Sujet Précédent Sujet Suivant

The egodktf

Ptibou -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,
Je ne sais pas par ou commencer, mais mon pc est contaminé par je ne sais quoi, je possede norton antivirus mais quand je le lance, il ne me met pas de virus detecté, pourtant je ne suis plus administrateur sur mon propre pc, j'ai des messages d'infection qui s'affichent toute les minutes marqués " spyware alert" ou autre, ainsi qu'une bare d'outil nomée the egodktf...
Bref je usis dépassé, je ne sais plus quoi faire pour nettoyer mon pc, pouvez vous m'aider s'il vous plait

15 réponses

Réponse 1 / 15
g!rly Messages postés 18462 Statut Contributeur 406
 
salut a toi;

fais ceci :

Fais un clic droit sur ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

et

Télécharge HijackThis ici :

-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Tutoriel d´utilisation (video) :

-> http://pageperso.aol.fr/balltrap34/demohijack.htm

Post le rapport généré ici stp...

@+
0
Réponse 2 / 15
Ptibou
 
Voila ce que met navilog:

Search Navipromo version 3.4.0 commencé le 19/01/2008 à 13:47:02,85

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis D:\Program Files\navilog1
Mise à jour le 09.01.2008 à 20h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans D:\WINDOWS ***

*** Recherche dossiers dans D:\Program Files ***

*** Recherche dossiers dans D:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

*** Recherche dossiers dans "D:\Documents and Settings\Ptibou\application data" ***

*** Recherche dossiers dans "D:\Documents and Settings\Ptibou\MENUDM~1\PROGRA~1" ***

*** Recherche dossiers dans D:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans D:\WINDOWS\system32 *

* Recherche dans "D:\Documents and Settings\Ptibou\local settings\application data" *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans D:\WINDOWS\system32 :

* Dans "D:\Documents and Settings\Ptibou\local settings\application data" :

3)Recherche Certificats :

Certificat Egroup absent !

4)Recherche fichiers connus :

*** Analyse terminée le 19/01/2008 à 13:48:37,73 ***
0
Réponse 3 / 15
Ptibou
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:51:24, on 19/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
D:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Micro Application\Dictionnaires Multilingues\TrueTerm.exe
D:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
D:\Program Files\Netropa\Onscreen Display\OSD.exe
D:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\Program Files\Windows Media Player\wmplayer.exe
C:\Jeux\EA GAMES\Need for Speed Underground 2\speed2.exe
D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SXG Advisor - {5257F0D5-2868-4758-94D3-E268EB6D43C5} - D:\WINDOWS\dopfwrlvtq.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: The egodktf - {4288B655-63B4-4817-BB1E-B6F3E242234F} - D:\WINDOWS\egodktf.dll
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "D:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "D:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "D:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] D:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Activer Dictionnaires Multilingues.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O21 - SSODL: bxsnvqt - {4175145D-5837-4A10-93CE-36E1EA84602B} - D:\WINDOWS\bxsnvqt.dll
O21 - SSODL: aslpmqk - {7F719827-36C1-4557-8BCA-7AE93D79D5C8} - D:\WINDOWS\aslpmqk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - D:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Unknown owner - D:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
0
Réponse 4 / 15
g!rly Messages postés 18462 Statut Contributeur 406
 
re,

fais ceci

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

et post un nouveau hijack this

@+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 15
Ptibou
 
ComboFix 08-01-18.5 - Ptibou 2008-01-19 14:08:55.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.291 [GMT 1:00]
Running from: D:\Documents and Settings\Ptibou\Bureau\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
D:\WINDOWS\dat.txt
D:\WINDOWS\dopfwrlvtq.dll
D:\WINDOWS\egodktf.dll
D:\WINDOWS\search_res.txt

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-19 to 2008-01-19 ))))))))))))))))))))))))))))))))))))
.

2008-01-19 14:08 . 2000-08-31 08:00 51,200 --a------ D:\WINDOWS\NirCmd.exe
2008-01-19 13:50 . 2008-01-19 13:50 <REP> d-------- D:\Program Files\Trend Micro
2008-01-19 13:45 . 2008-01-19 13:48 <REP> d-------- D:\Program Files\Navilog1
2008-01-19 12:26 . 2008-01-19 12:26 <REP> d-------- D:\Program Files\Lavasoft
2008-01-19 12:26 . 2008-01-19 12:26 <REP> d-------- D:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-19 12:26 . 2008-01-19 12:28 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-19 12:18 . 2008-01-19 12:20 <REP> d-a------ D:\Documents and Settings\All Users\Application Data\TEMP
2008-01-18 22:41 . 2008-01-18 20:08 323,584 --a------ D:\WINDOWS\bxsnvqt.dll
2008-01-18 22:41 . 2008-01-18 20:08 217,088 --a------ D:\WINDOWS\aslpmqk.dll
2008-01-18 22:41 . 2008-01-18 20:08 81,920 --a------ D:\WINDOWS\fknxwqf.exe
2008-01-17 18:16 . 2008-01-17 18:16 <REP> d-------- D:\Program Files\Micro Application
2008-01-17 18:16 . 1998-09-24 13:03 171,967 --a------ D:\WINDOWS\system32\Odbcjet.hlp
2008-01-17 18:16 . 1998-09-24 13:03 7,348 --a------ D:\WINDOWS\system32\Odbcjet.cnt
2008-01-17 18:15 . 2008-01-17 18:15 40 --a------ D:\WINDOWS\navigma.INI
2008-01-12 21:36 . 2008-01-12 21:36 <REP> d-------- D:\Documents and Settings\Ptibou\Application Data\InstallShield Installation Information
2008-01-12 21:28 . 2008-01-12 21:28 <REP> d-------- D:\Program Files\DIFX
2008-01-12 21:28 . 2006-07-01 22:42 43,520 --a------ D:\WINDOWS\system32\drivers\AmdK8.sys
2008-01-12 20:35 . 2008-01-19 12:03 <REP> d-------- D:\Program Files\DAEMON Tools
2008-01-12 12:08 . 2008-01-12 12:08 <REP> d-------- D:\Program Files\Guitar Pro 5
2008-01-09 20:20 . 2008-01-09 20:20 <REP> d-------- D:\Program Files\K-Lite Codec Pack
2008-01-09 20:20 . 2006-11-01 14:52 765,952 --a------ D:\WINDOWS\system32\xvidcore.dll
2008-01-08 17:47 . 2008-01-08 17:47 <REP> d-------- D:\Program Files\Microsoft Silverlight
2008-01-05 11:47 . 2008-01-05 11:48 34,519 --a------ D:\WINDOWS\Ascd_tmp.ini
2008-01-05 11:40 . 2008-01-05 11:40 <REP> d-------- D:\Program Files\ASUS WiFi-AP Solo
2008-01-05 11:40 . 2006-03-31 04:39 13,532 --a------ D:\WINDOWS\system32\drivers\SjyPkt.sys
2008-01-05 11:07 . 2008-01-05 11:07 <REP> d-------- D:\Program Files\SystemRequirementsLab
2008-01-03 21:11 . 2008-01-03 21:11 <REP> d-------- D:\Documents and Settings\Ptibou\Application Data\InstallShield
2008-01-03 20:40 . 2008-01-03 20:40 1 --a------ D:\Documents and Settings\Ptibou\SI.bin
2008-01-03 19:21 . 2008-01-03 19:21 98,304 --a------ D:\WINDOWS\system32CmdLineExt.dll
2007-12-30 22:21 . 2007-12-30 22:21 <REP> d-------- D:\Program Files\Traction Software
2007-12-30 13:48 . 2007-12-30 13:48 <REP> d-------- D:\Program Files\Alcohol Soft
2007-12-30 13:45 . 2007-12-30 13:45 639,224 --a------ D:\WINDOWS\system32\drivers\sptd.sys
2007-12-29 23:02 . 2006-03-23 19:53 442,368 --a------ D:\WINDOWS\system32\CapabilityTable.exe
2007-12-29 18:55 . 2007-12-29 19:27 <REP> d-------- D:\Documents and Settings\All Users\Application Data\NFS Underground
2007-12-29 15:58 . 2007-12-29 15:58 <REP> d-------- D:\Program Files\MSXML 4.0
2007-12-25 14:50 . 2007-12-25 14:50 <REP> d-------- D:\Documents and Settings\Ptibou\Application Data\Samsung
2007-12-25 14:48 . 2004-08-04 07:08 26,496 --a--c--- D:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-25 14:38 . 2007-12-25 14:38 <REP> d-------- D:\Program Files\Samsung
2007-12-25 14:38 . 2005-08-13 05:06 22,486 -ra------ D:\WINDOWS\system32\UnInstall_Driver.ico
2007-12-24 09:57 . 2007-07-30 19:19 271,224 --a------ D:\WINDOWS\system32\mucltui.dll
2007-12-24 09:57 . 2007-07-30 19:18 30,072 --a------ D:\WINDOWS\system32\mucltui.dll.mui
2007-12-23 19:17 . 2007-12-23 19:18 <REP> d-------- D:\Program Files\Fichiers communs\Adobe
2007-12-23 16:24 . 2007-12-23 16:24 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Ubisoft
2007-12-23 15:52 . 2007-12-23 15:52 <REP> d-------- D:\Program Files\Fichiers communs\DirectX
2007-12-23 13:47 . 2007-12-23 13:47 <REP> d-------- D:\Program Files\MSXML 6.0
2007-12-23 12:29 . 2007-12-23 12:29 <REP> d-------- D:\Program Files\MSBuild
2007-12-23 12:28 . 2007-12-23 14:14 <REP> d-------- D:\WINDOWS\system32\XPSViewer
2007-12-23 12:27 . 2007-12-23 12:27 <REP> d-------- D:\Program Files\Reference Assemblies
2007-12-23 12:27 . 2006-06-29 13:07 14,048 --------- D:\WINDOWS\system32\spmsg2.dll
2007-12-23 12:26 . 2007-12-23 12:26 <REP> d-------- D:\Program Files\Windows Media Connect 2
2007-12-23 12:26 . 2006-10-04 15:06 1,197,294 -----c--- D:\WINDOWS\system32\dllcache\sysmain.sdb
2007-12-23 12:26 . 2006-10-04 15:06 764,868 -----c--- D:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-12-23 12:26 . 2006-10-04 15:06 217,118 -----c--- D:\WINDOWS\system32\dllcache\apphelp.sdb
2007-12-23 12:25 . 2007-12-23 12:25 <REP> d-------- D:\WINDOWS\system32\LogFiles
2007-12-23 12:25 . 2007-12-23 12:26 <REP> d-------- D:\WINDOWS\system32\drivers\UMDF
2007-12-23 12:21 . 2007-12-23 12:21 <REP> d-------- D:\WINDOWS\system32\URTTemp
2007-12-23 12:11 . 2008-01-06 11:52 <REP> d-------- D:\WINDOWS\VdCap03C
2007-12-23 12:11 . 2007-12-23 12:11 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-12-23 12:11 . 2004-08-20 00:10 91,648 --a------ D:\WINDOWS\kswdmcap.ax
2007-12-23 12:11 . 2004-08-20 00:10 61,952 --a------ D:\WINDOWS\kstvtune.ax
2007-12-23 12:11 . 2004-08-20 00:09 54,784 --a------ D:\WINDOWS\vfwwdm32.dll
2007-12-23 12:11 . 2004-08-20 00:10 43,008 --a------ D:\WINDOWS\ksxbar.ax
2007-12-23 12:11 . 2004-08-20 00:10 28,672 --a------ D:\WINDOWS\vidcap.ax
2007-12-23 12:05 . 2007-12-23 12:30 <REP> d-------- D:\WINDOWS\system32\fr-fr
2007-12-23 12:03 . 2007-08-13 18:54 33,792 --a--c--- D:\WINDOWS\system32\dllcache\custsat.dll
2007-12-23 11:56 . 2007-12-23 11:56 <REP> d-------- D:\Program Files\uTorrent
2007-12-23 11:56 . 2007-12-23 11:56 <REP> d-------- D:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-23 11:56 . 2008-01-18 23:10 <REP> d-------- D:\Documents and Settings\Ptibou\Application Data\uTorrent
2007-12-23 11:49 . 2007-07-09 14:11 584,192 -----c--- D:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-23 11:48 . 2003-12-08 17:08 36,864 --------- D:\WINDOWS\CleanTrb.exe
2007-12-23 11:47 . 2007-12-23 11:47 <REP> d-------- D:\Program Files\Netropa
2007-12-23 11:47 . 2002-07-11 07:47 98,304 --a------ D:\WINDOWS\system32\msikbd.dll
2007-12-23 11:47 . 2000-06-08 02:09 28,672 --------- D:\WINDOWS\system32\msiosd32.dll
2007-12-23 11:47 . 2001-12-20 09:02 6,656 --------- D:\WINDOWS\system32\drivers\Msikbd2k.sys
2007-12-23 11:47 . 2008-01-19 14:12 245 --a------ D:\WINDOWS\Msiosd.ini
2007-12-23 11:47 . 2007-12-23 11:47 0 --a------ D:\WINDOWS\WININIT.INI
2007-12-23 11:44 . 2007-12-23 11:44 <REP> d-------- D:\Program Files\Messenger Plus! Live
2007-12-23 11:43 . 2008-01-19 10:58 <REP> d----c--- D:\WINDOWS\system32\DRVSTORE
2007-12-23 11:43 . 2008-01-06 10:58 <REP> d-------- D:\Documents and Settings\Ptibou\Contacts
2007-12-23 11:39 . 2007-12-23 11:43 <REP> d-------- D:\Program Files\Windows Live
2007-12-23 11:39 . 2007-12-23 11:42 <REP> d--hsc--- D:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-23 11:39 . 2007-12-23 11:39 <REP> d-------- D:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-23 11:38 . 2007-12-23 11:38 <REP> d-------- D:\Documents and Settings\LocalService\Menu D‚marrer
2007-12-23 11:26 . 2007-12-23 12:22 316,640 --a------ D:\WINDOWS\WMSysPr9.prx
2007-12-23 11:25 . 2007-12-23 11:25 <REP> d-------- D:\WINDOWS\provisioning
2007-12-23 11:25 . 2007-12-23 11:25 <REP> d-------- D:\WINDOWS\peernet
2007-12-23 11:24 . 2007-12-23 11:24 <REP> d-------- D:\WINDOWS\ServicePackFiles
2007-12-23 11:21 . 2007-12-23 11:21 <REP> d-------- D:\WINDOWS\EHome
2007-12-23 11:19 . 2002-04-15 21:11 67,866 --------- D:\WINDOWS\system32\drivers\netwlan5.img
2007-12-23 11:19 . 2004-08-19 16:10 11,776 --------- D:\WINDOWS\system32\spnpinst.exe
2007-12-23 11:19 . 2004-08-02 14:20 7,208 --------- D:\WINDOWS\system32\secupd.sig
2007-12-23 11:19 . 2004-08-02 14:20 4,569 --------- D:\WINDOWS\system32\secupd.dat
2007-12-23 09:59 . 2007-12-23 09:59 <REP> d-------- D:\WINDOWS\system32\MsDtc
2007-12-23 09:59 . 2007-12-23 09:59 <REP> d-------- D:\Program Files\Services en ligne
2007-12-23 09:49 . 2004-08-20 00:09 77,312 --a------ D:\WINDOWS\system32\usbui.dll
2007-12-23 09:49 . 2004-08-19 23:54 58,496 --a------ D:\WINDOWS\system32\drivers\redbook.sys
2007-12-23 09:49 . 2001-08-17 21:46 6,400 --a------ D:\WINDOWS\system32\drivers\enum1394.sys
2007-12-23 09:49 . 2001-08-17 21:59 3,072 --a------ D:\WINDOWS\system32\drivers\audstub.sys
2007-12-23 09:49 . 2008-01-09 13:04 1,355 --a------ D:\WINDOWS\imsins.BAK
2007-12-23 09:48 . 2007-12-23 09:48 <REP> d-------- D:\Program Files\Fichiers communs\SpeechEngines

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 10:07 --------- d--h--w D:\Program Files\InstallShield Installation Information
2007-12-30 12:48 --------- d-----w D:\Program Files\Fichiers communs\Symantec Shared
2007-12-23 10:59 --------- d-----w D:\Program Files\Microsoft Works
2007-12-23 09:57 --------- d-----w D:\Program Files\Microsoft.NET
2007-12-23 09:39 --------- d-----w D:\Program Files\Norton AntiVirus
2007-12-23 09:37 805 ----a-w D:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-23 09:37 123,952 ----a-w D:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-23 09:37 10,740 ----a-w D:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-23 09:37 --------- d-----w D:\Program Files\Symantec
2007-12-23 09:37 --------- d-----w D:\Documents and Settings\All Users\Application Data\Symantec
2007-12-23 09:26 --------- d-----w D:\Program Files\ASUS
2007-12-23 09:25 --------- d-----w D:\Program Files\Fichiers communs\InstallShield
2007-12-23 09:12 --------- d-----w D:\Program Files\Analog Devices
2007-12-23 09:10 21,035 ----a-w D:\WINDOWS\system32\drivers\AegisP.sys
2007-12-23 09:10 --------- d-----w D:\Program Files\NVIDIA Corporation
2007-12-23 09:01 558,142 ----a-w D:\WINDOWS\java\Packages\A53BJT3T.ZIP
2007-12-23 09:01 155,995 ----a-w D:\WINDOWS\java\Packages\D7XVJ3NB.ZIP
2007-12-23 09:01 --------- d-----w D:\Program Files\microsoft frontpage
2007-12-23 09:00 --------- d-----w D:\Program Files\Fichiers communs\MSSoap
2007-12-05 00:41 7,435,392 ----a-w D:\WINDOWS\system32\drivers\nv4_mini.sys
2007-11-30 22:57 43,696 ----a-w D:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 22:57 317,616 ----a-w D:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 22:57 279,088 ----a-w D:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 22:57 10,549 ----a-w D:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 22:57 10,549 ----a-w D:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 22:57 10,545 ----a-w D:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 22:57 1,430 ----a-w D:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 22:57 1,421 ----a-w D:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 22:57 1,415 ----a-w D:\WINDOWS\system32\drivers\srtsp.inf
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="D:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 14:34 868352]
"SoundMAX"="D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12 729088]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 D:\WINDOWS\system32\nwiz.exe]
"ccApp"="D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"osCheck"="D:\Program Files\Norton AntiVirus\osCheck.exe" [2007-01-14 00:11 771704]
"Symantec PIF AlertEng"="D:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
"MULTIMEDIA KEYBOARD"="D:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-07-23 01:55 167936]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bxsnvqt"= {4175145D-5837-4A10-93CE-36E1EA84602B} - D:\WINDOWS\bxsnvqt.dll [2008-01-18 20:08 323584]
"aslpmqk"= {7F719827-36C1-4557-8BCA-7AE93D79D5C8} - D:\WINDOWS\aslpmqk.dll [2008-01-18 20:08 217088]

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ASUS WiFi-AP Solo.lnk]
path=D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ASUS WiFi-AP Solo.lnk
backup=D:\WINDOWS\pss\ASUS WiFi-AP Solo.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

R1 msikbd2k;Multimedia Keyboard Filter Driver;D:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-12-20 09:02]
R2 nhksrv;Netropa NHK Server;D:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 06:41]
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 10:56]
S1 AmdPPM;Pilote de processeur AMD HwPState;D:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 21:46]
S3 hamachi_oem;PlayLinc Adapter;D:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-08-28 23:54]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;D:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 23:30]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-19 10:09:48 D:\WINDOWS\Tasks\Norton AntiVirus - Analyse système complète - Ptibou.job"
0
Réponse 6 / 15
g!rly Messages postés 18462 Statut Contributeur 406
 
puis je voir un nouveau hijack this stp
0
Réponse 7 / 15
Ptibou
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:30, on 2008-01-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
D:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Micro Application\Dictionnaires Multilingues\TrueTerm.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
D:\Program Files\Netropa\Onscreen Display\OSD.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "D:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "D:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "D:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] D:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Activer Dictionnaires Multilingues.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O21 - SSODL: bxsnvqt - {4175145D-5837-4A10-93CE-36E1EA84602B} - D:\WINDOWS\bxsnvqt.dll
O21 - SSODL: aslpmqk - {7F719827-36C1-4557-8BCA-7AE93D79D5C8} - D:\WINDOWS\aslpmqk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - D:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Unknown owner - D:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
0
Réponse 8 / 15
g!rly Messages postés 18462 Statut Contributeur 406
 
re,

Copie le texte ci-dessous :

File::
D:\WINDOWS\bxsnvqt.dll
D:\WINDOWS\aslpmqk.dll
Folder::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bxsnvqt"=-
"aslpmqk"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.
0
Réponse 9 / 15
Ptibou
 
ComboFix 08-01-18.5 - Ptibou 2008-01-19 15:24:11.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.547 [GMT 1:00]
Running from: D:\Documents and Settings\Ptibou\Bureau\ComboFix.exe
Command switches used :: C:\Mes documents\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE
D:\WINDOWS\aslpmqk.dll
D:\WINDOWS\bxsnvqt.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\WINDOWS\aslpmqk.dll
D:\WINDOWS\bxsnvqt.dll
.
---- Previous Run -------
.
D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
D:\WINDOWS\dat.txt
D:\WINDOWS\dopfwrlvtq.dll
D:\WINDOWS\egodktf.dll
D:\WINDOWS\search_res.txt

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-19 to 2008-01-19 ))))))))))))))))))))))))))))))))))))
.

2008-01-19 14:08 . 2000-08-31 08:00 51,200 --a------ D:\WINDOWS\NirCmd.exe
2008-01-19 13:50 . 2008-01-19 13:50 <REP> d-------- D:\Program Files\Trend Micro
2008-01-19 13:45 . 2008-01-19 13:48 <REP> d-------- D:\Program Files\Navilog1
2008-01-19 12:26 . 2008-01-19 12:26 <REP> d-------- D:\Program Files\Lavasoft
2008-01-19 12:26 . 2008-01-19 12:26 <REP> d-------- D:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-19 12:26 . 2008-01-19 12:28 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-19 12:18 . 2008-01-19 12:20 <REP> d-a------ D:\Documents and Settings\All Users\Application Data\TEMP
2008-01-18 22:41 . 2008-01-18 20:08 81,920 --a------ D:\WINDOWS\fknxwqf.exe
2008-01-17 18:16 . 2008-01-17 18:16 <REP> d-------- D:\Program Files\Micro Application
2008-01-17 18:16 . 1998-09-24 13:03 171,967 --a------ D:\WINDOWS\system32\Odbcjet.hlp
2008-01-17 18:16 . 1998-09-24 13:03 7,348 --a------ D:\WINDOWS\system32\Odbcjet.cnt
2008-01-17 18:15 . 2008-01-17 18:15 40 --a------ D:\WINDOWS\navigma.INI
2008-01-12 21:36 . 2008-01-12 21:36 <REP> d-------- D:\Documents and Settings\Ptibou\Application Data\InstallShield Installation Information
2008-01-12 21:28 . 2008-01-12 21:28 <REP> d-------- D:\Program Files\DIFX
2008-01-12 21:28 . 2006-07-01 22:42 43,520 --a------ D:\WINDOWS\system32\drivers\AmdK8.sys
2008-01-12 20:35 . 2008-01-19 12:03 <REP> d-------- D:\Program Files\DAEMON Tools
2008-01-12 12:08 . 2008-01-12 12:08 <REP> d-------- D:\Program Files\Guitar Pro 5
2008-01-09 20:20 . 2008-01-09 20:20 <REP> d-------- D:\Program Files\K-Lite Codec Pack
2008-01-09 20:20 . 2006-11-01 14:52 765,952 --a------ D:\WINDOWS\system32\xvidcore.dll
2008-01-08 17:47 . 2008-01-08 17:47 <REP> d-------- D:\Program Files\Microsoft Silverlight
2008-01-05 11:47 . 2008-01-05 11:48 34,519 --a------ D:\WINDOWS\Ascd_tmp.ini
2008-01-05 11:40 . 2008-01-05 11:40 <REP> d-------- D:\Program Files\ASUS WiFi-AP Solo
2008-01-05 11:40 . 2006-03-31 04:39 13,532 --a------ D:\WINDOWS\system32\drivers\SjyPkt.sys
2008-01-05 11:07 . 2008-01-05 11:07 <REP> d-------- D:\Program Files\SystemRequirementsLab
2008-01-03 21:11 . 2008-01-03 21:11 <REP> d-------- D:\Documents and Settings\Ptibou\Application Data\InstallShield
2008-01-03 20:40 . 2008-01-03 20:40 1 --a------ D:\Documents and Settings\Ptibou\SI.bin
2008-01-03 19:21 . 2008-01-03 19:21 98,304 --a------ D:\WINDOWS\system32CmdLineExt.dll
2007-12-30 22:21 . 2007-12-30 22:21 <REP> d-------- D:\Program Files\Traction Software
2007-12-30 13:48 . 2007-12-30 13:48 <REP> d-------- D:\Program Files\Alcohol Soft
2007-12-30 13:45 . 2007-12-30 13:45 639,224 --a------ D:\WINDOWS\system32\drivers\sptd.sys
2007-12-29 23:02 . 2006-03-23 19:53 442,368 --a------ D:\WINDOWS\system32\CapabilityTable.exe
2007-12-29 18:55 . 2007-12-29 19:27 <REP> d-------- D:\Documents and Settings\All Users\Application Data\NFS Underground
2007-12-29 15:58 . 2007-12-29 15:58 <REP> d-------- D:\Program Files\MSXML 4.0
2007-12-25 14:50 . 2007-12-25 14:50 <REP> d-------- D:\Documents and Settings\Ptibou\Application Data\Samsung
2007-12-25 14:48 . 2004-08-04 07:08 26,496 --a--c--- D:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-25 14:38 . 2007-12-25 14:38 <REP> d-------- D:\Program Files\Samsung
2007-12-25 14:38 . 2005-08-13 05:06 22,486 -ra------ D:\WINDOWS\system32\UnInstall_Driver.ico
2007-12-24 09:57 . 2007-07-30 19:19 271,224 --a------ D:\WINDOWS\system32\mucltui.dll
2007-12-24 09:57 . 2007-07-30 19:18 30,072 --a------ D:\WINDOWS\system32\mucltui.dll.mui
2007-12-23 19:17 . 2007-12-23 19:18 <REP> d-------- D:\Program Files\Fichiers communs\Adobe
2007-12-23 16:24 . 2007-12-23 16:24 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Ubisoft
2007-12-23 15:52 . 2007-12-23 15:52 <REP> d-------- D:\Program Files\Fichiers communs\DirectX
2007-12-23 13:47 . 2007-12-23 13:47 <REP> d-------- D:\Program Files\MSXML 6.0
2007-12-23 12:29 . 2007-12-23 12:29 <REP> d-------- D:\Program Files\MSBuild
2007-12-23 12:28 . 2007-12-23 14:14 <REP> d-------- D:\WINDOWS\system32\XPSViewer
2007-12-23 12:27 . 2007-12-23 12:27 <REP> d-------- D:\Program Files\Reference Assemblies
2007-12-23 12:27 . 2006-06-29 13:07 14,048 --------- D:\WINDOWS\system32\spmsg2.dll
2007-12-23 12:26 . 2007-12-23 12:26 <REP> d-------- D:\Program Files\Windows Media Connect 2
2007-12-23 12:26 . 2006-10-04 15:06 1,197,294 -----c--- D:\WINDOWS\system32\dllcache\sysmain.sdb
2007-12-23 12:26 . 2006-10-04 15:06 764,868 -----c--- D:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-12-23 12:26 . 2006-10-04 15:06 217,118 -----c--- D:\WINDOWS\system32\dllcache\apphelp.sdb
2007-12-23 12:25 . 2007-12-23 12:25 <REP> d-------- D:\WINDOWS\system32\LogFiles
2007-12-23 12:25 . 2007-12-23 12:26 <REP> d-------- D:\WINDOWS\system32\drivers\UMDF
2007-12-23 12:21 . 2007-12-23 12:21 <REP> d-------- D:\WINDOWS\system32\URTTemp
2007-12-23 12:11 . 2008-01-06 11:52 <REP> d-------- D:\WINDOWS\VdCap03C
2007-12-23 12:11 . 2007-12-23 12:11 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-12-23 12:11 . 2004-08-20 00:10 91,648 --a------ D:\WINDOWS\kswdmcap.ax
2007-12-23 12:11 . 2004-08-20 00:10 61,952 --a------ D:\WINDOWS\kstvtune.ax
2007-12-23 12:11 . 2004-08-20 00:09 54,784 --a------ D:\WINDOWS\vfwwdm32.dll
2007-12-23 12:11 . 2004-08-20 00:10 43,008 --a------ D:\WINDOWS\ksxbar.ax
2007-12-23 12:11 . 2004-08-20 00:10 28,672 --a------ D:\WINDOWS\vidcap.ax
2007-12-23 12:05 . 2007-12-23 12:30 <REP> d-------- D:\WINDOWS\system32\fr-fr
2007-12-23 12:03 . 2007-08-13 18:54 33,792 --a--c--- D:\WINDOWS\system32\dllcache\custsat.dll
2007-12-23 11:56 . 2007-12-23 11:56 <REP> d-------- D:\Program Files\uTorrent
2007-12-23 11:56 . 2007-12-23 11:56 <REP> d-------- D:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-23 11:56 . 2008-01-18 23:10 <REP> d-------- D:\Documents and Settings\Ptibou\Application Data\uTorrent
2007-12-23 11:49 . 2007-07-09 14:11 584,192 -----c--- D:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-23 11:48 . 2003-12-08 17:08 36,864 --------- D:\WINDOWS\CleanTrb.exe
2007-12-23 11:47 . 2007-12-23 11:47 <REP> d-------- D:\Program Files\Netropa
2007-12-23 11:47 . 2002-07-11 07:47 98,304 --a------ D:\WINDOWS\system32\msikbd.dll
2007-12-23 11:47 . 2000-06-08 02:09 28,672 --------- D:\WINDOWS\system32\msiosd32.dll
2007-12-23 11:47 . 2001-12-20 09:02 6,656 --------- D:\WINDOWS\system32\drivers\Msikbd2k.sys
2007-12-23 11:47 . 2008-01-19 15:25 245 --a------ D:\WINDOWS\Msiosd.ini
2007-12-23 11:47 . 2007-12-23 11:47 0 --a------ D:\WINDOWS\WININIT.INI
2007-12-23 11:44 . 2007-12-23 11:44 <REP> d-------- D:\Program Files\Messenger Plus! Live
2007-12-23 11:43 . 2008-01-19 10:58 <REP> d----c--- D:\WINDOWS\system32\DRVSTORE
2007-12-23 11:43 . 2008-01-06 10:58 <REP> d-------- D:\Documents and Settings\Ptibou\Contacts
2007-12-23 11:39 . 2007-12-23 11:43 <REP> d-------- D:\Program Files\Windows Live
2007-12-23 11:39 . 2007-12-23 11:42 <REP> d--hsc--- D:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-23 11:39 . 2007-12-23 11:39 <REP> d-------- D:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-23 11:38 . 2007-12-23 11:38 <REP> d-------- D:\Documents and Settings\LocalService\Menu Démarrer
2007-12-23 11:26 . 2007-12-23 12:22 316,640 --a------ D:\WINDOWS\WMSysPr9.prx
2007-12-23 11:25 . 2007-12-23 11:25 <REP> d-------- D:\WINDOWS\provisioning
2007-12-23 11:25 . 2007-12-23 11:25 <REP> d-------- D:\WINDOWS\peernet
2007-12-23 11:24 . 2007-12-23 11:24 <REP> d-------- D:\WINDOWS\ServicePackFiles
2007-12-23 11:21 . 2007-12-23 11:21 <REP> d-------- D:\WINDOWS\EHome
2007-12-23 11:19 . 2002-04-15 21:11 67,866 --------- D:\WINDOWS\system32\drivers\netwlan5.img
2007-12-23 11:19 . 2004-08-19 16:10 11,776 --------- D:\WINDOWS\system32\spnpinst.exe
2007-12-23 11:19 . 2004-08-02 14:20 7,208 --------- D:\WINDOWS\system32\secupd.sig
2007-12-23 11:19 . 2004-08-02 14:20 4,569 --------- D:\WINDOWS\system32\secupd.dat
2007-12-23 09:59 . 2007-12-23 09:59 <REP> d-------- D:\WINDOWS\system32\MsDtc
2007-12-23 09:59 . 2007-12-23 09:59 <REP> d-------- D:\Program Files\Services en ligne
2007-12-23 09:49 . 2004-08-20 00:09 77,312 --a------ D:\WINDOWS\system32\usbui.dll
2007-12-23 09:49 . 2004-08-19 23:54 58,496 --a------ D:\WINDOWS\system32\drivers\redbook.sys
2007-12-23 09:49 . 2001-08-17 21:46 6,400 --a------ D:\WINDOWS\system32\drivers\enum1394.sys
2007-12-23 09:49 . 2001-08-17 21:59 3,072 --a------ D:\WINDOWS\system32\drivers\audstub.sys
2007-12-23 09:49 . 2008-01-09 13:04 1,355 --a------ D:\WINDOWS\imsins.BAK
2007-12-23 09:48 . 2007-12-23 09:48 <REP> d-------- D:\Program Files\Fichiers communs\SpeechEngines
2007-12-23 09:48 . 2007-12-23 09:48 <REP> d-------- D:\Program Files\Fichiers communs\ODBC
2007-12-23 09:48 . 2007-12-23 09:48 <REP> d--h----- D:\Documents and Settings\Default User\Voisinage réseau

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 10:07 --------- d--h--w D:\Program Files\InstallShield Installation Information
2007-12-30 12:48 --------- d-----w D:\Program Files\Fichiers communs\Symantec Shared
2007-12-23 10:59 --------- d-----w D:\Program Files\Microsoft Works
2007-12-23 09:57 --------- d-----w D:\Program Files\Microsoft.NET
2007-12-23 09:39 --------- d-----w D:\Program Files\Norton AntiVirus
2007-12-23 09:37 805 ----a-w D:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-23 09:37 60,800 ----a-w D:\WINDOWS\system32\S32EVNT1.DLL
2007-12-23 09:37 123,952 ----a-w D:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-23 09:37 10,740 ----a-w D:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-23 09:37 --------- d-----w D:\Program Files\Symantec
2007-12-23 09:37 --------- d-----w D:\Documents and Settings\All Users\Application Data\Symantec
2007-12-23 09:26 --------- d-----w D:\Program Files\ASUS
2007-12-23 09:25 --------- d-----w D:\Program Files\Fichiers communs\InstallShield
2007-12-23 09:12 --------- d-----w D:\Program Files\Analog Devices
2007-12-23 09:10 21,035 ----a-w D:\WINDOWS\system32\drivers\AegisP.sys
2007-12-23 09:10 --------- d-----w D:\Program Files\NVIDIA Corporation
2007-12-23 09:01 558,142 ----a-w D:\WINDOWS\java\Packages\A53BJT3T.ZIP
2007-12-23 09:01 155,995 ----a-w D:\WINDOWS\java\Packages\D7XVJ3NB.ZIP
2007-12-23 09:01 --------- d-----w D:\Program Files\microsoft frontpage
2007-12-23 09:00 --------- d-----w D:\Program Files\Fichiers communs\MSSoap
2007-12-14 10:32 12,632 ----a-w D:\WINDOWS\system32\lsdelete.exe
2007-12-05 01:53 356,352 ----a-w D:\WINDOWS\system32\NVUNINST.EXE
2007-12-05 00:41 81,920 ----a-w D:\WINDOWS\system32\nvwddi.dll
2007-12-05 00:41 81,920 ----a-w D:\WINDOWS\system32\nvmctray.dll
2007-12-05 00:41 8,523,776 ----a-w D:\WINDOWS\system32\nvcpl.dll
2007-12-05 00:41 753,664 ----a-w D:\WINDOWS\system32\nvcplui.exe
2007-12-05 00:41 7,435,392 ----a-w D:\WINDOWS\system32\drivers\nv4_mini.sys
2007-12-05 00:41 6,901,760 ----a-w D:\WINDOWS\system32\nvoglnt.dll
2007-12-05 00:41 6,549,504 ----a-w D:\WINDOWS\system32\nvdisps.dll
2007-12-05 00:41 5,773,568 ----a-w D:\WINDOWS\system32\nv4_disp.dll
2007-12-05 00:41 466,944 ----a-w D:\WINDOWS\system32\nvshell.dll
2007-12-05 00:41 45,056 ----a-w D:\WINDOWS\system32\nvmccsrs.dll
2007-12-05 00:41 442,368 ----a-w D:\WINDOWS\system32\nvappbar.exe
2007-12-05 00:41 425,984 ----a-w D:\WINDOWS\system32\keystone.exe
2007-12-05 00:41 385,024 ----a-w D:\WINDOWS\system32\nvapi.dll
2007-12-05 00:41 356,352 ----a-w D:\WINDOWS\system32\nvudisp.exe
2007-12-05 00:41 35,328 ----a-w D:\WINDOWS\system32\nvcodins.dll
2007-12-05 00:41 35,328 ----a-w D:\WINDOWS\system32\nvcod.dll
2007-12-05 00:41 307,200 ----a-w D:\WINDOWS\system32\nvexpbar.dll
2007-12-05 00:41 3,710,976 ----a-w D:\WINDOWS\system32\nvvitvs.dll
2007-12-05 00:41 3,420,160 ----a-w D:\WINDOWS\system32\nvgames.dll
2007-12-05 00:41 286,720 ----a-w D:\WINDOWS\system32\nvnt4cpl.dll
2007-12-05 00:41 229,376 ----a-w D:\WINDOWS\system32\nvmccs.dll
2007-12-05 00:41 2,498,560 ----a-w D:\WINDOWS\system32\nvwss.dll
2007-12-05 00:41 188,416 ----a-w D:\WINDOWS\system32\nvmccss.dll
2007-12-05 00:41 155,716 ----a-w D:\WINDOWS\system32\nvsvc32.exe
2007-12-05 00:41 147,456 ----a-w D:\WINDOWS\system32\nvcolor.exe
2007-12-05 00:41 1,703,936 ----a-w D:\WINDOWS\system32\nvwdmcpl.dll
2007-12-05 00:41 1,626,112 ----a-w D:\WINDOWS\system32\nwiz.exe
2007-12-05 00:41 1,474,560 ----a-w D:\WINDOWS\system32\nview.dll
2007-12-05 00:41 1,339,392 ----a-w D:\WINDOWS\system32\nvdspsch.exe
2007-12-05 00:41 1,228,800 ----a-w D:\WINDOWS\system32\nvmobls.dll
2007-12-05 00:41 1,089,536 ----a-w D:\WINDOWS\system32\nvcuda.dll
2007-12-05 00:41 1,019,904 ----a-w D:\WINDOWS\system32\nvwimg.dll
2007-11-30 22:57 43,696 ----a-w D:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 22:57 317,616 ----a-w D:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 22:57 279,088 ----a-w D:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 22:57 10,549 ----a-w D:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 22:57 10,549 ----a-w D:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 22:57 10,545 ----a-w D:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 22:57 1,430 ----a-w D:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 22:57 1,421 ----a-w D:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 22:57 1,415 ----a-w D:\WINDOWS\system32\drivers\srtsp.inf
2007-11-07 09:28 728,576 ----a-w D:\WINDOWS\system32\lsasrv.dll
2007-10-30 18:55 625,032 ----a-w D:\WINDOWS\system32\SymNeti.dll
2007-10-30 18:55 242,056 ----a-w D:\WINDOWS\system32\SymRedir.dll
2007-10-29 22:43 1,293,824 ----a-w D:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w D:\WINDOWS\system32\wmasf.dll
2007-10-24 00:47 96,760 ----a-w D:\WINDOWS\system32\dfshim.dll
2007-10-24 00:47 84,480 ----a-w D:\WINDOWS\system32\mscories.dll
2007-10-24 00:47 282,112 ----a-w D:\WINDOWS\system32\mscoree.dll
2007-10-24 00:47 158,720 ----a-w D:\WINDOWS\system32\mscorier.dll
2007-10-22 02:39 267,272 ----a-w D:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 02:37 17,928 ----a-w D:\WINDOWS\system32\X3DAudio1_2.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-19_14.13.15.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-19 13:08:43 229,376 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-19 14:24:09 229,376 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
- 2008-01-19 13:08:43 8,192 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-01-19 14:24:09 8,192 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-01-19 13:08:43 229,376 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
+ 2008-01-19 14:24:09 229,376 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
- 2008-01-19 13:08:43 8,192 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
+ 2008-01-19 14:24:09 8,192 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
- 2008-01-19 13:08:43 4,734,976 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
+ 2008-01-19 14:24:09 4,734,976 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
- 2008-01-19 13:08:43 24,576 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-19 14:24:09 24,576 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="D:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 14:34 868352]
"SoundMAX"="D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12 729088]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 D:\WINDOWS\system32\nwiz.exe]
"ccApp"="D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"osCheck"="D:\Program Files\Norton AntiVirus\osCheck.exe" [2007-01-14 00:11 771704]
"Symantec PIF AlertEng"="D:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
"MULTIMEDIA KEYBOARD"="D:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-07-23 01:55 167936]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ASUS WiFi-AP Solo.lnk]
path=D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ASUS WiFi-AP Solo.lnk
backup=D:\WINDOWS\pss\ASUS WiFi-AP Solo.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

R1 msikbd2k;Multimedia Keyboard Filter Driver;D:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-12-20 09:02]
R2 nhksrv;Netropa NHK Server;D:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 06:41]
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 10:56]
S1 AmdPPM;Pilote de processeur AMD HwPState;D:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 21:46]
S3 hamachi_oem;PlayLinc Adapter;D:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-08-28 23:54]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;D:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 23:30]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-19 10:09:48 D:\WINDOWS\Tasks\Norton AntiVirus - Analyse système complète - Ptibou.job"
- D:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 15:25:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-19 15:25:24
ComboFix-quarantined-files.txt 2008-01-19 14:25:22
.
2008-01-09 12:05:42 --- E O F ---
0
Réponse 10 / 15
Ptibou
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:27:10, on 19/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
D:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Micro Application\Dictionnaires Multilingues\TrueTerm.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
D:\Program Files\Netropa\Onscreen Display\OSD.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\Windows Media Player\wmplayer.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "D:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "D:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "D:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] D:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Activer Dictionnaires Multilingues.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - D:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Unknown owner - D:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
0
Réponse 11 / 15
g!rly Messages postés 18462 Statut Contributeur 406
 
re,

comment va ton pc?
0
Réponse 12 / 15
Ptibou
 
Ben pour le moment tout va pour lem ieux, je n'ai plus la moindre trace de ce virus, il est finalement supprimé ???
Merci beaucoup de cette aide pour le moins rapide et efficace, peux tu m'espliquer ce que j'avais au juste, et en quoi ça consiste ce virus ?
0
Réponse 13 / 15
g!rly Messages postés 18462 Statut Contributeur 406
 
re,

cool ;-)

ton infection :

SXG Advisor
bxsnvqt
SSODL

ca se resume a une attaque par un downlowder...

@+
0
Réponse 14 / 15
Bryan
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:11:30, on 19/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Fichiers communs\ReparateurDeSysteme\strpmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SXG Advisor - {22E4849D-E499-4701-BB1C-8E8ABAB2EE21} - C:\WINDOWS\dopfwrlqox.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: The egodktf - {00E1F032-D6AD-40E3-8AAF-ED8CAE5EC678} - C:\WINDOWS\egodktf.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\ReparateurDeSysteme\strpmon.exe" dm=http://reparateurdesysteme.com ad=http://reparateurdesysteme.com sd=http://repay.reparateurdesysteme.com
O4 - HKLM\..\Run: [NI.UGA6PV_0001_N122M2910] "C:\documents and settings\quercy\application data\install_fr[1].exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Gestionnaire de lancement d'application fax.lnk = C:\Program Files\Alliance MCA\Internet Fax\faxtray.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{16ACF693-1247-4E31-8905-A85B70011AF0}: NameServer = 85.255.115.61,85.255.112.113
O17 - HKLM\System\CCS\Services\Tcpip\..\{26765932-88D5-4731-8410-ADBCDA4234DA}: NameServer = 85.255.115.61,85.255.112.113
O17 - HKLM\System\CCS\Services\Tcpip\..\{59223CF0-CEB6-4620-96FD-7200E8A80819}: NameServer = 85.255.115.61,85.255.112.113
O17 - HKLM\System\CCS\Services\Tcpip\..\{710ACE7D-7610-4C2C-A87F-19439CC2984C}: NameServer = 85.255.115.61,85.255.112.113
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E118346-8043-4E41-8188-A14CE43D4E2A}: NameServer = 85.255.115.61,85.255.112.113
O17 - HKLM\System\CCS\Services\Tcpip\..\{90D29B13-03CB-4D38-86D8-C660367F131E}: NameServer = 85.255.115.61,85.255.112.113
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.61 85.255.112.113
O17 - HKLM\System\CS1\Services\Tcpip\..\{16ACF693-1247-4E31-8905-A85B70011AF0}: NameServer = 85.255.115.61,85.255.112.113
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.61 85.255.112.113
O17 - HKLM\System\CS2\Services\Tcpip\..\{16ACF693-1247-4E31-8905-A85B70011AF0}: NameServer = 85.255.115.61,85.255.112.113
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.61 85.255.112.113
O21 - SSODL: bxsnvqt - {64ED66B0-441C-4957-A78B-F821CF409B3C} - C:\WINDOWS\bxsnvqt.dll (file missing)
O21 - SSODL: aslpmqk - {1F4000FA-48A7-4D41-A781-08EFBD5A5EC6} - C:\WINDOWS\aslpmqk.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
0
Réponse 15 / 15
g!rly Messages postés 18462 Statut Contributeur 406
 
Bonjour,

Il serait préférable que tu fasses ton message personnel, cela rendra les postes plus compréhensibles et la réponse à ton problème sera plus efficace
Procèdes comme ceci :
http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm

A bientôt ''
0