Help pour supprimer un .dll

Question

Bonjour,
                       
                      j'ai un trojan qui n'arrete pas d'enlever mes icone et ma barre d'outil, il ne me reste que la fenetre de l'explorer. Quand je suis sur l'internet un peu de temps . j'ai fait une vérification et j'ai localisé la bête : cbxwwur.dll mais le problème c'est qu'on ne peu le supprimer car il y a des programmes internet explorer qui sont ouvert et il faut que je les ferme. je suis allé sur mode sans échec Idem ne peut le supprimer donc comment je pourrais m'y prendre? 

                    Merci Alavie

tribun · Answer

bonjour
redémarre ton pc, et F8 !
lance une analyse Spybot, dans le mode sans échec !
et vois s'il est détecté !

ALavie · Answer

justement c'est ce que je fais tu as lu dans mes pensées, je suis sur l'ordi de mon fils pas celui qui est infecté




         merci de ta réponse ^^

ALavie · Answer

Bon je te donne un suivit ce n'et pa fini,

     il a trouvé :  Smitfraud-c.   2 éléments        -répectoire    C:\program files\InetGet2\

                                                                          -fichier           C:\WINDOWS\b128.exe


Quand ça sera fini je retournerais sur mon ordi pour t'envoyé les 2 rapports Hijackthis et Combofix.exe.

             présentement c'est la seule fenetre de spybot qui est ouvert et tout a disparu encore sur le bureau le raccourcie et ma barre d'outil o_O

ALavie · Answer

Ok merci je vais essayé de nettoyé le regcleaner

ALavie · Answer

Me revoilà oui il l'a supprimé, maintenant je passe au Regcleaner

ALavie · Answer

Voici mes 2 rapports :




            Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:37:35, on 2007-12-19
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Norton AntiVirus
avapsvc.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Trend Micro\HijackThis\eden.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1	oolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {788375FC-4CBA-4C5F-AB7A-13D64D71F03E} - C:\WINDOWS\System32\pmnnk.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {91F71D75-A73B-4E3B-8A14-F03557B82B29} (Cax3DPlugin Object) - http://www.graalonline.com/downloads/plugin/graalplugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/flashax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5BCBE84-5D8E-41EC-B424-65753B5DBE48}: NameServer = 206.47.244.14 206.47.244.106
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
avapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

ALavie · Answer

QQ 'un peux m'aider SVP ! Merci

ALavie · Answer

Toujour personne ;-( svp ^^

tribun · Answer

tu as le 02-BHO ( no name)  et 020- Winblogon  Notify, mais je ne suis pas certains , ni un pro de Hijackthis,
je laisse pour les spécialistes 
et je ne peut te dire plus 

sauf qu'il y a une 'infection possible par vundo!
ici un lien 


http://www.malekal.com/Trojan.vundo.php

ALavie · Answer

merci déja fait ce n'est pas ça @ bientôt

ALavie · Answer

ok merci je suis très patient comme tu vois je ne peux allé me coucher temps que je ne réussi pas @ tout nettoyé ^^

Le sioux · Answer

Bonjour  Alavie

Sur demande de Tribun, que je salue, je viens prendre la relève :

Navilog1 a vu cela 

C:\WINDOWS\system32\knnmp.ini2 trouvé ! infection Vundo possible non traitée par cet outil !

et tu parles de  pmnnk.dll  -->  Adware Vundo .

1) Télécharge

*  VundoFix.exe par Atribune  http://www.atribune.org/content/view/24/2/ sur ton Bureau.
N'y touche pas pour le moment.

*   Combofix.exe de sUBs sur ton Bureau

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
N'y touche pas pour le moment.

1) VundoFix.exe par Atribune

    * Double-clique sur VundoFix.exe sur ton Bureau afin de le lancer
    * Clique sur le bouton Scan for Vundo
    * Lorsque le scan est terminé, clique sur le bouton Remove Vundo
    * Une invite te demandera si tu veux supprimer les fichiers, clique YES
    * Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
    * Tu verras une invite qui t'annonce que ton PC va redémarrer; clique sur  OK

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

  2) Combofix.exe de sUBs 

Télécharge  Combofix.exe de sUBs sur ton Bureau,

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Déconnecte toi du net et désactive ton antivirus  pour que Combofix puisse s'exécuter normalement

Double clique sur Combofix.exe
Mets le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan
Lorsque le scan sera terminé, un rapport apparaîtra.

Poste le en réponse.

--> J attends donc 3 rapports

*Celui de VundoFix  situé dans C:\vundofix.txt
 
*Celui de ComboFix situé C:\Combofix.txt+

*Ainsi qu'un nouveau rapport HijackThis apres avoir passé ces 2 outils

@ suivre

ALavie · Answer

ok je vais essayé ça merci beaucoup , je te reviens .

Le sioux · Answer

ALavie,

Je ne serais la qu'en soirée.

Donc bon courage pour ce début  et a plus.

ALavie · Answer

Voici mes rapports comme tu me l'as demandé et j'avais bien le bon programme de Vundo, bon à ce que je vois des rapports tout est beau mais j'aime mieux la confirmation d'un spécialiste ^^ 


VundoFix V6.6.2

Checking Java version...

Scan started at 01:01:14 2007-11-24

Listing files found while scanning....

No infected files were found.


VundoFix V6.6.2

Checking Java version...

Scan started at 13:08:45 2007-12-18

Listing files found while scanning....

No infected files were found.


VundoFix V6.6.2

Checking Java version...

Scan started at 06:00:18 2007-12-19

Listing files found while scanning....

No infected files were found.


Beginning removal...


Search Navipromo version 3.3.6 commencé le 2007-12-19 à  6:27:06,01

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1
Mise à jour le 14.11.2007 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2600.0000 


*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\Marco\Application Data ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun fichier trouvé dans :

- C:\WINDOWS\system32
- C:\DOCUME~1\MARCO\LOCALS~1\APPLIC~1



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans C:\DOCUME~1\MARCO\LOCALS~1\APPLIC~1 *



*** Recherche fichiers *** 




*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:
C:\WINDOWS\system32\knnmp.ini2 trouvé ! infection Vundo possible non traitée par cet outil !

2)Recherche Heuristique :



3)Recherche Certificats :

Certificat Egroup absent !


*** Analyse terminée le 2007-12-19 à  6:27:40,48 ***


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:30:35, on 2007-12-19
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Norton AntiVirus
avapsvc.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Trend Micro\HijackThis\eden.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1	oolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {91F71D75-A73B-4E3B-8A14-F03557B82B29} (Cax3DPlugin Object) - http://www.graalonline.com/downloads/plugin/graalplugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/flashax.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
avapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

Le sioux · Answer

Re

Je n ai pas demandé de faire Navilog1 (regarde message 15 ... )   mais ceci :

Télécharge  Combofix.exe de sUBs sur ton Bureau,

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Déconnecte toi du net et désactive ton antivirus  pour que Combofix puisse s'exécuter normalement

Double clique sur Combofix.exe
Mets le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan
Lorsque le scan sera terminé, un rapport apparaîtra.

Poste le en réponse.

Note : Le rapport se trouve également là : C:\Combofix.txt+

@ suivre

ALavie · Answer

AHH dsl  c'est la même marche à suivre ok j'installe toute suite le combofix je suis un peu fatigué je reviens

Le sioux · Answer

Re

Pas de probleme, je suis k.o aussi  ...  lol

Je te dis a ce soir pour la suite.

ALavie · Answer

Voici le bon rapport
ComboFix 07-12-19.2 - Marco 2007-12-19 6:43:35.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.33.1036.18.1584 [GMT -5:00]
Running from: C:\Documents and Settings\Marco\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Marco\Application Data\ASEMBL~1
C:\Documents and Settings\Marco\Application Data\PPATCH~1
C:\Documents and Settings\Marco\Application Data\PPATCH~1\??pPatch\
C:\Program Files\Microsoft Security Adviser
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\abW9
C:\Temp\abW9\tPho.log
C:\WINDOWS\b111.exe
C:\WINDOWS\b149.exe
C:\WINDOWS\system32\8_exception.nls
C:\WINDOWS\system32\knnmp.ini
C:\WINDOWS\system32\knnmp.ini2
C:\WINDOWS\system32\olwvoqpi.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\rMa01yy
C:\WINDOWS\system32\wqmmaxfi.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_RUNTIME
-------\LEGACY_RUNTIME2

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-19 to 2007-12-19 ))))))))))))))))))))))))))))))))))))
.

2007-12-19 01:27 . 2007-12-19 01:37 <REP> d-------- C:\Program Files\RegCleaner
2007-12-18 20:05 . 2007-12-18 20:09 585,588,736 --a------ C:\11E.tmp
2007-12-18 16:55 . 2007-12-18 19:04 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-18 16:55 . 2007-12-18 16:55 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-18 16:55 . 2007-12-18 16:55 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-18 16:55 . 2007-12-18 16:55 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-17 17:27 . 2001-08-17 20:12 19,017 --a------ C:\WINDOWS\system32\drivers\RTL8029.sys
2007-12-17 17:27 . 2001-08-17 20:12 19,017 --a--c--- C:\WINDOWS\system32\dllcache\rtl8029.sys
2007-12-17 04:17 . 2007-12-17 04:17 15,086 --a------ C:\WINDOWS\system32\FreePokerBonus.ico
2007-12-17 04:01 . 2007-12-17 04:01 <REP> d-------- C:\WINDOWS\system32\ineWc01
2007-12-17 04:01 . 2007-12-17 04:01 <REP> d-------- C:\Temp\tpBe12
2007-12-13 13:54 . 2007-12-13 13:54 <REP> d-------- C:\Program Files\Google
2007-12-11 11:18 . 2007-12-11 11:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MGS
2007-12-11 11:15 . 2007-12-11 11:15 <REP> d-------- C:\MicroGaming
2007-12-10 22:33 . 2007-12-10 22:35 <REP> d-------- C:\7b1b7596664f5b682422048b
2007-12-10 21:38 . 2007-12-10 21:39 <REP> d-------- C:\939f61955ac78bc4892ee29c
2007-12-10 15:14 . 2007-12-10 15:14 <REP> d-------- C:\Documents and Settings\Marco\Application Data\The Labyrinth Plus! Edition
2007-12-10 15:08 . 2007-12-10 15:11 <REP> d-------- C:\Program Files\Microsoft Plus!
2007-12-08 19:10 . 2001-08-23 17:47 50,688 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-12-08 19:10 . 2001-08-23 17:47 50,688 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-12-08 19:05 . 2007-12-08 19:05 <REP> d-------- C:\Program Files\Logitech
2007-12-08 19:05 . 2007-12-08 19:05 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2007-12-08 18:21 . 2001-08-17 22:01 56,448 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-12-08 18:21 . 2001-08-17 22:01 56,448 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-12-08 18:15 . 2001-08-17 22:03 24,960 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-12-08 18:15 . 2001-08-17 22:03 24,960 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-12-08 13:47 . 2007-12-08 13:47 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-12-08 13:47 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-12-08 13:47 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-12-08 13:47 . 2007-12-08 13:47 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2007-12-08 13:47 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-12-08 13:47 . 2007-12-08 13:47 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-12-08 13:47 . 2007-12-08 13:47 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-12-08 13:47 . 2007-12-08 13:47 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-08 13:47 . 2007-12-08 13:47 22,328 --a------ C:\Documents and Settings\Marco\Application Data\PnkBstrK.sys
2007-12-08 13:46 . 2002-12-12 00:14 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-12-08 13:46 . 2002-12-12 00:14 4,096 --a--c--- C:\WINDOWS\system32\dllcache\ksuser.dll
2007-12-08 13:25 . 2007-12-08 13:25 <REP> d-------- C:\Program Files\Electronic Arts
2007-12-08 12:51 . 2007-12-08 13:21 <REP> d-------- C:\Documents and Settings\Marco\Application Data\Bioshock
2007-12-08 12:31 . 2007-12-08 12:31 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-12-08 12:16 . 2007-11-12 06:51 158,066 --a------ C:\WINDOWS\system32\nvapps.nvb
2007-12-08 12:04 . 2003-05-30 09:00 1,962,496 --a--c--- C:\WINDOWS\system32\dllcache\quartz.dll
2007-12-08 11:54 . 2007-12-08 11:54 <REP> d-------- C:\Program Files\2K Games
2007-12-08 11:54 . 2007-12-08 11:54 <REP> d-------- C:\Documents and Settings\Marco\Application Data\InstallShield
2007-12-07 21:02 . 2007-12-07 21:02 <REP> d-a------ C:\WINDOWS\system32\QuickTime
2007-12-07 21:02 . 2007-12-07 21:02 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\QuickTime
2007-12-07 21:02 . 2004-04-08 13:12 747,008 --a------ C:\WINDOWS\system32\Indeo4.qtx
2007-12-07 21:02 . 2004-04-29 20:22 360,504 --a------ C:\WINDOWS\system32\QTPlugin.ocx
2007-12-07 21:02 . 2004-04-08 13:12 323,072 --a------ C:\WINDOWS\system32\QuickTime.cpl
2007-12-07 21:02 . 2004-01-12 16:57 86,016 --a------ C:\WINDOWS\system32\QuickTime.ax
2007-12-07 21:02 . 2004-04-08 13:12 70,144 --a------ C:\WINDOWS\system32\QuickTimeCheck.ocx
2007-12-06 20:51 . 2007-12-06 20:51 <REP> d-------- C:\Program Files\Macrogaming
2007-12-06 11:46 . 2007-12-06 11:46 3,120 --a------ C:\WINDOWS\MF_C425.lfa
2007-12-06 11:46 . 2007-12-06 11:46 3,120 --a------ C:\WINDOWS\MF_C421.lfa
2007-12-06 11:46 . 2007-12-06 11:46 3,120 --a------ C:\WINDOWS\MF_C420.lfa
2007-12-06 11:45 . 2007-12-06 12:37 <REP> d-------- C:\Program Files\IncrediMail
2007-12-06 11:37 . 2007-12-06 11:42 <REP> d-------- C:\clins
2007-12-05 08:03 . 2007-12-10 22:37 <REP> d-------- C:\WINDOWS\EHome
2007-12-05 08:02 . 2007-12-05 08:02 <REP> d-------- C:\f219700cc0b009e9dd272a
2007-12-05 07:28 . 2007-12-05 07:28 <REP> d-------- C:\WINDOWS\Adobe Illustrator CS
2007-12-05 02:09 . 2007-12-05 02:09 <REP> d-------- C:\WINDOWS\system32\Linux
2007-12-05 02:09 . 2007-12-18 01:59 <REP> d-------- C:\Program Files\Graal
2007-12-05 02:09 . 2007-12-18 01:58 <REP> d--hs---- C:\Documents and Settings\Marco\Application Data\.#
2007-12-04 17:42 . 2005-04-11 11:53 28,672 --a------ C:\WINDOWS\system32\mcoinstall.exe
2007-12-04 17:42 . 2005-04-05 16:28 22,016 --a------ C:\WINDOWS\system32\MSWINSCK.oca
2007-12-04 17:42 . 1998-06-18 00:00 2,465 --a------ C:\WINDOWS\system32\MSWINSCK.DEP
2007-12-04 11:09 . 2007-12-04 11:22 <REP> d-------- C:\Program Files\PartyGaming
2007-12-02 17:49 . 2007-12-02 17:49 59 --a------ C:\WINDOWS\pp.enc
2007-12-02 17:35 . 2007-12-02 17:35 <REP> d-------- C:\WINDOWS\system32\FlashAX
2007-12-02 17:35 . 2007-12-02 17:35 <REP> d-------- C:\Documents and Settings\Marco\Application Data\Microgaming
2007-12-02 12:08 . 2007-12-02 12:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-12-02 12:07 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-12-02 12:07 . 2007-12-02 12:07 385 --a------ C:\WINDOWS\ODBC.INI
2007-12-02 12:06 . 2007-12-02 12:06 <REP> d-------- C:\WINDOWS\SHELLNEW
2007-12-02 12:05 . 2007-12-02 12:05 <REP> d-------- C:\Program Files\Microsoft.NET
2007-12-02 12:03 . 2007-12-02 12:03 <REP> dr-h----- C:\MSOCache
2007-12-01 15:51 . 2007-12-16 07:26 <REP> d-------- C:\Program Files\PokerStars
2007-11-30 16:46 . 2007-11-30 16:49 <REP> d-------- C:\Documents and Settings\Marco\Contacts
2007-11-30 16:45 . 2007-11-30 16:45 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-11-30 16:36 . 2007-11-30 16:45 <REP> d-------- C:\Program Files\MSN Messenger
2007-11-30 16:22 . 2007-11-30 16:26 <REP> d-------- C:\Documents and Settings\Marco\Application Data\MSN6
2007-11-30 16:22 . 2007-11-30 16:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2007-11-27 10:16 . 2007-11-28 04:46 <REP> d-------- C:\Program Files\Eurobarre
2007-11-27 10:16 . 2007-11-27 10:16 119,568 --a------ C:\WINDOWS\system32\vb6fr.dll
2007-11-27 10:16 . 2007-11-27 10:16 108,336 --------- C:\WINDOWS\system32\mswinsck.ocx
2007-11-27 10:16 . 2007-11-27 10:16 15,872 --------- C:\WINDOWS\system32\winskfr.dll
2007-11-26 18:46 . 2007-12-18 13:38 <REP> d-------- C:\Program Files\Panda Security
2007-11-24 09:57 . 2007-12-18 04:32 14 --a------ C:\Documents and Settings\Marco\getfile.dat
2007-11-24 08:09 . 2007-11-24 08:09 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-11-24 04:59 . 2007-11-24 04:59 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com
2007-11-24 04:52 . 2007-12-18 23:18 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-24 04:52 . 2007-11-24 04:52 <REP> d-------- C:\Documents and Settings\Marco\Application Data\SUPERAntiSpyware.com
2007-11-24 04:52 . 2007-11-24 04:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-24 02:10 . 2007-11-24 02:10 <REP> d-------- C:\Program Files\Lavasoft
2007-11-24 02:10 . 2007-11-24 04:52 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-11-24 02:10 . 2007-11-24 02:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-24 01:29 . 2007-11-24 01:29 <REP> d-------- C:\Program Files\AxBx
2007-11-24 01:01 . 2007-11-24 01:01 <REP> d-------- C:\VundoFix Backups
2007-11-24 00:31 . 2007-11-24 00:31 <REP> d-------- C:\Program Files\CCleaner
2007-11-23 23:45 . 2007-11-24 00:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-18 06:58 --------- d-sh--w C:\Documents and Settings\Marco\Application Data\.#
2007-12-09 00:08 3,667,150 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-12-09 00:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-08 02:02 --------- d---a-w C:\Program Files\QuickTime
2007-12-08 02:02 --------- d-----w C:\Program Files\MUSK Codec Pack v5
2007-12-04 22:33 --------- d-----w C:\Documents and Settings\Marco\Application Data\Skype
2007-12-04 02:08 --------- d-----w C:\Documents and Settings\Marco\Application Data\teamspeak2
2007-11-24 06:45 --------- d-----w C:\Program Files\Ubisoft
2007-11-21 21:08 --------- d-----w C:\Program Files\Symantec
2007-11-21 21:04 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-11-21 21:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-14 10:38 --------- d-----w C:\Program Files\World of Warcraft
2007-11-12 11:51 7,433,504 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-11-08 13:11 15,785,498 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_11_08_07_34_57_full.dmp.zip
2007-11-07 07:12 18,336,307 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_11_07_02_10_06_full.dmp.zip
2007-10-25 15:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-22 05:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2007-10-22 05:25 --------- d-----w C:\Program Files\Manifesto
2007-09-27 09:07 1 ----a-w C:\Documents and Settings\Marco\SI.bin
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2005-06-20 12:10]
"BDNewsAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe" [2005-05-09 12:19]
"NvCplDaemon"="RUNDLL32.exe" [2001-08-28 07:00 C:\WINDOWS\system32\rundll32.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 07:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marco^Menu Démarrer^Programmes^Démarrage^Eurobarre.lnk]
path=C:\Documents and Settings\Marco\Menu Démarrer\Programmes\Démarrage\Eurobarre.lnk
backup=C:\WINDOWS\pss\Eurobarre.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marco^Menu Démarrer^Programmes^Démarrage^Registration .LNK]
path=C:\Documents and Settings\Marco\Menu Démarrer\Programmes\Démarrage\Registration .LNK
backup=C:\WINDOWS\pss\Registration .LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2007-10-31 15:32 2250104 --a------ C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
C:\Program Files\ATI Multimedia\main\launchpd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
2005-06-20 12:10 421888 --a------ C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDNewsAgent]
2005-05-09 12:19 8192 --a------ C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2001-08-28 07:00 13312 --a------ C:\WINDOWS\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
C:\Program Files\D-Tools\daemon.exe -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
2007-07-20 00:54 66408 --a------ C:\WINDOWS\System32\dxdllreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
2002-08-19 10:58 94208 --a------ C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
C:\Program Files\Logitech\Video\ManifestEngine.exe boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2005-06-08 15:24 458752 --a------ C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2005-06-08 15:14 217088 --a------ C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lrnn]
C:\DOCUME~1\Marco\MESDOC~1\ECURIT~1\msiexec.exe -vt yazb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2005-07-19 17:32 221184 --a------ C:\WINDOWS\System32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lxanm]
C:\Documents and Settings\Marco\Application Data\a?sembly\n?tdde.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsft Windows Adapter 5.2.3013]
C:\Documents and Settings\Marco\Application Data\suwumohktb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]
2001-11-12 16:39 75384 --a------ C:\PROGRA~1\NORTON~1\navapw32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 --a------ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Satp]
C:\DOCUME~1\Marco\APPLIC~1\PPATCH~1\wuaclt.exe -vt yazb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\startdrv]
C:\WINDOWS\Temp\startdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2007-06-21 14:06 1318912 --a------ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2007-10-14 18:09 103712 -ra------ C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
2007-11-20 07:50 95960 --a------ C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 --------- C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vinojozy]
C:\Program Files\MSN Gaming Zone\vinojozy77798.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble]
C:\Program Files\WinAble\winable.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yljp]
C:\Program Files\s?mbols\j?vaw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
2007-03-09 01:02 919280 --a------ C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
2007-03-09 01:02 919280 --a------ C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-18 21:23:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-18 05:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\System32\J102G333.exe
"2007-12-18 14:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\System32\J102G333.exe
"2007-12-18 15:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\System32\J102G333.exe
"2007-12-18 16:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\System32\J102G333.exe
"2007-12-18 17:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\System32\J102G333.exe
"2007-12-18 18:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\System32\J102G333.exe
"2007-12-18 19:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\System32\J102G333.exe
"2007-12-18 20:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\System32\J102G333.exe
"2007-12-18 21:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\System32\J102G333.exe
"2007-12-18 22:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\System32\J102G333.exe
"2007-12-18 23:00:01 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\System32\J102G333.exe
"2007-12-18 06:00:01 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\System32\J102G333.exe
"2007-12-19 00:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\System32\J102G333.exe
"2007-12-19 01:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\System32\J102G333.exe
"2007-12-19 02:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\System32\J102G333.exe
"2007-12-19 03:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\System32\J102G333.exe
"2007-12-19 04:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\System32\J102G333.exe
"2007-12-18 05:00:00 C:\WINDOWS\Tasks\At25.job"
- C:\WINDOWS\System32\hKn6d8S2.exe
"2007-12-18 06:00:03 C:\WINDOWS\Tasks\At26.job"
- C:\WINDOWS\System32\hKn6d8S2.exe
"2007-12-19 07:00:00 C:\WINDOWS\Tasks\At27.job"
- C:\WINDOWS\System32\hKn6d8S2.exe
"2007-12-19 08:00:00 C:\WINDOWS\Tasks\At28.job"
- C:\WINDOWS\System32\hKn6d8S2.exe
"2007-12-19 09:00:00 C:\WINDOWS\Tasks\At29.job"
- C:\WINDOWS\System32\hKn6d8S2.exe
"2007-12-19 07:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\System32\J102G333.exe
"2007-12-19 10:00:00 C:\WINDOWS\Tasks\At30.job"
- C:\WINDOWS\System32\hKn6d8S2.exe
"2007-12-19 11:00:00 C:\WINDOWS\Tasks\At31.job"
- C:\WINDOWS\System32\hKn6d8S2.exe
"2007-12-18 12:00:00 C:\WINDOWS\Tasks\At32.job"
- C:\WINDOWS\System32\hKn6d8S2.exe
"2007-12-18 13:00:00 C:\WINDOWS\Tasks\At33.job"
- C:\WINDOWS\System32\hKn6d8S2.exe
"2007-12-18 14:00:00 C:\WINDOWS\Tasks\At34.job"
- C:\WINDOWS\System32\hKn6d8S2.exe
"2007-12-18 15:00:00 C:\WINDOWS\Tasks\At35.job"
- C:\WINDOWS\System32\hKn6d8S2.exe
"2007-12-18 16:00:00 C:\WINDOWS\Tasks\At36.job"
- C:\WINDOWS\System32\hKn6d8S2.exe
"2007-12-18 17:00:00 C:\WINDOWS\Tasks\At37.job"
- C:\WINDOWS\System32\hKn6d8S2.exe
"2007-12-18 18:00:00 C:\WINDOWS\Tasks\At38.job"
- C:\WINDOWS\System32\hKn6d8S2.exe
"2007-12-18 19:00:00 C:\WINDOWS\Tasks\At39.job"
- C:\WINDOWS\System32\hKn6d8S2.exe

"2007-12-19 08:00:00 C:\WINDOWS\Tasks\At4.job"
"2007-12-18 20:00:00 C:\WINDOWS\Tasks\At40.job"
- C:\WINDOWS\System32\hKn6d8S2.exe
"2007-12-18 21:00:00 C:\WINDOWS\Tasks\At41.job"
- C:\WINDOWS\System32\hKn6d8S2.exe
"2007-12-18 22:00:00 C:\WINDOWS\Tasks\At42.job"
- C:\WINDOWS\System32\hKn6d8S2.exe
"2007-12-18 23:00:01 C:\WINDOWS\Tasks\At43.job"
- C:\WINDOWS\System32\hKn6d8S2.exe
"2007-12-19 00:00:00 C:\WINDOWS\Tasks\At44.job"
- C:\WINDOWS\System32\hKn6d8S2.exe
"2007-12-19 01:00:00 C:\WINDOWS\Tasks\At45.job"
- C:\WINDOWS\System32\hKn6d8S2.exe
"2007-12-19 02:00:00 C:\WINDOWS\Tasks\At46.job"
- C:\WINDOWS\System32\hKn6d8S2.exe
"2007-12-19 03:00:00 C:\WINDOWS\Tasks\At47.job"
- C:\WINDOWS\System32\hKn6d8S2.exe
"2007-12-19 04:00:00 C:\WINDOWS\Tasks\At48.job"
- C:\WINDOWS\System32\hKn6d8S2.exe
"2007-12-19 09:00:01 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\System32\J102G333.exe
"2007-12-19 10:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\System32\J102G333.exe
"2007-12-19 11:00:00 C:\WINDOWS\Tasks\At7.job"
"2007-12-18 12:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\System32\J102G333.exe
"2007-12-18 13:00:00 C:\WINDOWS\Tasks\At9.job"
"2007-12-15 01:00:14 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur.job"
- C:\PROGRA~1\NORTON~1\NAVW32.exeG/task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca
"2007-12-19 11:47:36 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-19 06:47:43
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-19 6:48:17 - machine was rebooted

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:50:32, on 2007-12-19
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Trend Micro\HijackThis\eden.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {91F71D75-A73B-4E3B-8A14-F03557B82B29} (Cax3DPlugin Object) - http://www.graalonline.com/downloads/plugin/graalplugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/flashax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5BCBE84-5D8E-41EC-B424-65753B5DBE48}: NameServer = 206.47.244.14 206.47.244.106
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

Le sioux · Answer

Bonsoir

Je regarde tout cela et te dis quoi faire tout a l heure.

@ plus

Le sioux · Answer

Re

1) Sauvegarde de la base de registre en cas de problème

Cliquer sur Démarrer / exécuter / tape regedit / ok:
Sélectionnez la ligne "poste de travail" d'un clic:
Dans le menu Fichier cliquez sur exporter :
Choisis de sauvegarder sur le bureau pour retrouver la sauvegarde facilement, nommez-la (ex sauvegarde bdr.reg) puis enregistrer.

Ta sauvegarde de la base de registre windows est sur le bureau :
En cas de problème, pour la relancer, il suffira de double-cliquer dessus et d accepter la fusion dans le registre en validant par ok a la demande formulée.


2) ComboFix avec CFScript : 

*  Sélectionne le texte suivant (en gras)  dans son intégralité :

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lxanm]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsft Windows Adapter 5.2.3013]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yljp]

File::
C:\7b1b7596664f5b682422048b
C:\939f61955ac78bc4892ee29c
C:\f219700cc0b009e9dd272a
C:\WINDOWS\pp.enc
C:\Documents and Settings\Marco\Application Data\suwumohktb.exe
C:\Documents and Settings\Marco\Application Data\a?sembly
?tdde.exe
C:\Program Files\s?mbols\j?vaw.exe
C:\WINDOWS\System32\hKn6d8S2.exe
C:\WINDOWS\System32\J102G333.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

Folder::
C:\Documents and Settings\Marco\Application Data\.#
C:\Documents and Settings\Marco\Application Data\a?sembly
C:\Documents and Settings\Marco\Application Data\assembly
C:\Program Files\s?mbols
C:\Program Files\symbols

* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt

Déconnecte toi du net et désactive ton antivirus  pour que Combofix puisse s'exécuter normalement

* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe ( sur ton bureau)

* Une fenêtre bleue va apparaître: au message qui apparaît  Type 1 to continue, or 2 to abort , tape 1 puis valide.

* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!

Ne touche à rien tant que le scan n'est pas terminé. 

* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu. 

* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

@ suivre

IMPORTANT   

A prendre le sujet en cours, je n'avais pas vu de suite mais ...
Je vois des traces de deux antivirus sur ton PC, il n'en faut qu'un !! 

Sépare des restes  de Symantec / Norton, utilises cet outils téléchargeable ici :

http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924

On désactivera les services de Symantec dans un 2nd temps .

ALavie · Answer

Salut, Désoler je n'ai pas pu venir hier voici le rapport que tu m'as demandé: ComboFix 07-12-19.2 - Marco 2007-12-20 10:46:48.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1578 [GMT -5:00] Running from: C:\Documents and Settings\Marco\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Marco\Bureau\CFScript.txt * Created a new restore point FILE C:\7b1b7596664f5b682422048b C:\939f61955ac78bc4892ee29c C:\Documents and Settings\Marco\Application Data\suwumohktb.exe C:\f219700cc0b009e9dd272a C:\WINDOWS\pp.enc C:\WINDOWS\System32\hKn6d8S2.exe C:\WINDOWS\System32\J102G333.exe C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At25.job C:\WINDOWS\Tasks\At26.job C:\WINDOWS\Tasks\At27.job C:\WINDOWS\Tasks\At28.job C:\WINDOWS\Tasks\At29.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At30.job C:\WINDOWS\Tasks\At31.job C:\WINDOWS\Tasks\At32.job C:\WINDOWS\Tasks\At33.job C:\WINDOWS\Tasks\At34.job C:\WINDOWS\Tasks\At35.job C:\WINDOWS\Tasks\At36.job C:\WINDOWS\Tasks\At37.job C:\WINDOWS\Tasks\At38.job C:\WINDOWS\Tasks\At39.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At40.job C:\WINDOWS\Tasks\At41.job C:\WINDOWS\Tasks\At42.job C:\WINDOWS\Tasks\At43.job C:\WINDOWS\Tasks\At44.job C:\WINDOWS\Tasks\At45.job C:\WINDOWS\Tasks\At46.job C:\WINDOWS\Tasks\At47.job C:\WINDOWS\Tasks\At48.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Marco\Application Data\.# C:\Documents and Settings\Marco\Application Data\.#\MBX@F58@3E48E0.### C:\Documents and Settings\Marco\Application Data\.#\MBX@F58@3E48F0.### C:\WINDOWS\pp.enc C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At25.job C:\WINDOWS\Tasks\At26.job C:\WINDOWS\Tasks\At27.job C:\WINDOWS\Tasks\At28.job C:\WINDOWS\Tasks\At29.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At30.job C:\WINDOWS\Tasks\At31.job C:\WINDOWS\Tasks\At32.job C:\WINDOWS\Tasks\At33.job C:\WINDOWS\Tasks\At34.job C:\WINDOWS\Tasks\At35.job C:\WINDOWS\Tasks\At36.job C:\WINDOWS\Tasks\At37.job C:\WINDOWS\Tasks\At38.job C:\WINDOWS\Tasks\At39.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At40.job C:\WINDOWS\Tasks\At41.job C:\WINDOWS\Tasks\At42.job C:\WINDOWS\Tasks\At43.job C:\WINDOWS\Tasks\At44.job C:\WINDOWS\Tasks\At45.job C:\WINDOWS\Tasks\At46.job C:\WINDOWS\Tasks\At47.job C:\WINDOWS\Tasks\At48.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job . ((((((((((((((((((((((((((((( Fichiers créés 2007-11-20 to 2007-12-20 )))))))))))))))))))))))))))))))))))) . 2007-12-19 14:58 . 2007-12-19 14:58 d-------- C:\Program Files\SystemRequirementsLab 2007-12-19 13:12 . 2007-12-19 13:12 d-------- C:\WINDOWS\system32\fr-fr 2007-12-19 13:09 . 2007-12-19 13:09 d--h----- C:\WINDOWS\$hf_mig$ 2007-12-19 12:52 . 2007-12-19 12:52 d-------- C:\Documents and Settings\LocalService\Menu Démarrer 2007-12-19 12:41 . 2004-08-19 16:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-12-19 12:31 . 2007-12-19 12:31 d-------- C:\WINDOWS\ServicePackFiles 2007-12-19 12:24 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0[/u]02510_.tmp 2007-12-19 12:23 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-12-19 01:27 . 2007-12-19 01:37 d-------- C:\Program Files\RegCleaner 2007-12-18 20:05 . 2007-12-18 20:09 585,588,736 --a------ C:\11E.tmp 2007-12-18 16:55 . 2007-12-18 19:04 d-------- C:\WINDOWS\system32\ActiveScan 2007-12-18 16:55 . 2007-12-18 16:55 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-12-18 16:55 . 2007-12-18 16:55 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-12-18 16:55 . 2007-12-18 16:55 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-12-17 17:27 . 2001-08-17 20:12 19,017 --a------ C:\WINDOWS\system32\drivers\RTL8029.sys 2007-12-17 17:27 . 2001-08-17 20:12 19,017 --a--c--- C:\WINDOWS\system32\dllcache\rtl8029.sys 2007-12-17 04:17 . 2007-12-17 04:17 15,086 --a------ C:\WINDOWS\system32\FreePokerBonus.ico 2007-12-17 04:01 . 2007-12-17 04:01 d-------- C:\WINDOWS\system32\ineWc01 2007-12-17 04:01 . 2007-12-17 04:01 d-------- C:\Temp\tpBe12 2007-12-13 13:54 . 2007-12-13 13:54 d-------- C:\Program Files\Google 2007-12-11 11:18 . 2007-12-11 11:19 d-------- C:\Documents and Settings\All Users\Application Data\MGS 2007-12-11 11:15 . 2007-12-11 11:15 d-------- C:\MicroGaming 2007-12-10 22:33 . 2007-12-10 22:35 d-------- C:\7b1b7596664f5b682422048b 2007-12-10 21:38 . 2007-12-10 21:39 d-------- C:\939f61955ac78bc4892ee29c 2007-12-10 15:14 . 2007-12-10 15:14 d-------- C:\Documents and Settings\Marco\Application Data\The Labyrinth Plus! Edition 2007-12-10 15:08 . 2007-12-10 15:11 d-------- C:\Program Files\Microsoft Plus! 2007-12-08 19:10 . 2004-08-19 16:09 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2007-12-08 19:05 . 2007-12-08 19:05 d-------- C:\Program Files\Logitech 2007-12-08 19:05 . 2007-12-08 19:05 d-------- C:\Program Files\Fichiers communs\Logitech 2007-12-08 18:21 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\usbaudio.sys 2007-12-08 18:15 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-12-08 13:47 . 2007-12-08 13:47 d-------- C:\WINDOWS\system32\LogFiles 2007-12-08 13:47 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2007-12-08 13:47 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll 2007-12-08 13:47 . 2007-12-08 13:47 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe 2007-12-08 13:47 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll 2007-12-08 13:47 . 2007-12-08 13:47 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2007-12-08 13:47 . 2007-12-08 13:47 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2007-12-08 13:47 . 2007-12-08 13:47 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-12-08 13:47 . 2007-12-08 13:47 22,328 --a------ C:\Documents and Settings\Marco\Application Data\PnkBstrK.sys 2007-12-08 13:46 . 2004-08-19 16:09 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-12-08 13:25 . 2007-12-08 13:25 d-------- C:\Program Files\Electronic Arts 2007-12-08 12:51 . 2007-12-08 13:21 d-------- C:\Documents and Settings\Marco\Application Data\Bioshock 2007-12-08 12:31 . 2007-12-08 12:31 d-------- C:\WINDOWS\Downloaded Installations 2007-12-08 12:16 . 2007-11-12 06:51 158,066 --a------ C:\WINDOWS\system32\nvapps.nvb 2007-12-08 12:04 . 2004-08-19 16:09 2,113,536 --a------ C:\WINDOWS\system32\dxdiagn.dll 2007-12-08 11:54 . 2007-12-08 11:54 d-------- C:\Program Files\2K Games 2007-12-08 11:54 . 2007-12-08 11:54 d-------- C:\Documents and Settings\Marco\Application Data\InstallShield 2007-12-07 21:02 . 2007-12-07 21:02 d-a------ C:\WINDOWS\system32\QuickTime 2007-12-07 21:02 . 2007-12-07 21:02 d-a------ C:\Documents and Settings\All Users\Application Data\QuickTime 2007-12-07 21:02 . 2004-04-08 13:12 747,008 --a------ C:\WINDOWS\system32\Indeo4.qtx 2007-12-07 21:02 . 2004-04-29 20:22 360,504 --a------ C:\WINDOWS\system32\QTPlugin.ocx 2007-12-07 21:02 . 2004-04-08 13:12 323,072 --a------ C:\WINDOWS\system32\QuickTime.cpl 2007-12-07 21:02 . 2004-01-12 16:57 86,016 --a------ C:\WINDOWS\system32\QuickTime.ax 2007-12-07 21:02 . 2004-04-08 13:12 70,144 --a------ C:\WINDOWS\system32\QuickTimeCheck.ocx 2007-12-06 20:51 . 2007-12-06 20:51 d-------- C:\Program Files\Macrogaming 2007-12-06 11:46 . 2007-12-06 11:46 3,120 --a------ C:\WINDOWS\MF_C425.lfa 2007-12-06 11:46 . 2007-12-06 11:46 3,120 --a------ C:\WINDOWS\MF_C421.lfa 2007-12-06 11:46 . 2007-12-06 11:46 3,120 --a------ C:\WINDOWS\MF_C420.lfa 2007-12-06 11:45 . 2007-12-06 12:37 d-------- C:\Program Files\IncrediMail 2007-12-06 11:37 . 2007-12-06 11:42 d-------- C:\clins 2007-12-05 08:03 . 2007-12-19 12:38 d-------- C:\WINDOWS\EHome 2007-12-05 08:02 . 2007-12-05 08:02 d-------- C:\f219700cc0b009e9dd272a 2007-12-05 07:28 . 2007-12-05 07:28 d-------- C:\WINDOWS\Adobe Illustrator CS 2007-12-05 02:09 . 2007-12-05 02:09 d-------- C:\WINDOWS\system32\Linux 2007-12-05 02:09 . 2007-12-18 01:59 d-------- C:\Program Files\Graal 2007-12-04 17:42 . 2005-04-11 11:53 28,672 --a------ C:\WINDOWS\system32\mcoinstall.exe 2007-12-04 17:42 . 2005-04-05 16:28 22,016 --a------ C:\WINDOWS\system32\MSWINSCK.oca 2007-12-04 17:42 . 1998-06-18 00:00 2,465 --a------ C:\WINDOWS\system32\MSWINSCK.DEP 2007-12-04 11:09 . 2007-12-04 11:22 d-------- C:\Program Files\PartyGaming 2007-12-02 17:35 . 2007-12-02 17:35 d-------- C:\WINDOWS\system32\FlashAX 2007-12-02 17:35 . 2007-12-02 17:35 d-------- C:\Documents and Settings\Marco\Application Data\Microgaming 2007-12-02 12:08 . 2007-12-02 12:08 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2007-12-02 12:07 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-12-02 12:07 . 2007-12-02 12:07 385 --a------ C:\WINDOWS\ODBC.INI 2007-12-02 12:06 . 2007-12-02 12:06 d-------- C:\WINDOWS\SHELLNEW 2007-12-02 12:05 . 2007-12-02 12:05 d-------- C:\Program Files\Microsoft.NET 2007-12-02 12:03 . 2007-12-02 12:03 dr-h----- C:\MSOCache 2007-12-01 15:51 . 2007-12-16 07:26 d-------- C:\Program Files\PokerStars 2007-11-30 16:46 . 2007-11-30 16:49 d-------- C:\Documents and Settings\Marco\Contacts 2007-11-30 16:45 . 2007-11-30 16:45 d----c--- C:\WINDOWS\system32\DRVSTORE 2007-11-30 16:36 . 2007-12-19 13:26 d-------- C:\Program Files\MSN Messenger 2007-11-30 16:22 . 2007-11-30 16:26 d-------- C:\Documents and Settings\Marco\Application Data\MSN6 2007-11-30 16:22 . 2007-11-30 16:22 d-------- C:\Documents and Settings\All Users\Application Data\MSN6 2007-11-27 10:16 . 2007-11-28 04:46 d-------- C:\Program Files\Eurobarre 2007-11-27 10:16 . 2007-11-27 10:16 119,568 --a------ C:\WINDOWS\system32\vb6fr.dll 2007-11-27 10:16 . 2007-11-27 10:16 108,336 --------- C:\WINDOWS\system32\mswinsck.ocx 2007-11-27 10:16 . 2007-11-27 10:16 15,872 --------- C:\WINDOWS\system32\winskfr.dll 2007-11-26 18:46 . 2007-12-18 13:38 d-------- C:\Program Files\Panda Security 2007-11-24 09:57 . 2007-12-19 06:58 14 --a------ C:\Documents and Settings\Marco\getfile.dat 2007-11-24 08:09 . 2007-11-24 08:09 d--h----- C:\WINDOWS\system32\GroupPolicy 2007-11-24 04:59 . 2007-11-24 04:59 d-------- C:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com 2007-11-24 04:52 . 2007-12-18 23:18 d-------- C:\Program Files\SUPERAntiSpyware 2007-11-24 04:52 . 2007-11-24 04:52 d-------- C:\Documents and Settings\Marco\Application Data\SUPERAntiSpyware.com 2007-11-24 04:52 . 2007-11-24 04:52 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-11-24 02:10 . 2007-11-24 02:10 d-------- C:\Program Files\Lavasoft 2007-11-24 02:10 . 2007-11-24 04:52 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-11-24 02:10 . 2007-11-24 02:10 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-11-24 01:29 . 2007-11-24 01:29 d-------- C:\Program Files\AxBx 2007-11-24 01:01 . 2007-11-24 01:01 d-------- C:\VundoFix Backups . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-09 00:08 3,667,150 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2007-12-09 00:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-08 02:02 --------- d---a-w C:\Program Files\QuickTime 2007-12-08 02:02 --------- d-----w C:\Program Files\MUSK Codec Pack v5 2007-12-04 22:33 --------- d-----w C:\Documents and Settings\Marco\Application Data\Skype 2007-12-04 02:08 --------- d-----w C:\Documents and Settings\Marco\Application Data\teamspeak2 2007-11-24 06:45 --------- d-----w C:\Program Files\Ubisoft 2007-11-21 21:08 --------- d-----w C:\Program Files\Symantec 2007-11-21 21:04 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2007-11-21 21:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-11-19 10:07 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-11-14 10:38 --------- d-----w C:\Program Files\World of Warcraft 2007-11-12 13:03 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2007-11-12 11:51 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-11-12 11:51 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-11-12 11:51 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-11-12 11:51 757,760 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-11-12 11:51 7,433,504 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-11-12 11:51 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-11-12 11:51 6,537,216 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-11-12 11:51 5,770,880 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-11-12 11:51 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll 2007-11-12 11:51 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-11-12 11:51 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll 2007-11-12 11:51 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-11-12 11:51 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-11-12 11:51 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-11-12 11:51 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-11-12 11:51 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe 2007-11-12 11:51 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-11-12 11:51 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-11-12 11:51 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll 2007-11-12 11:51 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll 2007-11-12 11:51 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll 2007-11-12 11:51 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll 2007-11-12 11:51 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll 2007-11-12 11:51 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll 2007-11-12 11:51 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll 2007-11-12 11:51 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll 2007-11-12 11:51 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll 2007-11-12 11:51 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll 2007-11-12 11:51 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll 2007-11-12 11:51 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll 2007-11-12 11:51 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll 2007-11-12 11:51 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-11-12 11:51 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll 2007-11-12 11:51 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll 2007-11-12 11:51 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll 2007-11-12 11:51 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll 2007-11-12 11:51 3,698,688 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-11-12 11:51 3,407,872 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-11-12 11:51 3,330,048 ----a-w C:\WINDOWS\system32\nvgamesr.dll 2007-11-12 11:51 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll 2007-11-12 11:51 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll 2007-11-12 11:51 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll 2007-11-12 11:51 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll 2007-11-12 11:51 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll 2007-11-12 11:51 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll 2007-11-12 11:51 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll 2007-11-12 11:51 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll 2007-11-12 11:51 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll 2007-11-12 11:51 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll 2007-11-12 11:51 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll 2007-11-12 11:51 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll 2007-11-12 11:51 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll 2007-11-12 11:51 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll 2007-11-12 11:51 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll 2007-11-12 11:51 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll 2007-11-12 11:51 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll 2007-11-12 11:51 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll 2007-11-12 11:51 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll 2007-11-12 11:51 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll 2007-11-12 11:51 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll 2007-11-12 11:51 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll 2007-11-12 11:51 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll 2007-11-12 11:51 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll 2007-11-12 11:51 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll 2007-11-12 11:51 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll 2007-11-12 11:51 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll 2007-11-12 11:51 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll 2007-11-12 11:51 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll 2007-11-12 11:51 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll 2007-11-12 11:51 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll 2007-11-12 11:51 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll 2007-11-12 11:51 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll 2007-11-12 11:51 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll 2007-11-12 11:51 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll 2007-11-12 11:51 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll 2007-11-12 11:51 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll 2007-11-12 11:51 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll 2007-11-12 11:51 2,519,040 ----a-w C:\WINDOWS\system32\nvwssr.dll 2007-11-12 11:51 2,486,272 ----a-w C:\WINDOWS\system32\nvwss.dll 2007-11-12 11:51 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll 2007-11-12 11:51 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll 2007-11-12 11:51 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll 2007-11-12 11:51 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll 2007-11-12 11:51 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe 2007-11-12 11:51 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe 2007-11-12 11:51 126,976 ----a-w C:\WINDOWS\system32\nvrszht.dll 2007-11-12 11:51 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2004-08-19 16:10 C:\WINDOWS\system32\rundll32.exe] "BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2005-06-20 12:10] "BDNewsAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe" [2005-05-09 12:19] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsMenu"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acrobat Assistant.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acrobat Assistant.lnk backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marco^Menu Démarrer^Programmes^Démarrage^Eurobarre.lnk] path=C:\Documents and Settings\Marco\Menu Démarrer\Programmes\Démarrage\Eurobarre.lnk backup=C:\WINDOWS\pss\Eurobarre.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marco^Menu Démarrer^Programmes^Démarrage^Registration .LNK] path=C:\Documents and Settings\Marco\Menu Démarrer\Programmes\Démarrage\Registration .LNK backup=C:\WINDOWS\pss\Registration .LNKStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch] 2007-10-31 15:32 2250104 --a------ C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad] C:\Program Files\ATI Multimedia\main\launchpd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon] 2005-06-20 12:10 421888 --a------ C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDNewsAgent] 2005-05-09 12:19 8192 --a------ C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2004-08-19 16:09 15360 --a------ C:\WINDOWS\System32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe] 2007-07-20 00:54 66408 --a------ C:\WINDOWS\System32\dxdllreg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp] 2002-08-19 10:58 94208 --a------ C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe boot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] 2005-06-08 15:24 458752 --a------ C:\Program Files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] 2005-06-08 15:14 217088 --a------ C:\Program Files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lrnn] C:\DOCUME~1\Marco\MESDOC~1\ECURIT~1\msiexec.exe -vt yazb [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] 2005-07-19 17:32 221184 --a------ C:\WINDOWS\System32\LVCOMSX.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\MSN Messenger\msnmsgr.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent] 2001-11-12 16:39 75384 --a------ C:\PROGRA~1\NORTON~1\navapw32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2004-11-02 19:24 32768 --a------ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Satp] C:\DOCUME~1\Marco\APPLIC~1\PPATCH~1\wuaclt.exe -vt yazb [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\startdrv] C:\WINDOWS\Temp\startdrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2007-06-21 14:06 1318912 --a------ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] 2007-10-14 18:09 103712 -ra------ C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] 2007-11-20 07:50 95960 --a------ C:\PROGRA~1\SYMNET~1\SNDMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] 2000-05-11 00:00 90112 --------- C:\WINDOWS\UpdReg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vinojozy] C:\Program Files\MSN Gaming Zone\vinojozy77798.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble] C:\Program Files\WinAble\winable.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client] 2007-03-09 01:02 919280 --a------ C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client] 2007-03-09 01:02 919280 --a------ C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe R3 P17;Sound Blaster Live! 24-bit;C:\WINDOWS\system32\drivers\P17.sys [2004-06-04 03:27] R3 rtl8029;Pilote NT de carte Realtek PCI Ethernet à base RTL8029(AS);C:\WINDOWS\system32\DRIVERS\RTL8029.SYS [2001-08-17 20:12] S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 03:47] S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-08-28 22:54] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-12-18 21:23:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-15 01:00:14 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur.job" - C:\PROGRA~1\NORTON~1\NAVW32.exeG/task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca "2007-12-20 15:29:36 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-20 10:49:24 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-20 10:50:26 C:\ComboFix2.txt ... 2007-12-19 06:48 j'attend la suite ^^

Le sioux · Answer

Bonjour

Tu as regardé cela ?

"IMPORTANT

A prendre le sujet en cours, je n'avais pas vu de suite mais ...
Je vois des traces de deux antivirus sur ton PC, il n'en faut qu'un !!

Sépare des restes de Symantec / Norton, utilises cet outils téléchargeable ici :

http://service1.symantec.com/

On désactivera les services de Symantec dans un 2nd temps"

@ suivre

ALavie · Answer

oui je l'ai fait executer il m'annonce le Norton et mon Ghost mais il ne fait rien d'autre je vais l'executer encore

Le sioux · Answer

Re 1) Tu as des services a fermer/désactiver Démarrer / exécuter tapes services.mscService Norton AntiVirus Auto-Protect Clique droit sur la ligne du service en question puis arrêter Clique droit a nouveau puis propriétés et a type de Démarrage mettre sur désactivé puis valider par appliquer et ok Fais de même pour Symantec Network Drivers Service (SNDSrvc) 2) Désinstalle Symantec LiveUpdate et Navilog1 Démarrer / Paramètres / Panneau de config et dans ajout / suppression de programme navigue jusqu' a Liveupdate puis supprimer. Fais de même pour Navilog1. Puis fais redémarrer ton PC . 3) OtMoveIt Télécharge OTMoveIt (de Old_Timer) sur ton Bureau. http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe Double clique sur OTMoveIt.exe pour le lancer. Copie la liste qui se trouve en citation ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt : Paste List of Files/Folders to be moved. C:\Program Files\Fichiers communs\Symantec Shared C:\Program Files\Norton AntiVirus C:\WINDOWS\Tasks\Norton AntiVirus C:\Documents and settings\All users1\Application Data\Symantec\Norton AntiVirus C:\WINDOWS\Tasks\Symantec NetDetect.job C:\Program Files\Symantec\LiveUpdate C:\programfiles\Navilog1 Clique sur MoveIt! pour lancer la suppression. Le résultat apparaîtra dans le cadre Results. Clique sur Exit pour fermer. Il te sera peut-être demander de redémarrer le PC pour achever la suppression. si c'est le cas accepte par Yes. --> Poste le rapport d'OTMoveIt situé dans C:\_OTMoveIt\MovedFiles (contenu du fichier C:\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date et l'heure) ainsi qu'un nouveau rapport HijackThis. @ suivre

ALavie · Answer

Bon , il fallait que je supprime manuellement les 2 apres je relance le Norton removal tool. C'est ce que j'ai fais voici un nouveau rapport: AComboFix 07-12-19.2 - Marco 2007-12-20 12:11:37.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1670 [GMT -5:00] Running from: C:\Documents and Settings\Marco\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Marco\Bureau\CFScript.txt * Created a new restore point FILE C:\7b1b7596664f5b682422048b C:\939f61955ac78bc4892ee29c C:\Documents and Settings\Marco\Application Data\suwumohktb.exe C:\f219700cc0b009e9dd272a C:\WINDOWS\pp.enc C:\WINDOWS\System32\hKn6d8S2.exe C:\WINDOWS\System32\J102G333.exe C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At25.job C:\WINDOWS\Tasks\At26.job C:\WINDOWS\Tasks\At27.job C:\WINDOWS\Tasks\At28.job C:\WINDOWS\Tasks\At29.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At30.job C:\WINDOWS\Tasks\At31.job C:\WINDOWS\Tasks\At32.job C:\WINDOWS\Tasks\At33.job C:\WINDOWS\Tasks\At34.job C:\WINDOWS\Tasks\At35.job C:\WINDOWS\Tasks\At36.job C:\WINDOWS\Tasks\At37.job C:\WINDOWS\Tasks\At38.job C:\WINDOWS\Tasks\At39.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At40.job C:\WINDOWS\Tasks\At41.job C:\WINDOWS\Tasks\At42.job C:\WINDOWS\Tasks\At43.job C:\WINDOWS\Tasks\At44.job C:\WINDOWS\Tasks\At45.job C:\WINDOWS\Tasks\At46.job C:\WINDOWS\Tasks\At47.job C:\WINDOWS\Tasks\At48.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job . ((((((((((((((((((((((((((((( Fichiers créés 2007-11-20 to 2007-12-20 )))))))))))))))))))))))))))))))))))) . 2007-12-19 14:58 . 2007-12-19 14:58 d-------- C:\Program Files\SystemRequirementsLab 2007-12-19 13:12 . 2007-12-19 13:12 d-------- C:\WINDOWS\system32\fr-fr 2007-12-19 13:09 . 2007-12-19 13:09 d--h----- C:\WINDOWS\$hf_mig$ 2007-12-19 12:52 . 2007-12-19 12:52 d-------- C:\Documents and Settings\LocalService\Menu Démarrer 2007-12-19 12:41 . 2004-08-19 16:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-12-19 12:31 . 2007-12-19 12:31 d-------- C:\WINDOWS\ServicePackFiles 2007-12-19 12:24 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0[/u]02510_.tmp 2007-12-19 12:23 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-12-19 01:27 . 2007-12-19 01:37 d-------- C:\Program Files\RegCleaner 2007-12-18 20:05 . 2007-12-18 20:09 585,588,736 --a------ C:\11E.tmp 2007-12-18 16:55 . 2007-12-18 19:04 d-------- C:\WINDOWS\system32\ActiveScan 2007-12-18 16:55 . 2007-12-18 16:55 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-12-18 16:55 . 2007-12-18 16:55 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-12-18 16:55 . 2007-12-18 16:55 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-12-17 17:27 . 2001-08-17 20:12 19,017 --a------ C:\WINDOWS\system32\drivers\RTL8029.sys 2007-12-17 17:27 . 2001-08-17 20:12 19,017 --a--c--- C:\WINDOWS\system32\dllcache\rtl8029.sys 2007-12-17 04:17 . 2007-12-17 04:17 15,086 --a------ C:\WINDOWS\system32\FreePokerBonus.ico 2007-12-17 04:01 . 2007-12-17 04:01 d-------- C:\WINDOWS\system32\ineWc01 2007-12-17 04:01 . 2007-12-17 04:01 d-------- C:\Temp\tpBe12 2007-12-13 13:54 . 2007-12-13 13:54 d-------- C:\Program Files\Google 2007-12-11 11:18 . 2007-12-11 11:19 d-------- C:\Documents and Settings\All Users\Application Data\MGS 2007-12-11 11:15 . 2007-12-11 11:15 d-------- C:\MicroGaming 2007-12-10 22:33 . 2007-12-10 22:35 d-------- C:\7b1b7596664f5b682422048b 2007-12-10 21:38 . 2007-12-10 21:39 d-------- C:\939f61955ac78bc4892ee29c 2007-12-10 15:14 . 2007-12-10 15:14 d-------- C:\Documents and Settings\Marco\Application Data\The Labyrinth Plus! Edition 2007-12-10 15:08 . 2007-12-10 15:11 d-------- C:\Program Files\Microsoft Plus! 2007-12-08 19:10 . 2004-08-19 16:09 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2007-12-08 19:05 . 2007-12-08 19:05 d-------- C:\Program Files\Logitech 2007-12-08 19:05 . 2007-12-08 19:05 d-------- C:\Program Files\Fichiers communs\Logitech 2007-12-08 18:21 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\usbaudio.sys 2007-12-08 18:15 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-12-08 13:47 . 2007-12-08 13:47 d-------- C:\WINDOWS\system32\LogFiles 2007-12-08 13:47 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2007-12-08 13:47 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll 2007-12-08 13:47 . 2007-12-08 13:47 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe 2007-12-08 13:47 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll 2007-12-08 13:47 . 2007-12-08 13:47 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2007-12-08 13:47 . 2007-12-08 13:47 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2007-12-08 13:47 . 2007-12-08 13:47 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-12-08 13:47 . 2007-12-08 13:47 22,328 --a------ C:\Documents and Settings\Marco\Application Data\PnkBstrK.sys 2007-12-08 13:46 . 2004-08-19 16:09 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-12-08 13:25 . 2007-12-08 13:25 d-------- C:\Program Files\Electronic Arts 2007-12-08 12:51 . 2007-12-08 13:21 d-------- C:\Documents and Settings\Marco\Application Data\Bioshock 2007-12-08 12:31 . 2007-12-08 12:31 d-------- C:\WINDOWS\Downloaded Installations 2007-12-08 12:16 . 2007-11-12 06:51 158,066 --a------ C:\WINDOWS\system32\nvapps.nvb 2007-12-08 12:04 . 2004-08-19 16:09 2,113,536 --a------ C:\WINDOWS\system32\dxdiagn.dll 2007-12-08 11:54 . 2007-12-08 11:54 d-------- C:\Program Files\2K Games 2007-12-08 11:54 . 2007-12-08 11:54 d-------- C:\Documents and Settings\Marco\Application Data\InstallShield 2007-12-07 21:02 . 2007-12-07 21:02 d-a------ C:\WINDOWS\system32\QuickTime 2007-12-07 21:02 . 2007-12-07 21:02 d-a------ C:\Documents and Settings\All Users\Application Data\QuickTime 2007-12-07 21:02 . 2004-04-08 13:12 747,008 --a------ C:\WINDOWS\system32\Indeo4.qtx 2007-12-07 21:02 . 2004-04-29 20:22 360,504 --a------ C:\WINDOWS\system32\QTPlugin.ocx 2007-12-07 21:02 . 2004-04-08 13:12 323,072 --a------ C:\WINDOWS\system32\QuickTime.cpl 2007-12-07 21:02 . 2004-01-12 16:57 86,016 --a------ C:\WINDOWS\system32\QuickTime.ax 2007-12-07 21:02 . 2004-04-08 13:12 70,144 --a------ C:\WINDOWS\system32\QuickTimeCheck.ocx 2007-12-06 20:51 . 2007-12-06 20:51 d-------- C:\Program Files\Macrogaming 2007-12-06 11:46 . 2007-12-06 11:46 3,120 --a------ C:\WINDOWS\MF_C425.lfa 2007-12-06 11:46 . 2007-12-06 11:46 3,120 --a------ C:\WINDOWS\MF_C421.lfa 2007-12-06 11:46 . 2007-12-06 11:46 3,120 --a------ C:\WINDOWS\MF_C420.lfa 2007-12-06 11:45 . 2007-12-06 12:37 d-------- C:\Program Files\IncrediMail 2007-12-06 11:37 . 2007-12-06 11:42 d-------- C:\clins 2007-12-05 08:03 . 2007-12-19 12:38 d-------- C:\WINDOWS\EHome 2007-12-05 08:02 . 2007-12-05 08:02 d-------- C:\f219700cc0b009e9dd272a 2007-12-05 07:28 . 2007-12-05 07:28 d-------- C:\WINDOWS\Adobe Illustrator CS 2007-12-05 02:09 . 2007-12-05 02:09 d-------- C:\WINDOWS\system32\Linux 2007-12-05 02:09 . 2007-12-18 01:59 d-------- C:\Program Files\Graal 2007-12-04 17:42 . 2005-04-11 11:53 28,672 --a------ C:\WINDOWS\system32\mcoinstall.exe 2007-12-04 17:42 . 2005-04-05 16:28 22,016 --a------ C:\WINDOWS\system32\MSWINSCK.oca 2007-12-04 17:42 . 1998-06-18 00:00 2,465 --a------ C:\WINDOWS\system32\MSWINSCK.DEP 2007-12-04 11:09 . 2007-12-04 11:22 d-------- C:\Program Files\PartyGaming 2007-12-02 17:35 . 2007-12-02 17:35 d-------- C:\WINDOWS\system32\FlashAX 2007-12-02 17:35 . 2007-12-02 17:35 d-------- C:\Documents and Settings\Marco\Application Data\Microgaming 2007-12-02 12:08 . 2007-12-02 12:08 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2007-12-02 12:07 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-12-02 12:07 . 2007-12-02 12:07 385 --a------ C:\WINDOWS\ODBC.INI 2007-12-02 12:06 . 2007-12-02 12:06 d-------- C:\WINDOWS\SHELLNEW 2007-12-02 12:05 . 2007-12-02 12:05 d-------- C:\Program Files\Microsoft.NET 2007-12-02 12:03 . 2007-12-02 12:03 dr-h----- C:\MSOCache 2007-12-01 15:51 . 2007-12-16 07:26 d-------- C:\Program Files\PokerStars 2007-11-30 16:46 . 2007-11-30 16:49 d-------- C:\Documents and Settings\Marco\Contacts 2007-11-30 16:45 . 2007-11-30 16:45 d----c--- C:\WINDOWS\system32\DRVSTORE 2007-11-30 16:36 . 2007-12-19 13:26 d-------- C:\Program Files\MSN Messenger 2007-11-30 16:22 . 2007-11-30 16:26 d-------- C:\Documents and Settings\Marco\Application Data\MSN6 2007-11-30 16:22 . 2007-11-30 16:22 d-------- C:\Documents and Settings\All Users\Application Data\MSN6 2007-11-27 10:16 . 2007-11-28 04:46 d-------- C:\Program Files\Eurobarre 2007-11-27 10:16 . 2007-11-27 10:16 119,568 --a------ C:\WINDOWS\system32\vb6fr.dll 2007-11-27 10:16 . 2007-11-27 10:16 108,336 --------- C:\WINDOWS\system32\mswinsck.ocx 2007-11-27 10:16 . 2007-11-27 10:16 15,872 --------- C:\WINDOWS\system32\winskfr.dll 2007-11-26 18:46 . 2007-12-18 13:38 d-------- C:\Program Files\Panda Security 2007-11-24 09:57 . 2007-12-19 06:58 14 --a------ C:\Documents and Settings\Marco\getfile.dat 2007-11-24 08:09 . 2007-11-24 08:09 d--h----- C:\WINDOWS\system32\GroupPolicy 2007-11-24 04:59 . 2007-11-24 04:59 d-------- C:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com 2007-11-24 04:52 . 2007-12-18 23:18 d-------- C:\Program Files\SUPERAntiSpyware 2007-11-24 04:52 . 2007-11-24 04:52 d-------- C:\Documents and Settings\Marco\Application Data\SUPERAntiSpyware.com 2007-11-24 04:52 . 2007-11-24 04:52 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-11-24 02:10 . 2007-11-24 02:10 d-------- C:\Program Files\Lavasoft 2007-11-24 02:10 . 2007-11-24 04:52 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-11-24 02:10 . 2007-11-24 02:10 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-11-24 01:29 . 2007-11-24 01:29 d-------- C:\Program Files\AxBx 2007-11-24 01:01 . 2007-11-24 01:01 d-------- C:\VundoFix Backups . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-09 00:08 3,667,150 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2007-12-09 00:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-08 02:02 --------- d---a-w C:\Program Files\QuickTime 2007-12-08 02:02 --------- d-----w C:\Program Files\MUSK Codec Pack v5 2007-12-04 22:33 --------- d-----w C:\Documents and Settings\Marco\Application Data\Skype 2007-12-04 02:08 --------- d-----w C:\Documents and Settings\Marco\Application Data\teamspeak2 2007-11-24 06:45 --------- d-----w C:\Program Files\Ubisoft 2007-11-19 10:07 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-11-14 10:38 --------- d-----w C:\Program Files\World of Warcraft 2007-11-12 13:03 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2007-11-12 11:51 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-11-12 11:51 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-11-12 11:51 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-11-12 11:51 757,760 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-11-12 11:51 7,433,504 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-11-12 11:51 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-11-12 11:51 6,537,216 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-11-12 11:51 5,770,880 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-11-12 11:51 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll 2007-11-12 11:51 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-11-12 11:51 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll 2007-11-12 11:51 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-11-12 11:51 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-11-12 11:51 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-11-12 11:51 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-11-12 11:51 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe 2007-11-12 11:51 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-11-12 11:51 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-11-12 11:51 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll 2007-11-12 11:51 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll 2007-11-12 11:51 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll 2007-11-12 11:51 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll 2007-11-12 11:51 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll 2007-11-12 11:51 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll 2007-11-12 11:51 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll 2007-11-12 11:51 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll 2007-11-12 11:51 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll 2007-11-12 11:51 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll 2007-11-12 11:51 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll 2007-11-12 11:51 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll 2007-11-12 11:51 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll 2007-11-12 11:51 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-11-12 11:51 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll 2007-11-12 11:51 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll 2007-11-12 11:51 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll 2007-11-12 11:51 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll 2007-11-12 11:51 3,698,688 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-11-12 11:51 3,407,872 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-11-12 11:51 3,330,048 ----a-w C:\WINDOWS\system32\nvgamesr.dll 2007-11-12 11:51 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll 2007-11-12 11:51 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll 2007-11-12 11:51 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll 2007-11-12 11:51 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll 2007-11-12 11:51 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll 2007-11-12 11:51 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll 2007-11-12 11:51 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll 2007-11-12 11:51 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll 2007-11-12 11:51 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll 2007-11-12 11:51 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll 2007-11-12 11:51 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll 2007-11-12 11:51 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll 2007-11-12 11:51 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll 2007-11-12 11:51 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll 2007-11-12 11:51 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll 2007-11-12 11:51 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll 2007-11-12 11:51 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll 2007-11-12 11:51 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll 2007-11-12 11:51 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll 2007-11-12 11:51 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll 2007-11-12 11:51 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll 2007-11-12 11:51 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll 2007-11-12 11:51 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll 2007-11-12 11:51 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll 2007-11-12 11:51 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll 2007-11-12 11:51 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll 2007-11-12 11:51 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll 2007-11-12 11:51 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll 2007-11-12 11:51 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll 2007-11-12 11:51 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll 2007-11-12 11:51 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll 2007-11-12 11:51 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll 2007-11-12 11:51 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll 2007-11-12 11:51 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll 2007-11-12 11:51 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll 2007-11-12 11:51 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll 2007-11-12 11:51 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll 2007-11-12 11:51 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll 2007-11-12 11:51 2,519,040 ----a-w C:\WINDOWS\system32\nvwssr.dll 2007-11-12 11:51 2,486,272 ----a-w C:\WINDOWS\system32\nvwss.dll 2007-11-12 11:51 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll 2007-11-12 11:51 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll 2007-11-12 11:51 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll 2007-11-12 11:51 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll 2007-11-12 11:51 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe 2007-11-12 11:51 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe 2007-11-12 11:51 126,976 ----a-w C:\WINDOWS\system32\nvrszht.dll 2007-11-12 11:51 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll 2007-11-12 11:51 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe 2007-11-12 11:51 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll 2007-11-12 11:51 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2004-08-19 16:10 C:\WINDOWS\system32\rundll32.exe] "BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2005-06-20 12:10] "BDNewsAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe" [2005-05-09 12:19] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsMenu"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acrobat Assistant.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acrobat Assistant.lnk backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marco^Menu Démarrer^Programmes^Démarrage^Eurobarre.lnk] path=C:\Documents and Settings\Marco\Menu Démarrer\Programmes\Démarrage\Eurobarre.lnk backup=C:\WINDOWS\pss\Eurobarre.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marco^Menu Démarrer^Programmes^Démarrage^Registration .LNK] path=C:\Documents and Settings\Marco\Menu Démarrer\Programmes\Démarrage\Registration .LNK backup=C:\WINDOWS\pss\Registration .LNKStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch] 2007-10-31 15:32 2250104 --a------ C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad] C:\Program Files\ATI Multimedia\main\launchpd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon] 2005-06-20 12:10 421888 --a------ C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDNewsAgent] 2005-05-09 12:19 8192 --a------ C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2004-08-19 16:09 15360 --a------ C:\WINDOWS\System32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe] 2007-07-20 00:54 66408 --a------ C:\WINDOWS\System32\dxdllreg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe boot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] 2005-06-08 15:24 458752 --a------ C:\Program Files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] 2005-06-08 15:14 217088 --a------ C:\Program Files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lrnn] C:\DOCUME~1\Marco\MESDOC~1\ECURIT~1\msiexec.exe -vt yazb [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] 2005-07-19 17:32 221184 --a------ C:\WINDOWS\System32\LVCOMSX.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\MSN Messenger\msnmsgr.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2004-11-02 19:24 32768 --a------ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Satp] C:\DOCUME~1\Marco\APPLIC~1\PPATCH~1\wuaclt.exe -vt yazb [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\startdrv] C:\WINDOWS\Temp\startdrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2007-06-21 14:06 1318912 --a------ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] 2007-10-14 18:09 103712 -ra------ C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] 2000-05-11 00:00 90112 --------- C:\WINDOWS\UpdReg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vinojozy] C:\Program Files\MSN Gaming Zone\vinojozy77798.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble] C:\Program Files\WinAble\winable.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client] 2007-03-09 01:02 919280 --a------ C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client] 2007-03-09 01:02 919280 --a------ C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe R3 P17;Sound Blaster Live! 24-bit;C:\WINDOWS\system32\drivers\P17.sys [2004-06-04 03:27] R3 rtl8029;Pilote NT de carte Realtek PCI Ethernet à base RTL8029(AS);C:\WINDOWS\system32\DRIVERS\RTL8029.SYS [2001-08-17 20:12] S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 03:47] S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-08-28 22:54] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-12-18 21:23:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-20 12:13:35 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-20 12:14:11 C:\ComboFix2.txt ... 2007-12-20 10:50 C:\ComboFix3.txt ... 2007-12-19 06:48

ALavie · Answer

Bon je n'ai plus le service de Norton et Symantec, il me reste a désinstaller Navog1 et OTmoveIt j'ai déja. 

je reviens

Le sioux · Answer

Re

Ne re télécharge pas OTMoveIt, excuse moi ;)

Sers toi de celui qui est sur ton Bureau.

@ +

ALavie · Answer

le voici ^^ j'attend la suite,


File/Folder C:\Program Files\Fichiers communs\Symantec Shared not found.
C:\Program Files\Norton AntiVirus\Quarantine moved successfully.
C:\Program Files\Norton AntiVirus moved successfully.
File/Folder C:\WINDOWS\Tasks\Norton AntiVirus not found.
File/Folder C:\Documents and settings\All users1\Application Data\Symantec\Norton AntiVirus not found.
File/Folder C:\WINDOWS\Tasks\Symantec NetDetect.job not found.
File/Folder C:\Program Files\Symantec\LiveUpdate not found.
File/Folder C:\programfiles\Navilog1 not found.
 
Created on 12-20-2007 12:30:10

Le sioux · Answer

Re

Ok, bien joué, je regarde ton nouveau rapport ComboFix tout a l heure.

@ +

ALavie · Answer

je fais une partie hyperliner le temps que tu reviennes et merci beaucoup de ton aide^^

Le sioux · Answer

Re

Ok, j ai du taff a la maison ;)

Comment se porte le PC ?

@ suivre

ALavie · Answer

2 leges problèmes mineurs: 1er : quand je redémarre le pc il prend 15 secondes pour ce rallumer.

                                             2iem: ralentissement de l'internet quand j'ai plusieurs fenêtre d'ouvert (3 à 4 fenêtres) 20% de pertes que la normal.

et un problème qui n'aucun rapport avec les virus: peut-être que tu as une solution vite fait:

j'Ai toujour une indication au redemarrage comme de quoi que j'ai 2 connections reseaux du même nom, j'ai beau regardé il n'y a que ma connection de la large bande et celle du réseaux local. Mais pas important je vis bien avec ce problème ^^.



  Sinon il me semble que tout est beau ! J'attend ta confirmation de ta part que de ton coter c'est beau ^^

Le sioux · Answer

Re

Ok, on voit ce que l on peut faire pour cela par la suite.

Je n ai pas encore regardé de près ton rapport ComboFix, poste un nouveau rapport Hijackthis stp

@ suivre

ALavie · Answer

le Voici prend ton temps je ne suis pas pressé et je suis en général toujour connecter en plus j'adore apprendre a travailler avec vous :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:45:04, on 2007-12-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
c:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\Trend Micro\HijackThis\eden.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1	oolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/fr-fr/geforce/
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {91F71D75-A73B-4E3B-8A14-F03557B82B29} (Cax3DPlugin Object) - http://www.graalonline.com/downloads/plugin/graalplugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/flashax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5BCBE84-5D8E-41EC-B424-65753B5DBE48}: NameServer = 206.47.244.14 206.47.244.106
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

Le sioux · Answer

Re

ok, cool ;) cela fait plaisir .

Ton rapport HijackThis, lui, est clean (j'ai toujours pas reardé celui de ComboFix), on enlève quelques lignes pour optimiser ton démarrage en enlevant les programmes qui s'y lancent inutilement, accaparant  inutilement des ressources du système.

Regarde ici "comment fixer des lignes "  http://pageperso.aol.fr/balltrap34/demohijack.htm

1) Lance HijackThis.

Je te conseille d'enregistrer  toutes les lignes a fixer puis de copier cette sélection dans un fichier texte sur ton PC pour pouvoir appliquer la procédure correctement.

Lance Hijackthis en double cliquant sur son raccourci sur le Bureau.
Clique sur Scan Only et coche les lignes suivantes :

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O16 - DPF: {91F71D75-A73B-4E3B-8A14-F03557B82B29} (Cax3DPlugin Object) - http://www.graalonline.com/downloads/plugin/graalplugin.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/flashax.cab

Ferme toutes les autres fenêtres, tous les autres programmes. Pas de connections Internet.

Clique sur Fix Checked puis clique sur OK
Puis ferme HijackThis.

2) Rapport

Fais redémarrer ton PC et poste un nouveau rapport HijackThis 

@ suivre

ALavie · Answer

Ok je fais ça maintenant ^^

ALavie · Answer

Le Voici :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:25:30, on 2007-12-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\eden.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1	oolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/fr-fr/geforce/
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

Le sioux · Answer

Re

1) Lance HijackThis.

Je te conseille d'enregistrer  toutes les lignes a fixer puis de copier cette sélection dans un fichier texte sur ton PC pour pouvoir appliquer la procédure correctement.

ou

Afin de ne pas faire d'erreurs sur  les lignes , ouvre le fichier que tu as sauvegardé sur ton Bureau

Lance Hijackthis en double cliquant sur son raccourci sur le Bureau.
Clique sur Scan Only et coche les lignes suivantes :

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1	oolbar.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll 

Ferme toutes les autres fenêtres, tous les autres programmes. Pas de connections Internet.

Clique sur Fix Checked puis clique sur OK
Puis ferme HijackThis.


2) Rapport

Fais redémarrer ton PC et poste un nouveau rapport HijackThis 

@ suivre

ALavie · Answer

Salutt ,


   voici le nouveau:

ahh oui j'ai oublié te dire une chose qu'il y a toujour 2 fichies qui apparaient sur mon bureau je les suprimmes et ils finissent par revenir
ce sont : Getfile et x_dtrace_log  


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:40:15, on 2007-12-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\eden.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/fr-fr/geforce/
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

ALavie · Answer

Salutt ,


   voici le nouveau:

ahh oui j'ai oublié te dire une chose qu'il y a toujour 2 fichies qui apparaient sur mon bureau je les suprimmes et ils finissent par revenir
ce sont : Getfile et x_dtrace_log  


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:40:15, on 2007-12-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\eden.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/fr-fr/geforce/
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

Le sioux · Answer

Bonjour Alavie

On continu le boulot ;)

 ComboFix avec CFScript : 

*  Sélectionne le texte suivant (en gras)  dans son intégralité :

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\startdrv]

File::
C:\11E.tmp
C:\Temp	pBe12
C:\7b1b7596664f5b682422048b
C:\939f61955ac78bc4892ee29c
C:\f219700cc0b009e9dd272a
C:\WINDOWS\system32\MSWINSCK.oca
C:\Documents and Settings\Marco\getfile.dat
C:\Documents and Settings\Marco\getfile.dat
C:\Documents and Settings\Marco\x_dtrace_log 
C:\Documents and Settings\Marco\x_dtrace_log 

* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt

Déconnecte toi du net et désactive ton antivirus  pour que Combofix puisse s'exécuter normalement

* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe ( sur ton bureau)

* Une fenêtre bleue va apparaître: au message qui apparaît  Type 1 to continue, or 2 to abort , tape 1 puis valide.

* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!

Ne touche à rien tant que le scan n'est pas terminé. 

* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu. 
 Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

@ suivre

ALavie · Answer

AHH ^^^te revoilà bon je te fais ça et je vais allé dormir ^^

Le sioux · Answer

Hello

Excuse moi, j'ai traîné un peu a te répondre.

Ok, je vais faire pareil dans peu de temps, j'ai bossé cette nuit.

Tu me diras si tu as toujours  "2 fichiers  Getfile et x_dtrace_log qui apparaissent sur ton Bureau " 

@ +

ALavie · Answer

ok non non pas de problème moi comme je t'ai dit je suis là tout les jours et ça prendra le temps qu'il faut je ne suis pas pressé. Déja tu t'occupe de moi c'est énorme ^^. Le voici @ bientôt et repose toi ^^: ComboFix 07-12-19.2 - Marco 2007-12-22 5:27:54.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1662 [GMT -5:00] Running from: C:\Documents and Settings\Marco\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Marco\Bureau\CFScript.txt * Created a new restore point FILE C:\11E.tmp C:\7b1b7596664f5b682422048b C:\939f61955ac78bc4892ee29c C:\Documents and Settings\Marco\getfile.dat C:\Documents and Settings\Marco\x_dtrace_log C:\f219700cc0b009e9dd272a C:\Temp\tpBe12 C:\WINDOWS\system32\MSWINSCK.oca . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\11E.tmp C:\Documents and Settings\Marco\getfile.dat C:\Documents and Settings\Marco\x_dtrace_log C:\WINDOWS\system32\MSWINSCK.oca . ((((((((((((((((((((((((((((( Fichiers créés 2007-11-22 to 2007-12-22 )))))))))))))))))))))))))))))))))))) . 2007-12-19 14:58 . 2007-12-19 14:58 d-------- C:\Program Files\SystemRequirementsLab 2007-12-19 13:12 . 2007-12-19 13:12 d-------- C:\WINDOWS\system32\fr-fr 2007-12-19 13:09 . 2007-12-19 13:09 d--h----- C:\WINDOWS\$hf_mig$ 2007-12-19 12:52 . 2007-12-19 12:52 d-------- C:\Documents and Settings\LocalService\Menu Démarrer 2007-12-19 12:41 . 2004-08-19 16:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-12-19 12:31 . 2007-12-19 12:31 d-------- C:\WINDOWS\ServicePackFiles 2007-12-19 12:24 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0[/u]02510_.tmp 2007-12-19 12:23 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-12-19 01:27 . 2007-12-19 01:37 d-------- C:\Program Files\RegCleaner 2007-12-18 16:55 . 2007-12-18 19:04 d-------- C:\WINDOWS\system32\ActiveScan 2007-12-18 16:55 . 2007-12-18 16:55 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-12-18 16:55 . 2007-12-18 16:55 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-12-18 16:55 . 2007-12-18 16:55 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-12-17 17:27 . 2001-08-17 20:12 19,017 --a------ C:\WINDOWS\system32\drivers\RTL8029.sys 2007-12-17 17:27 . 2001-08-17 20:12 19,017 --a--c--- C:\WINDOWS\system32\dllcache\rtl8029.sys 2007-12-17 04:17 . 2007-12-17 04:17 15,086 --a------ C:\WINDOWS\system32\FreePokerBonus.ico 2007-12-17 04:01 . 2007-12-21 14:12 d-------- C:\WINDOWS\system32\ineWc01 2007-12-17 04:01 . 2007-12-17 04:01 d-------- C:\Temp\tpBe12 2007-12-13 13:54 . 2007-12-13 13:54 d-------- C:\Program Files\Google 2007-12-11 11:18 . 2007-12-11 11:19 d-------- C:\Documents and Settings\All Users\Application Data\MGS 2007-12-11 11:15 . 2007-12-11 11:15 d-------- C:\MicroGaming 2007-12-10 22:33 . 2007-12-10 22:35 d-------- C:\7b1b7596664f5b682422048b 2007-12-10 21:38 . 2007-12-10 21:39 d-------- C:\939f61955ac78bc4892ee29c 2007-12-10 15:14 . 2007-12-10 15:14 d-------- C:\Documents and Settings\Marco\Application Data\The Labyrinth Plus! Edition 2007-12-10 15:08 . 2007-12-10 15:11 d-------- C:\Program Files\Microsoft Plus! 2007-12-08 19:10 . 2004-08-19 16:09 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2007-12-08 19:05 . 2007-12-08 19:05 d-------- C:\Program Files\Logitech 2007-12-08 19:05 . 2007-12-08 19:05 d-------- C:\Program Files\Fichiers communs\Logitech 2007-12-08 18:21 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\usbaudio.sys 2007-12-08 18:15 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-12-08 13:47 . 2007-12-08 13:47 d-------- C:\WINDOWS\system32\LogFiles 2007-12-08 13:47 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2007-12-08 13:47 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll 2007-12-08 13:47 . 2007-12-08 13:47 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe 2007-12-08 13:47 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll 2007-12-08 13:47 . 2007-12-08 13:47 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2007-12-08 13:47 . 2007-12-08 13:47 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2007-12-08 13:47 . 2007-12-08 13:47 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-12-08 13:47 . 2007-12-08 13:47 22,328 --a------ C:\Documents and Settings\Marco\Application Data\PnkBstrK.sys 2007-12-08 13:46 . 2004-08-19 16:09 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-12-08 13:25 . 2007-12-08 13:25 d-------- C:\Program Files\Electronic Arts 2007-12-08 12:51 . 2007-12-08 13:21 d-------- C:\Documents and Settings\Marco\Application Data\Bioshock 2007-12-08 12:31 . 2007-12-08 12:31 d-------- C:\WINDOWS\Downloaded Installations 2007-12-08 12:16 . 2007-11-12 06:51 158,066 --a------ C:\WINDOWS\system32\nvapps.nvb 2007-12-08 12:04 . 2004-08-19 16:09 2,113,536 --a------ C:\WINDOWS\system32\dxdiagn.dll 2007-12-08 11:54 . 2007-12-08 11:54 d-------- C:\Program Files\2K Games 2007-12-08 11:54 . 2007-12-08 11:54 d-------- C:\Documents and Settings\Marco\Application Data\InstallShield 2007-12-07 21:02 . 2007-12-07 21:02 d-a------ C:\WINDOWS\system32\QuickTime 2007-12-07 21:02 . 2007-12-07 21:02 d-a------ C:\Documents and Settings\All Users\Application Data\QuickTime 2007-12-07 21:02 . 2004-04-08 13:12 747,008 --a------ C:\WINDOWS\system32\Indeo4.qtx 2007-12-07 21:02 . 2004-04-29 20:22 360,504 --a------ C:\WINDOWS\system32\QTPlugin.ocx 2007-12-07 21:02 . 2004-04-08 13:12 323,072 --a------ C:\WINDOWS\system32\QuickTime.cpl 2007-12-07 21:02 . 2004-01-12 16:57 86,016 --a------ C:\WINDOWS\system32\QuickTime.ax 2007-12-07 21:02 . 2004-04-08 13:12 70,144 --a------ C:\WINDOWS\system32\QuickTimeCheck.ocx 2007-12-06 20:51 . 2007-12-06 20:51 d-------- C:\Program Files\Macrogaming 2007-12-06 11:46 . 2007-12-06 11:46 3,120 --a------ C:\WINDOWS\MF_C425.lfa 2007-12-06 11:46 . 2007-12-06 11:46 3,120 --a------ C:\WINDOWS\MF_C421.lfa 2007-12-06 11:46 . 2007-12-06 11:46 3,120 --a------ C:\WINDOWS\MF_C420.lfa 2007-12-06 11:45 . 2007-12-06 12:37 d-------- C:\Program Files\IncrediMail 2007-12-06 11:37 . 2007-12-06 11:42 d-------- C:\clins 2007-12-05 08:03 . 2007-12-19 12:38 d-------- C:\WINDOWS\EHome 2007-12-05 08:02 . 2007-12-05 08:02 d-------- C:\f219700cc0b009e9dd272a 2007-12-05 07:28 . 2007-12-05 07:28 d-------- C:\WINDOWS\Adobe Illustrator CS 2007-12-05 02:09 . 2007-12-05 02:09 d-------- C:\WINDOWS\system32\Linux 2007-12-05 02:09 . 2007-12-18 01:59 d-------- C:\Program Files\Graal 2007-12-04 17:42 . 2005-04-11 11:53 28,672 --a------ C:\WINDOWS\system32\mcoinstall.exe 2007-12-04 17:42 . 1998-06-18 00:00 2,465 --a------ C:\WINDOWS\system32\MSWINSCK.DEP 2007-12-04 11:09 . 2007-12-04 11:22 d-------- C:\Program Files\PartyGaming 2007-12-02 17:35 . 2007-12-20 18:22 d-------- C:\WINDOWS\system32\FlashAX 2007-12-02 17:35 . 2007-12-02 17:35 d-------- C:\Documents and Settings\Marco\Application Data\Microgaming 2007-12-02 12:08 . 2007-12-02 12:08 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2007-12-02 12:07 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-12-02 12:07 . 2007-12-02 12:07 385 --a------ C:\WINDOWS\ODBC.INI 2007-12-02 12:06 . 2007-12-02 12:06 d-------- C:\WINDOWS\SHELLNEW 2007-12-02 12:05 . 2007-12-02 12:05 d-------- C:\Program Files\Microsoft.NET 2007-12-02 12:03 . 2007-12-02 12:03 dr-h----- C:\MSOCache 2007-12-01 15:51 . 2007-12-16 07:26 d-------- C:\Program Files\PokerStars 2007-11-30 16:46 . 2007-11-30 16:49 d-------- C:\Documents and Settings\Marco\Contacts 2007-11-30 16:45 . 2007-11-30 16:45 d----c--- C:\WINDOWS\system32\DRVSTORE 2007-11-30 16:36 . 2007-12-19 13:26 d-------- C:\Program Files\MSN Messenger 2007-11-30 16:22 . 2007-11-30 16:26 d-------- C:\Documents and Settings\Marco\Application Data\MSN6 2007-11-30 16:22 . 2007-11-30 16:22 d-------- C:\Documents and Settings\All Users\Application Data\MSN6 2007-11-27 10:16 . 2007-11-28 04:46 d-------- C:\Program Files\Eurobarre 2007-11-27 10:16 . 2007-11-27 10:16 119,568 --a------ C:\WINDOWS\system32\vb6fr.dll 2007-11-27 10:16 . 2007-11-27 10:16 108,336 --------- C:\WINDOWS\system32\mswinsck.ocx 2007-11-27 10:16 . 2007-11-27 10:16 15,872 --------- C:\WINDOWS\system32\winskfr.dll 2007-11-26 18:46 . 2007-12-18 13:38 d-------- C:\Program Files\Panda Security 2007-11-24 08:09 . 2007-11-24 08:09 d--h----- C:\WINDOWS\system32\GroupPolicy 2007-11-24 04:59 . 2007-11-24 04:59 d-------- C:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com 2007-11-24 04:52 . 2007-12-21 05:52 d-------- C:\Program Files\SUPERAntiSpyware 2007-11-24 04:52 . 2007-11-24 04:52 d-------- C:\Documents and Settings\Marco\Application Data\SUPERAntiSpyware.com 2007-11-24 04:52 . 2007-11-24 04:52 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-11-24 02:10 . 2007-11-24 02:10 d-------- C:\Program Files\Lavasoft 2007-11-24 02:10 . 2007-11-24 04:52 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-11-24 02:10 . 2007-11-24 02:10 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-11-24 01:29 . 2007-11-24 01:29 d-------- C:\Program Files\AxBx 2007-11-24 01:01 . 2007-11-24 01:01 d-------- C:\VundoFix Backups 2007-11-24 00:31 . 2007-11-24 00:31 d-------- C:\Program Files\CCleaner 2007-11-23 23:45 . 2007-11-24 00:20 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-23 23:22 . 2007-11-23 23:29 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-09 00:08 3,667,150 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2007-12-09 00:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-08 02:02 --------- d---a-w C:\Program Files\QuickTime 2007-12-08 02:02 --------- d-----w C:\Program Files\MUSK Codec Pack v5 2007-12-04 22:33 --------- d-----w C:\Documents and Settings\Marco\Application Data\Skype 2007-12-04 02:08 --------- d-----w C:\Documents and Settings\Marco\Application Data\teamspeak2 2007-11-24 06:45 --------- d-----w C:\Program Files\Ubisoft 2007-11-21 19:26 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Grisoft 2007-11-20 16:02 --------- d-----w C:\Documents and Settings\Marco\Application Data\Grisoft 2007-11-20 16:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2007-11-19 10:07 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-11-14 10:38 --------- d-----w C:\Program Files\World of Warcraft 2007-11-12 13:03 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2007-11-12 11:51 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-11-12 11:51 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-11-12 11:51 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-11-12 11:51 757,760 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-11-12 11:51 7,433,504 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-11-12 11:51 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-11-12 11:51 6,537,216 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-11-12 11:51 5,770,880 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-11-12 11:51 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll 2007-11-12 11:51 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-11-12 11:51 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll 2007-11-12 11:51 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-11-12 11:51 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-11-12 11:51 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-11-12 11:51 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-11-12 11:51 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe 2007-11-12 11:51 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-11-12 11:51 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-11-12 11:51 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll 2007-11-12 11:51 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll 2007-11-12 11:51 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll 2007-11-12 11:51 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll 2007-11-12 11:51 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll 2007-11-12 11:51 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll 2007-11-12 11:51 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll 2007-11-12 11:51 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll 2007-11-12 11:51 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll 2007-11-12 11:51 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll 2007-11-12 11:51 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll 2007-11-12 11:51 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll 2007-11-12 11:51 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll 2007-11-12 11:51 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-11-12 11:51 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll 2007-11-12 11:51 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll 2007-11-12 11:51 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll 2007-11-12 11:51 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll 2007-11-12 11:51 3,698,688 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-11-12 11:51 3,407,872 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-11-12 11:51 3,330,048 ----a-w C:\WINDOWS\system32\nvgamesr.dll 2007-11-12 11:51 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll 2007-11-12 11:51 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll 2007-11-12 11:51 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll 2007-11-12 11:51 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll 2007-11-12 11:51 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll 2007-11-12 11:51 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll 2007-11-12 11:51 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll 2007-11-12 11:51 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll 2007-11-12 11:51 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll 2007-11-12 11:51 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll 2007-11-12 11:51 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll 2007-11-12 11:51 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll 2007-11-12 11:51 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll 2007-11-12 11:51 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll 2007-11-12 11:51 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll 2007-11-12 11:51 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll 2007-11-12 11:51 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll 2007-11-12 11:51 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll 2007-11-12 11:51 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll 2007-11-12 11:51 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll 2007-11-12 11:51 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll 2007-11-12 11:51 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll 2007-11-12 11:51 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll 2007-11-12 11:51 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll 2007-11-12 11:51 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll 2007-11-12 11:51 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll 2007-11-12 11:51 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll 2007-11-12 11:51 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll 2007-11-12 11:51 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll 2007-11-12 11:51 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll 2007-11-12 11:51 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll 2007-11-12 11:51 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll 2007-11-12 11:51 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll 2007-11-12 11:51 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll 2007-11-12 11:51 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll 2007-11-12 11:51 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll 2007-11-12 11:51 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll 2007-11-12 11:51 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll 2007-11-12 11:51 2,519,040 ----a-w C:\WINDOWS\system32\nvwssr.dll 2007-11-12 11:51 2,486,272 ----a-w C:\WINDOWS\system32\nvwss.dll 2007-11-12 11:51 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll 2007-11-12 11:51 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll 2007-11-12 11:51 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll 2007-11-12 11:51 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll 2007-11-12 11:51 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe 2007-11-12 11:51 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe 2007-11-12 11:51 126,976 ----a-w C:\WINDOWS\system32\nvrszht.dll 2007-11-12 11:51 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2005-06-20 12:10] "BDNewsAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe" [2005-05-09 12:19] "NvCplDaemon"="RUNDLL32.exe" [2004-08-19 16:10 C:\WINDOWS\system32\rundll32.exe] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsMenu"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acrobat Assistant.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acrobat Assistant.lnk backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marco^Menu Démarrer^Programmes^Démarrage^Eurobarre.lnk] path=C:\Documents and Settings\Marco\Menu Démarrer\Programmes\Démarrage\Eurobarre.lnk backup=C:\WINDOWS\pss\Eurobarre.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marco^Menu Démarrer^Programmes^Démarrage^Registration .LNK] path=C:\Documents and Settings\Marco\Menu Démarrer\Programmes\Démarrage\Registration .LNK backup=C:\WINDOWS\pss\Registration .LNKStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch] 2007-10-31 15:32 2250104 --a------ C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad] C:\Program Files\ATI Multimedia\main\launchpd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon] 2005-06-20 12:10 421888 --a------ C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDNewsAgent] 2005-05-09 12:19 8192 --a------ C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2004-08-19 16:09 15360 --a------ C:\WINDOWS\System32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe] 2007-07-20 00:54 66408 --a------ C:\WINDOWS\System32\dxdllreg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe boot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] 2005-06-08 15:24 458752 --a------ C:\Program Files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] 2005-06-08 15:14 217088 --a------ C:\Program Files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lrnn] C:\DOCUME~1\Marco\MESDOC~1\ECURIT~1\msiexec.exe -vt yazb [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] 2005-07-19 17:32 221184 --a------ C:\WINDOWS\System32\LVCOMSX.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\MSN Messenger\msnmsgr.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2004-11-02 19:24 32768 --a------ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Satp] C:\DOCUME~1\Marco\APPLIC~1\PPATCH~1\wuaclt.exe -vt yazb [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2007-06-21 14:06 1318912 --a------ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] 2007-10-14 18:09 103712 -ra------ C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] 2000-05-11 00:00 90112 --------- C:\WINDOWS\UpdReg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vinojozy] C:\Program Files\MSN Gaming Zone\vinojozy77798.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble] C:\Program Files\WinAble\winable.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client] 2007-03-09 01:02 919280 --a------ C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client] 2007-03-09 01:02 919280 --a------ C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe R3 P17;Sound Blaster Live! 24-bit;C:\WINDOWS\system32\drivers\P17.sys [2004-06-04 03:27] R3 rtl8029;Pilote NT de carte Realtek PCI Ethernet à base RTL8029(AS);C:\WINDOWS\system32\DRIVERS\RTL8029.SYS [2001-08-17 20:12] S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 03:47] S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-08-28 22:54] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-12-18 21:23:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-22 05:29:48 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-22 5:30:27 C:\ComboFix2.txt ... 2007-12-20 12:14 C:\ComboFix3.txt ... 2007-12-20 10:50

Le sioux · Answer

Re

Cool ;) merci de ta compréhension.

Dis moi aussi comment se porte ton PC 

Bon repos a toi aussi.

@ suivre

ALavie · Answer

Il va a merveille, je t'en remercie. Je te souhaite de jolies fêtes et repose toi bien et si tu as de petit truc a me conceiller je suis toujour preneur et si tu veux que je fasse d'autres pour l'améliorer car il y a toujour ce ralentissement de l'internet mais rien de grave ^^

                                              @ bientôt

tribun · Answer

bonjour

Merci ,  Le sioux  pour ton aide précieuse !

et toi Alavie tu as fais une expérience, tu peut conseiller d'autres maintenant,
en ce qui concerne la désinfection !!

bonnes fêtes de fin d'année à vous deux !!


A++

Le sioux · Answer

Bonjour Alavie,Tribun Joyeux Noel et bon reveillon ! Cool ce PC reponde enfin comme il faut ;) 1) ToolsCleaner de A.Rothstein On va supprimer toutes les traces des logiciels que nous avons utilisés qui traitent des infections spécifiques et ceci grâce a ToolsCleaner de A.Rothstein Télécharge le http://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe sur ton Bureau. * Double-clique sur ToolsCleaner2.bat et laisse le travailler * Clique sur Recherche et laisse le scan se terminer. * Clique sur Suppression pour finaliser. * Tu peux, si tu le souhaites, te servir des Options facultatives. * Clique sur Quitter, pour que le rapport puisse se créer. * Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\). 2) Scan en ligne chez Bitdefender * fais un scan antivirus en ligne https://www.bitdefender.fr/ avec IE et copie colle le résultat ici * En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE * Dans la nouvelle fenêtre, clique sur I agree * La fenêtre change encore, clique sur Click here to scan * Les signatures se chargent, etc. Aide toi de ce Tuto (merci Morgane) http://pageperso.aol.fr/loraline60/bitdefender_scan.htm Poste en réponse le rapport de scan qui se trouve ici C:\windows\bdoscan8\scanres.txt ou scanres.html @ suivre car il restera des conseils de sécurité a appliquer.

Help pour supprimer un .dll

49 réponses

Votre réponse

Discussions similaires

Newsletters