ----a-w C:\WINDOWS\inf\cmuda.sys 2003-10-15 10:37 114,688 ----a-w C:\WINDOWS\inf\cmuda.dll 2003-10-15 08:26 1,454,080 ----a-w C:\WINDOWS\inf\SMWIZARD.EXE 2003-08-20 10:46 233,472 ----a-w C:\WINDOWS\inf\cmirmdrv.exe 2003-07-31 12:15 143,360 ----a-w C:\WINDOWS\inf\CTPmsWma.dll 2003-04-24 05:29 32,768 ----a-w C:\WINDOWS\inf\udaprop.dll 2003-02-18 10:26 28,672 ----a-w C:\WINDOWS\inf\cmirmdrv.dll 2002-11-19 11:17 65,536 ----a-w C:\WINDOWS\inf\carpdll.dll 2002-11-19 11:17 4,608 ----a-w C:\WINDOWS\inf\carpserv.exe 2002-11-19 11:17 22,400 ----a-w C:\WINDOWS\inf\strmdisp.sys 2002-11-19 11:13 166,144 ----a-w C:\WINDOWS\inf\HSFHWBS2.sys 2002-11-19 11:11 585,472 ----a-w C:\WINDOWS\inf\HSF_CNXT.sys 2002-11-19 11:09 1,067,008 ----a-w C:\WINDOWS\inf\HSF_DP.sys 2002-11-12 02:59 479,232 ----a-w C:\WINDOWS\inf\HXFSetup.exe 2002-11-07 06:56 11,011 ----a-w C:\WINDOWS\inf\mdmxsdk.sys 2002-11-07 05:47 69,632 ----a-w C:\WINDOWS\inf\mdmxsdk.dll 2002-10-29 09:33 27,786 ----a-w C:\WINDOWS\inf\HSFCI005.dll 2002-08-29 09:45 252,416 ----a-w C:\WINDOWS\inf\unidrv.dll 2002-08-29 09:45 199,168 ----a-w C:\WINDOWS\inf\unidrvui.dll 2002-07-10 15:39 32,256 ----a-w C:\WINDOWS\inf\sisnic.sys 2002-04-29 07:04 917,504 ----a-w C:\WINDOWS\inf\CMIDS3D.DLL 2002-02-18 23:00 32,768 ----a-w C:\WINDOWS\inf\PdePgHlp.dll 2001-12-31 16:04 5,099,520 ----a-w C:\WINDOWS\inf\nvoglnt.dll 2001-12-31 16:04 46,080 ----a-w C:\WINDOWS\inf\nvmctray.dll 2001-12-31 16:04 4,130,560 ----a-w C:\WINDOWS\inf\nv4_disp.dll 2001-12-31 16:04 38,400 ----a-w C:\WINDOWS\inf\nvwddi.dll 2001-12-31 16:04 32,256 ----a-w C:\WINDOWS\inf\nvcodins.dll 2001-12-31 16:04 32,256 ----a-w C:\WINDOWS\inf\nvcod.dll 2001-12-31 16:04 3,756,032 ----a-w C:\WINDOWS\inf\nvcpl.dll 2001-12-31 16:04 241,664 ----a-w C:\WINDOWS\inf\nvnt4cpl.dll 2001-12-31 16:04 2,167,552 ----a-w C:\WINDOWS\inf\nv4_mini.sys 2001-12-31 16:04 114,755 ----a-w C:\WINDOWS\inf\nvsvc32.exe 2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL 2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\Audio3D.dll 2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\a3d.dll 2001-08-23 03:00 4,608 ----a-w C:\WINDOWS\inf\mspqm.sys 2001-08-07 02:53 37,376 ----a-w C:\WINDOWS\inf\uninst.exe . ((((((((((((((((((((((((((((( snapshot@2007-12-04_22.27.57.76 ))))))))))))))))))))))))))))))))))))))))) . - 2006-12-19 21:49:47 8,509,952 -c----w C:\WINDOWS\$NtUninstallKB943460$\shell32.dll - 2007-08-21 10:53:25 121,856 -c----w C:\WINDOWS\$NtUninstallKB943460$\xpsp3res.dll - 2007-11-27 02:58:11 140,288 ----a-w C:\WINDOWS\catchme.exe + 2007-12-08 02:32:45 141,824 ----a-w C:\WINDOWS\catchme.exe + 2007-12-05 19:19:42 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2007-12-07 21:24:54 5,459,968 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT + 2007-12-07 21:24:54 495,616 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat + 2007-12-05 19:19:42 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2007-12-07 21:24:40 5,459,968 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT + 2007-12-07 21:24:41 495,616 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat + 2004-08-19 14:09:20 61,440 -c----w C:\WINDOWS\ie7\admparse.dll + 2004-08-19 14:09:20 101,888 -c----w C:\WINDOWS\ie7\advpack.dll + 2004-08-19 14:09:22 35,328 -c----w C:\WINDOWS\ie7\corpol.dll + 2006-06-02 19:32:20 33,792 -c----w C:\WINDOWS\ie7\custsat.dll + 2007-08-22 13:13:05 357,888 -c----w C:\WINDOWS\ie7\dxtmsft.dll + 2007-08-22 13:13:05 205,312 -c----w C:\WINDOWS\ie7\dxtrans.dll + 2007-08-22 13:13:05 55,808 -c----w C:\WINDOWS\ie7\extmgr.dll + 2004-08-19 14:09:28 38,912 -c----w C:\WINDOWS\ie7\hmmapi.dll + 2004-08-19 14:09:56 34,304 -c----w C:\WINDOWS\ie7\ie4uinit.exe + 2004-08-19 14:09:28 139,264 -c----w C:\WINDOWS\ie7\ieakeng.dll + 2004-08-19 14:09:28 221,696 -c----w C:\WINDOWS\ie7\ieaksie.dll + 2001-09-28 13:00:00 245,760 -c----w C:\WINDOWS\ie7\ieakui.dll + 2004-08-19 14:09:28 323,584 -c----w C:\WINDOWS\ie7\iedkcs32.dll + 2007-08-21 10:30:45 18,432 -c----w C:\WINDOWS\ie7\iedw.exe + 2004-08-19 14:09:28 81,920 -c----w C:\WINDOWS\ie7\ieencode.dll + 2007-08-22 13:13:05 251,392 -c----w C:\WINDOWS\ie7\iepeers.dll + 2004-08-19 14:09:28 49,152 -c----w C:\WINDOWS\ie7\iernonce.dll + 2004-08-19 14:09:28 63,488 -c----w C:\WINDOWS\ie7\iesetup.dll + 2004-08-19 14:09:56 93,184 -c----w C:\WINDOWS\ie7\iexplore.exe + 2004-08-19 14:09:30 35,840 -c----w C:\WINDOWS\ie7\imgutil.dll + 2007-08-22 13:13:06 96,768 -c----w C:\WINDOWS\ie7\inseng.dll + 2006-05-18 05:31:21 450,560 -c----w C:\WINDOWS\ie7\jscript.dll + 2007-08-22 13:13:06 16,384 -c----w C:\WINDOWS\ie7\jsproxy.dll + 2004-08-19 14:09:32 22,528 -c----w C:\WINDOWS\ie7\licmgr10.dll + 2004-08-19 14:10:00 29,184 -c----w C:\WINDOWS\ie7\mshta.exe + 2007-08-22 13:13:07 3,079,168 -c----w C:\WINDOWS\ie7\mshtml.dll + 2007-08-22 13:13:07 449,024 -c----w C:\WINDOWS\ie7\mshtmled.dll + 2004-08-19 14:08:28 57,344 -c----w C:\WINDOWS\ie7\mshtmler.dll + 2001-09-28 13:00:00 146,432 -c----w C:\WINDOWS\ie7\msls31.dll + 2007-08-22 13:13:07 146,432 -c----w C:\WINDOWS\ie7\msrating.dll + 2007-08-22 13:13:07 532,480 -c----w C:\WINDOWS\ie7\mstime.dll + 2004-08-19 14:09:38 97,280 -c----w C:\WINDOWS\ie7\occache.dll + 2007-08-22 13:13:07 39,424 -c----w C:\WINDOWS\ie7\pngfilt.dll + 2007-08-13 17:54:42 32,960 -c----w C:\WINDOWS\ie7\spuninst\iecustom.dll + 2007-08-13 17:52:06 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe + 2006-09-06 16:43:16 213,216 -c----w C:\WINDOWS\ie7\spuninst\spuninst.exe + 2006-09-06 16:43:18 371,424 -c----w C:\WINDOWS\ie7\spuninst\updspapi.dll + 2004-08-19 14:09:48 37,888 -c----w C:\WINDOWS\ie7\url.dll + 2007-08-22 13:13:08 617,472 -c----w C:\WINDOWS\ie7\urlmon.dll + 2004-08-19 14:09:48 417,792 -c----w C:\WINDOWS\ie7\vbscript.dll + 2007-06-26 13:56:54 851,968 -c----w C:\WINDOWS\ie7\vgx.dll + 2004-08-19 14:09:48 281,600 -c----w C:\WINDOWS\ie7\webcheck.dll + 2007-08-22 13:13:08 663,040 -c----w C:\WINDOWS\ie7\wininet.dll + 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe + 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll + 2007-08-13 17:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll + 2007-08-13 17:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll + 2007-08-13 17:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll.000 + 2007-08-13 17:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\dxtrans.dll + 2007-08-13 17:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\extmgr.dll + 2007-08-13 17:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\icardie.dll + 2007-08-13 17:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe + 2007-08-13 17:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe.000 + 2007-08-13 17:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll + 2007-08-13 17:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll.000 + 2007-08-13 17:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll + 2007-08-13 17:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll.000 + 2007-08-13 16:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieakui.dll + 2007-02-12 15:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dat + 2007-07-11 11:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dll + 2007-08-13 17:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll + 2007-08-13 17:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll.000 + 2007-08-13 17:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieframe.dll + 2007-08-13 17:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll + 2007-08-13 17:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll.000 + 2007-08-13 17:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iertutil.dll + 2007-08-13 17:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieudinit.exe + 2007-08-13 17:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe + 2007-08-13 17:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe.000 + 2007-08-13 17:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\jsproxy.dll + 2007-08-13 17:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msfeeds.dll + 2007-08-13 17:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msfeedsbs.dll + 2007-08-13 17:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mshtml.dll + 2007-08-13 17:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mshtmled.dll + 2007-08-13 17:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msrating.dll + 2007-08-13 17:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mstime.dll + 2007-08-13 17:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll + 2007-08-13 17:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll.000 + 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe + 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\updspapi.dll + 2007-08-13 17:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\url.dll + 2007-08-13 17:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\url.dll.000 + 2007-08-13 17:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\urlmon.dll + 2007-08-13 17:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll + 2007-08-13 17:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll.000 + 2007-08-13 17:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll + 2006-06-02 19:32:20 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll + 2006-10-10 12:44:50 557,568 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe + 2007-06-29 16:34:24 187,422 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Config\Cache\Professional_32_1036.dat + 2007-06-29 16:34:24 187,422 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Config\Cache\Professional_32_1036.dat.bak - 2004-08-19 14:09:20 61,440 ----a-w C:\WINDOWS\system32\admparse.dll + 2007-08-13 17:39:20 71,680 ----a-w C:\WINDOWS\system32\admparse.dll - 2004-08-19 14:09:20 101,888 ----a-w C:\WINDOWS\system32\advpack.dll + 2007-08-20 09:59:29 124,928 ----a-w C:\WINDOWS\system32\advpack.dll + 2007-08-13 17:39:20 71,680 -c----w C:\WINDOWS\system32\dllcache\admparse.dll + 2007-08-20 09:59:29 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll + 2007-08-13 17:42:54 17,408 -c----w C:\WINDOWS\system32\dllcache\corpol.dll - 2007-08-22 13:13:05 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll + 2007-08-13 17:35:46 346,624 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll - 2007-08-22 13:13:05 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2007-08-20 09:59:29 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll - 2007-08-22 13:13:05 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll + 2007-08-20 09:59:29 132,608 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll + 2007-08-13 17:18:02 60,416 -c----w C:\WINDOWS\system32\dllcache\hmmapi.dll + 2007-08-17 10:22:11 63,488 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe + 2007-08-20 09:59:29 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll + 2007-08-20 09:59:29 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll - 2001-09-28 13:00:00 245,760 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll + 2007-08-17 07:34:25 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll + 2007-08-20 09:59:29 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll - 2007-08-21 10:30:45 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe + 2007-08-13 17:44:02 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe + 2007-08-13 17:45:18 78,336 -c----w C:\WINDOWS\system32\dllcache\ieencode.dll - 2007-08-22 13:13:05 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll + 2007-08-13 17:54:10 191,488 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll + 2007-08-20 09:59:29 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll + 2007-08-13 17:39:12 55,296 -c----w C:\WINDOWS\system32\dllcache\iesetup.dll + 2007-08-17 10:22:32 625,152 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe + 2007-08-13 17:36:06 36,352 -c----w C:\WINDOWS\system32\dllcache\imgutil.dll - 2007-08-22 13:13:06 96,768 -c----w C:\WINDOWS\system32\dllcache\inseng.dll + 2007-08-13 17:39:02 92,672 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll - 2006-05-18 05:31:21 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll + 2007-08-13 17:38:04 491,520 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll - 2007-08-22 13:13:06 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2007-08-20 09:59:30 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2007-08-13 17:44:18 40,960 -c----w C:\WINDOWS\system32\dllcache\licmgr10.dll + 2007-08-13 17:32:30 45,568 -c----w C:\WINDOWS\system32\dllcache\mshta.exe - 2007-08-22 13:13:07 3,079,168 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll + 2007-08-20 14:29:32 3,584,512 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll - 2007-08-22 13:13:07 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll + 2007-08-20 09:59:30 477,696 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll + 2007-08-13 17:01:12 48,128 -c----w C:\WINDOWS\system32\dllcache\mshtmler.dll - 2001-09-28 13:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll + 2007-08-13 17:54:10 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll - 2007-08-22 13:13:07 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll + 2007-08-20 09:59:30 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll - 2007-08-22 13:13:07 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll + 2007-08-20 09:59:30 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll + 2007-08-20 09:59:31 102,400 -c----w C:\WINDOWS\system32\dllcache\occache.dll - 2007-08-22 13:13:07 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll + 2007-08-13 17:36:12 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll - 2007-10-25 16:56:24 8,510,976 -c----w C:\WINDOWS\system32\dllcache\shell32.dll + 2007-10-25 16:43:25 8,516,608 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll + 2007-08-20 09:59:31 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll - 2007-08-22 13:13:08 617,472 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll + 2007-08-20 09:59:31 1,152,000 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll + 2007-08-13 17:54:10 413,696 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll - 2007-06-26 13:56:54 851,968 -c----w C:\WINDOWS\system32\dllcache\vgx.dll + 2007-07-12 23:30:52 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll + 2007-08-20 09:59:31 232,960 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll - 2007-08-22 13:13:08 663,040 -c----w C:\WINDOWS\system32\dllcache\wininet.dll + 2007-08-20 09:59:31 824,832 -c----w C:\WINDOWS\system32\dllcache\wininet.dll + 2004-08-03 21:00:08 29,056 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys - 2007-08-22 13:13:05 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll + 2007-08-13 17:35:46 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll - 2007-08-22 13:13:05 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll + 2007-08-20 09:59:29 214,528 ------w C:\WINDOWS\system32\dxtrans.dll - 2007-08-22 13:13:05 55,808 ------w C:\WINDOWS\system32\extmgr.dll + 2007-08-20 09:59:29 132,608 ------w C:\WINDOWS\system32\extmgr.dll + 2007-08-20 09:59:29 63,488 ----a-w C:\WINDOWS\system32\icardie.dll + 2006-06-29 07:05:44 26,112 ------w C:\WINDOWS\system32\idndl.dll - 2004-08-19 14:09:56 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe + 2007-08-17 10:22:11 63,488 ------w C:\WINDOWS\system32\ie4uinit.exe - 2004-08-19 14:09:28 139,264 ----a-w C:\WINDOWS\system32\ieakeng.dll + 2007-08-20 09:59:29 153,088 ------w C:\WINDOWS\system32\ieakeng.dll - 2004-08-19 14:09:28 221,696 ----a-w C:\WINDOWS\system32\ieaksie.dll + 2007-08-20 09:59:29 230,400 ------w C:\WINDOWS\system32\ieaksie.dll - 2001-09-28 13:00:00 245,760 ----a-w C:\WINDOWS\system32\ieakui.dll + 2007-08-17 07:34:25 161,792 ------w C:\WINDOWS\system32\ieakui.dll + 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat + 2007-08-20 09:59:29 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll - 2004-08-19 14:09:28 323,584 ----a-w C:\WINDOWS\system32\iedkcs32.dll + 2007-08-20 09:59:29 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll - 2004-08-19 14:09:28 81,920 ------w C:\WINDOWS\system32\ieencode.dll + 2007-08-13 17:45:18 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll + 2007-08-20 09:59:29 6,058,496 ----a-w C:\WINDOWS\system32\ieframe.dll - 2007-08-22 13:13:05 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll + 2007-08-13 17:54:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll - 2004-08-19 14:09:28 49,152 ----a-w C:\WINDOWS\system32\iernonce.dll + 2007-08-20 09:59:29 44,544 ------w C:\WINDOWS\system32\iernonce.dll + 2007-08-20 09:59:30 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll - 2004-08-19 14:09:28 63,488 ----a-w C:\WINDOWS\system32\iesetup.dll + 2007-08-13 17:39:12 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll + 2007-08-17 10:20:54 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe + 2007-08-13 17:54:10 180,736 ------w C:\WINDOWS\system32\ieui.dll - 2004-08-19 14:09:30 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll + 2007-08-13 17:36:06 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll - 2007-08-22 13:13:06 96,768 ----a-w C:\WINDOWS\system32\inseng.dll + 2007-08-13 17:39:02 92,672 ----a-w C:\WINDOWS\system32\inseng.dll - 2006-05-18 05:31:21 450,560 ----a-w C:\WINDOWS\system32\jscript.dll + 2007-08-13 17:38:04 491,520 ----a-w C:\WINDOWS\system32\jscript.dll - 2007-08-22 13:13:06 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2007-08-20 09:59:30 27,648 ------w C:\WINDOWS\system32\jsproxy.dll - 2004-08-19 14:09:32 22,528 ----a-w C:\WINDOWS\system32\licmgr10.dll + 2007-08-13 17:44:18 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll + 2007-08-20 09:59:30 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll + 2007-08-20 09:59:30 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll + 2007-08-13 17:36:40 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe - 2004-08-19 14:10:00 29,184 ----a-w C:\WINDOWS\system32\mshta.exe + 2007-08-13 17:32:30 45,568 ----a-w C:\WINDOWS\system32\mshta.exe - 2007-08-22 13:13:07 3,079,168 ----a-w C:\WINDOWS\system32\mshtml.dll + 2007-08-20 14:29:32 3,584,512 ----a-w C:\WINDOWS\system32\mshtml.dll - 2007-08-22 13:13:07 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll + 2007-08-20 09:59:30 477,696 ------w C:\WINDOWS\system32\mshtmled.dll - 2004-08-19 14:08:28 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll + 2007-08-13 17:01:12 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll - 2001-09-28 13:00:00 146,432 ----a-w C:\WINDOWS\system32\msls31.dll + 2007-08-13 17:54:10 156,160 ----a-w C:\WINDOWS\system32\msls31.dll - 2007-08-22 13:13:07 146,432 ----a-w C:\WINDOWS\system32\msrating.dll + 2007-08-20 09:59:30 193,024 ------w C:\WINDOWS\system32\msrating.dll - 2007-08-22 13:13:07 532,480 ----a-w C:\WINDOWS\system32\mstime.dll + 2007-08-20 09:59:30 671,232 ------w C:\WINDOWS\system32\mstime.dll + 2006-06-28 16:59:26 24,576 ------w C:\WINDOWS\system32\nlsdl.dll + 2006-06-29 07:05:44 23,552 ------w C:\WINDOWS\system32\normaliz.dll - 2004-08-19 14:09:38 97,280 ----a-w C:\WINDOWS\system32\occache.dll + 2007-08-20 09:59:31 102,400 ------w C:\WINDOWS\system32\occache.dll - 2007-08-22 13:13:07 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll + 2007-08-13 17:36:12 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll - 2007-10-25 16:56:24 8,510,976 ----a-w C:\WINDOWS\system32\shell32.dll + 2007-10-25 16:43:25 8,516,608 ----a-w C:\WINDOWS\system32\shell32.dll - 2004-08-19 14:09:48 37,888 ----a-w C:\WINDOWS\system32\url.dll + 2007-08-20 09:59:31 105,984 ----a-w C:\WINDOWS\system32\url.dll - 2007-08-22 13:13:08 617,472 ----a-w C:\WINDOWS\system32\urlmon.dll + 2007-08-20 09:59:31 1,152,000 ----a-w C:\WINDOWS\system32\urlmon.dll - 2004-08-19 14:09:48 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll + 2007-08-13 17:54:10 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll - 2004-08-19 14:09:48 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll + 2006-03-24 04:37:52 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll - 2004-08-19 14:09:48 281,600 ----a-w C:\WINDOWS\system32\webcheck.dll + 2007-08-20 09:59:31 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll + 2007-08-13 17:45:16 206,336 ------w C:\WINDOWS\system32\WinFXDocObj.exe - 2007-08-22 13:13:08 663,040 ----a-w C:\WINDOWS\system32\wininet.dll + 2007-08-20 09:59:31 824,832 ----a-w C:\WINDOWS\system32\wininet.dll + 2006-07-14 15:51:51 121,856 ------w C:\WINDOWS\system32\xmllite.dll - 2007-10-29 15:35:14 121,856 ----a-w C:\WINDOWS\system32\xpsp3res.dll + 2007-10-29 15:07:16 369,152 ----a-w C:\WINDOWS\system32\xpsp3res.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\flash] @={AFCE5F03-76B3-92AE-630C-0ED5D3256EE8} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Offline Files] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29] "DvdGrid"="C:\DOCUME~1\Emilien\APPLIC~1\KNOBCI~1\body way mail.exe" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18] "VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49] "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29] "MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05] "Zone Labs Client"="C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe" [2003-11-18 09:08] "NvCplDaemon"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 15:55] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-08-06 21:35] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2004-08-19 15:09 15360 --a------ C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-05-11 23:12 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2007-09-07 15:55 267064 --a------ C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Online chin internet bolt] C:\Documents and Settings\All Users\Application Data\Bags Plus Online Chin\Soap 16.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe] 2006-01-07 02:36 81920 --a------ C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-07-12 03:00 132496 --a------ C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-11-27 20:43:46 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-08 20:00:21 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwClose scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-08 20:03:13 C:\ComboFix2.txt ... 2007-12-05 12:54 C:\ComboFix3.txt ... 2007-12-04 22:30 . --- E O F ---

emiliendiego · Answer

que dois je faire maintenant?

g!rly · Answer

salut,

repost un hijack this stp

@+

emiliendiego · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:11, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Emilien\LOCALS~1\Temp\Rar$EX01.109\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [DvdGrid] C:\DOCUME~1\Emilien\APPLIC~1\KNOBCI~1\body way mail.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1614895754-776561741-725345543-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'maxime')
O4 - HKUS\S-1-5-21-1614895754-776561741-725345543-1006\..\Run: [e0b9feae] rundll32.exe "C:\DOCUME~1\maxime\LOCALS~1\Temp\uoovmtbw.dll",b (User 'maxime')
O4 - HKUS\S-1-5-21-1614895754-776561741-725345543-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'maxime')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

g!rly · Answer

salut,

fais ceci :

Copie le texte ci-dessous :

File::
C:\DOCUME~1\Emilien\APPLIC~1\KNOBCI~1\body way mail.exe
C:\DOCUME~1\maxime\LOCALS~1\Temp\uoovmtbw.dll

Folder::
C:\Program Files\Adverts

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DvdGrid"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayide ntifiers\flash]
@=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

et 

nettoie tes fichiers temporaires avec ceci : atf cleaner, regarde le tuto...

http://www.infosecu.fr/atf.html

telecharge le ici :

http://serveur1.archive-host.com/membres/up/1366464061/ATF-Cleaner.rar

@+

emiliendiego · Answer

ComboFix 07-12-08.1 - Emilien 2007-12-14 20:57:30.5 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.285 [GMT 1:00] Running from: C:\Documents and Settings\Emilien\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Emilien\Bureau\CFScript.txt..txt * Created a new restore point FILE C:\DOCUME~1\Emilien\APPLIC~1\KNOBCI~1\body way mail.exe C:\DOCUME~1\maxime\LOCALS~1\Temp\uoovmtbw.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Adverts . ((((((((((((((((((((((((((((( Fichiers créés 2007-11-14 to 2007-12-14 )))))))))))))))))))))))))))))))))))) . 2007-12-14 20:09 . 2007-12-14 20:09 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-07 22:24 . 2007-12-07 22:24 d-------- C:\WINDOWS\ERUNT 2007-12-05 16:17 . 2007-12-05 16:24 1,005 --a------ C:\WINDOWS\Active Setup Log.BAK 2007-12-05 15:52 . 2007-12-05 15:52 d-------- C:\WINDOWS\system32\fr-fr 2007-12-05 15:31 . 2007-10-11 00:49 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-12-05 15:31 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-12-05 15:31 . 2007-03-08 06:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2007-12-05 15:31 . 2007-10-11 00:49 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-12-05 15:31 . 2007-10-11 00:49 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-12-05 15:31 . 2007-10-11 00:49 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-12-05 15:31 . 2007-10-11 00:49 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2007-12-05 15:31 . 2007-10-11 00:49 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-12-05 15:31 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-12-05 15:28 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll 2007-12-04 20:59 . 2007-12-05 12:59 d-------- C:\Program Files\Hijackthis Version Française 2007-12-04 20:29 . 2007-12-04 20:29 d-------- C:\Program Files\Lavasoft 2007-12-04 20:28 . 2007-12-04 20:28 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-04 19:06 . 2007-12-04 19:06 d-------- C:\Documents and Settings\myriam\Application Data\Grisoft 2007-12-04 19:05 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-12-04 17:05 . 2007-12-14 20:07 d-------- C:\Program Files\Spyware Doctor 2007-12-04 17:05 . 2007-12-04 17:05 d-------- C:\Documents and Settings\myriam\Application Data\PC Tools 2007-12-04 17:05 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-12-04 17:05 . 2007-12-14 14:10 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-12-04 17:05 . 2007-12-14 14:10 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-12-04 17:05 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-12-04 17:05 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-12-04 16:51 . 2007-12-13 11:23 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2007-12-03 21:15 . 2007-12-03 21:15 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2007-12-03 20:23 . 2007-12-03 20:46 d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2007-11-28 16:11 . 2007-11-28 16:11 d-------- C:\Documents and Settings\All Users\Application Data\Firefly Studios 2007-11-28 13:46 . 2007-11-28 13:46 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-11-28 13:45 . 2007-11-28 13:45 d-------- C:\Program Files\GameShadow 2007-11-28 13:44 . 2007-11-28 13:44 d-------- C:\WINDOWS\Downloaded Installations 2007-11-28 13:33 . 2007-11-28 13:33 d-------- C:\Program Files\Firefly Studios 2007-11-15 21:12 . 2007-11-15 21:15 d-------- C:\Program Files\CDRWIN 6 2007-11-15 21:11 . 2007-12-04 20:27 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-08 20:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2007-12-04 19:35 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2007-12-04 19:35 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-12-04 15:51 --------- d-----w C:\Program Files\Google 2007-12-03 20:08 --------- d-----w C:\Program Files\Windows Live 2007-12-03 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-12-01 20:43 --------- d-----w C:\Documents and Settings\Emilien\Application Data\Azureus 2007-11-28 12:33 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-09 10:55 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2007-11-09 10:55 --------- d-----w C:\Program Files\directx 2007-11-09 10:55 --------- d-----w C:\Documents and Settings\Emilien\Application Data\InterTrust 2007-11-09 10:51 --------- d-----w C:\Program Files\Enlight Software 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-26 14:01 --------- d-----w C:\Documents and Settings\maxime\Application Data\Apple Computer 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll 2007-10-16 18:55 --------- d-----w C:\Program Files\Azureus 2005-05-10 18:49 37,376 ----a-w C:\WINDOWS\inf\hpz3l3xu.dll 2005-05-10 18:49 1,055,232 ----a-w C:\WINDOWS\inf\hpz3r3xu.dll 2005-05-10 18:48 72,192 ----a-w C:\WINDOWS\inf\hpzpr3xu.dll 2005-05-10 18:48 67,072 ----a-w C:\WINDOWS\inf\hpzpp3xu.dll 2005-05-10 18:48 515,584 ----a-w C:\WINDOWS\inf\hpzev3xu.dll 2005-05-10 18:48 1,963,008 ----a-w C:\WINDOWS\inf\hpzui3xu.dll 2005-05-10 18:48 1,264,640 ----a-w C:\WINDOWS\inf\hpz3a3xu.dll 2005-05-10 18:20 557,056 ----a-w C:\WINDOWS\inf\hpzss3xu.dll 2005-05-10 17:22 2,954,752 ----a-w C:\WINDOWS\inf\hpzst3xu.dll 2005-04-27 18:37 77,824 ----a-w C:\WINDOWS\inf\hpzids01.dll 2005-03-22 13:31 1,323,008 ----a-w C:\WINDOWS\inf\hpbcfgre.dll 2005-03-08 11:52 21,744 ----a-w C:\WINDOWS\inf\HPZius12.sys 2005-03-08 11:52 16,800 ----a-w C:\WINDOWS\inf\hppaufd0.sys 2005-02-21 15:58 7,718,400 ----a-w C:\WINDOWS\inf\hpfig3xu.dll 2005-02-21 15:58 177,152 ----a-w C:\WINDOWS\inf\hpfie3xu.dll 2005-02-04 17:09 16,384 ----a-w C:\WINDOWS\inf\hpfrs3xu.dll 2004-09-30 08:49 274,432 ----a-w C:\WINDOWS\inf\HPZc3212.dll 2004-09-29 23:27 16,880 ----a-w C:\WINDOWS\inf\ctpdusb.sys 2004-09-29 11:38 18,336 ----a-w C:\WINDOWS\inf\hpzuci12.dll 2004-09-28 12:18 200,704 ----a-w C:\WINDOWS\inf\CTPdeSrv.exe 2004-09-28 12:09 28,672 ----a-w C:\WINDOWS\inf\PdeSrvps.dll 2004-09-28 12:09 233,472 ----a-w C:\WINDOWS\inf\CTPmsMan.dll 2004-09-15 14:27 385,109 ----a-w C:\WINDOWS\inf\ctjb2sp.dll 2004-08-15 23:02 28,672 ----a-w C:\WINDOWS\inf\Jb4Inst.dll 2004-08-04 10:24 620,544 ----a-w C:\WINDOWS\inf\UNIRES.DLL 2004-06-29 13:06 659,456 ----a-w C:\WINDOWS\inf\hpcdmc32.dll 2003-11-04 23:00 49,152 ----a-w C:\WINDOWS\inf\ctpde.dll 2003-10-17 03:52 754,560 ----a-w C:\WINDOWS\inf\cmuda.sys 2003-10-15 10:37 114,688 ----a-w C:\WINDOWS\inf\cmuda.dll 2003-10-15 08:26 1,454,080 ----a-w C:\WINDOWS\inf\SMWIZARD.EXE 2003-08-20 10:46 233,472 ----a-w C:\WINDOWS\inf\cmirmdrv.exe 2003-07-31 12:15 143,360 ----a-w C:\WINDOWS\inf\CTPmsWma.dll 2003-04-24 05:29 32,768 ----a-w C:\WINDOWS\inf\udaprop.dll 2003-02-18 10:26 28,672 ----a-w C:\WINDOWS\inf\cmirmdrv.dll 2002-11-19 11:17 65,536 ----a-w C:\WINDOWS\inf\carpdll.dll 2002-11-19 11:17 4,608 ----a-w C:\WINDOWS\inf\carpserv.exe 2002-11-19 11:17 22,400 ----a-w C:\WINDOWS\inf\strmdisp.sys 2002-11-19 11:13 166,144 ----a-w C:\WINDOWS\inf\HSFHWBS2.sys 2002-11-19 11:11 585,472 ----a-w C:\WINDOWS\inf\HSF_CNXT.sys 2002-11-19 11:09 1,067,008 ----a-w C:\WINDOWS\inf\HSF_DP.sys 2002-11-12 02:59 479,232 ----a-w C:\WINDOWS\inf\HXFSetup.exe 2002-11-07 06:56 11,011 ----a-w C:\WINDOWS\inf\mdmxsdk.sys 2002-11-07 05:47 69,632 ----a-w C:\WINDOWS\inf\mdmxsdk.dll 2002-10-29 09:33 27,786 ----a-w C:\WINDOWS\inf\HSFCI005.dll 2002-08-29 09:45 252,416 ----a-w C:\WINDOWS\inf\unidrv.dll 2002-08-29 09:45 199,168 ----a-w C:\WINDOWS\inf\unidrvui.dll 2002-07-10 15:39 32,256 ----a-w C:\WINDOWS\inf\sisnic.sys 2002-04-29 07:04 917,504 ----a-w C:\WINDOWS\inf\CMIDS3D.DLL 2002-02-18 23:00 32,768 ----a-w C:\WINDOWS\inf\PdePgHlp.dll 2001-12-31 16:04 5,099,520 ----a-w C:\WINDOWS\inf voglnt.dll 2001-12-31 16:04 46,080 ----a-w C:\WINDOWS\inf vmctray.dll 2001-12-31 16:04 4,130,560 ----a-w C:\WINDOWS\inf v4_disp.dll 2001-12-31 16:04 38,400 ----a-w C:\WINDOWS\inf vwddi.dll 2001-12-31 16:04 32,256 ----a-w C:\WINDOWS\inf vcodins.dll 2001-12-31 16:04 32,256 ----a-w C:\WINDOWS\inf vcod.dll 2001-12-31 16:04 3,756,032 ----a-w C:\WINDOWS\inf vcpl.dll 2001-12-31 16:04 241,664 ----a-w C:\WINDOWS\inf vnt4cpl.dll 2001-12-31 16:04 2,167,552 ----a-w C:\WINDOWS\inf v4_mini.sys 2001-12-31 16:04 114,755 ----a-w C:\WINDOWS\inf vsvc32.exe 2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL 2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\Audio3D.dll 2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\a3d.dll 2001-08-23 03:00 4,608 ----a-w C:\WINDOWS\inf\mspqm.sys 2001-08-07 02:53 37,376 ----a-w C:\WINDOWS\inf\uninst.exe . ((((((((((((((((((((((((((((( snapshot_2007-12-08_20.01.07,77 ))))))))))))))))))))))))))))))))))))))))) . + 2007-07-06 09:52:38 72,960 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqac.sys + 2007-07-06 13:09:51 138,240 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqad.dll + 2007-07-06 13:09:51 47,104 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqdscli.dll + 2007-07-06 13:09:51 16,896 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqise.dll + 2007-07-06 13:09:51 660,992 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqqm.dll + 2007-07-06 13:09:51 177,152 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqrt.dll + 2007-07-06 13:09:51 95,744 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqsec.dll + 2007-07-06 13:09:51 48,640 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqupgrd.dll + 2007-07-06 13:09:51 527,360 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqutil.dll + 2005-10-12 23:15:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB937894\spmsg.dll + 2005-10-12 23:15:26 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB937894\spuninst.exe + 2005-10-12 23:15:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\spcustom.dll + 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\update.exe + 2005-10-12 23:15:45 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\updspapi.dll + 2007-10-29 22:36:31 1,293,824 ----a-w C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll + 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spmsg.dll + 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spuninst.exe + 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\spcustom.dll + 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe + 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\updspapi.dll + 2007-10-10 23:22:14 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\advpack.dll + 2007-10-10 23:22:14 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\dxtrans.dll + 2007-10-10 23:22:14 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\extmgr.dll + 2007-10-10 23:22:14 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\icardie.dll + 2007-10-10 08:16:47 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ie4uinit.exe + 2007-10-10 23:22:14 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieakeng.dll + 2007-10-10 23:22:14 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieaksie.dll + 2007-10-10 05:47:20 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieakui.dll + 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieapfltr.dat + 2007-10-10 23:22:14 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieapfltr.dll + 2007-10-10 23:22:15 388,096 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iedkcs32.dll + 2007-10-10 23:22:16 6,067,200 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieframe.dll + 2007-10-10 23:22:16 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iernonce.dll + 2007-10-10 23:22:16 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iertutil.dll + 2007-10-10 08:16:47 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieudinit.exe + 2007-10-10 08:16:56 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe + 2007-10-10 23:22:16 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\jsproxy.dll + 2007-10-10 23:22:16 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msfeeds.dll + 2007-10-10 23:22:16 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msfeedsbs.dll + 2007-10-30 23:40:57 3,593,216 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll + 2007-10-10 23:22:18 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mshtmled.dll + 2007-10-10 23:22:18 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msrating.dll + 2007-10-10 23:22:18 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mstime.dll + 2007-10-10 23:22:18 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\occache.dll + 2007-10-10 23:22:18 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\url.dll + 2007-10-10 23:22:19 1,162,240 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\urlmon.dll + 2007-10-10 23:22:19 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\webcheck.dll + 2007-10-10 23:22:19 825,344 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll + 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\spmsg.dll + 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\spuninst.exe + 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\spcustom.dll + 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe + 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\updspapi.dll + 2007-11-13 11:02:46 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE zchange.exe + 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll + 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe + 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll + 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe + 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll + 2007-11-13 08:47:45 20,480 ----a-w C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys + 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll + 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe + 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll + 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe + 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll + 2007-08-20 09:59:29 124,928 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll + 2007-08-20 09:59:29 214,528 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll + 2007-08-20 09:59:29 132,608 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll + 2007-08-20 09:59:29 63,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll + 2007-08-17 10:22:11 63,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe + 2007-08-20 09:59:29 153,088 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll + 2007-08-20 09:59:29 230,400 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll + 2007-08-17 07:34:25 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll + 2007-08-20 09:59:29 383,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll + 2007-08-20 09:59:29 384,512 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll + 2007-08-20 09:59:29 6,058,496 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll + 2007-08-20 09:59:29 44,544 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll + 2007-08-20 09:59:30 267,776 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll + 2007-08-17 10:20:54 13,824 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe + 2007-08-17 10:22:32 625,152 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe + 2007-08-20 09:59:30 27,648 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll + 2007-08-20 09:59:30 459,264 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll + 2007-08-20 09:59:30 52,224 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll + 2007-08-20 14:29:32 3,584,512 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll + 2007-08-20 09:59:30 477,696 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll + 2007-08-20 09:59:30 193,024 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll + 2007-08-20 09:59:30 671,232 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll + 2007-08-20 09:59:31 102,400 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll + 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe + 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll + 2007-08-20 09:59:31 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll + 2007-08-20 09:59:31 1,152,000 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll + 2007-08-20 09:59:31 232,960 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll + 2007-08-20 09:59:31 824,832 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll - 2007-11-14 19:28:35 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2007-12-13 09:35:48 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe - 2007-11-14 19:28:35 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2007-12-13 09:35:48 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2007-11-14 19:28:36 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe + 2007-12-13 09:35:48 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe - 2007-11-14 19:28:34 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe + 2007-12-13 09:35:47 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe - 2007-11-14 19:28:36 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2007-12-13 09:35:48 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2007-11-14 19:28:36 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2007-12-13 09:35:49 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2007-11-14 19:28:36 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2007-12-13 09:35:49 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2007-11-14 19:28:37 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2007-12-13 09:35:49 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2007-11-14 19:28:35 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2007-12-13 09:35:48 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2007-11-14 19:28:35 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2007-12-13 09:35:47 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe - 2007-11-14 19:28:37 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2007-12-13 09:35:49 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2007-11-14 19:28:34 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2007-12-13 09:35:47 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2007-11-14 19:28:34 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2007-12-13 09:35:46 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2007-08-20 09:59:29 124,928 ----a-w C:\WINDOWS\system32\advpack.dll + 2007-10-10 23:49:42 124,928 ----a-w C:\WINDOWS\system32\advpack.dll - 2007-08-20 09:59:29 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll + 2007-10-10 23:49:42 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll - 2007-08-20 09:59:29 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2007-10-10 23:49:42 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll - 2007-08-20 09:59:29 132,608 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll + 2007-10-10 23:49:42 132,608 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll - 2007-08-17 10:22:11 63,488 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe + 2007-10-10 11:00:41 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe - 2007-08-20 09:59:29 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll + 2007-10-10 23:49:42 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll - 2007-08-20 09:59:29 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll + 2007-10-10 23:49:42 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll - 2007-08-17 07:34:25 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll + 2007-10-10 05:46:55 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll - 2007-08-20 09:59:29 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll + 2007-10-10 23:49:42 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll - 2007-08-20 09:59:29 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll + 2007-10-10 23:49:43 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll - 2007-08-17 10:22:32 625,152 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe + 2007-10-10 11:00:59 625,152 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe - 2007-08-20 09:59:30 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2007-10-10 23:49:44 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2007-07-06 10:05:47 72,960 -c----w C:\WINDOWS\system32\dllcache\mqac.sys + 2007-07-06 12:50:47 138,240 -c----w C:\WINDOWS\system32\dllcache\mqad.dll + 2007-07-06 12:50:47 47,104 -c----w C:\WINDOWS\system32\dllcache\mqdscli.dll + 2007-07-06 12:50:47 16,896 -c----w C:\WINDOWS\system32\dllcache\mqise.dll + 2007-07-06 12:50:47 660,992 -c----w C:\WINDOWS\system32\dllcache\mqqm.dll + 2007-07-06 12:50:47 177,152 -c----w C:\WINDOWS\system32\dllcache\mqrt.dll + 2007-07-06 12:50:47 95,744 -c----w C:\WINDOWS\system32\dllcache\mqsec.dll + 2007-07-06 12:50:47 48,640 -c----w C:\WINDOWS\system32\dllcache\mqupgrd.dll + 2007-07-06 12:50:47 527,360 -c----w C:\WINDOWS\system32\dllcache\mqutil.dll - 2007-08-20 14:29:32 3,584,512 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll + 2007-10-30 23:23:48 3,590,656 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll - 2007-08-20 09:59:30 477,696 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll + 2007-10-10 23:49:44 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll - 2007-08-20 09:59:30 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll + 2007-10-10 23:49:44 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll - 2007-08-20 09:59:30 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll + 2007-10-10 23:49:45 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll - 2007-08-20 09:59:31 102,400 -c----w C:\WINDOWS\system32\dllcache\occache.dll + 2007-10-10 23:49:45 102,400 -c----w C:\WINDOWS\system32\dllcache\occache.dll + 2007-10-29 22:43:32 1,293,824 -c----w C:\WINDOWS\system32\dllcache\quartz.dll - 2007-08-20 09:59:31 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll + 2007-10-10 23:49:45 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll - 2007-08-20 09:59:31 1,152,000 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll + 2007-10-10 23:49:45 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll - 2007-08-20 09:59:31 232,960 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll + 2007-10-10 23:49:45 232,960 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll - 2007-08-20 09:59:31 824,832 -c----w C:\WINDOWS\system32\dllcache\wininet.dll + 2007-10-10 23:49:45 824,832 -c----w C:\WINDOWS\system32\dllcache\wininet.dll - 2006-10-18 19:47:18 222,208 -c--a-w C:\WINDOWS\system32\dllcache\WMASF.dll + 2007-10-25 08:28:30 222,720 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll - 2004-08-03 20:58:22 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys + 2007-07-06 10:05:47 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys - 2007-08-20 09:59:29 214,528 ------w C:\WINDOWS\system32\dxtrans.dll + 2007-10-10 23:49:42 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll - 2007-08-20 09:59:29 132,608 ------w C:\WINDOWS\system32\extmgr.dll + 2007-10-10 23:49:42 132,608 ------w C:\WINDOWS\system32\extmgr.dll - 2007-08-20 09:59:29 63,488 ----a-w C:\WINDOWS\system32\icardie.dll + 2007-10-10 23:49:42 63,488 ----a-w C:\WINDOWS\system32\icardie.dll - 2007-08-17 10:22:11 63,488 ------w C:\WINDOWS\system32\ie4uinit.exe + 2007-10-10 11:00:41 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe - 2007-08-20 09:59:29 153,088 ------w C:\WINDOWS\system32\ieakeng.dll + 2007-10-10 23:49:42 153,088 ------w C:\WINDOWS\system32\ieakeng.dll - 2007-08-20 09:59:29 230,400 ------w C:\WINDOWS\system32\ieaksie.dll + 2007-10-10 23:49:42 230,400 ------w C:\WINDOWS\system32\ieaksie.dll - 2007-08-17 07:34:25 161,792 ------w C:\WINDOWS\system32\ieakui.dll + 2007-10-10 05:46:55 161,792 ------w C:\WINDOWS\system32\ieakui.dll - 2007-08-20 09:59:29 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll + 2007-10-10 23:49:42 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll - 2007-08-20 09:59:29 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll + 2007-10-10 23:49:42 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll - 2007-08-20 09:59:29 6,058,496 ----a-w C:\WINDOWS\system32\ieframe.dll + 2007-10-10 23:49:43 6,065,664 ----a-w C:\WINDOWS\system32\ieframe.dll - 2007-08-20 09:59:29 44,544 ------w C:\WINDOWS\system32\iernonce.dll + 2007-10-10 23:49:43 44,544 ------w C:\WINDOWS\system32\iernonce.dll - 2007-08-20 09:59:30 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll + 2007-10-10 23:49:43 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll - 2007-08-17 10:20:54 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe + 2007-10-10 10:59:40 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe - 2007-08-20 09:59:30 27,648 ------w C:\WINDOWS\system32\jsproxy.dll + 2007-10-10 23:49:44 27,648 ------w C:\WINDOWS\system32\jsproxy.dll - 2004-08-19 14:09:32 138,240 ----a-w C:\WINDOWS\system32\mqad.dll + 2007-07-06 12:50:47 138,240 ----a-w C:\WINDOWS\system32\mqad.dll - 2004-08-19 14:09:32 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll + 2007-07-06 12:50:47 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll - 2004-08-19 14:09:32 16,896 ----a-w C:\WINDOWS\system32\mqise.dll + 2007-07-06 12:50:47 16,896 ----a-w C:\WINDOWS\system32\mqise.dll - 2004-08-19 14:09:32 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll + 2007-07-06 12:50:47 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll - 2004-08-19 14:09:32 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll + 2007-07-06 12:50:47 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll - 2004-08-19 14:09:32 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll + 2007-07-06 12:50:47 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll - 2004-08-19 14:09:34 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll + 2007-07-06 12:50:47 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll - 2004-08-19 14:09:34 527,360 ----a-w C:\WINDOWS\system32\mqutil.dll + 2007-07-06 12:50:47 527,360 ----a-w C:\WINDOWS\system32\mqutil.dll - 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe + 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe - 2007-08-20 09:59:30 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll + 2007-10-10 23:49:44 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll - 2007-08-20 09:59:30 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll + 2007-10-10 23:49:44 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll - 2007-08-20 14:29:32 3,584,512 ----a-w C:\WINDOWS\system32\mshtml.dll + 2007-10-30 23:23:48 3,590,656 ----a-w C:\WINDOWS\system32\mshtml.dll - 2007-08-20 09:59:30 477,696 ------w C:\WINDOWS\system32\mshtmled.dll + 2007-10-10 23:49:44 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll - 2007-08-20 09:59:30 193,024 ------w C:\WINDOWS\system32\msrating.dll + 2007-10-10 23:49:44 193,024 ------w C:\WINDOWS\system32\msrating.dll - 2007-08-20 09:59:30 671,232 ------w C:\WINDOWS\system32\mstime.dll + 2007-10-10 23:49:45 671,232 ------w C:\WINDOWS\system32\mstime.dll - 2007-08-20 09:59:31 102,400 ------w C:\WINDOWS\system32\occache.dll + 2007-10-10 23:49:45 102,400 ------w C:\WINDOWS\system32\occache.dll - 2007-07-18 12:42:22 60,416 ------w C:\WINDOWS\system32 zchange.exe + 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32 zchange.exe - 2007-08-20 09:59:31 105,984 ----a-w C:\WINDOWS\system32\url.dll + 2007-10-10 23:49:45 105,984 ----a-w C:\WINDOWS\system32\url.dll - 2007-08-20 09:59:31 1,152,000 ----a-w C:\WINDOWS\system32\urlmon.dll + 2007-10-10 23:49:45 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll - 2007-08-20 09:59:31 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll + 2007-10-10 23:49:45 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll - 2007-08-20 09:59:31 824,832 ----a-w C:\WINDOWS\system32\wininet.dll + 2007-10-10 23:49:45 824,832 ----a-w C:\WINDOWS\system32\wininet.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\flash] @={AFCE5F03-76B3-92AE-630C-0ED5D3256EE8} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Offline Files] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29] "DvdGrid"="C:\DOCUME~1\Emilien\APPLIC~1\KNOBCI~1\body way mail.exe" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18] "VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49] "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29] "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05] "Zone Labs Client"="C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe" [2003-11-18 09:08] "NvCplDaemon"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32 undll32.exe] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 15:55] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2007-08-06 21:35] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2004-08-19 15:09 15360 --a------ C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-05-11 23:12 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2007-09-07 15:55 267064 --a------ C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg wiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Online chin internet bolt] C:\Documents and Settings\All Users\Application Data\Bags Plus Online Chin\Soap 16.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe] 2006-01-07 02:36 81920 --a------ C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-07-12 03:00 132496 --a------ C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe -osboot . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-11-27 20:43:46 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-14 21:04:13 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwClose scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-14 21:07:20 C:\ComboFix2.txt ... 2007-12-08 20:03 C:\ComboFix3.txt ... 2007-12-05 12:54 . --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:09:14, on 14/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32 vsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Emilien\Bureau\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-21-1614895754-776561741-725345543-1005\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'myriam') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32 vsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

g!rly · Answer

salut,

comment ca va maintenant ? 

fais ca encore

appuie simultanement sur la touche windows a droit de la barre d´espace (drapeau windows) et sur "e" ->une fois dans le post de travail click sur le disk c > program files >java ouvre le fichier java et click sur le fichier jre1.6.0_02 pour l´ouvrir puis ouvre le fichier bin et dedans tu recherche ceci : jucheck.exe tu double click dessus et effectue la mise a jour de java> tu veux la version 1.6.0_03
une fois la mise a jour effectuée tu va dans ajoute/suppression de program et tu supprime toutes les autres update de java, il ne doit te rester que celle que tu viens de faire : 1.6.0_03 

ta version de acrobat reader n´est pas a jour non +, tu veux la version 8.1 derniere en date alors desinstale ta version par le panneau de configuration / ajoue et suppression de programme

et instale la derniere :

https://get2.adobe.com/reader/otherversions/

ou foxit plus léger :

https://www.clubic.com/telecharger-fiche13808-foxit-reader.html

fix ceci avec hijack this :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

deux antispywares residents  pour completer le tea timer de spybot :

spyware gard :

https://www.zebulon.fr/dossiers/securite/47-spywareguard.html

et

spywareblaster :

http://www.brightfort.com/spywareblaster.html

c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"

tuto : http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/question-spywareblaser-sujet_174747_1.htm

dis moi quoi @+

emiliendiego · Answer

ok j'ai tout telecharger et installer tout ce que tu m'as conseiller! J'espere que je n'aurai plus de probleme :p merci bcp bcp pour ton aide!

g!rly · Answer

salut 

comment va ton pc maintenant?

@+

emiliendiego · Answer

sava sauf que j'ai constamment des pages de internet explorer qui s'ouvre avec des pub d'anti-spyware ( ex : nettoyeur de pc ) je n'arrive pas le supprimer et sa revient assez souvent!

sais tu me dire ce que je dois faire ?

g!rly · Answer

salut


je suis desole pour le delay je suis en vacances et il m est difficil de me connecter 


fais ceci :

Fais un clic droit sur ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

a+

Trojan.virtumonde

56 réponses

Newsletters